WO2001077792A2 - System and method for authenticating a user - Google Patents

System and method for authenticating a user Download PDF

Info

Publication number
WO2001077792A2
WO2001077792A2 PCT/US2001/010498 US0110498W WO0177792A2 WO 2001077792 A2 WO2001077792 A2 WO 2001077792A2 US 0110498 W US0110498 W US 0110498W WO 0177792 A2 WO0177792 A2 WO 0177792A2
Authority
WO
WIPO (PCT)
Prior art keywords
pattern
secret
user
input
input pattern
Prior art date
Application number
PCT/US2001/010498
Other languages
French (fr)
Other versions
WO2001077792A3 (en
Inventor
Ari Juels
Bonnie M. Wong
Original Assignee
Rsa Security Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rsa Security Inc. filed Critical Rsa Security Inc.
Priority to AU2001251202A priority Critical patent/AU2001251202A1/en
Publication of WO2001077792A2 publication Critical patent/WO2001077792A2/en
Publication of WO2001077792A3 publication Critical patent/WO2001077792A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/14Image acquisition
    • G06V30/142Image acquisition using hand-held instruments; Constructional details of the instruments
    • G06V30/1423Image acquisition using hand-held instruments; Constructional details of the instruments the instrument generating sequences of position coordinates corresponding to handwriting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/30Writer recognition; Reading and verifying signatures

Definitions

  • the invention relates generally to the field of security and authentication and, more particularly, to a system and method for using a graphic display to authenticate a user of a computer or other device.
  • Passwords have long been used to authenticate a user before providing access to a computer system or to some other device. They are easy to use and conceptually simple. They are probably the oldest and most common data security tool used in computing environments. Because they are generally alphanumeric in form and often closely related to words in natural language, passwords are relatively easy for users to remember. Typically, users can rapidly enter them through standard hardware peripherals such as keyboards. Nonetheless, in terms of their security properties, passwords have shortcomings. Typically, users derive their passwords from a limited portion of the lexicons in their native languages, making them easy to guess, particularly in automated computer attacks.
  • the difficulty users have in remembering enough password information to allow secure authentication is at odds with their ability to retain large amounts of other types of information in other contexts.
  • a few examples of the other types of nonpassword data an individual may routinely remember are historical and personal events, the configuration of rooms in buildings, and the layout of city streets, not to mention the vocabulary and idioms of her native language. Some of that information may remain fixed in her memory over extended periods of time, even without frequent reinforcement.
  • a number of researchers have investigated the use of such everyday information in connection with mnemonic systems as a replacement for passwords.
  • One authentication approach exploits the ability of users to recognize faces. To authenticate herself in this system, a user is asked to identify a set of familiar faces from among a gallery of photographs.
  • Users can, for instance, choose to use an interface displaying a room containing a collection of valuables, and encode a password as a sequence of moves involving the hiding of these valuables in various locations around the room.
  • This method of password entry appeals to a natural mnemonic device because it resembles the medieval system of the "memory palace," whereby researchers sought to archive data mentally in an imagined architectural space.
  • This approach is vulnerable to the problem of predictability that occurs with conventional password systems.
  • Some passwords are more popular than others, since they are easier to remember. In one example, one-third of user-selected passwords could be found in the English dictionary.
  • users are more likely to pick some sequences than others.
  • a mnemonic system allows users to trade stocks; typically, the users will choose from among the most popular stocks, as these are the easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a substantial advantage by choosing Dow Jones stocks.
  • a mnemonic system will provide an adequate level of cryptographic security.
  • mnemonic systems are not designed to facilitate user memorization of random sequences, and may not even enforce a minimum sequence length in user password entry.
  • a mnemonic system may also be cumbersome in terms of the user interaction involved in entering a password, in some cases demanding an involved sequence of non-uniform mouse movements to enter the password into a computer system.
  • One objective of a system constructed according to the invention is to provide graphic or visual passwords that users can remember easily and for a long duration. Another objective is to provide a password that a user can enter with a minimum of physical effort, such as by minimal mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic display. An additional objective is that the entry of the password should require minimal mental effort.
  • Another objective of the invention is to provide flexible password entry. Unlike computer memory, human memory is prone to inaccuracy. One objective is to accommodate likely user errors.
  • Another objective of the invention is to provide a system adaptable to computing environments with limited memory, power, and graphical display capabilities.
  • a system constructed according to the invention should be useable with a range of hardware peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses.
  • the invention relates to a method for authenticating a user.
  • the method includes determining a secret pattern, entering an input pattern from a user on a graphical interface, determining an approximation parameter that can be used to compare the secret pattern to the input pattern, comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter, and authenticating the user based on the comparison.
  • the method includes displaying a portion of the secret pattern on the graphical interface to the user. In another embodiment, the method includes determining the portion to display based on a display parameter. In one embodiment, the method includes determining the secret pattern based on a grid. In another embodiment, the method includes selecting one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the method includes comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern. In one embodiment, the method includes entering the input pattern on a displayed grid on the graphical interface. In another embodiment, the method includes entering a squiggle. In a further embodiment, the squiggle includes a random shape. In another embodiment, the method includes entering a symbol. In another embodiment, the method includes entering a sketch. In another embodiment, the method includes selecting one or more points on each of a plurality of images displayed on the graphical interface.
  • the method includes allowing access to a resource in response to the step of authenticating the user.
  • the method includes generating a calculated value of the secret pattern, generating a calculated value of the input pattern, and comparing the calculated value of the secret pattern and the calculated value of the input pattern. In another embodiment, the method includes generating a hash of the secret pattern and generating a hash of the input pattern.
  • the method includes determining one or more secret points located in a display area and determining one or more approximation regions associated with one or more secret points. In another embodiment, the method includes providing one or more memory cues to the user. In a further embodiment, the method includes providing one or more visual and/or auditory memory cues.
  • the invention in another aspect, relates to an authenticator for authenticating a user of a resource.
  • the authenticator includes a graphical interface, a secret pattern, an input pattern, an approximation pattern, and a verifier.
  • the graphical interface is capable of receiving graphical input from a user. The user enters the input pattern on the graphical interface.
  • the approximation pattern can be used in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter.
  • the verifier is in communication with the graphical interface and authenticates the user by comparing the secret pattern and the input pattern using the approximation parameter.
  • the graphical interface displays a portion of the secret pattern to the user.
  • the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
  • the secret pattern is based on a grid.
  • the approximation parameter includes one or more blocks of cells in the grid based on the secret pattern.
  • the input pattern includes an input sequence and the secret pattern includes a secret sequence, and the verifier compares the input sequence and the secret sequence.
  • the graphical interface includes a displayed grid, and the user enters the input pattern on the displayed grid.
  • the input pattern includes a squiggle.
  • the squiggle includes a random shape.
  • the input pattern includes a symbol.
  • the input pattern includes a sketch.
  • the user selects one or more points on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
  • the verifier allows access to a resource in response to authenticating the user.
  • the verifier generates a calculated value of the secret pattern, generates a calculated value of the input pattern, and compares the calculated value of the secret pattern and the calculated value of the input pattern.
  • the verifier generates a hash of the secret pattern and a hash of the input pattern.
  • the graphical interface determines one or more secret points located in a display area and one or more approximation regions associated with one or more secret points.
  • the graphical interface provides one or more memory cues to the user. In a further embodiment, the graphical interface provides one or more visual and/or memory cues.
  • FIG. 1 illustrates a functional block diagram of an authenticator system based on graphical input according to one embodiment of the invention.
  • FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention.
  • FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted squares or cells according to one embodiment of the invention.
  • FIG. 4 provides a pictorial view of a grid and a secret pattern illustrated by connected line segments for one embodiment of the invention.
  • FIG. 5 provides a pictorial view of an input pattern that closely approximates the secret pattern illustrated in FIG. 4.
  • FIG. 6 provides a pictorial view of a partial display of the secret pattern illustrated in FIG. 4.
  • FIG. 7 provides a pictorial view of an approximation block of cells and an input pattern that is approximately similar to the secret pattern illustrated in FIG. 4.
  • FIG 8 provides a pictorial view of a display area, secret points located in the display area, approximation regions based on the secret points, and input points provided by a user, according to one embodiment of the invention.
  • FIG. 1 illustrates a functional block diagram of an authenticator system 110 including an input pattern 112, graphical interface 114, verifier 116, secret pattern 118, and approximation parameter 120.
  • FIG. 1 also illustrates a user 124, who provides the input pattern 112 to the graphical interface 114, and a resource 126, which the verifier 116 allows the user 124 to access after verifying the input pattern 112 using the secret pattern 118 and the approximation parameter
  • the graphical interface 114 is a hardware device that provides a graphical display that can be viewed by the user 124 and which receives the input pattern 112 from the user 124.
  • the graphical interface 114 is a CRT (cathode ray tube) with a touch screen capability.
  • the graphical interface 114 is a flat screen device, such as a LCD (liquid crystal display) or an active-matrix display device with input capability.
  • the graphical interface 114 is a separate device that is electronically, optically, or otherwise in communication with the verifier 116.
  • the graphical interface 114 is integrated into another device, such as a computer system, laptop computer, palmtop computer, other portable computer, or portable cellular telephone.
  • the other device also includes the verifier 116 and/or resource 126.
  • the verifier 116 is a software application executing on a general purpose computer system. In alternate embodiments, the verifier 116 is implemented as a software module, program, or one or more objects, such as objects implemented in the C programming language. In another embodiment, the verifier 116 is a hardware device or integrated chip, such as an ASIC (application-specific integrated circuit).
  • ASIC application-specific integrated circuit
  • the resource 126 is a computer system, a database, or other resource that the user 124 desires to employ. In another embodiment, the resource 126 provides computational resources or data that the user 124 would like to access. In another embodiment, the resource 126 is a physical location or entity that the user 124 desires to access or use, such as a room, a locked automobile, or the locked ignition mechanism for an automobile.
  • the graphical interface 114, verifier 116, and resource 126 are all part of the same computer system, laptop computer, palmtop computer, or other portable computer. In another embodiment, the graphical interface 114, verifier 116, and resource 126 are separate computers or devices connected in a network, which may be a local network, or a global network, such as the Internet.
  • the authenticator system 110 uses tolerance parameters.
  • two tolerance parameters are shown, an approximation parameter 120 and a display parameter 122.
  • a tolerance parameter provides a tolerance or limit for how much information the user 124 is given or how accurate the user's 124 input must be.
  • the approximation parameter 120 indicates how close the input pattern 112 must be to the secret pattern 118 for the verifier 116 to consider the input pattern 112 to be approximately similar to the secret pattern 118.
  • the display parameter 122 indicates how much of the secret pattern 118 is displayed to the user 124. The user provides an input pattern 112 that matches the undisplayed portion of the secret pattern 118.
  • the verifier 116 determines a secret pattern 118 (step 200). In one embodiment, the verifier 116 determines a random pattern for the secret pattern 118. In another embodiment, the verifier 116 determines or calculates a pseudo-random pattern, or a secret pattern 118 based on a mathematical function. In other embodiments, the secret pattern 118 is provided to the verifier 116 from an external source, such as a database or a trusted authority, such as a server computer connected over a network to the verifier 116. The user receives or has access to the same secret pattern 118 or trusted authority.
  • the user 124 enters an input pattern 112 on the graphical interface 114 (step 202) in an attempt to match the secret pattern 118.
  • the user 124 is prompted with a portion of the secret pattern 118, which is displayed on the graphical interface 114 based on the display parameter 122.
  • the display parameter 122 is a predetermined value obtained from a trusted authority, such as a server computer connected over a network to the graphical interface 114.
  • the graphical interface 114 or verifier 116 determines a random value for the display parameter 122 or uses a mathematical function to determine the display parameter 122.
  • the verifier 116 determines an approximation parameter 120 (step 204).
  • the verifier 116 uses the approximation parameter 120 to determine if the secret pattern 118 and input pattern 112 are approximately similar by comparing the secret pattern 118 and input pattern 112 (step 206).
  • the approximation parameter 120 is a predetermined value obtained from a trusted authority.
  • the verifier 116 determines the approximation parameter 120 using a mathematical function.
  • the approximation parameter 120 is determined before or concurrently with determining the display parameter 122.
  • the approximation pattern determines an approximation region 144 (see FIG. 8) that is circular, square, or some other shape.
  • the verifier 116 compares the secret pattern 118 and input pattern 112 directly to verify that the two patterns are approximately similar. In another embodiment, the verifier 116 compares a calculated value for the secret pattern 118 with a calculated value for the input pattern 112. In one embodiment, the verifier 116 compares a hash of the secret pattern 118 with a hash of the input pattern 112. In another embodiment the verifier 116 generates a hash of the secret pattern 118 and stores this secret hash in a storage media, such as a hard disk, associated with the verifier 116 or authenticator system 110. In another embodiment, this verifier 116 stores the secret hash in a memory element, such as a ROM or RAM, associated with the verifier 116 or authenticator system 110.
  • a storage media such as a hard disk
  • the verifier 116 obtains the secret pattern 118 or secret hash over a network or secure channel. In a further embodiment, the verifier 116 compares a fuzzy or approximate value for the secret pattern 118 with a fuzzy or approximate value for the input pattern 112.
  • the verifier 116 finds that the secret pattern 118 and the input pattern 112 are approximately similar, then the verifier 116 authenticates the user 124 (step 208) and allows the user 124 to access the resource 126.
  • FIG. 3 is a pictorial illustration of a grid 132 and a secret pattern 118 indicated by six highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132.
  • the graphical interface 114 displays to the user 124 the grid 132, wherein each square or cell in the grid 132 has a different color or shade.
  • the grid 132 also displays a recognizable image, such as a photograph.
  • the grid 132 is not square but is a rectangle or other geometric form or shape.
  • the grid 132 is a square matrix where each side of the grid 112 has k cells, and the matrix is referred to as a k by k grid 132.
  • the secret pattern 118 is a random squiggle that the user 124 must draw to within a certain tolerance, as described below.
  • the secret pattern 118 is a letter, number, or other symbol.
  • the grid 132 is a 10 by 8 matrix of 80 cells indicated by cell numbers 1 through 80.
  • the use of a 10 by 8 matrix is exemplary only and is not a requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric shapes may be used.
  • the user 124 provides an input pattern 112 by selecting the same points on the grid 132 in the same numerical sequence as the secret pattern 118, as indicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3.
  • the secret pattern 118 includes a secret sequence indicating the order for entering the cells of the input pattern 112.
  • the required or secret sequence for the secret pattern 118 may be 26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence of the input pattern 112 on the graphical interface 114 before the verifier 116 determines that there is a match between the secret pattern 118 and the input pattern 112.
  • FIG. 4 is a pictorial illustration of a grid 132 and a secret pattern 118a.
  • the secret pattern 118a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60.
  • the secret pattern 118a shown in FIG. 4 is exemplary only.
  • the secret pattern 118a is shown as a path extending generally from left to right, but this is not a requirement of the invention. Generally, the invention does not require a secret pattern 118 that tends in any one direction or forms any particular type of pattern.
  • the secret pattern 118 may be a random pattern, a pseudo-random pattern, or a pattern determined by a mathematical function.
  • the secret pattern 118a is indicated by connecting lines. In other embodiments, the secret pattern 118a is indicated by curved lines, by a list of cell numbers, or other mechanism that indicates a unique secret pattern 118 in the grid 132.
  • FIG. 5 illustrates the grid 132 and the secret pattern 118a of FIG. 4 along with an input pattern 112a that a user 124 has entered that closely approximates the secret pattern 118a.
  • the input pattern 112a touches the same cells in the grid 132 as the secret pattern 118a.
  • the verifier 116 determines that the input pattern 112a is approximately similar to the secret pattern 118a by determining that the two patterns 112a, 118a touch the same cells.
  • the graphical interface 114 uses a display parameter 122 to the user 124 the first h squares in the sequence, x ls x 2 , ..., x n in a secret pattern 118.
  • the value h is the display parameter 122 indicating that the graphical interface 114 displays only h squares of the secret pattern 118 to the user 124.
  • FIG. 6 illustrates a displayed portion 134 of the secret pattern 118a of FIG. 4, for one embodiment of the invention.
  • the display parameter 122 has a value of 3, and the graphical interface 114 displays only the first three cells 31, 22, 33 of the secret pattern 118a. The user 124 must then enter an input pattern 112 that corresponds to the undisplayed portion of the secret pattern 118a.
  • the display parameter 122 may have values other than 3, and the displayed portion 134 may be based on cells other than the first cells of the secret pattern 118, such as cells in the middle of the pattern 118, cells at the end of the pattern 118 or a selected number of cells determined by other methods.
  • the graphical interface 114 displays to the user 124 cells from two or more separate portions of the secret pattern 118.
  • the user 124 using the approximation parameter 120, the user 124 must select a square within an rxr block centered around x n+l5 then x n +2, etc., through x n to authenticate herself.
  • the value r is the approximation parameter 120.
  • the approximation parameter 120 has a value of 3 and one cell of the input pattern 112b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a cell of the secret pattern 118a.
  • the approximation block 136 illustrated in FIG. 7 is exemplary only, and an approximation block 136 may be centered or located at different cells on a secret pattern 118.
  • a 3 by 3 approximation block 136 centered on a central cell 22 of the secret pattern 118a includes cells 11, 12, 13, 21, 22, 23, 31, 32, and 33.
  • the approximation block 136 is adjusted for special conditions such as cells at the edges and corners of the grid 132.
  • the approximation block 136 may be enlarged or otherwise changed if the central cell of the block 136 is at the edge or corner of the grid 132. If a central cell, such as 31, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted appropriately.
  • the 3 by 3 block centered on cell 31 is set to a 2 by 3 block of the cells 21, 22, 31, 32, 41, and 42.
  • the approximation block 136 is adjusted in other ways, such as giving the approximation block 136 different sizes at different points in the secret pattern 112b.
  • the invention does not require the approximation block 136 to outline a square or rectangular shape, and, in other embodiments, the approximation block 136 outlines other geometric shapes.
  • FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, referred to generally as 144, and input points 146a, 146b, 146c, 146d, 146e, referred to generally as 146, for one embodiment of the invention.
  • the display area 140 is a visual area of the graphical interface 114 that the graphical interface 114 displays to a user 124. In other embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other geometric form or shape.
  • the secret points 142a through 142e are part of a secret pattern 118 that is not displayed to the user 124 in one embodiment of the invention.
  • the invention does not require that there be any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and in other embodiments, other numbers of secret points 142 may be used in the secret pattern 118.
  • the graphical interface 114 displays one or more points 142 of the secret pattern 118 on the display area 140 to the user 124 based on a display parameter 122.
  • the display parameter 122 indicates a value for the number of secret points 142 to be displayed.
  • the graphical interface 114 displays two points, such as 142a and 142d, to the user 124.
  • the invention does not require that the displayed secret points 142 be adjacent to each other or in any serial order. For a given display parameter 122 value, different secret points 142 may be selected to be displayed at different times.
  • the graphical interface 114 displays an image or photograph that overlays the display area 140. If the graphical interface 114 displays an image or photograph, then in one embodiment the input points 146 are not displayed to the user 124. In another embodiment, the graphical interface 114 highlights or changes portions of the image corresponding to the locations of the input points 146. If a display parameter 122 is used, then the graphical interface 114 highlights portions of the image in the display area 140 that correspond to the one or more secret points 142 selected to be displayed based on the display parameter 122.
  • the input points 146 represent an input pattern 112 that the user 124 enters on the graphical interface 114.
  • the approximation regions 144 are regions within which the user 124 must make her selections of input points 146 for the verifier 116 to verify that the user 124 has entered a valid input pattern 112. Typically the approximation regions 144 are not displayed to the user 124.
  • the input points 146 are represented by crosshairs or crossed lines, for one embodiment of the invention. In other embodiments, the input points 146 are represented by other geometric shapes, points, or symbols.
  • the user 124 must enter the input points 146 in a predetermined sequence, such as providing input points 142 to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another embodiment, the user 124 enters the input points 146 in any sequence.
  • the approximations regions 144 are shapes other than the circles shown in FIG. 8. In other embodiments, the approximation regions 144 are of different sizes for different secret points 142.
  • each input point 146 must be touching or within the approximation region 144.
  • one or more input points 146 are allowed to be outside the approximation regions 144 based on the approximation parameter 120, and the verifier 116 still determines that the input pattern and secret pattern 118 are approximately similar if most of the input points 146 are within the approximation regions 144.
  • the approximation parameter 120 determines the size of the approximation regions 144.
  • the graphical interface 114 alters the shape of the approximation region 144 for one or more secret points 142.
  • the graphical interface 114 may alter the approximation region 144 in other ways. In one embodiment, the graphical interface 114 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is partially truncated by the edge of the display area 140. In another embodiment, the graphical interface 114 determines only one approximation region, such as an ellipse or other shape, for two or more secret points 142 located close to each other.
  • the secret points 142 are any points that can be determined in the display area 140.
  • the graphical interface 114 displays the display area 140 using pixels, and each secret point 142 is a pixel.
  • the approximation region 144 is based on a predetermined pixel-distance tolerance.
  • the graphical interface 114 displays memory cues to the user 124 to encourage the user 124 to remember the secret pattern 118 so that the user 124 enters a valid input pattern 112 that the verifier 116 determines to be approximately similar to the secret pattern 118.
  • the use of memory cues applies to displays based on grids 132 or display areas 140.
  • the memory cues are either static or interactive.
  • memory cues are either visual, auditory, or based on some other sensory medium accessible to the human senses.
  • the graphical interface 114 provides a visual memory cue by changing the cursor shape or color depending on where on the graphical interface 114 the user 124 locates the cursor or stylus.
  • the graphical interface 114 or the authenticator system 110 provides an auditory memory cue by playing a different piece of music for each image that the graphical interface 114 displays overlaying the grid 132 or the display area 140.
  • the graphical interface 114 provides a visual memory cue by changing the color or brightness of the image, or of part of the image, displayed to the user 124 depending on where the user 124 locates the cursor or stylus on the graphical interface 114.
  • the graphical interface 114 displays successive images to the user 124, wherein each image is determined dynamically based on the behavior and selections made by the user 124 when using a stylus or other input device to provide input to the graphical interface 114.
  • the graphical interface 114 zooms in on the image or magnifies a portion of the image, which is then in turn displayed to the user 124.
  • the graphical interface 114 zooms in on the image again. The graphical interface 114 repeats this process until the user 124 has completed entering an input pattern 112.
  • the graphical interface 114 displays a number of portals, such as doors, and the user 124 selects one of the portals. The graphical interface 114 then displays different images depending on which portal the user 124 selects.
  • the user 124 simulates entry through a door into another visual space, such as moving through one or more doors into one or more rooms in a building.
  • each door or portal represents a secret point 142 in the secret pattern 118.
  • each door or portal does not itself represent a secret point 142 in the secret pattern 118, but provides access to an image that includes one or more secret points 142.
  • the graphical interface 114 displays other visual metaphors and schemas that a user 124 follows when moving through a visual space, such as moving along a road or a path, or traveling in a vehicle, automobile, space craft, or water borne ship.
  • the graphical interface 114 displays other visual spaces or metaphors, as is known in the arts of computer graphics, computer and electronic games, and virtual reality.

Abstract

The system and method provides for the authentication of a user based on graphical input provided by the user. The user enters graphical input, such as a squiggle, into a graphical interface. A verifier compares the input pattern to a secret input pattern to determine if the two patterns are approximately similar in order to authenticate the user. Typically, the verifier uses an approximation parameter to determine if the input and secret patterns are similar. Once the verifier authenticates the user, the user is allowed access to a resource, such as a computer system, portable computer, software application running on a computer system or other hardware device.

Description

SYSTEM AND METHOD FOR AUTHENTICATING A USER
Field of the Invention
The invention relates generally to the field of security and authentication and, more particularly, to a system and method for using a graphic display to authenticate a user of a computer or other device.
Background of the Invention
Passwords have long been used to authenticate a user before providing access to a computer system or to some other device. They are easy to use and conceptually simple. They are probably the oldest and most common data security tool used in computing environments. Because they are generally alphanumeric in form and often closely related to words in natural language, passwords are relatively easy for users to remember. Typically, users can rapidly enter them through standard hardware peripherals such as keyboards. Nonetheless, in terms of their security properties, passwords have shortcomings. Typically, users derive their passwords from a limited portion of the lexicons in their native languages, making them easy to guess, particularly in automated computer attacks.
The vulnerability of passwords in computer systems is becoming increasingly problematic as computing and networking technologies aim to manage increasingly sensitive information. Consumers are beginning to use smart cards and other portable devices to carry digital cash. At the same time, corporations are making sensitive information more available on their networks and are employing digital signatures in committing to legally binding contracts. Hardware devices like smart cards and authentication tokens provide cryptographic authentication for such applications; but typically the cryptographic features of these devices are secured using passwords.
It is possible to broaden the distribution of passwords that are used in a system, and thereby strengthen the system by assigning randomly generated alphanumeric passwords to users. Even users with the most retentive memories, however, have difficulty remembering more than approximately seven alphanumeric characters. The total number of such seven character passwords is about 235«10n, which is too small to provide resistance against an automated computer attack on the password. Strong resistance to automated password attacks requires a password space on the order of about 2 «10 . This space corresponds to random, alphanumeric passwords of sixteen characters in length, which is too long for practical use by most users.
The difficulty users have in remembering enough password information to allow secure authentication is at odds with their ability to retain large amounts of other types of information in other contexts. A few examples of the other types of nonpassword data an individual may routinely remember are historical and personal events, the configuration of rooms in buildings, and the layout of city streets, not to mention the vocabulary and idioms of her native language. Some of that information may remain fixed in her memory over extended periods of time, even without frequent reinforcement. A number of researchers have investigated the use of such everyday information in connection with mnemonic systems as a replacement for passwords. One authentication approach exploits the ability of users to recognize faces. To authenticate herself in this system, a user is asked to identify a set of familiar faces from among a gallery of photographs. While conveniently universal, this system has large memory requirements for the storage of the photographs, and has relatively slow data entry time. Another proposed approach is based on the use of routes on a complex subway system, such as the Tokyo subway system, in connection with secrets, suggesting that users could retain relatively large amounts of information in this context. This approach has the advantage of mnemonic naturalness, but has a strong disadvantage in its idiosyncrasy because not all users live in cities with subway systems or use a subway frequently. A commercial system produced by Passlogix, Inc. of New York, New York effectively extends the mnemonic approach by allowing users to select from a range of mnemonic systems. Users can, for instance, choose to use an interface displaying a room containing a collection of valuables, and encode a password as a sequence of moves involving the hiding of these valuables in various locations around the room. This method of password entry appeals to a natural mnemonic device because it resembles the medieval system of the "memory palace," whereby scholars sought to archive data mentally in an imagined architectural space. By allowing the user to select a password herself, however, this approach is vulnerable to the problem of predictability that occurs with conventional password systems. Some passwords are more popular than others, since they are easier to remember. In one example, one-third of user-selected passwords could be found in the English dictionary. Similarly, in a mnemonic system, users are more likely to pick some sequences than others. In one example, a mnemonic system allows users to trade stocks; typically, the users will choose from among the most popular stocks, as these are the easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a substantial advantage by choosing Dow Jones stocks. In principle, if user passwords are formed as sufficiently long random sequences of moves, a mnemonic system will provide an adequate level of cryptographic security. Typically, mnemonic systems are not designed to facilitate user memorization of random sequences, and may not even enforce a minimum sequence length in user password entry. A mnemonic system may also be cumbersome in terms of the user interaction involved in entering a password, in some cases demanding an involved sequence of non-uniform mouse movements to enter the password into a computer system. Summary of the Invention One objective of a system constructed according to the invention is to provide graphic or visual passwords that users can remember easily and for a long duration. Another objective is to provide a password that a user can enter with a minimum of physical effort, such as by minimal mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic display. An additional objective is that the entry of the password should require minimal mental effort.
Another objective of the invention is to provide flexible password entry. Unlike computer memory, human memory is prone to inaccuracy. One objective is to accommodate likely user errors.
Another objective of the invention is to provide a system adaptable to computing environments with limited memory, power, and graphical display capabilities. In addition, a system constructed according to the invention should be useable with a range of hardware peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses.
In one aspect, the invention relates to a method for authenticating a user. The method includes determining a secret pattern, entering an input pattern from a user on a graphical interface, determining an approximation parameter that can be used to compare the secret pattern to the input pattern, comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter, and authenticating the user based on the comparison.
In one embodiment, the method includes displaying a portion of the secret pattern on the graphical interface to the user. In another embodiment, the method includes determining the portion to display based on a display parameter. In one embodiment, the method includes determining the secret pattern based on a grid. In another embodiment, the method includes selecting one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the method includes comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern. In one embodiment, the method includes entering the input pattern on a displayed grid on the graphical interface. In another embodiment, the method includes entering a squiggle. In a further embodiment, the squiggle includes a random shape. In another embodiment, the method includes entering a symbol. In another embodiment, the method includes entering a sketch. In another embodiment, the method includes selecting one or more points on each of a plurality of images displayed on the graphical interface.
In another embodiment, the method includes allowing access to a resource in response to the step of authenticating the user.
In one embodiment, the method includes generating a calculated value of the secret pattern, generating a calculated value of the input pattern, and comparing the calculated value of the secret pattern and the calculated value of the input pattern. In another embodiment, the method includes generating a hash of the secret pattern and generating a hash of the input pattern.
In another embodiment, the method includes determining one or more secret points located in a display area and determining one or more approximation regions associated with one or more secret points. In another embodiment, the method includes providing one or more memory cues to the user. In a further embodiment, the method includes providing one or more visual and/or auditory memory cues.
In another aspect, the invention relates to an authenticator for authenticating a user of a resource. The authenticator includes a graphical interface, a secret pattern, an input pattern, an approximation pattern, and a verifier. The graphical interface is capable of receiving graphical input from a user. The user enters the input pattern on the graphical interface. The approximation pattern can be used in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter. The verifier is in communication with the graphical interface and authenticates the user by comparing the secret pattern and the input pattern using the approximation parameter. In one embodiment, the graphical interface displays a portion of the secret pattern to the user. In another embodiment, the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
In one embodiment, the secret pattern is based on a grid. In another embodiment, the approximation parameter includes one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the input pattern includes an input sequence and the secret pattern includes a secret sequence, and the verifier compares the input sequence and the secret sequence.
In one embodiment, the graphical interface includes a displayed grid, and the user enters the input pattern on the displayed grid. In another embodiment, the input pattern includes a squiggle. In another embodiment, the squiggle includes a random shape. In another embodiment, the input pattern includes a symbol. In another embodiment, the input pattern includes a sketch.
In another embodiment, the user selects one or more points on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
In another embodiment, the verifier allows access to a resource in response to authenticating the user.
In one embodiment, the verifier generates a calculated value of the secret pattern, generates a calculated value of the input pattern, and compares the calculated value of the secret pattern and the calculated value of the input pattern.
In another embodiment, the verifier generates a hash of the secret pattern and a hash of the input pattern.
In another embodiment, the graphical interface determines one or more secret points located in a display area and one or more approximation regions associated with one or more secret points.
In one embodiment, the graphical interface provides one or more memory cues to the user. In a further embodiment, the graphical interface provides one or more visual and/or memory cues. Brief Descriptions of the Drawings The invention is pointed out with particularity in the appended claims. The above and further advantages of this invention may be better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates a functional block diagram of an authenticator system based on graphical input according to one embodiment of the invention.
FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention.
FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted squares or cells according to one embodiment of the invention. FIG. 4 provides a pictorial view of a grid and a secret pattern illustrated by connected line segments for one embodiment of the invention.
FIG. 5 provides a pictorial view of an input pattern that closely approximates the secret pattern illustrated in FIG. 4.
FIG. 6 provides a pictorial view of a partial display of the secret pattern illustrated in FIG. 4.
FIG. 7 provides a pictorial view of an approximation block of cells and an input pattern that is approximately similar to the secret pattern illustrated in FIG. 4.
FIG 8 provides a pictorial view of a display area, secret points located in the display area, approximation regions based on the secret points, and input points provided by a user, according to one embodiment of the invention.
Detailed Description of the Invention
FIG. 1 illustrates a functional block diagram of an authenticator system 110 including an input pattern 112, graphical interface 114, verifier 116, secret pattern 118, and approximation parameter 120. FIG. 1 also illustrates a user 124, who provides the input pattern 112 to the graphical interface 114, and a resource 126, which the verifier 116 allows the user 124 to access after verifying the input pattern 112 using the secret pattern 118 and the approximation parameter
120, as will be discussed in more detail later.
In one embodiment, the graphical interface 114 is a hardware device that provides a graphical display that can be viewed by the user 124 and which receives the input pattern 112 from the user 124. In another embodiment, the graphical interface 114 is a CRT (cathode ray tube) with a touch screen capability. In another embodiment, the graphical interface 114 is a flat screen device, such as a LCD (liquid crystal display) or an active-matrix display device with input capability. In one embodiment, the graphical interface 114 is a separate device that is electronically, optically, or otherwise in communication with the verifier 116. In another embodiment, the graphical interface 114 is integrated into another device, such as a computer system, laptop computer, palmtop computer, other portable computer, or portable cellular telephone. In other embodiments, the other device also includes the verifier 116 and/or resource 126.
In one embodiment, the verifier 116 is a software application executing on a general purpose computer system. In alternate embodiments, the verifier 116 is implemented as a software module, program, or one or more objects, such as objects implemented in the C programming language. In another embodiment, the verifier 116 is a hardware device or integrated chip, such as an ASIC (application-specific integrated circuit).
In one embodiment, the resource 126 is a computer system, a database, or other resource that the user 124 desires to employ. In another embodiment, the resource 126 provides computational resources or data that the user 124 would like to access. In another embodiment, the resource 126 is a physical location or entity that the user 124 desires to access or use, such as a room, a locked automobile, or the locked ignition mechanism for an automobile.
In another embodiment, the graphical interface 114, verifier 116, and resource 126 are all part of the same computer system, laptop computer, palmtop computer, or other portable computer. In another embodiment, the graphical interface 114, verifier 116, and resource 126 are separate computers or devices connected in a network, which may be a local network, or a global network, such as the Internet.
In one embodiment, the authenticator system 110 uses tolerance parameters. In the embodiment of FIG. 1, two tolerance parameters are shown, an approximation parameter 120 and a display parameter 122. In this context, a tolerance parameter provides a tolerance or limit for how much information the user 124 is given or how accurate the user's 124 input must be. The approximation parameter 120 indicates how close the input pattern 112 must be to the secret pattern 118 for the verifier 116 to consider the input pattern 112 to be approximately similar to the secret pattern 118. The display parameter 122 indicates how much of the secret pattern 118 is displayed to the user 124. The user provides an input pattern 112 that matches the undisplayed portion of the secret pattern 118. FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention. First, the verifier 116 determines a secret pattern 118 (step 200). In one embodiment, the verifier 116 determines a random pattern for the secret pattern 118. In another embodiment, the verifier 116 determines or calculates a pseudo-random pattern, or a secret pattern 118 based on a mathematical function. In other embodiments, the secret pattern 118 is provided to the verifier 116 from an external source, such as a database or a trusted authority, such as a server computer connected over a network to the verifier 116. The user receives or has access to the same secret pattern 118 or trusted authority.
Then the user 124 enters an input pattern 112 on the graphical interface 114 (step 202) in an attempt to match the secret pattern 118. In one embodiment, the user 124 is prompted with a portion of the secret pattern 118, which is displayed on the graphical interface 114 based on the display parameter 122. In one embodiment the display parameter 122 is a predetermined value obtained from a trusted authority, such as a server computer connected over a network to the graphical interface 114. In other embodiments, the graphical interface 114 or verifier 116 determines a random value for the display parameter 122 or uses a mathematical function to determine the display parameter 122.
Next, the verifier 116 determines an approximation parameter 120 (step 204). The verifier 116 uses the approximation parameter 120 to determine if the secret pattern 118 and input pattern 112 are approximately similar by comparing the secret pattern 118 and input pattern 112 (step 206). In one embodiment, the approximation parameter 120 is a predetermined value obtained from a trusted authority. In another embodiment, the verifier 116 determines the approximation parameter 120 using a mathematical function. In another embodiment, the approximation parameter 120 is determined before or concurrently with determining the display parameter 122. In one embodiment, the approximation pattern determines an approximation region 144 (see FIG. 8) that is circular, square, or some other shape.
In one embodiment, the verifier 116 compares the secret pattern 118 and input pattern 112 directly to verify that the two patterns are approximately similar. In another embodiment, the verifier 116 compares a calculated value for the secret pattern 118 with a calculated value for the input pattern 112. In one embodiment, the verifier 116 compares a hash of the secret pattern 118 with a hash of the input pattern 112. In another embodiment the verifier 116 generates a hash of the secret pattern 118 and stores this secret hash in a storage media, such as a hard disk, associated with the verifier 116 or authenticator system 110. In another embodiment, this verifier 116 stores the secret hash in a memory element, such as a ROM or RAM, associated with the verifier 116 or authenticator system 110. In another embodiment, the verifier 116 obtains the secret pattern 118 or secret hash over a network or secure channel. In a further embodiment, the verifier 116 compares a fuzzy or approximate value for the secret pattern 118 with a fuzzy or approximate value for the input pattern 112.
If the verifier 116 finds that the secret pattern 118 and the input pattern 112 are approximately similar, then the verifier 116 authenticates the user 124 (step 208) and allows the user 124 to access the resource 126.
FIG. 3 is a pictorial illustration of a grid 132 and a secret pattern 118 indicated by six highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132. In one embodiment, the graphical interface 114 displays to the user 124 the grid 132, wherein each square or cell in the grid 132 has a different color or shade. In another embodiment the grid 132 also displays a recognizable image, such as a photograph. In other embodiments, the grid 132 is not square but is a rectangle or other geometric form or shape. In one embodiment, the grid 132 is a square matrix where each side of the grid 112 has k cells, and the matrix is referred to as a k by k grid 132.
In one embodiment, the secret pattern 118 consists of a randomly selected sequence X = Xi, x2, ..., xn of n squares or cells in the grid 132 as illustrated by cells 13, 20, 26, 41, 49 and 63 in FIG. 3, where n has a value of 6. In another embodiment, the secret pattern 118 is a random squiggle that the user 124 must draw to within a certain tolerance, as described below. In other embodiments, the secret pattern 118 is a letter, number, or other symbol.
In the embodiment shown in FIG. 3, the grid 132 is a 10 by 8 matrix of 80 cells indicated by cell numbers 1 through 80. The use of a 10 by 8 matrix is exemplary only and is not a requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric shapes may be used. In one embodiment, the user 124 provides an input pattern 112 by selecting the same points on the grid 132 in the same numerical sequence as the secret pattern 118, as indicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3. In another embodiment, the secret pattern 118 includes a secret sequence indicating the order for entering the cells of the input pattern 112. For example, the required or secret sequence for the secret pattern 118 may be 26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence of the input pattern 112 on the graphical interface 114 before the verifier 116 determines that there is a match between the secret pattern 118 and the input pattern 112.
FIG. 4 is a pictorial illustration of a grid 132 and a secret pattern 118a. In FIG. 4 the secret pattern 118a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60. The secret pattern 118a shown in FIG. 4 is exemplary only. The secret pattern 118a is shown as a path extending generally from left to right, but this is not a requirement of the invention. Generally, the invention does not require a secret pattern 118 that tends in any one direction or forms any particular type of pattern. In alternate embodiments, the secret pattern 118 may be a random pattern, a pseudo-random pattern, or a pattern determined by a mathematical function. In FIG. 4 the secret pattern 118a is indicated by connecting lines. In other embodiments, the secret pattern 118a is indicated by curved lines, by a list of cell numbers, or other mechanism that indicates a unique secret pattern 118 in the grid 132.
FIG. 5 illustrates the grid 132 and the secret pattern 118a of FIG. 4 along with an input pattern 112a that a user 124 has entered that closely approximates the secret pattern 118a. The input pattern 112a touches the same cells in the grid 132 as the secret pattern 118a. In one embodiment, the verifier 116 determines that the input pattern 112a is approximately similar to the secret pattern 118a by determining that the two patterns 112a, 118a touch the same cells.
In one embodiment using a display parameter 122, the graphical interface 114 displays to the user 124 the first h squares in the sequence, xls x2, ..., xn in a secret pattern 118. The value h is the display parameter 122 indicating that the graphical interface 114 displays only h squares of the secret pattern 118 to the user 124.
For example, FIG. 6 illustrates a displayed portion 134 of the secret pattern 118a of FIG. 4, for one embodiment of the invention. In this embodiment, h, the display parameter 122 has a value of 3, and the graphical interface 114 displays only the first three cells 31, 22, 33 of the secret pattern 118a. The user 124 must then enter an input pattern 112 that corresponds to the undisplayed portion of the secret pattern 118a. In other embodiments, the display parameter 122 may have values other than 3, and the displayed portion 134 may be based on cells other than the first cells of the secret pattern 118, such as cells in the middle of the pattern 118, cells at the end of the pattern 118 or a selected number of cells determined by other methods. In another embodiment, the graphical interface 114 displays to the user 124 cells from two or more separate portions of the secret pattern 118. In one embodiment using the approximation parameter 120, the user 124 must select a square within an rxr block centered around xn+l5 then xn+2, etc., through xn to authenticate herself. The value r is the approximation parameter 120. The probability p that a guessed sequence X' is correct is easily seen to be (r/k)2n"2k. Thus if k = 100, r = 5, n = 10, and h = 2, then p * 10"19. For example, in one embodiment, FIG. 7 illustrates the grid 132 with an approximation block 136 and an input pattern 112b that approximately matches the secret pattern 118a. In one embodiment, the approximation parameter 120 has a value of 3 and one cell of the input pattern 112b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a cell of the secret pattern 118a. The approximation block 136 illustrated in FIG. 7 is exemplary only, and an approximation block 136 may be centered or located at different cells on a secret pattern 118. For example, a 3 by 3 approximation block 136 centered on a central cell 22 of the secret pattern 118a includes cells 11, 12, 13, 21, 22, 23, 31, 32, and 33. Thus, in FIG. 7 cells 21 and 12 of the input pattern 112b do not match cells 31 and 22 of the secret pattern 118a, but the verifier 116 considers cells 21 and 12 to be close enough to the secret pattern 118a because they are within the approximation block 136 centered on cell 22. In general, in other embodiments, the approximation block 136 is adjusted for special conditions such as cells at the edges and corners of the grid 132. For example, the approximation block 136 may be enlarged or otherwise changed if the central cell of the block 136 is at the edge or corner of the grid 132. If a central cell, such as 31, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted appropriately. Thus the 3 by 3 block centered on cell 31 is set to a 2 by 3 block of the cells 21, 22, 31, 32, 41, and 42. In other embodiments, the approximation block 136 is adjusted in other ways, such as giving the approximation block 136 different sizes at different points in the secret pattern 112b. In general, the invention does not require the approximation block 136 to outline a square or rectangular shape, and, in other embodiments, the approximation block 136 outlines other geometric shapes.
FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, referred to generally as 144, and input points 146a, 146b, 146c, 146d, 146e, referred to generally as 146, for one embodiment of the invention. The display area 140 is a visual area of the graphical interface 114 that the graphical interface 114 displays to a user 124. In other embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other geometric form or shape. The secret points 142a through 142e are part of a secret pattern 118 that is not displayed to the user 124 in one embodiment of the invention. The invention does not require that there be any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and in other embodiments, other numbers of secret points 142 may be used in the secret pattern 118. In another embodiment, the graphical interface 114 displays one or more points 142 of the secret pattern 118 on the display area 140 to the user 124 based on a display parameter 122. In one embodiment, the display parameter 122 indicates a value for the number of secret points 142 to be displayed. For example, if the display parameter 122 has a value of 2, then the graphical interface 114 displays two points, such as 142a and 142d, to the user 124. The invention does not require that the displayed secret points 142 be adjacent to each other or in any serial order. For a given display parameter 122 value, different secret points 142 may be selected to be displayed at different times.
In one embodiment, the graphical interface 114 displays an image or photograph that overlays the display area 140. If the graphical interface 114 displays an image or photograph, then in one embodiment the input points 146 are not displayed to the user 124. In another embodiment, the graphical interface 114 highlights or changes portions of the image corresponding to the locations of the input points 146. If a display parameter 122 is used, then the graphical interface 114 highlights portions of the image in the display area 140 that correspond to the one or more secret points 142 selected to be displayed based on the display parameter 122.
The input points 146 represent an input pattern 112 that the user 124 enters on the graphical interface 114. In one embodiment, the approximation regions 144 are regions within which the user 124 must make her selections of input points 146 for the verifier 116 to verify that the user 124 has entered a valid input pattern 112. Typically the approximation regions 144 are not displayed to the user 124. In FIG. 8 the input points 146 are represented by crosshairs or crossed lines, for one embodiment of the invention. In other embodiments, the input points 146 are represented by other geometric shapes, points, or symbols. In one embodiment, the user 124 must enter the input points 146 in a predetermined sequence, such as providing input points 142 to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another embodiment, the user 124 enters the input points 146 in any sequence. In other embodiments, the approximations regions 144 are shapes other than the circles shown in FIG. 8. In other embodiments, the approximation regions 144 are of different sizes for different secret points 142.
In one embodiment, each input point 146 must be touching or within the approximation region 144. In another embodiment, one or more input points 146 are allowed to be outside the approximation regions 144 based on the approximation parameter 120, and the verifier 116 still determines that the input pattern and secret pattern 118 are approximately similar if most of the input points 146 are within the approximation regions 144. In another embodiment, the approximation parameter 120 determines the size of the approximation regions 144. In one embodiment, the graphical interface 114 alters the shape of the approximation region 144 for one or more secret points 142. For example, if a secret point 142 is close to the edge of the display area 140, then part of the approximation region 144 for that secret point 142 is truncated by the boundary of the display area 140. The graphical interface 114 may alter the approximation region 144 in other ways. In one embodiment, the graphical interface 114 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is partially truncated by the edge of the display area 140. In another embodiment, the graphical interface 114 determines only one approximation region, such as an ellipse or other shape, for two or more secret points 142 located close to each other.
In one embodiment, the secret points 142 are any points that can be determined in the display area 140. In another embodiment, the graphical interface 114 displays the display area 140 using pixels, and each secret point 142 is a pixel. In another embodiment, the approximation region 144 is based on a predetermined pixel-distance tolerance.
In one embodiment, the graphical interface 114 displays memory cues to the user 124 to encourage the user 124 to remember the secret pattern 118 so that the user 124 enters a valid input pattern 112 that the verifier 116 determines to be approximately similar to the secret pattern 118. The use of memory cues applies to displays based on grids 132 or display areas 140. The memory cues are either static or interactive. In addition, memory cues are either visual, auditory, or based on some other sensory medium accessible to the human senses.
In one embodiment, the graphical interface 114 provides a visual memory cue by changing the cursor shape or color depending on where on the graphical interface 114 the user 124 locates the cursor or stylus. In another embodiment, the graphical interface 114 or the authenticator system 110 provides an auditory memory cue by playing a different piece of music for each image that the graphical interface 114 displays overlaying the grid 132 or the display area 140.
In another embodiment, the graphical interface 114 provides a visual memory cue by changing the color or brightness of the image, or of part of the image, displayed to the user 124 depending on where the user 124 locates the cursor or stylus on the graphical interface 114.
In one embodiment, the graphical interface 114 displays successive images to the user 124, wherein each image is determined dynamically based on the behavior and selections made by the user 124 when using a stylus or other input device to provide input to the graphical interface 114. In one embodiment, when the user 124 selects an input point 146 in a displayed image, the graphical interface 114 zooms in on the image or magnifies a portion of the image, which is then in turn displayed to the user 124. When the user 124 selects another input point 146, then the graphical interface 114 zooms in on the image again. The graphical interface 114 repeats this process until the user 124 has completed entering an input pattern 112. In another embodiment, the graphical interface 114 displays a number of portals, such as doors, and the user 124 selects one of the portals. The graphical interface 114 then displays different images depending on which portal the user 124 selects. In one embodiment, the user 124 simulates entry through a door into another visual space, such as moving through one or more doors into one or more rooms in a building. In one embodiment, each door or portal represents a secret point 142 in the secret pattern 118. In another embodiment, each door or portal does not itself represent a secret point 142 in the secret pattern 118, but provides access to an image that includes one or more secret points 142.
In another embodiment, the graphical interface 114 displays other visual metaphors and schemas that a user 124 follows when moving through a visual space, such as moving along a road or a path, or traveling in a vehicle, automobile, space craft, or water borne ship. In other embodiments, the graphical interface 114 displays other visual spaces or metaphors, as is known in the arts of computer graphics, computer and electronic games, and virtual reality.
Having described the preferred embodiments of the invention, it will now become apparent to one of skill in the art that other embodiments incorporating the concepts may be used. It is felt, therefore, that these embodiments should not be limited to disclosed embodiments but rather should be limited only by the spirit and scope of the following claims.

Claims

CLAIMS What is claimed is: 1. A method for authenticating a user, the steps comprising: determining a secret pattern; entering an input pattern from a user on a graphical interface; determining an approximation parameter for use in comparing the secret pattern and the input pattern from the user; comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter; and authenticating the user based on the comparing step.
2. The method of claim 1 , further comprising a step of displaying a portion of the secret pattern on the graphical interface to the user.
3. The method of claim 2, wherein the step of displaying the portion of the secret pattern comprises determining the portion to display based on a display parameter.
4. The method of claim 1, wherein the step of determining the secret pattern comprises determining the secret pattern based on a grid.
5. The method of claim 4, wherein the step of determining the approximation parameter comprises selecting at least one block of cells in the grid based on the secret pattern.
6. The method of claim 1 , wherein the step of comparing the input pattern and the secret pattern comprises comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern.
7. The method of claim 1 , wherein the step of entering the input pattern comprises entering the input pattern on a displayed grid on the graphical interface.
8. The method of claim 1 , wherein the step of entering the input pattern comprises entering a squiggle.
9. The method of claim 8, wherein the squiggle comprises a random shape.
10. The method of claim 1 , wherein the step of entering the input pattern comprises entering a symbol.
11 The method of claim 10, wherein the symbol comprises at least one of a letter and a number.
12. The method of claim 1 , wherein the step of entering an input pattern comprises entering a sketch.
13. The method of claim 1 , wherein the step of entering the input pattern further comprises selecting at least one point on each of a plurality of images displayed on the graphical interface.
14. The method of claim 1 , further comprising a step of allowing access to a resource in response to the step of authenticating the user.
15. The method of claim 14, wherein the step of allowing access to the resource comprises allowing access to at least one of a hardware device, a computer system, a portable computer, a software application, and a database.
16. The method of claim 1 , further comprising steps of generating a calculated value of the secret pattern and generating a calculated value of the input pattern; and wherein the step of comparing the secret pattern and the input pattern comprises comparing the calculated value of the secret pattern and the calculated value of the input pattern.
17. The method of claim 16, wherein the step of generating the calculated value of the secret pattern comprises generating a hash of the secret pattern and the step of generating the calculated value of the input pattern comprises generating a hash of the input pattern.
18. The method of claim 1 , wherein the step of determining the secret pattern comprises determining at least one secret point located in a display area and determining at least one approximation region associated with the at least one secret point.
19. The method of claim 1, further comprising a step of providing at least one memory cue to the user.
20. The method of claim 19, wherein the step of providing at least one memory cue to the user comprises providing at least one of a visual memory cue and an auditory memory cue.
21. An authenticator for authenticating a user of a resource, comprising: a graphical interface capable of receiving graphical input from a user; a secret pattern; an input pattern entered on the graphical interface by the user; an approximation parameter for use in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter; and a verifier in communication with the graphical interface, the verifier authenticating the user by comparing the secret pattern and input pattern using the approximation parameter.
22. The authenticator of claim 21, wherein the graphical interface displays a portion of the secret pattern to the user.
23. The authenticator of claim 22, wherein the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
24. The authenticator of claim 21 , wherein the secret pattern is based on a grid.
25. The authenticator of claim 24, wherein the approximation parameter comprises at least one block of cells in the grid based on the secret pattern.
26. The authenticator of claim 21 , wherein the input pattern comprises an input sequence and the secret pattern comprises a secret sequence, and the verifier compares the input sequence and the secret sequence.
27. The authenticator of claim 21, wherein the graphical interface comprises a displayed grid and the user enters the input pattern on the displayed grid.
28. The authenticator of claim 21 , wherein the input pattern comprises a squiggle.
29. The authenticator of claim 28, wherein the squiggle comprises a random shape.
30. The authenticator of claim 21 , wherein the input pattern comprises a symbol.
31. The authenticator of claim 30, wherein the symbol comprises at least one of a letter and a number.
32. The authenticator of claim 21 , wherein the input pattern comprises a sketch.
33. The authenticator of claim 21 wherein the user selects at least one point on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
34. The authenticator of claim 21, wherein the verifier allows access to a resource in response to authenticating the user.
35. The authenticator of claim 34, wherein the resource comprises at least one of a hardware device, a computer system, a portable computer, a software application, and a database.
36. The authenticator of claim 21, wherein the verifier generates a calculated value of the secret pattern and a calculated value of the input pattern; and compares the calculated value of the secret pattern and the calculated value of the input pattern.
37. The authenticator of claim 36, wherein the verifier generates a hash of the secret pattern and a hash of the input pattern.
38. The authenticator of claim 21, wherein the graphical interface determines at least one secret point located in a display area and at least one approximation region associated with the at least one secret point.
39. The authenticator of claim 21, wherein the graphical interface provides at least one memory cue to the user.
40. The authenticator of claim 39, wherein the graphical interface provides at least one of a visual memory cue and an auditory memory cue.
PCT/US2001/010498 2000-04-07 2001-04-02 System and method for authenticating a user WO2001077792A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001251202A AU2001251202A1 (en) 2000-04-07 2001-04-02 System and method for authenticating a user

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US54480900A 2000-04-07 2000-04-07
US09/544,809 2000-04-07

Publications (2)

Publication Number Publication Date
WO2001077792A2 true WO2001077792A2 (en) 2001-10-18
WO2001077792A3 WO2001077792A3 (en) 2003-01-30

Family

ID=24173684

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/010498 WO2001077792A2 (en) 2000-04-07 2001-04-02 System and method for authenticating a user

Country Status (2)

Country Link
AU (1) AU2001251202A1 (en)
WO (1) WO2001077792A2 (en)

Cited By (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003048909A2 (en) 2001-12-04 2003-06-12 Applied Neural Computing, L.L.C. Validating the identity of a user using a pointing device
WO2003054656A2 (en) * 2001-12-12 2003-07-03 Intel Corporation Providing a user input interface prior to initiation of an operating system
EP1345106A2 (en) * 2002-03-15 2003-09-17 Hewlett-Packard Company Systems and methods for authenticating a user for a computing device
WO2004001560A1 (en) * 2002-06-19 2003-12-31 Nokia Corporation Method of deactivating lock, and portable electronic device
EP1380915A2 (en) * 2002-07-10 2004-01-14 Samsung Electronics Co., Ltd. Computer access control
WO2005040998A1 (en) * 2003-09-30 2005-05-06 British Telecommunications Public Limited Company Method and system for authenticating a user
WO2006042417A1 (en) * 2004-10-20 2006-04-27 Mary Louise Jackson Graphical interface for repetitive data entry and data visualization
WO2007098569A1 (en) 2006-03-01 2007-09-07 Norman Frank Goertzen Method and system for securing interface access via visual array paths in combination with hidden operators
EP1845469A1 (en) * 2006-04-12 2007-10-17 Siemens Aktiengesellschaft Authentification method and system
US7292230B2 (en) 2002-09-20 2007-11-06 Nokia Corporation Method of deactivating device lock state, and electronic device
CN100350368C (en) * 2004-09-24 2007-11-21 明基电通股份有限公司 Lock method of touch screen
US7376899B2 (en) 2003-06-19 2008-05-20 Nokia Corporation Method and system for producing a graphical password, and a terminal device
EP2104052A1 (en) * 2008-03-19 2009-09-23 British Telecommunications Public Limited Company Authentication system and method
WO2009142618A1 (en) * 2008-05-19 2009-11-26 Hewlett-Packard Development Company, L.P. Systems and methods for supporting pre-boot log in
EP2130154A1 (en) * 2007-03-28 2009-12-09 Computime, Ltd. Security capability with an input device
US7689831B2 (en) 2004-08-30 2010-03-30 Passrules Canadian Security Inc. Method and system for securing interface access via visual array paths in combination with hidden operators
WO2009145540A3 (en) * 2008-05-29 2010-10-14 Neople, Inc. Apparatus and method for inputting password using game
EP2260429A2 (en) * 2008-02-20 2010-12-15 Microsoft Corporation Sketch-based password authentication
EP2299381A1 (en) * 2005-12-23 2011-03-23 Apple Inc. Unlocking a device by performing gestures on an unlock image
EP2441209A1 (en) * 2010-07-01 2012-04-18 Tata Consultancy Services Ltd. System for two way authentication
US8174503B2 (en) 2008-05-17 2012-05-08 David H. Cain Touch-based authentication of a mobile device through user generated pattern creation
US8209606B2 (en) 2007-01-07 2012-06-26 Apple Inc. Device, method, and graphical user interface for list scrolling on a touch-screen display
WO2012085378A1 (en) * 2010-12-23 2012-06-28 Morpho Method for enabling authentication or identification, and related verification system
US8224887B2 (en) 2003-03-26 2012-07-17 Authenticatid, Llc System, method and computer program product for authenticating a client
GB2488944A (en) * 2008-05-19 2012-09-12 Hewlett Packard Development Co Using a soft keyboard when a pre-boot password is entered incorrectly
US8429557B2 (en) 2007-01-07 2013-04-23 Apple Inc. Application programming interfaces for scrolling operations
US20130123007A1 (en) * 2006-11-14 2013-05-16 Igt Behavioral biometrics for authentication in computing environments
US8458485B2 (en) 2009-06-17 2013-06-04 Microsoft Corporation Image-based unlock functionality on a computing device
US8528072B2 (en) 2010-07-23 2013-09-03 Apple Inc. Method, apparatus and system for access mode control of a device
US8650636B2 (en) 2011-05-24 2014-02-11 Microsoft Corporation Picture gesture authentication
US8782775B2 (en) 2007-09-24 2014-07-15 Apple Inc. Embedded authentication systems in an electronic device
US9128614B2 (en) 2010-11-05 2015-09-08 Apple Inc. Device, method, and graphical user interface for manipulating soft keyboards
US9146673B2 (en) 2010-11-05 2015-09-29 Apple Inc. Device, method, and graphical user interface for manipulating soft keyboards
US9213822B2 (en) 2012-01-20 2015-12-15 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US9285908B2 (en) 2009-03-16 2016-03-15 Apple Inc. Event recognition
US9298363B2 (en) 2011-04-11 2016-03-29 Apple Inc. Region activation for touch sensitive surface
US9311112B2 (en) 2009-03-16 2016-04-12 Apple Inc. Event recognition
US9323335B2 (en) 2008-03-04 2016-04-26 Apple Inc. Touch event model programming interface
US9361447B1 (en) 2014-09-04 2016-06-07 Emc Corporation Authentication based on user-selected image overlay effects
US9389712B2 (en) 2008-03-04 2016-07-12 Apple Inc. Touch event model
US9483121B2 (en) 2009-03-16 2016-11-01 Apple Inc. Event recognition
US9529519B2 (en) 2007-01-07 2016-12-27 Apple Inc. Application programming interfaces for gesture operations
USRE46301E1 (en) * 2005-03-08 2017-02-07 Microsoft Technology Licensing, Llc Image or pictographic based computer login systems and methods
US9614671B2 (en) 2011-12-02 2017-04-04 Barclays Bank Plc User access control based on a graphical signature
US9626073B2 (en) 2002-03-19 2017-04-18 Facebook, Inc. Display navigation
US9684521B2 (en) 2010-01-26 2017-06-20 Apple Inc. Systems having discrete and continuous gesture recognizers
US9733716B2 (en) 2013-06-09 2017-08-15 Apple Inc. Proxy gesture recognizer
EP3232373A1 (en) * 2016-03-01 2017-10-18 Politechnika Gdanska Method and system for verification of user identity in information technology systems, in particular in banking systems
US9798459B2 (en) 2008-03-04 2017-10-24 Apple Inc. Touch event model for web pages
US10216408B2 (en) 2010-06-14 2019-02-26 Apple Inc. Devices and methods for identifying user interface objects based on view hierarchy
EP2070234B1 (en) * 2006-09-07 2020-05-06 Orange Securing of code for personal entity
US10963142B2 (en) 2007-01-07 2021-03-30 Apple Inc. Application programming interfaces for scrolling
US11165963B2 (en) 2011-06-05 2021-11-02 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
EP3980910A4 (en) * 2019-06-05 2023-07-26 Throughputer, Inc. Graphic pattern-based passcode generation and authentication
US11893463B2 (en) 2019-03-07 2024-02-06 Throughputer, Inc. Online trained object property estimator

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0677801A1 (en) * 1994-04-04 1995-10-18 AT&T Corp. Graphical password
WO1996018139A1 (en) * 1994-12-08 1996-06-13 Philips Electronics N.V. Security code input
FR2765979A1 (en) * 1997-07-08 1999-01-15 Jacques Rivailler INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL
EP0901060A2 (en) * 1997-09-05 1999-03-10 Fujitsu Limited Secure data control apparatus and method
WO1999021073A1 (en) * 1997-10-23 1999-04-29 Casio Computer Co., Ltd. Checking device and recording medium for checking the identification of an operator

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0677801A1 (en) * 1994-04-04 1995-10-18 AT&T Corp. Graphical password
WO1996018139A1 (en) * 1994-12-08 1996-06-13 Philips Electronics N.V. Security code input
FR2765979A1 (en) * 1997-07-08 1999-01-15 Jacques Rivailler INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL
EP0901060A2 (en) * 1997-09-05 1999-03-10 Fujitsu Limited Secure data control apparatus and method
WO1999021073A1 (en) * 1997-10-23 1999-04-29 Casio Computer Co., Ltd. Checking device and recording medium for checking the identification of an operator

Cited By (145)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003048909A3 (en) * 2001-12-04 2004-05-13 Applied Neural Computing L L C Validating the identity of a user using a pointing device
WO2003048909A2 (en) 2001-12-04 2003-06-12 Applied Neural Computing, L.L.C. Validating the identity of a user using a pointing device
US7715600B2 (en) 2001-12-04 2010-05-11 Applied Neural Technologies Limited System for and method of web signature recognition system based on object map
KR100737659B1 (en) * 2001-12-12 2007-07-09 인텔 코오퍼레이션 Providing a user input interface prior to initiation of an operating system
WO2003054656A2 (en) * 2001-12-12 2003-07-03 Intel Corporation Providing a user input interface prior to initiation of an operating system
WO2003054656A3 (en) * 2001-12-12 2004-02-19 Intel Corp Providing a user input interface prior to initiation of an operating system
US7849301B2 (en) 2001-12-12 2010-12-07 Intel Corporation Providing a user input interface prior to initiation of an operating system
EP1345106A3 (en) * 2002-03-15 2003-12-17 Hewlett-Packard Company Systems and methods for authenticating a user for a computing device
EP1345106A2 (en) * 2002-03-15 2003-09-17 Hewlett-Packard Company Systems and methods for authenticating a user for a computing device
US9886163B2 (en) 2002-03-19 2018-02-06 Facebook, Inc. Constrained display navigation
US10365785B2 (en) 2002-03-19 2019-07-30 Facebook, Inc. Constraining display motion in display navigation
US10055090B2 (en) 2002-03-19 2018-08-21 Facebook, Inc. Constraining display motion in display navigation
US9626073B2 (en) 2002-03-19 2017-04-18 Facebook, Inc. Display navigation
US9678621B2 (en) 2002-03-19 2017-06-13 Facebook, Inc. Constraining display motion in display navigation
US9753606B2 (en) 2002-03-19 2017-09-05 Facebook, Inc. Animated display navigation
US9851864B2 (en) 2002-03-19 2017-12-26 Facebook, Inc. Constraining display in display navigation
WO2004001560A1 (en) * 2002-06-19 2003-12-31 Nokia Corporation Method of deactivating lock, and portable electronic device
US7453443B2 (en) 2002-06-19 2008-11-18 Nokia Corporation Method of deactivating lock and portable electronic device
EP1380915A3 (en) * 2002-07-10 2004-12-15 Samsung Electronics Co., Ltd. Computer access control
EP1380915A2 (en) * 2002-07-10 2004-01-14 Samsung Electronics Co., Ltd. Computer access control
US7292230B2 (en) 2002-09-20 2007-11-06 Nokia Corporation Method of deactivating device lock state, and electronic device
US8224887B2 (en) 2003-03-26 2012-07-17 Authenticatid, Llc System, method and computer program product for authenticating a client
US7376899B2 (en) 2003-06-19 2008-05-20 Nokia Corporation Method and system for producing a graphical password, and a terminal device
WO2005040998A1 (en) * 2003-09-30 2005-05-06 British Telecommunications Public Limited Company Method and system for authenticating a user
US7689831B2 (en) 2004-08-30 2010-03-30 Passrules Canadian Security Inc. Method and system for securing interface access via visual array paths in combination with hidden operators
CN100350368C (en) * 2004-09-24 2007-11-21 明基电通股份有限公司 Lock method of touch screen
WO2006042417A1 (en) * 2004-10-20 2006-04-27 Mary Louise Jackson Graphical interface for repetitive data entry and data visualization
USRE46301E1 (en) * 2005-03-08 2017-02-07 Microsoft Technology Licensing, Llc Image or pictographic based computer login systems and methods
USRE47518E1 (en) 2005-03-08 2019-07-16 Microsoft Technology Licensing, Llc Image or pictographic based computer login systems and methods
US11669238B2 (en) 2005-12-23 2023-06-06 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8046721B2 (en) 2005-12-23 2011-10-25 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8694923B2 (en) 2005-12-23 2014-04-08 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8745544B2 (en) 2005-12-23 2014-06-03 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8286103B2 (en) 2005-12-23 2012-10-09 Apple Inc. Unlocking a device by performing gestures on an unlock image
US11086507B2 (en) 2005-12-23 2021-08-10 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8209637B2 (en) 2005-12-23 2012-06-26 Apple Inc. Unlocking a device by performing gestures on an unlock image
EP2299381A1 (en) * 2005-12-23 2011-03-23 Apple Inc. Unlocking a device by performing gestures on an unlock image
US10754538B2 (en) 2005-12-23 2020-08-25 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8527903B2 (en) 2005-12-23 2013-09-03 Apple Inc. Unlocking a device by performing gestures on an unlock image
US10078439B2 (en) 2005-12-23 2018-09-18 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8640057B2 (en) 2005-12-23 2014-01-28 Apple Inc. Unlocking a device by performing gestures on an unlock image
US8627237B2 (en) 2005-12-23 2014-01-07 Apple Inc. Unlocking a device by performing gestures on an unlock image
WO2007098569A1 (en) 2006-03-01 2007-09-07 Norman Frank Goertzen Method and system for securing interface access via visual array paths in combination with hidden operators
EP1845469A1 (en) * 2006-04-12 2007-10-17 Siemens Aktiengesellschaft Authentification method and system
EP2070234B1 (en) * 2006-09-07 2020-05-06 Orange Securing of code for personal entity
US20130123007A1 (en) * 2006-11-14 2013-05-16 Igt Behavioral biometrics for authentication in computing environments
US9519762B2 (en) * 2006-11-14 2016-12-13 Igt Behavioral biometrics for authentication in computing environments
US8365090B2 (en) 2007-01-07 2013-01-29 Apple Inc. Device, method, and graphical user interface for zooming out on a touch-screen display
US9448712B2 (en) 2007-01-07 2016-09-20 Apple Inc. Application programming interfaces for scrolling operations
US8312371B2 (en) 2007-01-07 2012-11-13 Apple Inc. Device and method for screen rotation on a touch-screen display
US10817162B2 (en) 2007-01-07 2020-10-27 Apple Inc. Application programming interfaces for scrolling operations
US10613741B2 (en) 2007-01-07 2020-04-07 Apple Inc. Application programming interface for gesture operations
US9619132B2 (en) 2007-01-07 2017-04-11 Apple Inc. Device, method and graphical user interface for zooming in on a touch-screen display
US8255798B2 (en) 2007-01-07 2012-08-28 Apple Inc. Device, method, and graphical user interface for electronic document translation on a touch-screen display
US10606470B2 (en) 2007-01-07 2020-03-31 Apple, Inc. List scrolling and document translation, scaling, and rotation on a touch-screen display
US8661363B2 (en) 2007-01-07 2014-02-25 Apple Inc. Application programming interfaces for scrolling operations
US10963142B2 (en) 2007-01-07 2021-03-30 Apple Inc. Application programming interfaces for scrolling
US10983692B2 (en) 2007-01-07 2021-04-20 Apple Inc. List scrolling and document translation, scaling, and rotation on a touch-screen display
US9665265B2 (en) 2007-01-07 2017-05-30 Apple Inc. Application programming interfaces for gesture operations
US10481785B2 (en) 2007-01-07 2019-11-19 Apple Inc. Application programming interfaces for scrolling operations
US8209606B2 (en) 2007-01-07 2012-06-26 Apple Inc. Device, method, and graphical user interface for list scrolling on a touch-screen display
US9575648B2 (en) 2007-01-07 2017-02-21 Apple Inc. Application programming interfaces for gesture operations
US9037995B2 (en) 2007-01-07 2015-05-19 Apple Inc. Application programming interfaces for scrolling operations
US11886698B2 (en) 2007-01-07 2024-01-30 Apple Inc. List scrolling and document translation, scaling, and rotation on a touch-screen display
US9052814B2 (en) 2007-01-07 2015-06-09 Apple Inc. Device, method, and graphical user interface for zooming in on a touch-screen display
US11269513B2 (en) 2007-01-07 2022-03-08 Apple Inc. List scrolling and document translation, scaling, and rotation on a touch-screen display
US9529519B2 (en) 2007-01-07 2016-12-27 Apple Inc. Application programming interfaces for gesture operations
US8429557B2 (en) 2007-01-07 2013-04-23 Apple Inc. Application programming interfaces for scrolling operations
US9760272B2 (en) 2007-01-07 2017-09-12 Apple Inc. Application programming interfaces for scrolling operations
US10175876B2 (en) 2007-01-07 2019-01-08 Apple Inc. Application programming interfaces for gesture operations
US11461002B2 (en) 2007-01-07 2022-10-04 Apple Inc. List scrolling and document translation, scaling, and rotation on a touch-screen display
US11449217B2 (en) 2007-01-07 2022-09-20 Apple Inc. Application programming interfaces for gesture operations
EP2130154A4 (en) * 2007-03-28 2011-07-06 Computime Ltd Security capability with an input device
EP2130154A1 (en) * 2007-03-28 2009-12-09 Computime, Ltd. Security capability with an input device
US9128601B2 (en) 2007-09-24 2015-09-08 Apple Inc. Embedded authentication systems in an electronic device
US9495531B2 (en) 2007-09-24 2016-11-15 Apple Inc. Embedded authentication systems in an electronic device
US9953152B2 (en) 2007-09-24 2018-04-24 Apple Inc. Embedded authentication systems in an electronic device
US9329771B2 (en) 2007-09-24 2016-05-03 Apple Inc Embedded authentication systems in an electronic device
US9304624B2 (en) 2007-09-24 2016-04-05 Apple Inc. Embedded authentication systems in an electronic device
US9250795B2 (en) 2007-09-24 2016-02-02 Apple Inc. Embedded authentication systems in an electronic device
US10275585B2 (en) 2007-09-24 2019-04-30 Apple Inc. Embedded authentication systems in an electronic device
US9134896B2 (en) 2007-09-24 2015-09-15 Apple Inc. Embedded authentication systems in an electronic device
US10956550B2 (en) 2007-09-24 2021-03-23 Apple Inc. Embedded authentication systems in an electronic device
US8782775B2 (en) 2007-09-24 2014-07-15 Apple Inc. Embedded authentication systems in an electronic device
US11468155B2 (en) 2007-09-24 2022-10-11 Apple Inc. Embedded authentication systems in an electronic device
US9519771B2 (en) 2007-09-24 2016-12-13 Apple Inc. Embedded authentication systems in an electronic device
US8943580B2 (en) 2007-09-24 2015-01-27 Apple Inc. Embedded authentication systems in an electronic device
US9274647B2 (en) 2007-09-24 2016-03-01 Apple Inc. Embedded authentication systems in an electronic device
US9038167B2 (en) 2007-09-24 2015-05-19 Apple Inc. Embedded authentication systems in an electronic device
US8024775B2 (en) 2008-02-20 2011-09-20 Microsoft Corporation Sketch-based password authentication
EP2260429A4 (en) * 2008-02-20 2011-07-06 Microsoft Corp Sketch-based password authentication
EP2260429A2 (en) * 2008-02-20 2010-12-15 Microsoft Corporation Sketch-based password authentication
US9971502B2 (en) 2008-03-04 2018-05-15 Apple Inc. Touch event model
US9798459B2 (en) 2008-03-04 2017-10-24 Apple Inc. Touch event model for web pages
US10521109B2 (en) 2008-03-04 2019-12-31 Apple Inc. Touch event model
US9690481B2 (en) 2008-03-04 2017-06-27 Apple Inc. Touch event model
US9720594B2 (en) 2008-03-04 2017-08-01 Apple Inc. Touch event model
US10936190B2 (en) 2008-03-04 2021-03-02 Apple Inc. Devices, methods, and user interfaces for processing touch events
US11740725B2 (en) 2008-03-04 2023-08-29 Apple Inc. Devices, methods, and user interfaces for processing touch events
US9389712B2 (en) 2008-03-04 2016-07-12 Apple Inc. Touch event model
US9323335B2 (en) 2008-03-04 2016-04-26 Apple Inc. Touch event model programming interface
EP2104052A1 (en) * 2008-03-19 2009-09-23 British Telecommunications Public Limited Company Authentication system and method
US8174503B2 (en) 2008-05-17 2012-05-08 David H. Cain Touch-based authentication of a mobile device through user generated pattern creation
GB2474142B (en) * 2008-05-19 2012-09-05 Hewlett Packard Development Co Handling passwords for pre-boot log in that cannot be typed with the attached keyboard
GB2488944A (en) * 2008-05-19 2012-09-12 Hewlett Packard Development Co Using a soft keyboard when a pre-boot password is entered incorrectly
GB2474142A (en) * 2008-05-19 2011-04-06 Hewlett Packard Development Co Systems and methods for supporting pre-boot log in
GB2488944B (en) * 2008-05-19 2013-02-20 Hewlett Packard Development Co Systems and methods for supporting pre-boot log in
WO2009142618A1 (en) * 2008-05-19 2009-11-26 Hewlett-Packard Development Company, L.P. Systems and methods for supporting pre-boot log in
WO2009145540A3 (en) * 2008-05-29 2010-10-14 Neople, Inc. Apparatus and method for inputting password using game
CN102216935B (en) * 2008-05-29 2014-07-16 新人类有限公司 Apparatus and method for inputting password using game
US9965177B2 (en) 2009-03-16 2018-05-08 Apple Inc. Event recognition
US9285908B2 (en) 2009-03-16 2016-03-15 Apple Inc. Event recognition
US11163440B2 (en) 2009-03-16 2021-11-02 Apple Inc. Event recognition
US10719225B2 (en) 2009-03-16 2020-07-21 Apple Inc. Event recognition
US11755196B2 (en) 2009-03-16 2023-09-12 Apple Inc. Event recognition
US9483121B2 (en) 2009-03-16 2016-11-01 Apple Inc. Event recognition
US9311112B2 (en) 2009-03-16 2016-04-12 Apple Inc. Event recognition
US9946891B2 (en) 2009-06-17 2018-04-17 Microsoft Technology Licensing, Llc Image-based unlock functionality on a computing device
US8458485B2 (en) 2009-06-17 2013-06-04 Microsoft Corporation Image-based unlock functionality on a computing device
US9684521B2 (en) 2010-01-26 2017-06-20 Apple Inc. Systems having discrete and continuous gesture recognizers
US10732997B2 (en) 2010-01-26 2020-08-04 Apple Inc. Gesture recognizers with delegates for controlling and modifying gesture recognition
US10216408B2 (en) 2010-06-14 2019-02-26 Apple Inc. Devices and methods for identifying user interface objects based on view hierarchy
EP2441209A4 (en) * 2010-07-01 2012-05-09 Tata Consultancy Services Ltd System for two way authentication
EP2441209A1 (en) * 2010-07-01 2012-04-18 Tata Consultancy Services Ltd. System for two way authentication
US9740832B2 (en) 2010-07-23 2017-08-22 Apple Inc. Method, apparatus and system for access mode control of a device
US8528072B2 (en) 2010-07-23 2013-09-03 Apple Inc. Method, apparatus and system for access mode control of a device
US9128614B2 (en) 2010-11-05 2015-09-08 Apple Inc. Device, method, and graphical user interface for manipulating soft keyboards
US9146673B2 (en) 2010-11-05 2015-09-29 Apple Inc. Device, method, and graphical user interface for manipulating soft keyboards
US9519824B2 (en) 2010-12-23 2016-12-13 Morpho Method for enabling authentication or identification, and related verification system
FR2969797A1 (en) * 2010-12-23 2012-06-29 Morpho METHOD FOR PERMITTING AUTHENTICATION OR IDENTIFICATION AND ASSOCIATED VERIFICATION SYSTEM
WO2012085378A1 (en) * 2010-12-23 2012-06-28 Morpho Method for enabling authentication or identification, and related verification system
US9298363B2 (en) 2011-04-11 2016-03-29 Apple Inc. Region activation for touch sensitive surface
US8650636B2 (en) 2011-05-24 2014-02-11 Microsoft Corporation Picture gesture authentication
US8910253B2 (en) 2011-05-24 2014-12-09 Microsoft Corporation Picture gesture authentication
US11165963B2 (en) 2011-06-05 2021-11-02 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US9614671B2 (en) 2011-12-02 2017-04-04 Barclays Bank Plc User access control based on a graphical signature
US9213822B2 (en) 2012-01-20 2015-12-15 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US9372978B2 (en) 2012-01-20 2016-06-21 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US10867059B2 (en) 2012-01-20 2020-12-15 Apple Inc. Device, method, and graphical user interface for accessing an application in a locked device
US11429190B2 (en) 2013-06-09 2022-08-30 Apple Inc. Proxy gesture recognizer
US9733716B2 (en) 2013-06-09 2017-08-15 Apple Inc. Proxy gesture recognizer
US9361447B1 (en) 2014-09-04 2016-06-07 Emc Corporation Authentication based on user-selected image overlay effects
EP3232373A1 (en) * 2016-03-01 2017-10-18 Politechnika Gdanska Method and system for verification of user identity in information technology systems, in particular in banking systems
US11893463B2 (en) 2019-03-07 2024-02-06 Throughputer, Inc. Online trained object property estimator
EP3980910A4 (en) * 2019-06-05 2023-07-26 Throughputer, Inc. Graphic pattern-based passcode generation and authentication

Also Published As

Publication number Publication date
WO2001077792A3 (en) 2003-01-30
AU2001251202A1 (en) 2001-10-23

Similar Documents

Publication Publication Date Title
WO2001077792A2 (en) System and method for authenticating a user
CN102804196B (en) There is the computing equipment of pattern authentication interface
US20060174339A1 (en) An arrangement and method of graphical password authentication
Sreelatha et al. Authentication schemes for session passwords using color and images
Khan et al. A graphical password based system for small mobile devices
RU2376626C2 (en) Method of preventing disclosure entered information to observer
US20050246138A1 (en) Method and system for procssing password inputted by the matching of cells
US11128613B2 (en) Authentication based on visual memory
Tao Pass-Go, a new graphical password scheme
Yang PassPositions: A secure and user-friendly graphical password scheme
Haque et al. A new graphical password: combination of recall & recognition based approach
Yang Development status and prospects of graphical password authentication system in Korea
Shankar et al. IPCT: A scheme for mobile authentication
Umar et al. Graphical user authentication: A time interval based approach
Gao et al. Usability and security of the recall-based graphical password schemes
Sreelatha et al. Intrusion prevention by image based authentication techniques
US20130340091A1 (en) Method of creating ui layouts with desired level of entropy
Yang T-TIME: a password scheme based on touch signal generation time difference
KR20110101030A (en) Security method of information by the touch screen
Alam SUIS: An online graphical signature-based user identification system
Thorawade et al. Authentication scheme resistant to shoulder surfing attack using image retrieval
Huzaif et al. Securing Social Media using Pair based Authentication
Dabeer et al. A Novel Hybrid User Authentication Scheme Using Cognitive Ambiguous Illusion Images
CA2495450A1 (en) A matrix based arrangement and method of graphical password authentication
Vikas Authentication Scheme for Passwords using Color and Text

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP