WO2024044834A1 - Method and device for password generation - Google Patents

Method and device for password generation Download PDF

Info

Publication number
WO2024044834A1
WO2024044834A1 PCT/CA2022/051776 CA2022051776W WO2024044834A1 WO 2024044834 A1 WO2024044834 A1 WO 2024044834A1 CA 2022051776 W CA2022051776 W CA 2022051776W WO 2024044834 A1 WO2024044834 A1 WO 2024044834A1
Authority
WO
WIPO (PCT)
Prior art keywords
tactile
contact
password
over
tactile surface
Prior art date
Application number
PCT/CA2022/051776
Other languages
French (fr)
Inventor
Theotim AUGER
Original Assignee
Auger Theotim
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Auger Theotim filed Critical Auger Theotim
Publication of WO2024044834A1 publication Critical patent/WO2024044834A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the subject matter disclosed generally relates to methods and devices for password generation.
  • Passwords are typically chosen as an alphanumerical combination comprising numbers, letters and other typographical symbols to form a combination used for identification or authorization, e.g., to access a service, to open a door or to open up a device, more generally to authenticate a user for an access of any sort.
  • Passwords may be hard to manage across various service providers, for example if the passwords are chosen to be diversified or if there are various rules for password generation across different platforms.
  • password management there are applications which are password managers which are helpful to generate and remember very complex password (which are normally computergenerated).
  • passwords are then virtually impossible to remember, which puts the password management out of hands of human capacity and makes the user highly dependent on their passwordmanagement application to manage and use passwords.
  • biometric information relates to human physical features (facial features of shape, distances, etc.; retinal images and the like) that cannot be changed. If biometric information used for authentication are stolen, the original user cannot change their own biometric information which is based on their face, eyes, etc., and therefore, their identity used for authentication is compromised permanently.
  • an authentication device comprising:
  • a tactile surface for undergoing a tactile contact thereon; and - a sensor connected to the tactile surface which detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact formed as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
  • a processor connected to the sensor which converts the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.
  • the senor detects continuously or repeatedly at a high frequency the tactile contact.
  • the plurality of obstacles distributed over the tactile surface are elevated with respect to a remainder of the tactile surface to constraint the tactile contact to be made on said remainder of the tactile surface.
  • the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
  • the senor is an array underneath the tactile surface.
  • the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
  • the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
  • an authentication device comprising:
  • the plurality of obstacles are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
  • the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
  • the senor is an array underneath the tactile surface.
  • the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
  • the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
  • a method for authentication comprising the steps of:
  • the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises providing a grid where grid cells form the discrete areas over the tactile surface, and the path of the tactile contact is formed as an ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
  • the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises detecting a passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
  • the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact is performed concurrently with a step of acquiring acceleration data of the authentication device, and comprises using the acceleration data as an additional input for converting each of the discrete areas of the ordered sequence of discrete areas into a password segment.
  • the step of providing an authentication device comprises providing a plurality of obstacles distributed over the tactile surface which are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
  • FIG. 1 is a picture illustrating a handheld authentication device, according to an embodiment of the disclosure
  • FIG. 2 is a front view illustrating a handheld authentication device with a password-defining or code-generating path, with the exemplary generated code, according to an embodiment of the disclosure
  • FIG. 3 is a front view illustrating a handheld authentication device with a code-generating path, with the exemplary generated code, according to an embodiment of the disclosure
  • Fig. 4 is a perspective view illustrating a handheld authentication device, according to an embodiment of the disclosure
  • FIG. 5 is a front view illustrating a handheld authentication device, according to an embodiment of the disclosure.
  • Fig. 6 is a perspective view illustrating a handheld authentication device with exemplary materials used for the surface thereof, comprising the code-generating path and textures and obstacles forming the edges thereof, according to an embodiment of the disclosure;
  • Fig. 7 is a perspective view illustrating a back of the handheld authentication device, according to an embodiment of the disclosure.
  • FIGs. 8A-8D are front views illustrating different variations of the geometry of obstacles or textures on the surface of the handheld authentication device, according to an embodiment of the disclosure.
  • Fig. 9 is a picture illustrating the size of a handheld authentication device which fits a wallet (same size as standard credit card, bank card or identity card), according to an embodiment of the disclosure.
  • Fig. 10 is a front view illustrating a computer running an application for password management which is associated to the handheld authentication device, according to an embodiment of the disclosure
  • FIG. 11 is a screenshot illustrating a graphical user interface for an application for password management which is associated to the handheld authentication device, according to an embodiment of the disclosure
  • Fig. 12 is a flowchart illustrating a method for authentication, according to an embodiment of the disclosure.
  • Figs. 13A-13B are a front views illustrating different handheld authentication devices with a code-generating path, with the exemplary generated code being based on different maps of password segments associated to each grid cell, one being simplified (13A) and one being more complex (13B), according to an embodiment of the disclosure.
  • the possibilities of continuous path of touching contact may be constrained by a plurality of distinct obstacles 23 on the surface which creates a topology on the surface 22 inside which the user is guided/constrained to draw their own movement signature path by touching contact. Circles, concave curvatures or corners in the obstacles 23 may further help the user performing intuitive paths on the surface to ease remembering and reproduction of the movement of touching contact.
  • a converter 70 (either in the authentication device, in a computer requiring authentication, or remotely) to convert the detected path into a code or password.
  • the code or password may be generated by transforming a discrete series of grid locations through which the path is detected to pass. Then, at the computer where the authentication is required, said code or password resulting from the conversion is consumed by an application or API according to the authentication needs.
  • the authentication device 10 may validate authentication internally and send a signal to another type of device for locking/unlocking.
  • the authentication device 10 can send a signal to an appropriate receiver or transceiver operatively coupled to a door lock in order to lock or to unlock the door lock (house, hotel room, car, etc.) if the movement signature is the right one, and not send the change-of-locking-status signal if the movement signature is not right.
  • an authentication device 10 which according to a preferred embodiment can be a be handheld authentication device 10 used for authentication using a tactile surface 22 comprising a main surface onto which a movement of a body member (such as a thumb or another finger) can move, while maintaining contact with the surface, to perform an actual path on the surface of the handheld authentication device, said actual path corresponding unambiguously to a single code being generated either at the time of setting a password or afterwards, for authentication into a service or a generation of a change-of-locking-status signal.
  • a tactile surface 22 comprising a main surface onto which a movement of a body member (such as a thumb or another finger) can move, while maintaining contact with the surface, to perform an actual path on the surface of the handheld authentication device, said actual path corresponding unambiguously to a single code being generated either at the time of setting a password or afterwards, for authentication into a service or a generation of a change-of-locking-status signal.
  • the handheld authentication device 10 is well shown in the photograph of Fig. 1 , the perspective view of Fig. 4 and the top view of Fig. 5.
  • the handheld authentication device 10 comprises a tactile path detector 20, which comprises a tactile surface 22, to be touched by a user for authentication or for setting up authentication, and a sensor 24 underneath the surface.
  • the tactile surface 22 is a surface which is generally continuous (except for the obstacles as described below) and accessible to the user and which is preferably (but not necessarily) flat, and made of a material which is suitable for the sensor 24.
  • the tactile surface 22 is the surface which receives (i.e. , makes direct contact with) the finger, or other body member (hand, foot, etc.) or instrument (touch pen, glove, or another tool, etc.).
  • the sensor 24 is the device that makes the actual detection of the touching contact of the body member or instrument with the tactile surface 22 and converts the detection into a signal, such as an electric signal, which can give meaning as to the actual location of the touching contact of the body member or instrument with the tactile surface 22.
  • Said determination being made continuously (or repeatedly at a high frequency) over a period of touching contact ensures that a path can recorded, either as a continuous path over the tactile surface 22 or as a discrete ordered series of locations or areas (such as grid cells) over the tactile surface 22, over said period of touching contact or tactile contact. This is described below in greater detail in reference with Figs. 2-3.
  • the sensor 24 can be a sensor array underlying the tactile surface 22 and which is based on a capacitive detection technique, using capacitors to detect a change of electrical conductivity in the vicinity of a cell of the array sensor 24. If the sensor 24 is arranged as an array, the array may or may not match the cell resolution of the grid cells used for converting a touch path into a sequence of password segments, as long as appropriate correspondence between a touch event detected by one of the cells of the array sensor 24 can be made to match with (or associate with, or have correspond with) the grid cell used for assigning a password segment in view of this matching I association I correspondence. According to an exemplary embodiment of the disclosure, and without limitation, the sensor comprises a MPR121 capacitive sensor chip.
  • the tactile surface 22 is generally continuous over its surface, offering its whole surface for free path definition by touching contact.
  • the user may use their finger to draw a path, freely (without restrictions), over the tactile surface 22, said path being recorded for authentication (as described further below) or to set up said authentication (if this is a first recording of the path).
  • the tactile surface 22 comprises obstacles 23 which are permanently laid onto the tactile surface 22.
  • These obstacles 23, which can also be referred to as projections, are parts which are elevated from the main surface of the tactile surface 22, forming a heightened plateau with edges (ridges) not accessible for touching contact when the user authenticates by touching contact on the tactile surface 22.
  • the main surface of the tactile surface 22 is therefore recessed from the obstacles 23, and is still accessible for touching contact, with definite areas thereon (the obstacles) being not a part anymore of the tactile surface 22.
  • This embodiment is advantageous over a free tactile surface 22 in that in makes the movement used to perform the path easier to remember and to reproduce. Therefore, the constraints put on the user by the obstacles defining a particular topology onto the tactile surface 22 makes the handheld authentication device 10 user-friendlier. While the number of possible paths (and corresponding passwords) is reduced by putting such topological constraints, the paths can be remembered more easily by the user and there is also much less risk of not recognizing a path during authentication, since the user is constrained to touch the tactile surface 22 at definite locations.
  • Figs. 8A-8D illustrate different variations of the geometry of obstacles 23 on the surface of the handheld authentication device, according to an embodiment of the disclosure. These different obstacles thereby define different topologies in which the path can be performed by a user movement performing a touching contact with the available portions (the recessed surfaces between the elevated obstacles 23) of the tactile surface 22.
  • the obstacles 23 comprise geometrical features which ease the path definition and user movement.
  • the obstacles 23 comprises a curvature, preferably an arc of circle (convex or concave), at an edge thereof which guides the user with their body member or instrument to adopt the corresponding curvature or arc of circle when performing a movement along the edge of said portion of said obstacle 23.
  • at least one of them comprises a right-angle corner, preferably with a rounded, smoothed corner.
  • at least one of the obstacles 23 is shaped as a circle.
  • At least one of the obstacles 23 comprises a concave arc- of-circle curvature which faces one of said at least one circular obstacle 23, further refining the curved nature of the path in this part of the tactile surface 22 to guide the user to perform a curved movement which helps the user define a signature movement having easy-to-remember features in this signature movement (the combination of a concavity facing a circular obstacle contributing to this advantage in user- friendliness).
  • the generated code or password is an agglutination of a plurality of password segments (as shown at the bottom of Fig. 2 or Fig. 3), each of the password segments corresponding to a single grid cell.
  • the agglutination is made according to the sequence of all the grid cells determined to have been touched within the determined path (ordered sequence of grid cells) during a continuous period of detected touching contact.
  • the sensors determine either bidimensional coordinates (x,y) of a touch contact event within the continuous path (i.e., each time the sensor 24 samples the binary presence/absence of a touch event across the tactile surface 22, it determines an x,y coordinate for the touch event being detected at this particular occurrence of sampling, which is then repeatedly performed at a sampling frequency to determine a path which is a sequence of such coordinates couples), either a grid location, assuming the tactile surface 22 is divided into a grid (such that the x,y coordinate couples are discrete and predetermined and the sensor 24 determines, for a given occurrence of sampling, to which predetermined x,y grid cell the sensed touch event belongs).
  • the bidimensional coordinates are converted into a corresponding grid location to ensure the final output for a detected touch event is a discrete grid location (single cell as shown in Fig. 2-3).
  • a path can be determined as a series of discrete grid cells over time, from start (first touch event detection) to finish (last touch even detection over the continuous period of detected touching contact).
  • Each grid cell corresponds to (is associated with) a given password segment comprising at least one alphanumerical or symbolic character.
  • the given password segment corresponding to a grid cell can be a column and row address of said grid cell, as shown in Fig. 2-3.
  • the password segments each comprise a plurality of (at least two but preferably more) alphanumerical or symbolic characters to augment the resulting password length after agglutination.
  • the converter 70 is provided in the authentication device 10 and receives data from the sensor 24 to which it is connected.
  • the converter 70 may be part of a processor 75 operating with a read-only memory (RAM) on a chip in the authentication device 10 (in connection with the sensor 24 and with any port of communication) to perform the determination of how the detection of an ordered sequence of grid cells through which a tactile movement signature path passes translates into an ordered sequence of grid cells, and the conversion of said ordered sequence of grid cells into an agglutination of respectively corresponding password segments into a resulting complete password.
  • RAM read-only memory
  • the code or password may be generated by transforming a discrete series of grid locations through which the path is detected to pass. Then, at the computer where the authentication is required, said code or password resulting from the conversion is consumed *used) by an application or API according to the authentication needs.
  • the processor 75 may further determine if the path or ordered sequence of grid cells or complete password resulting from the agglutination of password segments is the right (expected) one for the user.
  • the sampling frequency or continuous sampling of the sensor 24 detects a change of grid cell during the detected touch movement. For example, if the user pauses with their finger (or other body part or instrument) on a given grid cell, the sensor 24 will not generate a new touch event at each sampling occurrence with the finger at the same location because that would only lead to a repetition of the same password segment as long as the finger remains within the bounds of that grid cell. Instead, a new password segment will be generated only when the finger moves to another adjacent grid cell.
  • the finger (or other body part or instrument) if the finger (or other body part or instrument) remains longer than a predefined time threshold on the same grid cell, it can be implied to signify that the grid cell should be counted again in the signature sequence and the password segment should therefore be generated again too.
  • the signature movement may therefore include repeated grid cells (and the corresponding password segment) in the sequence as long as the finger (or other body part or instrument) stays longer than the predefined threshold (e.g., 1 second) on the same grid cell.
  • the sensor 24 should detect that the finger (or other body part or instrument) is moved to another adjacent grid cell or, optionally, remains longer than a time threshold on the same grid cell, to count that grid cell in the sequence which will be used form the password by agglutination.
  • the agglutination of password segments to form the resulting complete password from the complete detected path on the tactile surface 22 can made by detecting a starting point on the tactile surface 22 and corresponding grid cell to identify a first (starting) password segment; a last or final point on the tactile surface 22 and corresponding grid cell to identify a last (final) password segment; and identify the ordered sequence by which the series of detecting touching contact events have come across each of the touched grid cells underlying the tactile surface, as sampled continuously or at a high frequency by the sensor 24.
  • the agglutination of the complete password may be done without requiring a particular start or end location in the tactile surface 22, as long as the path is required to be a closed loop (for example, closed loops are shown in Figs. 2-3).
  • the agglutination may comprise a default selection of a first one of the touched grid cells, for example the uppermost left grid cell and build the ordered sequence from there either in a clockwise or anticlockwise fashion, or using the actual direction of movement of the user on this path forming a closed loop.
  • the end result is the generation of a complete password comprising multiple password segments and having a great length formed as a result of an agglutination of an ordered sequence of password segments, each corresponding to a given grid cell onto which touching contact was detected (ordered sequence of touched grid cells, either with a well-defined start and an end, or being a recursive sequence for which the start and end are the same) along a detected path of the user’s body member or instrument on the tactile surface 22.
  • Figs. 13A and 13B show simplified (13A) and complex (13B) versions of the generated password segments upon detecting the movement signature.
  • Fig. 13B shows that each of the password segment may include a greater number of alphanumeric symbols (including letters, numbers, symbols) to increase the resulting password complexity.
  • Figs. 13A and 13B also illustrate another feature of the methods and systems as described herein, i.e., that the password segment associated to a given cell on the apparatus 10 can be unique for each apparatus 10 among a plurality of manufactured apparatuses, each produced with a different and unique mapping of correspondence between grid cells and password segments. Therefore, there is a “map” associated with the grid upon which the signature movement is executed, and this map belongs to the apparatus 10. The same signature movement executed on another apparatus 10 would therefore generate a different resulting password because the password segments associated to all cell on the apparatus 10 would be different. This means that the authentication may only take place when the right movement signature is executed on a specific apparatus, thereby bringing an additional layer of protection during the authentication process.
  • Fig. 6 shows exemplary materials that used for the main recessed surface of the tactile surface 22, and for the obstacles 23.
  • the main recessed surface of the tactile surface 22 can be made of a rubber an elastomer or a silicone, such a silicone with a soft finish.
  • the obstacles 23 can be made of a hard plastic with a glossy finish.
  • the main recessed surface of the tactile surface 22 and obstacles 23 are of different colors, preferably contrasting colors (such as white and black) to act as a visual indicator to help differentiating both surfaces for the user to draw their tactile movement signature on the available portion of the tactile surface 22 only, along or around the obstacles 23 without going over the obstacles 23 when executing said authentication movement.
  • Fig. 7 illustrates a back of the handheld authentication device 10.
  • the body, housing or casing 80 of the handheld authentication device 10 comprises a button 89 for pairing the handheld authentication device 10 with any other electronic device on which authentication could be required.
  • the button 89 should trigger an RFID communication or a BluetoothTM communication which seeks nearby devices for pairing.
  • the electronic device 90 with which the pairing can be performed should comprise an application stored thereon for execution, or simply executed thereon. The presence of the application stored or executed on the electronic device 90 may assist in the pairing using the communication link such as using the RFID communication or BluetoothTM communication protocol.
  • the pairing should be performed according to the usual method for Bluetooth pairing or similar pairing of the channel of communication between devices, as known to those skilled in the art. Therefore, the authentication device 10 should comprise an RFID chip, or BluetoothTM transceiver, or other suitable communication device depending on the technology used for pairing and communication.
  • a gyroscope 60 in the authentication device.
  • the gyroscope is used to collect data about the acceleration of the handheld authentication device 10, and is operatively connected to the processor 75 to communicate the collected acceleration data to the processor 75.
  • the gyroscope may collect acceleration data in one, two or three independent axes.
  • the collected acceleration data can be communicated to the processor to contribute in the authentication process, for example by using the collected acceleration data as a condition to be met for the authentication to be made (e.g., the handheld authentication device 10 needs to be held in a particular orientation in space for the signature movement to be held valid), or contribute to the generation of the password (e.g., for each grid cell being touched in the movement, the concurrent or synchronous acceleration data of the handheld authentication device 10 from the gyroscope 60 is used as an additional input for the step of conversion, that is to generate a password segment which is based on the touched grid cell and on the acceleration data of the handheld authentication device 10 at the time said grid cell was touched).
  • the concurrent or synchronous acceleration data of the handheld authentication device 10 from the gyroscope 60 is used as an additional input for the step of conversion, that is to generate a password segment which is based on the touched grid cell and on the acceleration data of the handheld authentication device 10 at the time said grid cell was touched).
  • the acceleration data may involve additional steps after acceleration data collection, such as rounding or categorizing the collected data to arrive at a small number of well-defined and discrete states (e.g., general upward/d own ward movement, oriented upwardly, downwardly or flat, etc.).
  • the body, housing or casing 80 of the handheld authentication device 10 comprises a hole or opening 81 to attach a cord, string, chain or a similar means of attachment.
  • Fig. 9 shows that the size of a handheld authentication device 10 can advantageously fit inside a wallet (without limitation).
  • the handheld authentication device 10 should be of approximately the same size as standard credit card, bank card or identity card. This ensures that the handheld authentication device 10 can be transported easily with oneself. Other shapes or sizes can be envisaged according to the contemplated use.
  • an application for password management which is associated to the handheld authentication device.
  • a graphical user interface 95 for the application can be used for password management.
  • a computer which can be an embodiment of the electronic device 90 mentioned above, runs the application for password management which is associated to the authentication device 10.
  • the authentication device 10 may communicate with the electronic device 90 having the application stored thereon and executed to present a graphical user interface 95, as shown in Fig. 11 , permitting the selection of native or third-party services through which authentication (username and password verification) can be done using a password generated either at set-up or for authentication using the authentication device 10.
  • the nature of the data undergoing communication (transmission) between the authentication device 10 and the electronic device 90 having the application thereon can include various elements depending on which data is communicated.
  • the rightness of the path (determined in the form of an ordered sequence of specific areas on the surface 22 forming the path) converted into an agglutinated password can be determined within the authentication device 10 by the processor 75 within the authentication device 10 and the Boolean result (exactitude or inexactitude of the result) being transmitted to the electronic device 90.
  • the password can be transmitted to the electronic device 90 for consumption by an application or API or the like which requires the password, which instead of being written on the electronic device 90 by the user, is inputted by being converted into text from the path on the authentication device (determined in the form of an ordered sequence of specific areas on the surface 22 forming the path).
  • the ordered sequence of specific areas on the surface 22 forming the path can be transmitted to the electronic device 90 and the resulting password determined by the application on the electronic device 90, or remotely using a server.
  • Raw data from the sensors 24 could also be transmitted to the electronic device 90, depending on which data is treated by the authentication device and which data is treated by the electronic device 90.
  • the password instead of being written on the electronic device 90 by the user, is inputted by being converted into password text from the path on the authentication device 10 (embodied as an ordered sequence of specific areas such as grid cells on the surface 22) as determined by the sensor 24.
  • the electronic device 90 has a software application consuming this converted password text for authentication or for setting up authentication. Going from the actual tactile path detected by the sensor to the password is a task comprising multiple steps which can be performed either at the authentication device 10, the electronic device 90, or even remotely, simply depending on how data treatment is to be distributed between these devices.
  • the authentication device 10 may communicate with an electronic device being other than a personal computer having a screen, for example it can communicate directly with devices such as a door lock (for an entry door for a house, for a hotel room, for a car, etc.) to lock and unlock the door, upon validating the person’s identity in the authentication process using the authentication device 10.
  • a door lock for an entry door for a house, for a hotel room, for a car, etc.
  • Fig. 12 is a flowchart illustrating a method for authentication, according to an embodiment of the disclosure, comprising the steps of:
  • Step 1210 - providing an authentication device comprising a tactile surface for undergoing a tactile contact thereon;
  • Step 1220 detecting the tactile contact on the tactile surface over a period of tactile contact to determine a path of the tactile contact recorded as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
  • Step 1230 converting each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a password segment;
  • Step 1240 orderly agglutinating the corresponding password segment of each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path to form the complete password.
  • Step 1250 - providing a communication between the authentication device and an electronic device required authentication
  • Step 1260 performing an authentication on the electronic device by consuming said complete password in an application of the electronic device requiring the authentication.
  • the authentication device 10 was often mentioned to be a handheld device, with the tactile movement signature being done with the fingers on the tactile surface 22, the authentication device 10 could also be implemented as a larger device, not handheld, to be used with bare hands, or a feet or other body members, or using tools or instruments such as a tactile pen, a glove or other clothing piece, or any other suitable tool, piece of equipment or instrument to draw a signature movement on a surface within the constraints or guides provided by the obstacles.
  • the type of sensors and materials of the surface 22 or obstacles 23 should be adapted.
  • biometric information if stolen, compromise the user’s identity permanently for authentication purposes.
  • the method described herein according to an embodiment of the disclosure does not suffer from such a drawback, since the authentication password generated by the method is based on a behavior (movement signature) which is chosen by the user and which can be changed, for example periodically (preventively) or after a suspicion of identity theft.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

An authentication device comprising a tactile surface for undergoing a tactile contact thereon; and a plurality of obstacles distributed over the tactile surface which constraint the tactile contact to be made on said remainder of the tactile surface. A sensor connected to the tactile surface detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact recorded as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact, for converting the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.

Description

METHOD AND DEVICE FOR PASSWORD GENERATION
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims benefit or priority of U.S. provisional patent application 63/402,517, filed August 31 , 2022, which is hereby incorporated herein by reference in its entirety.
FIELD OF THE INVENTION
[0002] The subject matter disclosed generally relates to methods and devices for password generation.
BACKGROUND
[0003] Passwords are typically chosen as an alphanumerical combination comprising numbers, letters and other typographical symbols to form a combination used for identification or authorization, e.g., to access a service, to open a door or to open up a device, more generally to authenticate a user for an access of any sort.
[0004] Passwords may be hard to manage across various service providers, for example if the passwords are chosen to be diversified or if there are various rules for password generation across different platforms. To ease password management, there are applications which are password managers which are helpful to generate and remember very complex password (which are normally computergenerated). However, passwords are then virtually impossible to remember, which puts the password management out of hands of human capacity and makes the user highly dependent on their passwordmanagement application to manage and use passwords.
[0005] Other forms of authentication may include biometric information. However, biometric information relates to human physical features (facial features of shape, distances, etc.; retinal images and the like) that cannot be changed. If biometric information used for authentication are stolen, the original user cannot change their own biometric information which is based on their face, eyes, etc., and therefore, their identity used for authentication is compromised permanently.
[0006] There is a need for a method to manage passwords for multiple services consuming authentication passwords which is user-friendly while being able to produce passwords of higher length and complexity (not predictable words) which are harder to break while easy to remember or reproduce.
SUMMARY
[0007] According to a first aspect of the disclosure, there is provided an authentication device comprising:
- a tactile surface for undergoing a tactile contact thereon; and - a sensor connected to the tactile surface which detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact formed as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
- a processor connected to the sensor which converts the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.
[0008] According to an embodiment, the sensor detects continuously or repeatedly at a high frequency the tactile contact.
[0009] According to an embodiment, there is further provided a plurality of obstacles distributed over the tactile surface which constraint the tactile contact to be made on said remainder of the tactile surface.
[0010] According to an embodiment, the plurality of obstacles distributed over the tactile surface are elevated with respect to a remainder of the tactile surface to constraint the tactile contact to be made on said remainder of the tactile surface.
[0011] According to an embodiment, the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
[0012] According to an embodiment, the sensor is an array underneath the tactile surface.
[0013] According to an embodiment, the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
[0014] According to an embodiment, the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
[0015] According to another aspect of the disclosure, there is provided an authentication device comprising:
- a tactile surface for undergoing a tactile contact thereon; and
- a plurality of obstacles distributed over the tactile surface which constraint the tactile contact to be made on said remainder of the tactile surface; and - a sensor connected to the tactile surface which detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact recorded as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact, for converting the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.
[0016] According to an embodiment, the plurality of obstacles are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
[0017] According to an embodiment, the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
[0018] According to an embodiment, the sensor is an array underneath the tactile surface.
[0019] According to an embodiment, the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
[0020] According to an embodiment, the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
[0021] According to another aspect of the disclosure, there is provided a method for authentication comprising the steps of:
- providing an authentication device comprising a tactile surface for undergoing a tactile contact thereon;
- detecting the tactile contact on the tactile surface over a period of tactile contact to determine a path of the tactile contact as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
- converting each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a password segment; and
- orderly agglutinating the corresponding password segment of each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path to form the complete password. [0022] According to an embodiment, there is further provided the step of:
- providing a communication between the authentication device and an electronic device required authentication;
- performing an authentication on the electronic device by consuming said complete password in an application of the electronic device requiring the authentication.
[0023] According to an embodiment, the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises providing a grid where grid cells form the discrete areas over the tactile surface, and the path of the tactile contact is formed as an ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
[0024] According to an embodiment, the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises detecting a passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
[0025] According to an embodiment, the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact is performed concurrently with a step of acquiring acceleration data of the authentication device, and comprises using the acceleration data as an additional input for converting each of the discrete areas of the ordered sequence of discrete areas into a password segment.
[0026] According to an embodiment, the step of providing an authentication device comprises providing a plurality of obstacles distributed over the tactile surface which are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
BRIEF DESCRIPTION OF THE DRAWINGS
[0027] Further features and advantages of the present disclosure will become apparent from the following detailed description, taken in combination with the appended drawings, in which:
[0028] Fig. 1 is a picture illustrating a handheld authentication device, according to an embodiment of the disclosure;
[0029] Fig. 2 is a front view illustrating a handheld authentication device with a password-defining or code-generating path, with the exemplary generated code, according to an embodiment of the disclosure;
[0030] Fig. 3 is a front view illustrating a handheld authentication device with a code-generating path, with the exemplary generated code, according to an embodiment of the disclosure; [0031] Fig. 4 is a perspective view illustrating a handheld authentication device, according to an embodiment of the disclosure;
[0032] Fig. 5 is a front view illustrating a handheld authentication device, according to an embodiment of the disclosure;
[0033] Fig. 6 is a perspective view illustrating a handheld authentication device with exemplary materials used for the surface thereof, comprising the code-generating path and textures and obstacles forming the edges thereof, according to an embodiment of the disclosure;
[0034] Fig. 7 is a perspective view illustrating a back of the handheld authentication device, according to an embodiment of the disclosure;
[0035] Figs. 8A-8D are front views illustrating different variations of the geometry of obstacles or textures on the surface of the handheld authentication device, according to an embodiment of the disclosure;
[0036] Fig. 9 is a picture illustrating the size of a handheld authentication device which fits a wallet (same size as standard credit card, bank card or identity card), according to an embodiment of the disclosure;
[0037] Fig. 10 is a front view illustrating a computer running an application for password management which is associated to the handheld authentication device, according to an embodiment of the disclosure;
[0038] Fig. 11 is a screenshot illustrating a graphical user interface for an application for password management which is associated to the handheld authentication device, according to an embodiment of the disclosure;
[0039] Fig. 12 is a flowchart illustrating a method for authentication, according to an embodiment of the disclosure; and
[0040] Figs. 13A-13B are a front views illustrating different handheld authentication devices with a code-generating path, with the exemplary generated code being based on different maps of password segments associated to each grid cell, one being simplified (13A) and one being more complex (13B), according to an embodiment of the disclosure.
[0041] It will be noted that throughout the appended drawings, like features are identified by like reference numerals. DETAILED DESCRIPTION
[0042] There is described below a method and a system to produce highly-complex passwords in a manner which is user-friendly, in that the password can be generated for setting up an authentication and, afterwards, re-entered for authentication purposes in an easy way by the user while remaining a very complex password (high number of alphanumerical characters without apparent logic, such a password being hard to break by a third party). The complex password or code is produced by having a tactile surface 22 of an authentication device 10 onto which the user can make a touching contact over a continuous path. This continuous path of touching contact is detected by appropriate sensor 24 in the authentication device.
[0043] The possibilities of continuous path of touching contact may be constrained by a plurality of distinct obstacles 23 on the surface which creates a topology on the surface 22 inside which the user is guided/constrained to draw their own movement signature path by touching contact. Circles, concave curvatures or corners in the obstacles 23 may further help the user performing intuitive paths on the surface to ease remembering and reproduction of the movement of touching contact.
[0044] After sensing said path of touching contact as performed by the user, there is provided a converter 70 (either in the authentication device, in a computer requiring authentication, or remotely) to convert the detected path into a code or password. As described below in greater detail, the code or password may be generated by transforming a discrete series of grid locations through which the path is detected to pass. Then, at the computer where the authentication is required, said code or password resulting from the conversion is consumed by an application or API according to the authentication needs. Alternatively, instead of communicating with a computer to complete authentication, the authentication device 10 may validate authentication internally and send a signal to another type of device for locking/unlocking. For example, after validating that a proper password is generated on the device or simply a proper movement signature, the authentication device 10 can send a signal to an appropriate receiver or transceiver operatively coupled to a door lock in order to lock or to unlock the door lock (house, hotel room, car, etc.) if the movement signature is the right one, and not send the change-of-locking-status signal if the movement signature is not right.
[0045] Now in greater detail and referring to Figs. 1-6 and 8A-8D, there is shown an authentication device 10, which according to a preferred embodiment can be a be handheld authentication device 10 used for authentication using a tactile surface 22 comprising a main surface onto which a movement of a body member (such as a thumb or another finger) can move, while maintaining contact with the surface, to perform an actual path on the surface of the handheld authentication device, said actual path corresponding unambiguously to a single code being generated either at the time of setting a password or afterwards, for authentication into a service or a generation of a change-of-locking-status signal.
[0046] The handheld authentication device 10 is well shown in the photograph of Fig. 1 , the perspective view of Fig. 4 and the top view of Fig. 5.
[0047] According to an embodiment of the disclosure, the handheld authentication device 10 comprises a tactile path detector 20, which comprises a tactile surface 22, to be touched by a user for authentication or for setting up authentication, and a sensor 24 underneath the surface. The tactile surface 22 is a surface which is generally continuous (except for the obstacles as described below) and accessible to the user and which is preferably (but not necessarily) flat, and made of a material which is suitable for the sensor 24. The tactile surface 22 is the surface which receives (i.e. , makes direct contact with) the finger, or other body member (hand, foot, etc.) or instrument (touch pen, glove, or another tool, etc.).
[0048] The sensor 24 is the device that makes the actual detection of the touching contact of the body member or instrument with the tactile surface 22 and converts the detection into a signal, such as an electric signal, which can give meaning as to the actual location of the touching contact of the body member or instrument with the tactile surface 22. Said determination being made continuously (or repeatedly at a high frequency) over a period of touching contact ensures that a path can recorded, either as a continuous path over the tactile surface 22 or as a discrete ordered series of locations or areas (such as grid cells) over the tactile surface 22, over said period of touching contact or tactile contact. This is described below in greater detail in reference with Figs. 2-3.
[0049] According to an exemplary embodiment of the disclosure, and without limitation, the sensor 24 can be a sensor array underlying the tactile surface 22 and which is based on a capacitive detection technique, using capacitors to detect a change of electrical conductivity in the vicinity of a cell of the array sensor 24. If the sensor 24 is arranged as an array, the array may or may not match the cell resolution of the grid cells used for converting a touch path into a sequence of password segments, as long as appropriate correspondence between a touch event detected by one of the cells of the array sensor 24 can be made to match with (or associate with, or have correspond with) the grid cell used for assigning a password segment in view of this matching I association I correspondence. According to an exemplary embodiment of the disclosure, and without limitation, the sensor comprises a MPR121 capacitive sensor chip.
[0050] According to an embodiment, the tactile surface 22 is generally continuous over its surface, offering its whole surface for free path definition by touching contact. For example, on this virgin surface, the user may use their finger to draw a path, freely (without restrictions), over the tactile surface 22, said path being recorded for authentication (as described further below) or to set up said authentication (if this is a first recording of the path).
[0051] According to another preferred embodiment and as well shown in Figs. 1-6, the tactile surface 22 comprises obstacles 23 which are permanently laid onto the tactile surface 22. These obstacles 23, which can also be referred to as projections, are parts which are elevated from the main surface of the tactile surface 22, forming a heightened plateau with edges (ridges) not accessible for touching contact when the user authenticates by touching contact on the tactile surface 22. The main surface of the tactile surface 22 is therefore recessed from the obstacles 23, and is still accessible for touching contact, with definite areas thereon (the obstacles) being not a part anymore of the tactile surface 22.
[0052] According to an embodiment, there is more than one (i.e., at least two) obstacles 23, which are distinct and separate from each other. Together, they ensure that the freely accessible main surface of the tactile surface 22 has a particular topology (network or web topology). The path of touching contact used to authenticate is therefore constrained by this topology, as shown in Figs. 2-3, for example.
[0053] This embodiment is advantageous over a free tactile surface 22 in that in makes the movement used to perform the path easier to remember and to reproduce. Therefore, the constraints put on the user by the obstacles defining a particular topology onto the tactile surface 22 makes the handheld authentication device 10 user-friendlier. While the number of possible paths (and corresponding passwords) is reduced by putting such topological constraints, the paths can be remembered more easily by the user and there is also much less risk of not recognizing a path during authentication, since the user is constrained to touch the tactile surface 22 at definite locations.
[0054] Figs. 8A-8D illustrate different variations of the geometry of obstacles 23 on the surface of the handheld authentication device, according to an embodiment of the disclosure. These different obstacles thereby define different topologies in which the path can be performed by a user movement performing a touching contact with the available portions (the recessed surfaces between the elevated obstacles 23) of the tactile surface 22.
[0055] According to an embodiment, a common point between these variations is that the obstacles 23 comprise geometrical features which ease the path definition and user movement. For example, among the plurality of distinct obstacles 23, at least one of them comprises a curvature, preferably an arc of circle (convex or concave), at an edge thereof which guides the user with their body member or instrument to adopt the corresponding curvature or arc of circle when performing a movement along the edge of said portion of said obstacle 23. In another non-limiting example, among the plurality of distinct obstacles 23, at least one of them comprises a right-angle corner, preferably with a rounded, smoothed corner. [0056] According to an embodiment, at least one of the obstacles 23 is shaped as a circle. This is advantageous in that it offers the possibility of a path that surrounds the circular obstacle 23, which is an intuitive and easy-to-repeat movement. According to an embodiment, and as shown by inspecting the exemplary embodiments of Figs. 5 and 8A-8D, at least one of the obstacles 23 comprises a concave arc- of-circle curvature which faces one of said at least one circular obstacle 23, further refining the curved nature of the path in this part of the tactile surface 22 to guide the user to perform a curved movement which helps the user define a signature movement having easy-to-remember features in this signature movement (the combination of a concavity facing a circular obstacle contributing to this advantage in user- friendliness).
[0057] Now referring more specifically to Figs. 2-3, these figures illustrate a handheld authentication device 10 with a password-defining or code-generating path, with the exemplary generated code. According to an embodiment of the disclosure, the generated code or password is an agglutination of a plurality of password segments (as shown at the bottom of Fig. 2 or Fig. 3), each of the password segments corresponding to a single grid cell. The agglutination is made according to the sequence of all the grid cells determined to have been touched within the determined path (ordered sequence of grid cells) during a continuous period of detected touching contact.
[0058] For example, below the main recessed surface of the tactile surface 22 (or alternatively below the whole tactile surface 22 comprising the obstacles 23), the sensors determine either bidimensional coordinates (x,y) of a touch contact event within the continuous path (i.e., each time the sensor 24 samples the binary presence/absence of a touch event across the tactile surface 22, it determines an x,y coordinate for the touch event being detected at this particular occurrence of sampling, which is then repeatedly performed at a sampling frequency to determine a path which is a sequence of such coordinates couples), either a grid location, assuming the tactile surface 22 is divided into a grid (such that the x,y coordinate couples are discrete and predetermined and the sensor 24 determines, for a given occurrence of sampling, to which predetermined x,y grid cell the sensed touch event belongs). According to an embodiment, if precise bidimensional coordinates (x,y, with greater precision than the size of the grid cells used for conversion into a corresponding password segment) are detected for a touch event, the bidimensional coordinates are converted into a corresponding grid location to ensure the final output for a detected touch event is a discrete grid location (single cell as shown in Fig. 2-3).
[0059] Therefore, after a continuous or high-frequency sampling by the sensor 24 (which can be an underlying grid sensor below the tactile surface 22) over a continuous period of detected touching contact, a path can be determined as a series of discrete grid cells over time, from start (first touch event detection) to finish (last touch even detection over the continuous period of detected touching contact). Each grid cell corresponds to (is associated with) a given password segment comprising at least one alphanumerical or symbolic character. According to an embodiment, the given password segment corresponding to a grid cell can be a column and row address of said grid cell, as shown in Fig. 2-3. According to an embodiment, preferably, the password segments each comprise a plurality of (at least two but preferably more) alphanumerical or symbolic characters to augment the resulting password length after agglutination.
[0060] According to a preferred embodiment, the converter 70 is provided in the authentication device 10 and receives data from the sensor 24 to which it is connected. The converter 70 may be part of a processor 75 operating with a read-only memory (RAM) on a chip in the authentication device 10 (in connection with the sensor 24 and with any port of communication) to perform the determination of how the detection of an ordered sequence of grid cells through which a tactile movement signature path passes translates into an ordered sequence of grid cells, and the conversion of said ordered sequence of grid cells into an agglutination of respectively corresponding password segments into a resulting complete password.
[0061] Indeed, as described below in greater detail, the code or password may be generated by transforming a discrete series of grid locations through which the path is detected to pass. Then, at the computer where the authentication is required, said code or password resulting from the conversion is consumed *used) by an application or API according to the authentication needs. The processor 75 may further determine if the path or ordered sequence of grid cells or complete password resulting from the agglutination of password segments is the right (expected) one for the user.
[0062] According to an embodiment, the sampling frequency or continuous sampling of the sensor 24 detects a change of grid cell during the detected touch movement. For example, if the user pauses with their finger (or other body part or instrument) on a given grid cell, the sensor 24 will not generate a new touch event at each sampling occurrence with the finger at the same location because that would only lead to a repetition of the same password segment as long as the finger remains within the bounds of that grid cell. Instead, a new password segment will be generated only when the finger moves to another adjacent grid cell. According to a non-limiting embodiment, as an option which can be programmed in the settings of the apparatus, if the finger (or other body part or instrument) remains longer than a predefined time threshold on the same grid cell, it can be implied to signify that the grid cell should be counted again in the signature sequence and the password segment should therefore be generated again too. The signature movement may therefore include repeated grid cells (and the corresponding password segment) in the sequence as long as the finger (or other body part or instrument) stays longer than the predefined threshold (e.g., 1 second) on the same grid cell. Therefore, the sensor 24 should detect that the finger (or other body part or instrument) is moved to another adjacent grid cell or, optionally, remains longer than a time threshold on the same grid cell, to count that grid cell in the sequence which will be used form the password by agglutination.
[0063] The agglutination of password segments to form the resulting complete password from the complete detected path on the tactile surface 22 can made by detecting a starting point on the tactile surface 22 and corresponding grid cell to identify a first (starting) password segment; a last or final point on the tactile surface 22 and corresponding grid cell to identify a last (final) password segment; and identify the ordered sequence by which the series of detecting touching contact events have come across each of the touched grid cells underlying the tactile surface, as sampled continuously or at a high frequency by the sensor 24.
[0064] Alternatively, the agglutination of the complete password may be done without requiring a particular start or end location in the tactile surface 22, as long as the path is required to be a closed loop (for example, closed loops are shown in Figs. 2-3). In this case, to avoid having to use a start and an end location, the agglutination may comprise a default selection of a first one of the touched grid cells, for example the uppermost left grid cell and build the ordered sequence from there either in a clockwise or anticlockwise fashion, or using the actual direction of movement of the user on this path forming a closed loop.
[0065] In either case, the end result is the generation of a complete password comprising multiple password segments and having a great length formed as a result of an agglutination of an ordered sequence of password segments, each corresponding to a given grid cell onto which touching contact was detected (ordered sequence of touched grid cells, either with a well-defined start and an end, or being a recursive sequence for which the start and end are the same) along a detected path of the user’s body member or instrument on the tactile surface 22.
[0066] According to an embodiment of the disclosure, Figs. 13A and 13B show simplified (13A) and complex (13B) versions of the generated password segments upon detecting the movement signature. Fig. 13B shows that each of the password segment may include a greater number of alphanumeric symbols (including letters, numbers, symbols) to increase the resulting password complexity.
[0067] Figs. 13A and 13B also illustrate another feature of the methods and systems as described herein, i.e., that the password segment associated to a given cell on the apparatus 10 can be unique for each apparatus 10 among a plurality of manufactured apparatuses, each produced with a different and unique mapping of correspondence between grid cells and password segments. Therefore, there is a “map” associated with the grid upon which the signature movement is executed, and this map belongs to the apparatus 10. The same signature movement executed on another apparatus 10 would therefore generate a different resulting password because the password segments associated to all cell on the apparatus 10 would be different. This means that the authentication may only take place when the right movement signature is executed on a specific apparatus, thereby bringing an additional layer of protection during the authentication process.
[0068] According to an embodiment of the disclosure, Fig. 6 shows exemplary materials that used for the main recessed surface of the tactile surface 22, and for the obstacles 23. For example, the main recessed surface of the tactile surface 22 can be made of a rubber an elastomer or a silicone, such a silicone with a soft finish. The obstacles 23 can be made of a hard plastic with a glossy finish. According to an embodiment, the main recessed surface of the tactile surface 22 and obstacles 23 are of different colors, preferably contrasting colors (such as white and black) to act as a visual indicator to help differentiating both surfaces for the user to draw their tactile movement signature on the available portion of the tactile surface 22 only, along or around the obstacles 23 without going over the obstacles 23 when executing said authentication movement.
[0069] Fig. 7 illustrates a back of the handheld authentication device 10. According to an exemplary embodiment of the disclosure, and without limitation, the body, housing or casing 80 of the handheld authentication device 10 comprises a button 89 for pairing the handheld authentication device 10 with any other electronic device on which authentication could be required. In order to implement this, the button 89 should trigger an RFID communication or a Bluetooth™ communication which seeks nearby devices for pairing. Preferably, the electronic device 90 with which the pairing can be performed should comprise an application stored thereon for execution, or simply executed thereon. The presence of the application stored or executed on the electronic device 90 may assist in the pairing using the communication link such as using the RFID communication or Bluetooth™ communication protocol.
[0070] The pairing should be performed according to the usual method for Bluetooth pairing or similar pairing of the channel of communication between devices, as known to those skilled in the art. Therefore, the authentication device 10 should comprise an RFID chip, or Bluetooth™ transceiver, or other suitable communication device depending on the technology used for pairing and communication.
[0071] According to an exemplary embodiment, and without limitation, there is provided a gyroscope 60 in the authentication device. The gyroscope is used to collect data about the acceleration of the handheld authentication device 10, and is operatively connected to the processor 75 to communicate the collected acceleration data to the processor 75. The gyroscope may collect acceleration data in one, two or three independent axes. The collected acceleration data can be communicated to the processor to contribute in the authentication process, for example by using the collected acceleration data as a condition to be met for the authentication to be made (e.g., the handheld authentication device 10 needs to be held in a particular orientation in space for the signature movement to be held valid), or contribute to the generation of the password (e.g., for each grid cell being touched in the movement, the concurrent or synchronous acceleration data of the handheld authentication device 10 from the gyroscope 60 is used as an additional input for the step of conversion, that is to generate a password segment which is based on the touched grid cell and on the acceleration data of the handheld authentication device 10 at the time said grid cell was touched). The acceleration data may involve additional steps after acceleration data collection, such as rounding or categorizing the collected data to arrive at a small number of well-defined and discrete states (e.g., general upward/d own ward movement, oriented upwardly, downwardly or flat, etc.).
[0072] According to an embodiment of the disclosure, the body, housing or casing 80 of the handheld authentication device 10 comprises a hole or opening 81 to attach a cord, string, chain or a similar means of attachment.
[0073] Fig. 9 shows that the size of a handheld authentication device 10 can advantageously fit inside a wallet (without limitation). In other words, according to a preferred embodiment, the handheld authentication device 10 should be of approximately the same size as standard credit card, bank card or identity card. This ensures that the handheld authentication device 10 can be transported easily with oneself. Other shapes or sizes can be envisaged according to the contemplated use.
[0074] According to an exemplary embodiment of the disclosure, and without limitation, there is provided an application for password management which is associated to the handheld authentication device. As shown in Fig. 11 , a graphical user interface 95 for the application can be used for password management. As shown in Fig. 10, a computer, which can be an embodiment of the electronic device 90 mentioned above, runs the application for password management which is associated to the authentication device 10.
[0075] According to an exemplary embodiment of the disclosure, and without limitation, the authentication device 10 may communicate with the electronic device 90 having the application stored thereon and executed to present a graphical user interface 95, as shown in Fig. 11 , permitting the selection of native or third-party services through which authentication (username and password verification) can be done using a password generated either at set-up or for authentication using the authentication device 10. The nature of the data undergoing communication (transmission) between the authentication device 10 and the electronic device 90 having the application thereon can include various elements depending on which data is communicated. For example, the rightness of the path (determined in the form of an ordered sequence of specific areas on the surface 22 forming the path) converted into an agglutinated password, can be determined within the authentication device 10 by the processor 75 within the authentication device 10 and the Boolean result (exactitude or inexactitude of the result) being transmitted to the electronic device 90. Otherwise, the password can be transmitted to the electronic device 90 for consumption by an application or API or the like which requires the password, which instead of being written on the electronic device 90 by the user, is inputted by being converted into text from the path on the authentication device (determined in the form of an ordered sequence of specific areas on the surface 22 forming the path). Otherwise, the ordered sequence of specific areas on the surface 22 forming the path can be transmitted to the electronic device 90 and the resulting password determined by the application on the electronic device 90, or remotely using a server. Raw data from the sensors 24 could also be transmitted to the electronic device 90, depending on which data is treated by the authentication device and which data is treated by the electronic device 90.
[0076] In the end, the password, instead of being written on the electronic device 90 by the user, is inputted by being converted into password text from the path on the authentication device 10 (embodied as an ordered sequence of specific areas such as grid cells on the surface 22) as determined by the sensor 24. The electronic device 90 has a software application consuming this converted password text for authentication or for setting up authentication. Going from the actual tactile path detected by the sensor to the password is a task comprising multiple steps which can be performed either at the authentication device 10, the electronic device 90, or even remotely, simply depending on how data treatment is to be distributed between these devices.
[0077] According to another exemplary embodiment of the disclosure, and without limitation, the authentication device 10 may communicate with an electronic device being other than a personal computer having a screen, for example it can communicate directly with devices such as a door lock (for an entry door for a house, for a hotel room, for a car, etc.) to lock and unlock the door, upon validating the person’s identity in the authentication process using the authentication device 10.
[0078] Fig. 12 is a flowchart illustrating a method for authentication, according to an embodiment of the disclosure, comprising the steps of:
[0079] Step 1210 - providing an authentication device comprising a tactile surface for undergoing a tactile contact thereon;
[0080] Step 1220 - detecting the tactile contact on the tactile surface over a period of tactile contact to determine a path of the tactile contact recorded as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact; [0081] Step 1230 - converting each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a password segment; and
[0082] Step 1240 - orderly agglutinating the corresponding password segment of each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path to form the complete password.
[0083] Step 1250 - providing a communication between the authentication device and an electronic device required authentication;
[0084] Step 1260 - performing an authentication on the electronic device by consuming said complete password in an application of the electronic device requiring the authentication.
[0085] While the authentication device 10 was often mentioned to be a handheld device, with the tactile movement signature being done with the fingers on the tactile surface 22, the authentication device 10 could also be implemented as a larger device, not handheld, to be used with bare hands, or a feet or other body members, or using tools or instruments such as a tactile pen, a glove or other clothing piece, or any other suitable tool, piece of equipment or instrument to draw a signature movement on a surface within the constraints or guides provided by the obstacles. The type of sensors and materials of the surface 22 or obstacles 23 should be adapted.
[0086] As mentioned above with respect to the prior art, biometric information, if stolen, compromise the user’s identity permanently for authentication purposes. The method described herein according to an embodiment of the disclosure does not suffer from such a drawback, since the authentication password generated by the method is based on a behavior (movement signature) which is chosen by the user and which can be changed, for example periodically (preventively) or after a suspicion of identity theft.
[0087] While preferred embodiments have been described above and illustrated in the accompanying drawings, it will be evident to those skilled in the art that modifications may be made without departing from this disclosure. Such modifications are considered as possible variants comprised in the scope of the disclosure.

Claims

CLAIMS:
1 . An authentication device comprising:
- a tactile surface for undergoing a tactile contact thereon; and
- a sensor connected to the tactile surface which detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact formed as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
- a processor connected to the sensor which converts the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.
2. The authentication device of claim 1 , wherein the sensor detects continuously or repeatedly at a high frequency the tactile contact.
3. The authentication device of claim 1 , further comprising a plurality of obstacles distributed over the tactile surface which constraint the tactile contact to be made on said remainder of the tactile surface.
4. The authentication device of claim 3, wherein the plurality of obstacles distributed over the tactile surface are elevated with respect to a remainder of the tactile surface to constraint the tactile contact to be made on said remainder of the tactile surface.
5. The authentication device of claim 4, wherein the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
6. The authentication device of claim 1 , wherein the sensor is an array underneath the tactile surface.
7. The authentication device of claim 6, wherein the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
8. The authentication device of claim 7, wherein the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
9. An authentication device comprising:
- a tactile surface for undergoing a tactile contact thereon; and
- a plurality of obstacles distributed over the tactile surface which constraint the tactile contact to be made on said remainder of the tactile surface; and
- a sensor connected to the tactile surface which detects the tactile contact thereon over a period of tactile contact to determine a path of the tactile contact recorded as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact, for converting the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a corresponding ordered sequence of password segments together forming a password, each one of the discrete areas over the tactile surface corresponding to a password segment, the password segments being agglutinated to form the complete password.
10. The authentication device of claim 9, wherein the plurality of obstacles are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
11 . The authentication device of claim 10, wherein the obstacles are distinct obstacles and comprising at least one circular obstacle and at least one obstacle having a concave curvature opposing one of the at least one circular obstacle.
12. The authentication device of claim 9, wherein the sensor is an array underneath the tactile surface.
13. The authentication device of claim 12, wherein the array forming the sensor forms a grid made of grid cells, each grid cell being said each one of the discrete areas corresponding to said password segment.
14. The authentication device of claim 13, wherein the apparatus detects the passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of discrete areas over the tactile surface.
15. A method for authentication comprising the steps of:
- providing an authentication device comprising a tactile surface for undergoing a tactile contact thereon;
- detecting the tactile contact on the tactile surface over a period of tactile contact to determine a path of the tactile contact as an ordered sequence of discrete areas over the tactile surface, over said period of tactile contact;
- converting each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path of the tactile contact over said period of tactile contact into a password segment; and
- orderly agglutinating the corresponding password segment of each of the discrete areas of the ordered sequence of discrete areas over the tactile surface representative of the path to form the complete password.
16. The method of claim 15, further comprising the step of:
- providing a communication between the authentication device and an electronic device required authentication;
- performing an authentication on the electronic device by consuming said complete password in an application of the electronic device requiring the authentication.
17. The method of claim 15, wherein the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises providing a grid where grid cells form the discrete areas over the tactile surface, and the path of the tactile contact is formed as an ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
18. The method of claim 17, wherein the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact comprises detecting a passage of the tactile contact from one of the grid cells to another one of the grid cells to determine the path of the tactile contact as the ordered sequence of grid cells undergoing the tactile contact over the tactile surface.
19. The method of claim 18, wherein the step of detecting the tactile contact on the tactile surface to determine the path of the tactile contact is performed concurrently with a step of acquiring acceleration data of the authentication device, and comprises using the acceleration data as an additional input for converting each of the discrete areas of the ordered sequence of discrete areas into a password segment.
20. The method of claim 18, wherein the step of providing an authentication device comprises providing a plurality of obstacles distributed over the tactile surface which are elevated with respect to a remainder of the tactile surface and which constraint the tactile contact to be made on said remainder of the tactile surface.
PCT/CA2022/051776 2022-08-31 2022-12-04 Method and device for password generation WO2024044834A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202263402517P 2022-08-31 2022-08-31
US63/402,517 2022-08-31

Publications (1)

Publication Number Publication Date
WO2024044834A1 true WO2024044834A1 (en) 2024-03-07

Family

ID=90100084

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2022/051776 WO2024044834A1 (en) 2022-08-31 2022-12-04 Method and device for password generation

Country Status (1)

Country Link
WO (1) WO2024044834A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130086673A1 (en) * 2011-09-29 2013-04-04 Cisco Technology, Inc. Techniques for securely unlocking a touch screen user device
US8938939B2 (en) * 2009-05-08 2015-01-27 Glenn Roche Dispensing apparatus
KR20150096161A (en) * 2014-02-14 2015-08-24 주식회사 하이딥 Touch screen included device performing unlocking by using touch extent

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938939B2 (en) * 2009-05-08 2015-01-27 Glenn Roche Dispensing apparatus
US20130086673A1 (en) * 2011-09-29 2013-04-04 Cisco Technology, Inc. Techniques for securely unlocking a touch screen user device
KR20150096161A (en) * 2014-02-14 2015-08-24 주식회사 하이딥 Touch screen included device performing unlocking by using touch extent

Similar Documents

Publication Publication Date Title
Ehatisham-ul-Haq et al. Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing
KR102387568B1 (en) Method and apparatus for authentication based on fingerprint recognition
US10621324B2 (en) Fingerprint gestures
Buriro et al. Hold and sign: A novel behavioral biometrics for smartphone user authentication
JP6397036B2 (en) Dynamic keyboard and touchscreen biometrics
TWI588735B (en) Virtual keyboard
ES2304583T3 (en) METHOD OF IDENTIFICATION AND / OR AUTHENTICATION THROUGH DIGITAL FOOTPRINTS.
CN104036177B (en) Intelligent terminal unlocked by fingerprint device and method
EP3482331B1 (en) Obscuring data when gathering behavioral data
US20160140379A1 (en) Improvements in or relating to user authentication
Kim et al. Freely typed keystroke dynamics-based user authentication for mobile devices based on heterogeneous features
US10063541B2 (en) User authentication method and electronic device performing user authentication
CN105474223A (en) User verification for changing a setting of an electronic device
Buriro Behavioral biometrics for smartphone user authentication
Mallet et al. Hold on and swipe: a touch-movement based continuous authentication schema based on machine learning
Buriro et al. Airsign: A gesture-based smartwatch user authentication
CN106246012A (en) Smart lock and method for unlocking thereof
Mahadi et al. A survey of machine learning techniques for behavioral-based biometric user authentication
Ibrahim et al. Recent advances in mobile touch screen security authentication methods: A systematic literature review
JP4734088B2 (en) User authentication apparatus and control method thereof
Ali et al. User behaviour-based mobile authentication system
JP2004259107A (en) Personal digital assistant
Arif et al. The use of pseudo pressure in authenticating smartphone users
WO2024044834A1 (en) Method and device for password generation
CN111684762B (en) Terminal device management method and terminal device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22956698

Country of ref document: EP

Kind code of ref document: A1