WO2001077792A2 - System and method for authenticating a user - Google Patents
System and method for authenticating a user Download PDFInfo
- Publication number
- WO2001077792A2 WO2001077792A2 PCT/US2001/010498 US0110498W WO0177792A2 WO 2001077792 A2 WO2001077792 A2 WO 2001077792A2 US 0110498 W US0110498 W US 0110498W WO 0177792 A2 WO0177792 A2 WO 0177792A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- pattern
- secret
- user
- input
- input pattern
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V30/00—Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
- G06V30/10—Character recognition
- G06V30/14—Image acquisition
- G06V30/142—Image acquisition using hand-held instruments; Constructional details of the instruments
- G06V30/1423—Image acquisition using hand-held instruments; Constructional details of the instruments the instrument generating sequences of position coordinates corresponding to handwriting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/30—Writer recognition; Reading and verifying signatures
Definitions
- the invention relates generally to the field of security and authentication and, more particularly, to a system and method for using a graphic display to authenticate a user of a computer or other device.
- Passwords have long been used to authenticate a user before providing access to a computer system or to some other device. They are easy to use and conceptually simple. They are probably the oldest and most common data security tool used in computing environments. Because they are generally alphanumeric in form and often closely related to words in natural language, passwords are relatively easy for users to remember. Typically, users can rapidly enter them through standard hardware peripherals such as keyboards. Nonetheless, in terms of their security properties, passwords have shortcomings. Typically, users derive their passwords from a limited portion of the lexicons in their native languages, making them easy to guess, particularly in automated computer attacks.
- the difficulty users have in remembering enough password information to allow secure authentication is at odds with their ability to retain large amounts of other types of information in other contexts.
- a few examples of the other types of nonpassword data an individual may routinely remember are historical and personal events, the configuration of rooms in buildings, and the layout of city streets, not to mention the vocabulary and idioms of her native language. Some of that information may remain fixed in her memory over extended periods of time, even without frequent reinforcement.
- a number of researchers have investigated the use of such everyday information in connection with mnemonic systems as a replacement for passwords.
- One authentication approach exploits the ability of users to recognize faces. To authenticate herself in this system, a user is asked to identify a set of familiar faces from among a gallery of photographs.
- Users can, for instance, choose to use an interface displaying a room containing a collection of valuables, and encode a password as a sequence of moves involving the hiding of these valuables in various locations around the room.
- This method of password entry appeals to a natural mnemonic device because it resembles the medieval system of the "memory palace," whereby researchers sought to archive data mentally in an imagined architectural space.
- This approach is vulnerable to the problem of predictability that occurs with conventional password systems.
- Some passwords are more popular than others, since they are easier to remember. In one example, one-third of user-selected passwords could be found in the English dictionary.
- users are more likely to pick some sequences than others.
- a mnemonic system allows users to trade stocks; typically, the users will choose from among the most popular stocks, as these are the easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a substantial advantage by choosing Dow Jones stocks.
- a mnemonic system will provide an adequate level of cryptographic security.
- mnemonic systems are not designed to facilitate user memorization of random sequences, and may not even enforce a minimum sequence length in user password entry.
- a mnemonic system may also be cumbersome in terms of the user interaction involved in entering a password, in some cases demanding an involved sequence of non-uniform mouse movements to enter the password into a computer system.
- One objective of a system constructed according to the invention is to provide graphic or visual passwords that users can remember easily and for a long duration. Another objective is to provide a password that a user can enter with a minimum of physical effort, such as by minimal mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic display. An additional objective is that the entry of the password should require minimal mental effort.
- Another objective of the invention is to provide flexible password entry. Unlike computer memory, human memory is prone to inaccuracy. One objective is to accommodate likely user errors.
- Another objective of the invention is to provide a system adaptable to computing environments with limited memory, power, and graphical display capabilities.
- a system constructed according to the invention should be useable with a range of hardware peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses.
- the invention relates to a method for authenticating a user.
- the method includes determining a secret pattern, entering an input pattern from a user on a graphical interface, determining an approximation parameter that can be used to compare the secret pattern to the input pattern, comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter, and authenticating the user based on the comparison.
- the method includes displaying a portion of the secret pattern on the graphical interface to the user. In another embodiment, the method includes determining the portion to display based on a display parameter. In one embodiment, the method includes determining the secret pattern based on a grid. In another embodiment, the method includes selecting one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the method includes comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern. In one embodiment, the method includes entering the input pattern on a displayed grid on the graphical interface. In another embodiment, the method includes entering a squiggle. In a further embodiment, the squiggle includes a random shape. In another embodiment, the method includes entering a symbol. In another embodiment, the method includes entering a sketch. In another embodiment, the method includes selecting one or more points on each of a plurality of images displayed on the graphical interface.
- the method includes allowing access to a resource in response to the step of authenticating the user.
- the method includes generating a calculated value of the secret pattern, generating a calculated value of the input pattern, and comparing the calculated value of the secret pattern and the calculated value of the input pattern. In another embodiment, the method includes generating a hash of the secret pattern and generating a hash of the input pattern.
- the method includes determining one or more secret points located in a display area and determining one or more approximation regions associated with one or more secret points. In another embodiment, the method includes providing one or more memory cues to the user. In a further embodiment, the method includes providing one or more visual and/or auditory memory cues.
- the invention in another aspect, relates to an authenticator for authenticating a user of a resource.
- the authenticator includes a graphical interface, a secret pattern, an input pattern, an approximation pattern, and a verifier.
- the graphical interface is capable of receiving graphical input from a user. The user enters the input pattern on the graphical interface.
- the approximation pattern can be used in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter.
- the verifier is in communication with the graphical interface and authenticates the user by comparing the secret pattern and the input pattern using the approximation parameter.
- the graphical interface displays a portion of the secret pattern to the user.
- the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
- the secret pattern is based on a grid.
- the approximation parameter includes one or more blocks of cells in the grid based on the secret pattern.
- the input pattern includes an input sequence and the secret pattern includes a secret sequence, and the verifier compares the input sequence and the secret sequence.
- the graphical interface includes a displayed grid, and the user enters the input pattern on the displayed grid.
- the input pattern includes a squiggle.
- the squiggle includes a random shape.
- the input pattern includes a symbol.
- the input pattern includes a sketch.
- the user selects one or more points on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
- the verifier allows access to a resource in response to authenticating the user.
- the verifier generates a calculated value of the secret pattern, generates a calculated value of the input pattern, and compares the calculated value of the secret pattern and the calculated value of the input pattern.
- the verifier generates a hash of the secret pattern and a hash of the input pattern.
- the graphical interface determines one or more secret points located in a display area and one or more approximation regions associated with one or more secret points.
- the graphical interface provides one or more memory cues to the user. In a further embodiment, the graphical interface provides one or more visual and/or memory cues.
- FIG. 1 illustrates a functional block diagram of an authenticator system based on graphical input according to one embodiment of the invention.
- FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention.
- FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted squares or cells according to one embodiment of the invention.
- FIG. 4 provides a pictorial view of a grid and a secret pattern illustrated by connected line segments for one embodiment of the invention.
- FIG. 5 provides a pictorial view of an input pattern that closely approximates the secret pattern illustrated in FIG. 4.
- FIG. 6 provides a pictorial view of a partial display of the secret pattern illustrated in FIG. 4.
- FIG. 7 provides a pictorial view of an approximation block of cells and an input pattern that is approximately similar to the secret pattern illustrated in FIG. 4.
- FIG 8 provides a pictorial view of a display area, secret points located in the display area, approximation regions based on the secret points, and input points provided by a user, according to one embodiment of the invention.
- FIG. 1 illustrates a functional block diagram of an authenticator system 110 including an input pattern 112, graphical interface 114, verifier 116, secret pattern 118, and approximation parameter 120.
- FIG. 1 also illustrates a user 124, who provides the input pattern 112 to the graphical interface 114, and a resource 126, which the verifier 116 allows the user 124 to access after verifying the input pattern 112 using the secret pattern 118 and the approximation parameter
- the graphical interface 114 is a hardware device that provides a graphical display that can be viewed by the user 124 and which receives the input pattern 112 from the user 124.
- the graphical interface 114 is a CRT (cathode ray tube) with a touch screen capability.
- the graphical interface 114 is a flat screen device, such as a LCD (liquid crystal display) or an active-matrix display device with input capability.
- the graphical interface 114 is a separate device that is electronically, optically, or otherwise in communication with the verifier 116.
- the graphical interface 114 is integrated into another device, such as a computer system, laptop computer, palmtop computer, other portable computer, or portable cellular telephone.
- the other device also includes the verifier 116 and/or resource 126.
- the verifier 116 is a software application executing on a general purpose computer system. In alternate embodiments, the verifier 116 is implemented as a software module, program, or one or more objects, such as objects implemented in the C programming language. In another embodiment, the verifier 116 is a hardware device or integrated chip, such as an ASIC (application-specific integrated circuit).
- ASIC application-specific integrated circuit
- the resource 126 is a computer system, a database, or other resource that the user 124 desires to employ. In another embodiment, the resource 126 provides computational resources or data that the user 124 would like to access. In another embodiment, the resource 126 is a physical location or entity that the user 124 desires to access or use, such as a room, a locked automobile, or the locked ignition mechanism for an automobile.
- the graphical interface 114, verifier 116, and resource 126 are all part of the same computer system, laptop computer, palmtop computer, or other portable computer. In another embodiment, the graphical interface 114, verifier 116, and resource 126 are separate computers or devices connected in a network, which may be a local network, or a global network, such as the Internet.
- the authenticator system 110 uses tolerance parameters.
- two tolerance parameters are shown, an approximation parameter 120 and a display parameter 122.
- a tolerance parameter provides a tolerance or limit for how much information the user 124 is given or how accurate the user's 124 input must be.
- the approximation parameter 120 indicates how close the input pattern 112 must be to the secret pattern 118 for the verifier 116 to consider the input pattern 112 to be approximately similar to the secret pattern 118.
- the display parameter 122 indicates how much of the secret pattern 118 is displayed to the user 124. The user provides an input pattern 112 that matches the undisplayed portion of the secret pattern 118.
- the verifier 116 determines a secret pattern 118 (step 200). In one embodiment, the verifier 116 determines a random pattern for the secret pattern 118. In another embodiment, the verifier 116 determines or calculates a pseudo-random pattern, or a secret pattern 118 based on a mathematical function. In other embodiments, the secret pattern 118 is provided to the verifier 116 from an external source, such as a database or a trusted authority, such as a server computer connected over a network to the verifier 116. The user receives or has access to the same secret pattern 118 or trusted authority.
- the user 124 enters an input pattern 112 on the graphical interface 114 (step 202) in an attempt to match the secret pattern 118.
- the user 124 is prompted with a portion of the secret pattern 118, which is displayed on the graphical interface 114 based on the display parameter 122.
- the display parameter 122 is a predetermined value obtained from a trusted authority, such as a server computer connected over a network to the graphical interface 114.
- the graphical interface 114 or verifier 116 determines a random value for the display parameter 122 or uses a mathematical function to determine the display parameter 122.
- the verifier 116 determines an approximation parameter 120 (step 204).
- the verifier 116 uses the approximation parameter 120 to determine if the secret pattern 118 and input pattern 112 are approximately similar by comparing the secret pattern 118 and input pattern 112 (step 206).
- the approximation parameter 120 is a predetermined value obtained from a trusted authority.
- the verifier 116 determines the approximation parameter 120 using a mathematical function.
- the approximation parameter 120 is determined before or concurrently with determining the display parameter 122.
- the approximation pattern determines an approximation region 144 (see FIG. 8) that is circular, square, or some other shape.
- the verifier 116 compares the secret pattern 118 and input pattern 112 directly to verify that the two patterns are approximately similar. In another embodiment, the verifier 116 compares a calculated value for the secret pattern 118 with a calculated value for the input pattern 112. In one embodiment, the verifier 116 compares a hash of the secret pattern 118 with a hash of the input pattern 112. In another embodiment the verifier 116 generates a hash of the secret pattern 118 and stores this secret hash in a storage media, such as a hard disk, associated with the verifier 116 or authenticator system 110. In another embodiment, this verifier 116 stores the secret hash in a memory element, such as a ROM or RAM, associated with the verifier 116 or authenticator system 110.
- a storage media such as a hard disk
- the verifier 116 obtains the secret pattern 118 or secret hash over a network or secure channel. In a further embodiment, the verifier 116 compares a fuzzy or approximate value for the secret pattern 118 with a fuzzy or approximate value for the input pattern 112.
- the verifier 116 finds that the secret pattern 118 and the input pattern 112 are approximately similar, then the verifier 116 authenticates the user 124 (step 208) and allows the user 124 to access the resource 126.
- FIG. 3 is a pictorial illustration of a grid 132 and a secret pattern 118 indicated by six highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132.
- the graphical interface 114 displays to the user 124 the grid 132, wherein each square or cell in the grid 132 has a different color or shade.
- the grid 132 also displays a recognizable image, such as a photograph.
- the grid 132 is not square but is a rectangle or other geometric form or shape.
- the grid 132 is a square matrix where each side of the grid 112 has k cells, and the matrix is referred to as a k by k grid 132.
- the secret pattern 118 is a random squiggle that the user 124 must draw to within a certain tolerance, as described below.
- the secret pattern 118 is a letter, number, or other symbol.
- the grid 132 is a 10 by 8 matrix of 80 cells indicated by cell numbers 1 through 80.
- the use of a 10 by 8 matrix is exemplary only and is not a requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric shapes may be used.
- the user 124 provides an input pattern 112 by selecting the same points on the grid 132 in the same numerical sequence as the secret pattern 118, as indicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3.
- the secret pattern 118 includes a secret sequence indicating the order for entering the cells of the input pattern 112.
- the required or secret sequence for the secret pattern 118 may be 26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence of the input pattern 112 on the graphical interface 114 before the verifier 116 determines that there is a match between the secret pattern 118 and the input pattern 112.
- FIG. 4 is a pictorial illustration of a grid 132 and a secret pattern 118a.
- the secret pattern 118a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60.
- the secret pattern 118a shown in FIG. 4 is exemplary only.
- the secret pattern 118a is shown as a path extending generally from left to right, but this is not a requirement of the invention. Generally, the invention does not require a secret pattern 118 that tends in any one direction or forms any particular type of pattern.
- the secret pattern 118 may be a random pattern, a pseudo-random pattern, or a pattern determined by a mathematical function.
- the secret pattern 118a is indicated by connecting lines. In other embodiments, the secret pattern 118a is indicated by curved lines, by a list of cell numbers, or other mechanism that indicates a unique secret pattern 118 in the grid 132.
- FIG. 5 illustrates the grid 132 and the secret pattern 118a of FIG. 4 along with an input pattern 112a that a user 124 has entered that closely approximates the secret pattern 118a.
- the input pattern 112a touches the same cells in the grid 132 as the secret pattern 118a.
- the verifier 116 determines that the input pattern 112a is approximately similar to the secret pattern 118a by determining that the two patterns 112a, 118a touch the same cells.
- the graphical interface 114 uses a display parameter 122 to the user 124 the first h squares in the sequence, x ls x 2 , ..., x n in a secret pattern 118.
- the value h is the display parameter 122 indicating that the graphical interface 114 displays only h squares of the secret pattern 118 to the user 124.
- FIG. 6 illustrates a displayed portion 134 of the secret pattern 118a of FIG. 4, for one embodiment of the invention.
- the display parameter 122 has a value of 3, and the graphical interface 114 displays only the first three cells 31, 22, 33 of the secret pattern 118a. The user 124 must then enter an input pattern 112 that corresponds to the undisplayed portion of the secret pattern 118a.
- the display parameter 122 may have values other than 3, and the displayed portion 134 may be based on cells other than the first cells of the secret pattern 118, such as cells in the middle of the pattern 118, cells at the end of the pattern 118 or a selected number of cells determined by other methods.
- the graphical interface 114 displays to the user 124 cells from two or more separate portions of the secret pattern 118.
- the user 124 using the approximation parameter 120, the user 124 must select a square within an rxr block centered around x n+l5 then x n +2, etc., through x n to authenticate herself.
- the value r is the approximation parameter 120.
- the approximation parameter 120 has a value of 3 and one cell of the input pattern 112b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a cell of the secret pattern 118a.
- the approximation block 136 illustrated in FIG. 7 is exemplary only, and an approximation block 136 may be centered or located at different cells on a secret pattern 118.
- a 3 by 3 approximation block 136 centered on a central cell 22 of the secret pattern 118a includes cells 11, 12, 13, 21, 22, 23, 31, 32, and 33.
- the approximation block 136 is adjusted for special conditions such as cells at the edges and corners of the grid 132.
- the approximation block 136 may be enlarged or otherwise changed if the central cell of the block 136 is at the edge or corner of the grid 132. If a central cell, such as 31, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted appropriately.
- the 3 by 3 block centered on cell 31 is set to a 2 by 3 block of the cells 21, 22, 31, 32, 41, and 42.
- the approximation block 136 is adjusted in other ways, such as giving the approximation block 136 different sizes at different points in the secret pattern 112b.
- the invention does not require the approximation block 136 to outline a square or rectangular shape, and, in other embodiments, the approximation block 136 outlines other geometric shapes.
- FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, referred to generally as 144, and input points 146a, 146b, 146c, 146d, 146e, referred to generally as 146, for one embodiment of the invention.
- the display area 140 is a visual area of the graphical interface 114 that the graphical interface 114 displays to a user 124. In other embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other geometric form or shape.
- the secret points 142a through 142e are part of a secret pattern 118 that is not displayed to the user 124 in one embodiment of the invention.
- the invention does not require that there be any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and in other embodiments, other numbers of secret points 142 may be used in the secret pattern 118.
- the graphical interface 114 displays one or more points 142 of the secret pattern 118 on the display area 140 to the user 124 based on a display parameter 122.
- the display parameter 122 indicates a value for the number of secret points 142 to be displayed.
- the graphical interface 114 displays two points, such as 142a and 142d, to the user 124.
- the invention does not require that the displayed secret points 142 be adjacent to each other or in any serial order. For a given display parameter 122 value, different secret points 142 may be selected to be displayed at different times.
- the graphical interface 114 displays an image or photograph that overlays the display area 140. If the graphical interface 114 displays an image or photograph, then in one embodiment the input points 146 are not displayed to the user 124. In another embodiment, the graphical interface 114 highlights or changes portions of the image corresponding to the locations of the input points 146. If a display parameter 122 is used, then the graphical interface 114 highlights portions of the image in the display area 140 that correspond to the one or more secret points 142 selected to be displayed based on the display parameter 122.
- the input points 146 represent an input pattern 112 that the user 124 enters on the graphical interface 114.
- the approximation regions 144 are regions within which the user 124 must make her selections of input points 146 for the verifier 116 to verify that the user 124 has entered a valid input pattern 112. Typically the approximation regions 144 are not displayed to the user 124.
- the input points 146 are represented by crosshairs or crossed lines, for one embodiment of the invention. In other embodiments, the input points 146 are represented by other geometric shapes, points, or symbols.
- the user 124 must enter the input points 146 in a predetermined sequence, such as providing input points 142 to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another embodiment, the user 124 enters the input points 146 in any sequence.
- the approximations regions 144 are shapes other than the circles shown in FIG. 8. In other embodiments, the approximation regions 144 are of different sizes for different secret points 142.
- each input point 146 must be touching or within the approximation region 144.
- one or more input points 146 are allowed to be outside the approximation regions 144 based on the approximation parameter 120, and the verifier 116 still determines that the input pattern and secret pattern 118 are approximately similar if most of the input points 146 are within the approximation regions 144.
- the approximation parameter 120 determines the size of the approximation regions 144.
- the graphical interface 114 alters the shape of the approximation region 144 for one or more secret points 142.
- the graphical interface 114 may alter the approximation region 144 in other ways. In one embodiment, the graphical interface 114 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is partially truncated by the edge of the display area 140. In another embodiment, the graphical interface 114 determines only one approximation region, such as an ellipse or other shape, for two or more secret points 142 located close to each other.
- the secret points 142 are any points that can be determined in the display area 140.
- the graphical interface 114 displays the display area 140 using pixels, and each secret point 142 is a pixel.
- the approximation region 144 is based on a predetermined pixel-distance tolerance.
- the graphical interface 114 displays memory cues to the user 124 to encourage the user 124 to remember the secret pattern 118 so that the user 124 enters a valid input pattern 112 that the verifier 116 determines to be approximately similar to the secret pattern 118.
- the use of memory cues applies to displays based on grids 132 or display areas 140.
- the memory cues are either static or interactive.
- memory cues are either visual, auditory, or based on some other sensory medium accessible to the human senses.
- the graphical interface 114 provides a visual memory cue by changing the cursor shape or color depending on where on the graphical interface 114 the user 124 locates the cursor or stylus.
- the graphical interface 114 or the authenticator system 110 provides an auditory memory cue by playing a different piece of music for each image that the graphical interface 114 displays overlaying the grid 132 or the display area 140.
- the graphical interface 114 provides a visual memory cue by changing the color or brightness of the image, or of part of the image, displayed to the user 124 depending on where the user 124 locates the cursor or stylus on the graphical interface 114.
- the graphical interface 114 displays successive images to the user 124, wherein each image is determined dynamically based on the behavior and selections made by the user 124 when using a stylus or other input device to provide input to the graphical interface 114.
- the graphical interface 114 zooms in on the image or magnifies a portion of the image, which is then in turn displayed to the user 124.
- the graphical interface 114 zooms in on the image again. The graphical interface 114 repeats this process until the user 124 has completed entering an input pattern 112.
- the graphical interface 114 displays a number of portals, such as doors, and the user 124 selects one of the portals. The graphical interface 114 then displays different images depending on which portal the user 124 selects.
- the user 124 simulates entry through a door into another visual space, such as moving through one or more doors into one or more rooms in a building.
- each door or portal represents a secret point 142 in the secret pattern 118.
- each door or portal does not itself represent a secret point 142 in the secret pattern 118, but provides access to an image that includes one or more secret points 142.
- the graphical interface 114 displays other visual metaphors and schemas that a user 124 follows when moving through a visual space, such as moving along a road or a path, or traveling in a vehicle, automobile, space craft, or water borne ship.
- the graphical interface 114 displays other visual spaces or metaphors, as is known in the arts of computer graphics, computer and electronic games, and virtual reality.
Abstract
The system and method provides for the authentication of a user based on graphical input provided by the user. The user enters graphical input, such as a squiggle, into a graphical interface. A verifier compares the input pattern to a secret input pattern to determine if the two patterns are approximately similar in order to authenticate the user. Typically, the verifier uses an approximation parameter to determine if the input and secret patterns are similar. Once the verifier authenticates the user, the user is allowed access to a resource, such as a computer system, portable computer, software application running on a computer system or other hardware device.
Description
SYSTEM AND METHOD FOR AUTHENTICATING A USER
Field of the Invention
The invention relates generally to the field of security and authentication and, more particularly, to a system and method for using a graphic display to authenticate a user of a computer or other device.
Background of the Invention
Passwords have long been used to authenticate a user before providing access to a computer system or to some other device. They are easy to use and conceptually simple. They are probably the oldest and most common data security tool used in computing environments. Because they are generally alphanumeric in form and often closely related to words in natural language, passwords are relatively easy for users to remember. Typically, users can rapidly enter them through standard hardware peripherals such as keyboards. Nonetheless, in terms of their security properties, passwords have shortcomings. Typically, users derive their passwords from a limited portion of the lexicons in their native languages, making them easy to guess, particularly in automated computer attacks.
The vulnerability of passwords in computer systems is becoming increasingly problematic as computing and networking technologies aim to manage increasingly sensitive information. Consumers are beginning to use smart cards and other portable devices to carry digital cash. At the same time, corporations are making sensitive information more available on their networks and are employing digital signatures in committing to legally binding contracts. Hardware devices like smart cards and authentication tokens provide cryptographic authentication for such applications; but typically the cryptographic features of these devices are secured using passwords.
It is possible to broaden the distribution of passwords that are used in a system, and thereby strengthen the system by assigning randomly generated alphanumeric passwords to users. Even users with the most retentive memories, however, have difficulty remembering more than approximately seven alphanumeric characters. The total number of such seven character passwords is about 235«10n, which is too small to provide resistance against an automated computer attack on the password. Strong resistance to automated password attacks requires a
password space on the order of about 2 «10 . This space corresponds to random, alphanumeric passwords of sixteen characters in length, which is too long for practical use by most users.
The difficulty users have in remembering enough password information to allow secure authentication is at odds with their ability to retain large amounts of other types of information in other contexts. A few examples of the other types of nonpassword data an individual may routinely remember are historical and personal events, the configuration of rooms in buildings, and the layout of city streets, not to mention the vocabulary and idioms of her native language. Some of that information may remain fixed in her memory over extended periods of time, even without frequent reinforcement. A number of researchers have investigated the use of such everyday information in connection with mnemonic systems as a replacement for passwords. One authentication approach exploits the ability of users to recognize faces. To authenticate herself in this system, a user is asked to identify a set of familiar faces from among a gallery of photographs. While conveniently universal, this system has large memory requirements for the storage of the photographs, and has relatively slow data entry time. Another proposed approach is based on the use of routes on a complex subway system, such as the Tokyo subway system, in connection with secrets, suggesting that users could retain relatively large amounts of information in this context. This approach has the advantage of mnemonic naturalness, but has a strong disadvantage in its idiosyncrasy because not all users live in cities with subway systems or use a subway frequently. A commercial system produced by Passlogix, Inc. of New York, New York effectively extends the mnemonic approach by allowing users to select from a range of mnemonic systems. Users can, for instance, choose to use an interface displaying a room containing a collection of valuables, and encode a password as a sequence of moves involving the hiding of these valuables in various locations around the room. This method of password entry appeals to a natural mnemonic device because it resembles the medieval system of the "memory palace," whereby scholars sought to archive data mentally in an imagined architectural space. By allowing the user to select a password herself, however, this approach is vulnerable to the problem of predictability that occurs with conventional password systems. Some passwords are more popular than others, since they are easier to remember. In one example, one-third of user-selected passwords could be found in the English dictionary. Similarly, in a mnemonic system, users are more likely to pick some sequences than others. In one example, a mnemonic system allows users to trade stocks; typically, the users will choose from among the most popular stocks, as these are the
easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a substantial advantage by choosing Dow Jones stocks. In principle, if user passwords are formed as sufficiently long random sequences of moves, a mnemonic system will provide an adequate level of cryptographic security. Typically, mnemonic systems are not designed to facilitate user memorization of random sequences, and may not even enforce a minimum sequence length in user password entry. A mnemonic system may also be cumbersome in terms of the user interaction involved in entering a password, in some cases demanding an involved sequence of non-uniform mouse movements to enter the password into a computer system. Summary of the Invention One objective of a system constructed according to the invention is to provide graphic or visual passwords that users can remember easily and for a long duration. Another objective is to provide a password that a user can enter with a minimum of physical effort, such as by minimal mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic display. An additional objective is that the entry of the password should require minimal mental effort.
Another objective of the invention is to provide flexible password entry. Unlike computer memory, human memory is prone to inaccuracy. One objective is to accommodate likely user errors.
Another objective of the invention is to provide a system adaptable to computing environments with limited memory, power, and graphical display capabilities. In addition, a system constructed according to the invention should be useable with a range of hardware peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses.
In one aspect, the invention relates to a method for authenticating a user. The method includes determining a secret pattern, entering an input pattern from a user on a graphical interface, determining an approximation parameter that can be used to compare the secret pattern to the input pattern, comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter, and authenticating the user based on the comparison.
In one embodiment, the method includes displaying a portion of the secret pattern on the graphical interface to the user. In another embodiment, the method includes determining the portion to display based on a display parameter.
In one embodiment, the method includes determining the secret pattern based on a grid. In another embodiment, the method includes selecting one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the method includes comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern. In one embodiment, the method includes entering the input pattern on a displayed grid on the graphical interface. In another embodiment, the method includes entering a squiggle. In a further embodiment, the squiggle includes a random shape. In another embodiment, the method includes entering a symbol. In another embodiment, the method includes entering a sketch. In another embodiment, the method includes selecting one or more points on each of a plurality of images displayed on the graphical interface.
In another embodiment, the method includes allowing access to a resource in response to the step of authenticating the user.
In one embodiment, the method includes generating a calculated value of the secret pattern, generating a calculated value of the input pattern, and comparing the calculated value of the secret pattern and the calculated value of the input pattern. In another embodiment, the method includes generating a hash of the secret pattern and generating a hash of the input pattern.
In another embodiment, the method includes determining one or more secret points located in a display area and determining one or more approximation regions associated with one or more secret points. In another embodiment, the method includes providing one or more memory cues to the user. In a further embodiment, the method includes providing one or more visual and/or auditory memory cues.
In another aspect, the invention relates to an authenticator for authenticating a user of a resource. The authenticator includes a graphical interface, a secret pattern, an input pattern, an approximation pattern, and a verifier. The graphical interface is capable of receiving graphical input from a user. The user enters the input pattern on the graphical interface. The approximation pattern can be used in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter. The verifier is in communication with the graphical interface and authenticates the user by comparing the secret pattern and the input pattern using the approximation parameter.
In one embodiment, the graphical interface displays a portion of the secret pattern to the user. In another embodiment, the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
In one embodiment, the secret pattern is based on a grid. In another embodiment, the approximation parameter includes one or more blocks of cells in the grid based on the secret pattern. In another embodiment, the input pattern includes an input sequence and the secret pattern includes a secret sequence, and the verifier compares the input sequence and the secret sequence.
In one embodiment, the graphical interface includes a displayed grid, and the user enters the input pattern on the displayed grid. In another embodiment, the input pattern includes a squiggle. In another embodiment, the squiggle includes a random shape. In another embodiment, the input pattern includes a symbol. In another embodiment, the input pattern includes a sketch.
In another embodiment, the user selects one or more points on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
In another embodiment, the verifier allows access to a resource in response to authenticating the user.
In one embodiment, the verifier generates a calculated value of the secret pattern, generates a calculated value of the input pattern, and compares the calculated value of the secret pattern and the calculated value of the input pattern.
In another embodiment, the verifier generates a hash of the secret pattern and a hash of the input pattern.
In another embodiment, the graphical interface determines one or more secret points located in a display area and one or more approximation regions associated with one or more secret points.
In one embodiment, the graphical interface provides one or more memory cues to the user. In a further embodiment, the graphical interface provides one or more visual and/or memory cues. Brief Descriptions of the Drawings
The invention is pointed out with particularity in the appended claims. The above and further advantages of this invention may be better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates a functional block diagram of an authenticator system based on graphical input according to one embodiment of the invention.
FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention.
FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted squares or cells according to one embodiment of the invention. FIG. 4 provides a pictorial view of a grid and a secret pattern illustrated by connected line segments for one embodiment of the invention.
FIG. 5 provides a pictorial view of an input pattern that closely approximates the secret pattern illustrated in FIG. 4.
FIG. 6 provides a pictorial view of a partial display of the secret pattern illustrated in FIG. 4.
FIG. 7 provides a pictorial view of an approximation block of cells and an input pattern that is approximately similar to the secret pattern illustrated in FIG. 4.
FIG 8 provides a pictorial view of a display area, secret points located in the display area, approximation regions based on the secret points, and input points provided by a user, according to one embodiment of the invention.
Detailed Description of the Invention
FIG. 1 illustrates a functional block diagram of an authenticator system 110 including an input pattern 112, graphical interface 114, verifier 116, secret pattern 118, and approximation parameter 120. FIG. 1 also illustrates a user 124, who provides the input pattern 112 to the graphical interface 114, and a resource 126, which the verifier 116 allows the user 124 to access after verifying the input pattern 112 using the secret pattern 118 and the approximation parameter
120, as will be discussed in more detail later.
In one embodiment, the graphical interface 114 is a hardware device that provides a graphical display that can be viewed by the user 124 and which receives the input pattern 112 from the user 124. In another embodiment, the graphical interface 114 is a CRT (cathode ray
tube) with a touch screen capability. In another embodiment, the graphical interface 114 is a flat screen device, such as a LCD (liquid crystal display) or an active-matrix display device with input capability. In one embodiment, the graphical interface 114 is a separate device that is electronically, optically, or otherwise in communication with the verifier 116. In another embodiment, the graphical interface 114 is integrated into another device, such as a computer system, laptop computer, palmtop computer, other portable computer, or portable cellular telephone. In other embodiments, the other device also includes the verifier 116 and/or resource 126.
In one embodiment, the verifier 116 is a software application executing on a general purpose computer system. In alternate embodiments, the verifier 116 is implemented as a software module, program, or one or more objects, such as objects implemented in the C programming language. In another embodiment, the verifier 116 is a hardware device or integrated chip, such as an ASIC (application-specific integrated circuit).
In one embodiment, the resource 126 is a computer system, a database, or other resource that the user 124 desires to employ. In another embodiment, the resource 126 provides computational resources or data that the user 124 would like to access. In another embodiment, the resource 126 is a physical location or entity that the user 124 desires to access or use, such as a room, a locked automobile, or the locked ignition mechanism for an automobile.
In another embodiment, the graphical interface 114, verifier 116, and resource 126 are all part of the same computer system, laptop computer, palmtop computer, or other portable computer. In another embodiment, the graphical interface 114, verifier 116, and resource 126 are separate computers or devices connected in a network, which may be a local network, or a global network, such as the Internet.
In one embodiment, the authenticator system 110 uses tolerance parameters. In the embodiment of FIG. 1, two tolerance parameters are shown, an approximation parameter 120 and a display parameter 122. In this context, a tolerance parameter provides a tolerance or limit for how much information the user 124 is given or how accurate the user's 124 input must be. The approximation parameter 120 indicates how close the input pattern 112 must be to the secret pattern 118 for the verifier 116 to consider the input pattern 112 to be approximately similar to the secret pattern 118. The display parameter 122 indicates how much of the secret pattern 118 is displayed to the user 124. The user provides an input pattern 112 that matches the undisplayed portion of the secret pattern 118.
FIG. 2 illustrates a flowchart of the authentication process based on graphical input according to one embodiment of the invention. First, the verifier 116 determines a secret pattern 118 (step 200). In one embodiment, the verifier 116 determines a random pattern for the secret pattern 118. In another embodiment, the verifier 116 determines or calculates a pseudo-random pattern, or a secret pattern 118 based on a mathematical function. In other embodiments, the secret pattern 118 is provided to the verifier 116 from an external source, such as a database or a trusted authority, such as a server computer connected over a network to the verifier 116. The user receives or has access to the same secret pattern 118 or trusted authority.
Then the user 124 enters an input pattern 112 on the graphical interface 114 (step 202) in an attempt to match the secret pattern 118. In one embodiment, the user 124 is prompted with a portion of the secret pattern 118, which is displayed on the graphical interface 114 based on the display parameter 122. In one embodiment the display parameter 122 is a predetermined value obtained from a trusted authority, such as a server computer connected over a network to the graphical interface 114. In other embodiments, the graphical interface 114 or verifier 116 determines a random value for the display parameter 122 or uses a mathematical function to determine the display parameter 122.
Next, the verifier 116 determines an approximation parameter 120 (step 204). The verifier 116 uses the approximation parameter 120 to determine if the secret pattern 118 and input pattern 112 are approximately similar by comparing the secret pattern 118 and input pattern 112 (step 206). In one embodiment, the approximation parameter 120 is a predetermined value obtained from a trusted authority. In another embodiment, the verifier 116 determines the approximation parameter 120 using a mathematical function. In another embodiment, the approximation parameter 120 is determined before or concurrently with determining the display parameter 122. In one embodiment, the approximation pattern determines an approximation region 144 (see FIG. 8) that is circular, square, or some other shape.
In one embodiment, the verifier 116 compares the secret pattern 118 and input pattern 112 directly to verify that the two patterns are approximately similar. In another embodiment, the verifier 116 compares a calculated value for the secret pattern 118 with a calculated value for the input pattern 112. In one embodiment, the verifier 116 compares a hash of the secret pattern 118 with a hash of the input pattern 112. In another embodiment the verifier 116 generates a hash of the secret
pattern 118 and stores this secret hash in a storage media, such as a hard disk, associated with the verifier 116 or authenticator system 110. In another embodiment, this verifier 116 stores the secret hash in a memory element, such as a ROM or RAM, associated with the verifier 116 or authenticator system 110. In another embodiment, the verifier 116 obtains the secret pattern 118 or secret hash over a network or secure channel. In a further embodiment, the verifier 116 compares a fuzzy or approximate value for the secret pattern 118 with a fuzzy or approximate value for the input pattern 112.
If the verifier 116 finds that the secret pattern 118 and the input pattern 112 are approximately similar, then the verifier 116 authenticates the user 124 (step 208) and allows the user 124 to access the resource 126.
FIG. 3 is a pictorial illustration of a grid 132 and a secret pattern 118 indicated by six highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132. In one embodiment, the graphical interface 114 displays to the user 124 the grid 132, wherein each square or cell in the grid 132 has a different color or shade. In another embodiment the grid 132 also displays a recognizable image, such as a photograph. In other embodiments, the grid 132 is not square but is a rectangle or other geometric form or shape. In one embodiment, the grid 132 is a square matrix where each side of the grid 112 has k cells, and the matrix is referred to as a k by k grid 132.
In one embodiment, the secret pattern 118 consists of a randomly selected sequence X = Xi, x2, ..., xn of n squares or cells in the grid 132 as illustrated by cells 13, 20, 26, 41, 49 and 63 in FIG. 3, where n has a value of 6. In another embodiment, the secret pattern 118 is a random squiggle that the user 124 must draw to within a certain tolerance, as described below. In other embodiments, the secret pattern 118 is a letter, number, or other symbol.
In the embodiment shown in FIG. 3, the grid 132 is a 10 by 8 matrix of 80 cells indicated by cell numbers 1 through 80. The use of a 10 by 8 matrix is exemplary only and is not a requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric shapes may be used. In one embodiment, the user 124 provides an input pattern 112 by selecting the same points on the grid 132 in the same numerical sequence as the secret pattern 118, as indicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3. In another embodiment, the secret pattern 118 includes a secret sequence indicating the order for entering the cells of the input pattern 112. For example, the required or secret sequence for the secret pattern 118 may be 26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence
of the input pattern 112 on the graphical interface 114 before the verifier 116 determines that there is a match between the secret pattern 118 and the input pattern 112.
FIG. 4 is a pictorial illustration of a grid 132 and a secret pattern 118a. In FIG. 4 the secret pattern 118a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60. The secret pattern 118a shown in FIG. 4 is exemplary only. The secret pattern 118a is shown as a path extending generally from left to right, but this is not a requirement of the invention. Generally, the invention does not require a secret pattern 118 that tends in any one direction or forms any particular type of pattern. In alternate embodiments, the secret pattern 118 may be a random pattern, a pseudo-random pattern, or a pattern determined by a mathematical function. In FIG. 4 the secret pattern 118a is indicated by connecting lines. In other embodiments, the secret pattern 118a is indicated by curved lines, by a list of cell numbers, or other mechanism that indicates a unique secret pattern 118 in the grid 132.
FIG. 5 illustrates the grid 132 and the secret pattern 118a of FIG. 4 along with an input pattern 112a that a user 124 has entered that closely approximates the secret pattern 118a. The input pattern 112a touches the same cells in the grid 132 as the secret pattern 118a. In one embodiment, the verifier 116 determines that the input pattern 112a is approximately similar to the secret pattern 118a by determining that the two patterns 112a, 118a touch the same cells.
In one embodiment using a display parameter 122, the graphical interface 114 displays to the user 124 the first h squares in the sequence, xls x2, ..., xn in a secret pattern 118. The value h is the display parameter 122 indicating that the graphical interface 114 displays only h squares of the secret pattern 118 to the user 124.
For example, FIG. 6 illustrates a displayed portion 134 of the secret pattern 118a of FIG. 4, for one embodiment of the invention. In this embodiment, h, the display parameter 122 has a value of 3, and the graphical interface 114 displays only the first three cells 31, 22, 33 of the secret pattern 118a. The user 124 must then enter an input pattern 112 that corresponds to the undisplayed portion of the secret pattern 118a. In other embodiments, the display parameter 122 may have values other than 3, and the displayed portion 134 may be based on cells other than the first cells of the secret pattern 118, such as cells in the middle of the pattern 118, cells at the end of the pattern 118 or a selected number of cells determined by other methods. In another embodiment, the graphical interface 114 displays to the user 124 cells from two or more separate portions of the secret pattern 118.
In one embodiment using the approximation parameter 120, the user 124 must select a square within an rxr block centered around xn+l5 then xn+2, etc., through xn to authenticate herself. The value r is the approximation parameter 120. The probability p that a guessed sequence X' is correct is easily seen to be (r/k)2n"2k. Thus if k = 100, r = 5, n = 10, and h = 2, then p * 10"19. For example, in one embodiment, FIG. 7 illustrates the grid 132 with an approximation block 136 and an input pattern 112b that approximately matches the secret pattern 118a. In one embodiment, the approximation parameter 120 has a value of 3 and one cell of the input pattern 112b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a cell of the secret pattern 118a. The approximation block 136 illustrated in FIG. 7 is exemplary only, and an approximation block 136 may be centered or located at different cells on a secret pattern 118. For example, a 3 by 3 approximation block 136 centered on a central cell 22 of the secret pattern 118a includes cells 11, 12, 13, 21, 22, 23, 31, 32, and 33. Thus, in FIG. 7 cells 21 and 12 of the input pattern 112b do not match cells 31 and 22 of the secret pattern 118a, but the verifier 116 considers cells 21 and 12 to be close enough to the secret pattern 118a because they are within the approximation block 136 centered on cell 22. In general, in other embodiments, the approximation block 136 is adjusted for special conditions such as cells at the edges and corners of the grid 132. For example, the approximation block 136 may be enlarged or otherwise changed if the central cell of the block 136 is at the edge or corner of the grid 132. If a central cell, such as 31, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted appropriately. Thus the 3 by 3 block centered on cell 31 is set to a 2 by 3 block of the cells 21, 22, 31, 32, 41, and 42. In other embodiments, the approximation block 136 is adjusted in other ways, such as giving the approximation block 136 different sizes at different points in the secret pattern 112b. In general, the invention does not require the approximation block 136 to outline a square or rectangular shape, and, in other embodiments, the approximation block 136 outlines other geometric shapes.
FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, referred to generally as 144, and input points 146a, 146b, 146c, 146d, 146e, referred to generally as 146, for one embodiment of the invention. The display area 140 is a visual area of the graphical interface 114 that the graphical interface 114 displays to a user 124. In other embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other geometric form or shape.
The secret points 142a through 142e are part of a secret pattern 118 that is not displayed to the user 124 in one embodiment of the invention. The invention does not require that there be any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and in other embodiments, other numbers of secret points 142 may be used in the secret pattern 118. In another embodiment, the graphical interface 114 displays one or more points 142 of the secret pattern 118 on the display area 140 to the user 124 based on a display parameter 122. In one embodiment, the display parameter 122 indicates a value for the number of secret points 142 to be displayed. For example, if the display parameter 122 has a value of 2, then the graphical interface 114 displays two points, such as 142a and 142d, to the user 124. The invention does not require that the displayed secret points 142 be adjacent to each other or in any serial order. For a given display parameter 122 value, different secret points 142 may be selected to be displayed at different times.
In one embodiment, the graphical interface 114 displays an image or photograph that overlays the display area 140. If the graphical interface 114 displays an image or photograph, then in one embodiment the input points 146 are not displayed to the user 124. In another embodiment, the graphical interface 114 highlights or changes portions of the image corresponding to the locations of the input points 146. If a display parameter 122 is used, then the graphical interface 114 highlights portions of the image in the display area 140 that correspond to the one or more secret points 142 selected to be displayed based on the display parameter 122.
The input points 146 represent an input pattern 112 that the user 124 enters on the graphical interface 114. In one embodiment, the approximation regions 144 are regions within which the user 124 must make her selections of input points 146 for the verifier 116 to verify that the user 124 has entered a valid input pattern 112. Typically the approximation regions 144 are not displayed to the user 124. In FIG. 8 the input points 146 are represented by crosshairs or crossed lines, for one embodiment of the invention. In other embodiments, the input points 146 are represented by other geometric shapes, points, or symbols. In one embodiment, the user 124 must enter the input points 146 in a predetermined sequence, such as providing input points 142 to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another embodiment, the user 124 enters the input points 146 in any sequence.
In other embodiments, the approximations regions 144 are shapes other than the circles shown in FIG. 8. In other embodiments, the approximation regions 144 are of different sizes for different secret points 142.
In one embodiment, each input point 146 must be touching or within the approximation region 144. In another embodiment, one or more input points 146 are allowed to be outside the approximation regions 144 based on the approximation parameter 120, and the verifier 116 still determines that the input pattern and secret pattern 118 are approximately similar if most of the input points 146 are within the approximation regions 144. In another embodiment, the approximation parameter 120 determines the size of the approximation regions 144. In one embodiment, the graphical interface 114 alters the shape of the approximation region 144 for one or more secret points 142. For example, if a secret point 142 is close to the edge of the display area 140, then part of the approximation region 144 for that secret point 142 is truncated by the boundary of the display area 140. The graphical interface 114 may alter the approximation region 144 in other ways. In one embodiment, the graphical interface 114 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is partially truncated by the edge of the display area 140. In another embodiment, the graphical interface 114 determines only one approximation region, such as an ellipse or other shape, for two or more secret points 142 located close to each other.
In one embodiment, the secret points 142 are any points that can be determined in the display area 140. In another embodiment, the graphical interface 114 displays the display area 140 using pixels, and each secret point 142 is a pixel. In another embodiment, the approximation region 144 is based on a predetermined pixel-distance tolerance.
In one embodiment, the graphical interface 114 displays memory cues to the user 124 to encourage the user 124 to remember the secret pattern 118 so that the user 124 enters a valid input pattern 112 that the verifier 116 determines to be approximately similar to the secret pattern 118. The use of memory cues applies to displays based on grids 132 or display areas 140. The memory cues are either static or interactive. In addition, memory cues are either visual, auditory, or based on some other sensory medium accessible to the human senses.
In one embodiment, the graphical interface 114 provides a visual memory cue by changing the cursor shape or color depending on where on the graphical interface 114 the user 124 locates the cursor or stylus.
In another embodiment, the graphical interface 114 or the authenticator system 110 provides an auditory memory cue by playing a different piece of music for each image that the graphical interface 114 displays overlaying the grid 132 or the display area 140.
In another embodiment, the graphical interface 114 provides a visual memory cue by changing the color or brightness of the image, or of part of the image, displayed to the user 124 depending on where the user 124 locates the cursor or stylus on the graphical interface 114.
In one embodiment, the graphical interface 114 displays successive images to the user 124, wherein each image is determined dynamically based on the behavior and selections made by the user 124 when using a stylus or other input device to provide input to the graphical interface 114. In one embodiment, when the user 124 selects an input point 146 in a displayed image, the graphical interface 114 zooms in on the image or magnifies a portion of the image, which is then in turn displayed to the user 124. When the user 124 selects another input point 146, then the graphical interface 114 zooms in on the image again. The graphical interface 114 repeats this process until the user 124 has completed entering an input pattern 112. In another embodiment, the graphical interface 114 displays a number of portals, such as doors, and the user 124 selects one of the portals. The graphical interface 114 then displays different images depending on which portal the user 124 selects. In one embodiment, the user 124 simulates entry through a door into another visual space, such as moving through one or more doors into one or more rooms in a building. In one embodiment, each door or portal represents a secret point 142 in the secret pattern 118. In another embodiment, each door or portal does not itself represent a secret point 142 in the secret pattern 118, but provides access to an image that includes one or more secret points 142.
In another embodiment, the graphical interface 114 displays other visual metaphors and schemas that a user 124 follows when moving through a visual space, such as moving along a road or a path, or traveling in a vehicle, automobile, space craft, or water borne ship. In other embodiments, the graphical interface 114 displays other visual spaces or metaphors, as is known in the arts of computer graphics, computer and electronic games, and virtual reality.
Having described the preferred embodiments of the invention, it will now become apparent to one of skill in the art that other embodiments incorporating the concepts may be used. It is felt, therefore, that these embodiments should not be limited to disclosed embodiments but rather should be limited only by the spirit and scope of the following claims.
Claims
CLAIMS What is claimed is: 1. A method for authenticating a user, the steps comprising: determining a secret pattern; entering an input pattern from a user on a graphical interface; determining an approximation parameter for use in comparing the secret pattern and the input pattern from the user; comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter; and authenticating the user based on the comparing step.
2. The method of claim 1 , further comprising a step of displaying a portion of the secret pattern on the graphical interface to the user.
3. The method of claim 2, wherein the step of displaying the portion of the secret pattern comprises determining the portion to display based on a display parameter.
4. The method of claim 1, wherein the step of determining the secret pattern comprises determining the secret pattern based on a grid.
5. The method of claim 4, wherein the step of determining the approximation parameter comprises selecting at least one block of cells in the grid based on the secret pattern.
6. The method of claim 1 , wherein the step of comparing the input pattern and the secret pattern comprises comparing an input sequence for entering the input pattern with a secret sequence of the secret pattern.
7. The method of claim 1 , wherein the step of entering the input pattern comprises entering the input pattern on a displayed grid on the graphical interface.
8. The method of claim 1 , wherein the step of entering the input pattern comprises entering a squiggle.
9. The method of claim 8, wherein the squiggle comprises a random shape.
10. The method of claim 1 , wherein the step of entering the input pattern comprises entering a symbol.
11 The method of claim 10, wherein the symbol comprises at least one of a letter and a number.
12. The method of claim 1 , wherein the step of entering an input pattern comprises entering a sketch.
13. The method of claim 1 , wherein the step of entering the input pattern further comprises selecting at least one point on each of a plurality of images displayed on the graphical interface.
14. The method of claim 1 , further comprising a step of allowing access to a resource in response to the step of authenticating the user.
15. The method of claim 14, wherein the step of allowing access to the resource comprises allowing access to at least one of a hardware device, a computer system, a portable computer, a software application, and a database.
16. The method of claim 1 , further comprising steps of generating a calculated value of the secret pattern and generating a calculated value of the input pattern; and wherein the step of comparing the secret pattern and the input pattern comprises comparing the calculated value of the secret pattern and the calculated value of the input pattern.
17. The method of claim 16, wherein the step of generating the calculated value of the secret pattern comprises generating a hash of the secret pattern and the step of generating the calculated value of the input pattern comprises generating a hash of the input pattern.
18. The method of claim 1 , wherein the step of determining the secret pattern comprises determining at least one secret point located in a display area and determining at least one approximation region associated with the at least one secret point.
19. The method of claim 1, further comprising a step of providing at least one memory cue to the user.
20. The method of claim 19, wherein the step of providing at least one memory cue to the user comprises providing at least one of a visual memory cue and an auditory memory cue.
21. An authenticator for authenticating a user of a resource, comprising: a graphical interface capable of receiving graphical input from a user; a secret pattern; an input pattern entered on the graphical interface by the user; an approximation parameter for use in comparing the secret pattern and the input pattern to determine if the secret pattern and the input pattern are approximately similar within limits defined by the approximation parameter; and a verifier in communication with the graphical interface, the verifier authenticating the user by comparing the secret pattern and input pattern using the approximation parameter.
22. The authenticator of claim 21, wherein the graphical interface displays a portion of the secret pattern to the user.
23. The authenticator of claim 22, wherein the graphical interface uses a display parameter to determine the displayed portion of the secret pattern.
24. The authenticator of claim 21 , wherein the secret pattern is based on a grid.
25. The authenticator of claim 24, wherein the approximation parameter comprises at least one block of cells in the grid based on the secret pattern.
26. The authenticator of claim 21 , wherein the input pattern comprises an input sequence and the secret pattern comprises a secret sequence, and the verifier compares the input sequence and the secret sequence.
27. The authenticator of claim 21, wherein the graphical interface comprises a displayed grid and the user enters the input pattern on the displayed grid.
28. The authenticator of claim 21 , wherein the input pattern comprises a squiggle.
29. The authenticator of claim 28, wherein the squiggle comprises a random shape.
30. The authenticator of claim 21 , wherein the input pattern comprises a symbol.
31. The authenticator of claim 30, wherein the symbol comprises at least one of a letter and a number.
32. The authenticator of claim 21 , wherein the input pattern comprises a sketch.
33. The authenticator of claim 21 wherein the user selects at least one point on each of a plurality of images displayed on the graphical interface when entering the input pattern on the graphical interface.
34. The authenticator of claim 21, wherein the verifier allows access to a resource in response to authenticating the user.
35. The authenticator of claim 34, wherein the resource comprises at least one of a hardware device, a computer system, a portable computer, a software application, and a database.
36. The authenticator of claim 21, wherein the verifier generates a calculated value of the secret pattern and a calculated value of the input pattern; and compares the calculated value of the secret pattern and the calculated value of the input pattern.
37. The authenticator of claim 36, wherein the verifier generates a hash of the secret pattern and a hash of the input pattern.
38. The authenticator of claim 21, wherein the graphical interface determines at least one secret point located in a display area and at least one approximation region associated with the at least one secret point.
39. The authenticator of claim 21, wherein the graphical interface provides at least one memory cue to the user.
40. The authenticator of claim 39, wherein the graphical interface provides at least one of a visual memory cue and an auditory memory cue.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001251202A AU2001251202A1 (en) | 2000-04-07 | 2001-04-02 | System and method for authenticating a user |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US54480900A | 2000-04-07 | 2000-04-07 | |
US09/544,809 | 2000-04-07 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001077792A2 true WO2001077792A2 (en) | 2001-10-18 |
WO2001077792A3 WO2001077792A3 (en) | 2003-01-30 |
Family
ID=24173684
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2001/010498 WO2001077792A2 (en) | 2000-04-07 | 2001-04-02 | System and method for authenticating a user |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU2001251202A1 (en) |
WO (1) | WO2001077792A2 (en) |
Cited By (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003048909A2 (en) | 2001-12-04 | 2003-06-12 | Applied Neural Computing, L.L.C. | Validating the identity of a user using a pointing device |
WO2003054656A2 (en) * | 2001-12-12 | 2003-07-03 | Intel Corporation | Providing a user input interface prior to initiation of an operating system |
EP1345106A2 (en) * | 2002-03-15 | 2003-09-17 | Hewlett-Packard Company | Systems and methods for authenticating a user for a computing device |
WO2004001560A1 (en) * | 2002-06-19 | 2003-12-31 | Nokia Corporation | Method of deactivating lock, and portable electronic device |
EP1380915A2 (en) * | 2002-07-10 | 2004-01-14 | Samsung Electronics Co., Ltd. | Computer access control |
WO2005040998A1 (en) * | 2003-09-30 | 2005-05-06 | British Telecommunications Public Limited Company | Method and system for authenticating a user |
WO2006042417A1 (en) * | 2004-10-20 | 2006-04-27 | Mary Louise Jackson | Graphical interface for repetitive data entry and data visualization |
WO2007098569A1 (en) | 2006-03-01 | 2007-09-07 | Norman Frank Goertzen | Method and system for securing interface access via visual array paths in combination with hidden operators |
EP1845469A1 (en) * | 2006-04-12 | 2007-10-17 | Siemens Aktiengesellschaft | Authentification method and system |
US7292230B2 (en) | 2002-09-20 | 2007-11-06 | Nokia Corporation | Method of deactivating device lock state, and electronic device |
CN100350368C (en) * | 2004-09-24 | 2007-11-21 | 明基电通股份有限公司 | Lock method of touch screen |
US7376899B2 (en) | 2003-06-19 | 2008-05-20 | Nokia Corporation | Method and system for producing a graphical password, and a terminal device |
EP2104052A1 (en) * | 2008-03-19 | 2009-09-23 | British Telecommunications Public Limited Company | Authentication system and method |
WO2009142618A1 (en) * | 2008-05-19 | 2009-11-26 | Hewlett-Packard Development Company, L.P. | Systems and methods for supporting pre-boot log in |
EP2130154A1 (en) * | 2007-03-28 | 2009-12-09 | Computime, Ltd. | Security capability with an input device |
US7689831B2 (en) | 2004-08-30 | 2010-03-30 | Passrules Canadian Security Inc. | Method and system for securing interface access via visual array paths in combination with hidden operators |
WO2009145540A3 (en) * | 2008-05-29 | 2010-10-14 | Neople, Inc. | Apparatus and method for inputting password using game |
EP2260429A2 (en) * | 2008-02-20 | 2010-12-15 | Microsoft Corporation | Sketch-based password authentication |
EP2299381A1 (en) * | 2005-12-23 | 2011-03-23 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
EP2441209A1 (en) * | 2010-07-01 | 2012-04-18 | Tata Consultancy Services Ltd. | System for two way authentication |
US8174503B2 (en) | 2008-05-17 | 2012-05-08 | David H. Cain | Touch-based authentication of a mobile device through user generated pattern creation |
US8209606B2 (en) | 2007-01-07 | 2012-06-26 | Apple Inc. | Device, method, and graphical user interface for list scrolling on a touch-screen display |
WO2012085378A1 (en) * | 2010-12-23 | 2012-06-28 | Morpho | Method for enabling authentication or identification, and related verification system |
US8224887B2 (en) | 2003-03-26 | 2012-07-17 | Authenticatid, Llc | System, method and computer program product for authenticating a client |
GB2488944A (en) * | 2008-05-19 | 2012-09-12 | Hewlett Packard Development Co | Using a soft keyboard when a pre-boot password is entered incorrectly |
US8429557B2 (en) | 2007-01-07 | 2013-04-23 | Apple Inc. | Application programming interfaces for scrolling operations |
US20130123007A1 (en) * | 2006-11-14 | 2013-05-16 | Igt | Behavioral biometrics for authentication in computing environments |
US8458485B2 (en) | 2009-06-17 | 2013-06-04 | Microsoft Corporation | Image-based unlock functionality on a computing device |
US8528072B2 (en) | 2010-07-23 | 2013-09-03 | Apple Inc. | Method, apparatus and system for access mode control of a device |
US8650636B2 (en) | 2011-05-24 | 2014-02-11 | Microsoft Corporation | Picture gesture authentication |
US8782775B2 (en) | 2007-09-24 | 2014-07-15 | Apple Inc. | Embedded authentication systems in an electronic device |
US9128614B2 (en) | 2010-11-05 | 2015-09-08 | Apple Inc. | Device, method, and graphical user interface for manipulating soft keyboards |
US9146673B2 (en) | 2010-11-05 | 2015-09-29 | Apple Inc. | Device, method, and graphical user interface for manipulating soft keyboards |
US9213822B2 (en) | 2012-01-20 | 2015-12-15 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
US9285908B2 (en) | 2009-03-16 | 2016-03-15 | Apple Inc. | Event recognition |
US9298363B2 (en) | 2011-04-11 | 2016-03-29 | Apple Inc. | Region activation for touch sensitive surface |
US9311112B2 (en) | 2009-03-16 | 2016-04-12 | Apple Inc. | Event recognition |
US9323335B2 (en) | 2008-03-04 | 2016-04-26 | Apple Inc. | Touch event model programming interface |
US9361447B1 (en) | 2014-09-04 | 2016-06-07 | Emc Corporation | Authentication based on user-selected image overlay effects |
US9389712B2 (en) | 2008-03-04 | 2016-07-12 | Apple Inc. | Touch event model |
US9483121B2 (en) | 2009-03-16 | 2016-11-01 | Apple Inc. | Event recognition |
US9529519B2 (en) | 2007-01-07 | 2016-12-27 | Apple Inc. | Application programming interfaces for gesture operations |
USRE46301E1 (en) * | 2005-03-08 | 2017-02-07 | Microsoft Technology Licensing, Llc | Image or pictographic based computer login systems and methods |
US9614671B2 (en) | 2011-12-02 | 2017-04-04 | Barclays Bank Plc | User access control based on a graphical signature |
US9626073B2 (en) | 2002-03-19 | 2017-04-18 | Facebook, Inc. | Display navigation |
US9684521B2 (en) | 2010-01-26 | 2017-06-20 | Apple Inc. | Systems having discrete and continuous gesture recognizers |
US9733716B2 (en) | 2013-06-09 | 2017-08-15 | Apple Inc. | Proxy gesture recognizer |
EP3232373A1 (en) * | 2016-03-01 | 2017-10-18 | Politechnika Gdanska | Method and system for verification of user identity in information technology systems, in particular in banking systems |
US9798459B2 (en) | 2008-03-04 | 2017-10-24 | Apple Inc. | Touch event model for web pages |
US10216408B2 (en) | 2010-06-14 | 2019-02-26 | Apple Inc. | Devices and methods for identifying user interface objects based on view hierarchy |
EP2070234B1 (en) * | 2006-09-07 | 2020-05-06 | Orange | Securing of code for personal entity |
US10963142B2 (en) | 2007-01-07 | 2021-03-30 | Apple Inc. | Application programming interfaces for scrolling |
US11165963B2 (en) | 2011-06-05 | 2021-11-02 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
EP3980910A4 (en) * | 2019-06-05 | 2023-07-26 | Throughputer, Inc. | Graphic pattern-based passcode generation and authentication |
US11893463B2 (en) | 2019-03-07 | 2024-02-06 | Throughputer, Inc. | Online trained object property estimator |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0677801A1 (en) * | 1994-04-04 | 1995-10-18 | AT&T Corp. | Graphical password |
WO1996018139A1 (en) * | 1994-12-08 | 1996-06-13 | Philips Electronics N.V. | Security code input |
FR2765979A1 (en) * | 1997-07-08 | 1999-01-15 | Jacques Rivailler | INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL |
EP0901060A2 (en) * | 1997-09-05 | 1999-03-10 | Fujitsu Limited | Secure data control apparatus and method |
WO1999021073A1 (en) * | 1997-10-23 | 1999-04-29 | Casio Computer Co., Ltd. | Checking device and recording medium for checking the identification of an operator |
-
2001
- 2001-04-02 AU AU2001251202A patent/AU2001251202A1/en not_active Abandoned
- 2001-04-02 WO PCT/US2001/010498 patent/WO2001077792A2/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0677801A1 (en) * | 1994-04-04 | 1995-10-18 | AT&T Corp. | Graphical password |
WO1996018139A1 (en) * | 1994-12-08 | 1996-06-13 | Philips Electronics N.V. | Security code input |
FR2765979A1 (en) * | 1997-07-08 | 1999-01-15 | Jacques Rivailler | INDIVIDUAL COMPUTER TERMINAL CAPABLE OF COMMUNICATING WITH COMPUTER EQUIPMENT IN A SECURE WAY, AS WELL AS AN AUTHENTICATION PROCESS IMPLEMENTED BY SAID TERMINAL |
EP0901060A2 (en) * | 1997-09-05 | 1999-03-10 | Fujitsu Limited | Secure data control apparatus and method |
WO1999021073A1 (en) * | 1997-10-23 | 1999-04-29 | Casio Computer Co., Ltd. | Checking device and recording medium for checking the identification of an operator |
Cited By (145)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2003048909A3 (en) * | 2001-12-04 | 2004-05-13 | Applied Neural Computing L L C | Validating the identity of a user using a pointing device |
WO2003048909A2 (en) | 2001-12-04 | 2003-06-12 | Applied Neural Computing, L.L.C. | Validating the identity of a user using a pointing device |
US7715600B2 (en) | 2001-12-04 | 2010-05-11 | Applied Neural Technologies Limited | System for and method of web signature recognition system based on object map |
KR100737659B1 (en) * | 2001-12-12 | 2007-07-09 | 인텔 코오퍼레이션 | Providing a user input interface prior to initiation of an operating system |
WO2003054656A2 (en) * | 2001-12-12 | 2003-07-03 | Intel Corporation | Providing a user input interface prior to initiation of an operating system |
WO2003054656A3 (en) * | 2001-12-12 | 2004-02-19 | Intel Corp | Providing a user input interface prior to initiation of an operating system |
US7849301B2 (en) | 2001-12-12 | 2010-12-07 | Intel Corporation | Providing a user input interface prior to initiation of an operating system |
EP1345106A3 (en) * | 2002-03-15 | 2003-12-17 | Hewlett-Packard Company | Systems and methods for authenticating a user for a computing device |
EP1345106A2 (en) * | 2002-03-15 | 2003-09-17 | Hewlett-Packard Company | Systems and methods for authenticating a user for a computing device |
US9886163B2 (en) | 2002-03-19 | 2018-02-06 | Facebook, Inc. | Constrained display navigation |
US10365785B2 (en) | 2002-03-19 | 2019-07-30 | Facebook, Inc. | Constraining display motion in display navigation |
US10055090B2 (en) | 2002-03-19 | 2018-08-21 | Facebook, Inc. | Constraining display motion in display navigation |
US9626073B2 (en) | 2002-03-19 | 2017-04-18 | Facebook, Inc. | Display navigation |
US9678621B2 (en) | 2002-03-19 | 2017-06-13 | Facebook, Inc. | Constraining display motion in display navigation |
US9753606B2 (en) | 2002-03-19 | 2017-09-05 | Facebook, Inc. | Animated display navigation |
US9851864B2 (en) | 2002-03-19 | 2017-12-26 | Facebook, Inc. | Constraining display in display navigation |
WO2004001560A1 (en) * | 2002-06-19 | 2003-12-31 | Nokia Corporation | Method of deactivating lock, and portable electronic device |
US7453443B2 (en) | 2002-06-19 | 2008-11-18 | Nokia Corporation | Method of deactivating lock and portable electronic device |
EP1380915A3 (en) * | 2002-07-10 | 2004-12-15 | Samsung Electronics Co., Ltd. | Computer access control |
EP1380915A2 (en) * | 2002-07-10 | 2004-01-14 | Samsung Electronics Co., Ltd. | Computer access control |
US7292230B2 (en) | 2002-09-20 | 2007-11-06 | Nokia Corporation | Method of deactivating device lock state, and electronic device |
US8224887B2 (en) | 2003-03-26 | 2012-07-17 | Authenticatid, Llc | System, method and computer program product for authenticating a client |
US7376899B2 (en) | 2003-06-19 | 2008-05-20 | Nokia Corporation | Method and system for producing a graphical password, and a terminal device |
WO2005040998A1 (en) * | 2003-09-30 | 2005-05-06 | British Telecommunications Public Limited Company | Method and system for authenticating a user |
US7689831B2 (en) | 2004-08-30 | 2010-03-30 | Passrules Canadian Security Inc. | Method and system for securing interface access via visual array paths in combination with hidden operators |
CN100350368C (en) * | 2004-09-24 | 2007-11-21 | 明基电通股份有限公司 | Lock method of touch screen |
WO2006042417A1 (en) * | 2004-10-20 | 2006-04-27 | Mary Louise Jackson | Graphical interface for repetitive data entry and data visualization |
USRE46301E1 (en) * | 2005-03-08 | 2017-02-07 | Microsoft Technology Licensing, Llc | Image or pictographic based computer login systems and methods |
USRE47518E1 (en) | 2005-03-08 | 2019-07-16 | Microsoft Technology Licensing, Llc | Image or pictographic based computer login systems and methods |
US11669238B2 (en) | 2005-12-23 | 2023-06-06 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8046721B2 (en) | 2005-12-23 | 2011-10-25 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8694923B2 (en) | 2005-12-23 | 2014-04-08 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8745544B2 (en) | 2005-12-23 | 2014-06-03 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8286103B2 (en) | 2005-12-23 | 2012-10-09 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US11086507B2 (en) | 2005-12-23 | 2021-08-10 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8209637B2 (en) | 2005-12-23 | 2012-06-26 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
EP2299381A1 (en) * | 2005-12-23 | 2011-03-23 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US10754538B2 (en) | 2005-12-23 | 2020-08-25 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8527903B2 (en) | 2005-12-23 | 2013-09-03 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US10078439B2 (en) | 2005-12-23 | 2018-09-18 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8640057B2 (en) | 2005-12-23 | 2014-01-28 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
US8627237B2 (en) | 2005-12-23 | 2014-01-07 | Apple Inc. | Unlocking a device by performing gestures on an unlock image |
WO2007098569A1 (en) | 2006-03-01 | 2007-09-07 | Norman Frank Goertzen | Method and system for securing interface access via visual array paths in combination with hidden operators |
EP1845469A1 (en) * | 2006-04-12 | 2007-10-17 | Siemens Aktiengesellschaft | Authentification method and system |
EP2070234B1 (en) * | 2006-09-07 | 2020-05-06 | Orange | Securing of code for personal entity |
US20130123007A1 (en) * | 2006-11-14 | 2013-05-16 | Igt | Behavioral biometrics for authentication in computing environments |
US9519762B2 (en) * | 2006-11-14 | 2016-12-13 | Igt | Behavioral biometrics for authentication in computing environments |
US8365090B2 (en) | 2007-01-07 | 2013-01-29 | Apple Inc. | Device, method, and graphical user interface for zooming out on a touch-screen display |
US9448712B2 (en) | 2007-01-07 | 2016-09-20 | Apple Inc. | Application programming interfaces for scrolling operations |
US8312371B2 (en) | 2007-01-07 | 2012-11-13 | Apple Inc. | Device and method for screen rotation on a touch-screen display |
US10817162B2 (en) | 2007-01-07 | 2020-10-27 | Apple Inc. | Application programming interfaces for scrolling operations |
US10613741B2 (en) | 2007-01-07 | 2020-04-07 | Apple Inc. | Application programming interface for gesture operations |
US9619132B2 (en) | 2007-01-07 | 2017-04-11 | Apple Inc. | Device, method and graphical user interface for zooming in on a touch-screen display |
US8255798B2 (en) | 2007-01-07 | 2012-08-28 | Apple Inc. | Device, method, and graphical user interface for electronic document translation on a touch-screen display |
US10606470B2 (en) | 2007-01-07 | 2020-03-31 | Apple, Inc. | List scrolling and document translation, scaling, and rotation on a touch-screen display |
US8661363B2 (en) | 2007-01-07 | 2014-02-25 | Apple Inc. | Application programming interfaces for scrolling operations |
US10963142B2 (en) | 2007-01-07 | 2021-03-30 | Apple Inc. | Application programming interfaces for scrolling |
US10983692B2 (en) | 2007-01-07 | 2021-04-20 | Apple Inc. | List scrolling and document translation, scaling, and rotation on a touch-screen display |
US9665265B2 (en) | 2007-01-07 | 2017-05-30 | Apple Inc. | Application programming interfaces for gesture operations |
US10481785B2 (en) | 2007-01-07 | 2019-11-19 | Apple Inc. | Application programming interfaces for scrolling operations |
US8209606B2 (en) | 2007-01-07 | 2012-06-26 | Apple Inc. | Device, method, and graphical user interface for list scrolling on a touch-screen display |
US9575648B2 (en) | 2007-01-07 | 2017-02-21 | Apple Inc. | Application programming interfaces for gesture operations |
US9037995B2 (en) | 2007-01-07 | 2015-05-19 | Apple Inc. | Application programming interfaces for scrolling operations |
US11886698B2 (en) | 2007-01-07 | 2024-01-30 | Apple Inc. | List scrolling and document translation, scaling, and rotation on a touch-screen display |
US9052814B2 (en) | 2007-01-07 | 2015-06-09 | Apple Inc. | Device, method, and graphical user interface for zooming in on a touch-screen display |
US11269513B2 (en) | 2007-01-07 | 2022-03-08 | Apple Inc. | List scrolling and document translation, scaling, and rotation on a touch-screen display |
US9529519B2 (en) | 2007-01-07 | 2016-12-27 | Apple Inc. | Application programming interfaces for gesture operations |
US8429557B2 (en) | 2007-01-07 | 2013-04-23 | Apple Inc. | Application programming interfaces for scrolling operations |
US9760272B2 (en) | 2007-01-07 | 2017-09-12 | Apple Inc. | Application programming interfaces for scrolling operations |
US10175876B2 (en) | 2007-01-07 | 2019-01-08 | Apple Inc. | Application programming interfaces for gesture operations |
US11461002B2 (en) | 2007-01-07 | 2022-10-04 | Apple Inc. | List scrolling and document translation, scaling, and rotation on a touch-screen display |
US11449217B2 (en) | 2007-01-07 | 2022-09-20 | Apple Inc. | Application programming interfaces for gesture operations |
EP2130154A4 (en) * | 2007-03-28 | 2011-07-06 | Computime Ltd | Security capability with an input device |
EP2130154A1 (en) * | 2007-03-28 | 2009-12-09 | Computime, Ltd. | Security capability with an input device |
US9128601B2 (en) | 2007-09-24 | 2015-09-08 | Apple Inc. | Embedded authentication systems in an electronic device |
US9495531B2 (en) | 2007-09-24 | 2016-11-15 | Apple Inc. | Embedded authentication systems in an electronic device |
US9953152B2 (en) | 2007-09-24 | 2018-04-24 | Apple Inc. | Embedded authentication systems in an electronic device |
US9329771B2 (en) | 2007-09-24 | 2016-05-03 | Apple Inc | Embedded authentication systems in an electronic device |
US9304624B2 (en) | 2007-09-24 | 2016-04-05 | Apple Inc. | Embedded authentication systems in an electronic device |
US9250795B2 (en) | 2007-09-24 | 2016-02-02 | Apple Inc. | Embedded authentication systems in an electronic device |
US10275585B2 (en) | 2007-09-24 | 2019-04-30 | Apple Inc. | Embedded authentication systems in an electronic device |
US9134896B2 (en) | 2007-09-24 | 2015-09-15 | Apple Inc. | Embedded authentication systems in an electronic device |
US10956550B2 (en) | 2007-09-24 | 2021-03-23 | Apple Inc. | Embedded authentication systems in an electronic device |
US8782775B2 (en) | 2007-09-24 | 2014-07-15 | Apple Inc. | Embedded authentication systems in an electronic device |
US11468155B2 (en) | 2007-09-24 | 2022-10-11 | Apple Inc. | Embedded authentication systems in an electronic device |
US9519771B2 (en) | 2007-09-24 | 2016-12-13 | Apple Inc. | Embedded authentication systems in an electronic device |
US8943580B2 (en) | 2007-09-24 | 2015-01-27 | Apple Inc. | Embedded authentication systems in an electronic device |
US9274647B2 (en) | 2007-09-24 | 2016-03-01 | Apple Inc. | Embedded authentication systems in an electronic device |
US9038167B2 (en) | 2007-09-24 | 2015-05-19 | Apple Inc. | Embedded authentication systems in an electronic device |
US8024775B2 (en) | 2008-02-20 | 2011-09-20 | Microsoft Corporation | Sketch-based password authentication |
EP2260429A4 (en) * | 2008-02-20 | 2011-07-06 | Microsoft Corp | Sketch-based password authentication |
EP2260429A2 (en) * | 2008-02-20 | 2010-12-15 | Microsoft Corporation | Sketch-based password authentication |
US9971502B2 (en) | 2008-03-04 | 2018-05-15 | Apple Inc. | Touch event model |
US9798459B2 (en) | 2008-03-04 | 2017-10-24 | Apple Inc. | Touch event model for web pages |
US10521109B2 (en) | 2008-03-04 | 2019-12-31 | Apple Inc. | Touch event model |
US9690481B2 (en) | 2008-03-04 | 2017-06-27 | Apple Inc. | Touch event model |
US9720594B2 (en) | 2008-03-04 | 2017-08-01 | Apple Inc. | Touch event model |
US10936190B2 (en) | 2008-03-04 | 2021-03-02 | Apple Inc. | Devices, methods, and user interfaces for processing touch events |
US11740725B2 (en) | 2008-03-04 | 2023-08-29 | Apple Inc. | Devices, methods, and user interfaces for processing touch events |
US9389712B2 (en) | 2008-03-04 | 2016-07-12 | Apple Inc. | Touch event model |
US9323335B2 (en) | 2008-03-04 | 2016-04-26 | Apple Inc. | Touch event model programming interface |
EP2104052A1 (en) * | 2008-03-19 | 2009-09-23 | British Telecommunications Public Limited Company | Authentication system and method |
US8174503B2 (en) | 2008-05-17 | 2012-05-08 | David H. Cain | Touch-based authentication of a mobile device through user generated pattern creation |
GB2474142B (en) * | 2008-05-19 | 2012-09-05 | Hewlett Packard Development Co | Handling passwords for pre-boot log in that cannot be typed with the attached keyboard |
GB2488944A (en) * | 2008-05-19 | 2012-09-12 | Hewlett Packard Development Co | Using a soft keyboard when a pre-boot password is entered incorrectly |
GB2474142A (en) * | 2008-05-19 | 2011-04-06 | Hewlett Packard Development Co | Systems and methods for supporting pre-boot log in |
GB2488944B (en) * | 2008-05-19 | 2013-02-20 | Hewlett Packard Development Co | Systems and methods for supporting pre-boot log in |
WO2009142618A1 (en) * | 2008-05-19 | 2009-11-26 | Hewlett-Packard Development Company, L.P. | Systems and methods for supporting pre-boot log in |
WO2009145540A3 (en) * | 2008-05-29 | 2010-10-14 | Neople, Inc. | Apparatus and method for inputting password using game |
CN102216935B (en) * | 2008-05-29 | 2014-07-16 | 新人类有限公司 | Apparatus and method for inputting password using game |
US9965177B2 (en) | 2009-03-16 | 2018-05-08 | Apple Inc. | Event recognition |
US9285908B2 (en) | 2009-03-16 | 2016-03-15 | Apple Inc. | Event recognition |
US11163440B2 (en) | 2009-03-16 | 2021-11-02 | Apple Inc. | Event recognition |
US10719225B2 (en) | 2009-03-16 | 2020-07-21 | Apple Inc. | Event recognition |
US11755196B2 (en) | 2009-03-16 | 2023-09-12 | Apple Inc. | Event recognition |
US9483121B2 (en) | 2009-03-16 | 2016-11-01 | Apple Inc. | Event recognition |
US9311112B2 (en) | 2009-03-16 | 2016-04-12 | Apple Inc. | Event recognition |
US9946891B2 (en) | 2009-06-17 | 2018-04-17 | Microsoft Technology Licensing, Llc | Image-based unlock functionality on a computing device |
US8458485B2 (en) | 2009-06-17 | 2013-06-04 | Microsoft Corporation | Image-based unlock functionality on a computing device |
US9684521B2 (en) | 2010-01-26 | 2017-06-20 | Apple Inc. | Systems having discrete and continuous gesture recognizers |
US10732997B2 (en) | 2010-01-26 | 2020-08-04 | Apple Inc. | Gesture recognizers with delegates for controlling and modifying gesture recognition |
US10216408B2 (en) | 2010-06-14 | 2019-02-26 | Apple Inc. | Devices and methods for identifying user interface objects based on view hierarchy |
EP2441209A4 (en) * | 2010-07-01 | 2012-05-09 | Tata Consultancy Services Ltd | System for two way authentication |
EP2441209A1 (en) * | 2010-07-01 | 2012-04-18 | Tata Consultancy Services Ltd. | System for two way authentication |
US9740832B2 (en) | 2010-07-23 | 2017-08-22 | Apple Inc. | Method, apparatus and system for access mode control of a device |
US8528072B2 (en) | 2010-07-23 | 2013-09-03 | Apple Inc. | Method, apparatus and system for access mode control of a device |
US9128614B2 (en) | 2010-11-05 | 2015-09-08 | Apple Inc. | Device, method, and graphical user interface for manipulating soft keyboards |
US9146673B2 (en) | 2010-11-05 | 2015-09-29 | Apple Inc. | Device, method, and graphical user interface for manipulating soft keyboards |
US9519824B2 (en) | 2010-12-23 | 2016-12-13 | Morpho | Method for enabling authentication or identification, and related verification system |
FR2969797A1 (en) * | 2010-12-23 | 2012-06-29 | Morpho | METHOD FOR PERMITTING AUTHENTICATION OR IDENTIFICATION AND ASSOCIATED VERIFICATION SYSTEM |
WO2012085378A1 (en) * | 2010-12-23 | 2012-06-28 | Morpho | Method for enabling authentication or identification, and related verification system |
US9298363B2 (en) | 2011-04-11 | 2016-03-29 | Apple Inc. | Region activation for touch sensitive surface |
US8650636B2 (en) | 2011-05-24 | 2014-02-11 | Microsoft Corporation | Picture gesture authentication |
US8910253B2 (en) | 2011-05-24 | 2014-12-09 | Microsoft Corporation | Picture gesture authentication |
US11165963B2 (en) | 2011-06-05 | 2021-11-02 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
US9614671B2 (en) | 2011-12-02 | 2017-04-04 | Barclays Bank Plc | User access control based on a graphical signature |
US9213822B2 (en) | 2012-01-20 | 2015-12-15 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
US9372978B2 (en) | 2012-01-20 | 2016-06-21 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
US10867059B2 (en) | 2012-01-20 | 2020-12-15 | Apple Inc. | Device, method, and graphical user interface for accessing an application in a locked device |
US11429190B2 (en) | 2013-06-09 | 2022-08-30 | Apple Inc. | Proxy gesture recognizer |
US9733716B2 (en) | 2013-06-09 | 2017-08-15 | Apple Inc. | Proxy gesture recognizer |
US9361447B1 (en) | 2014-09-04 | 2016-06-07 | Emc Corporation | Authentication based on user-selected image overlay effects |
EP3232373A1 (en) * | 2016-03-01 | 2017-10-18 | Politechnika Gdanska | Method and system for verification of user identity in information technology systems, in particular in banking systems |
US11893463B2 (en) | 2019-03-07 | 2024-02-06 | Throughputer, Inc. | Online trained object property estimator |
EP3980910A4 (en) * | 2019-06-05 | 2023-07-26 | Throughputer, Inc. | Graphic pattern-based passcode generation and authentication |
Also Published As
Publication number | Publication date |
---|---|
WO2001077792A3 (en) | 2003-01-30 |
AU2001251202A1 (en) | 2001-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001077792A2 (en) | System and method for authenticating a user | |
CN102804196B (en) | There is the computing equipment of pattern authentication interface | |
US20060174339A1 (en) | An arrangement and method of graphical password authentication | |
Sreelatha et al. | Authentication schemes for session passwords using color and images | |
Khan et al. | A graphical password based system for small mobile devices | |
RU2376626C2 (en) | Method of preventing disclosure entered information to observer | |
US20050246138A1 (en) | Method and system for procssing password inputted by the matching of cells | |
US11128613B2 (en) | Authentication based on visual memory | |
Tao | Pass-Go, a new graphical password scheme | |
Yang | PassPositions: A secure and user-friendly graphical password scheme | |
Haque et al. | A new graphical password: combination of recall & recognition based approach | |
Yang | Development status and prospects of graphical password authentication system in Korea | |
Shankar et al. | IPCT: A scheme for mobile authentication | |
Umar et al. | Graphical user authentication: A time interval based approach | |
Gao et al. | Usability and security of the recall-based graphical password schemes | |
Sreelatha et al. | Intrusion prevention by image based authentication techniques | |
US20130340091A1 (en) | Method of creating ui layouts with desired level of entropy | |
Yang | T-TIME: a password scheme based on touch signal generation time difference | |
KR20110101030A (en) | Security method of information by the touch screen | |
Alam | SUIS: An online graphical signature-based user identification system | |
Thorawade et al. | Authentication scheme resistant to shoulder surfing attack using image retrieval | |
Huzaif et al. | Securing Social Media using Pair based Authentication | |
Dabeer et al. | A Novel Hybrid User Authentication Scheme Using Cognitive Ambiguous Illusion Images | |
CA2495450A1 (en) | A matrix based arrangement and method of graphical password authentication | |
Vikas | Authentication Scheme for Passwords using Color and Text |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |