WO2003049001A2 - Method for graphical authentication - Google Patents

Method for graphical authentication Download PDF

Info

Publication number
WO2003049001A2
WO2003049001A2 PCT/SE2002/001975 SE0201975W WO03049001A2 WO 2003049001 A2 WO2003049001 A2 WO 2003049001A2 SE 0201975 W SE0201975 W SE 0201975W WO 03049001 A2 WO03049001 A2 WO 03049001A2
Authority
WO
WIPO (PCT)
Prior art keywords
pictures
password
picture
user
server
Prior art date
Application number
PCT/SE2002/001975
Other languages
French (fr)
Other versions
WO2003049001A3 (en
Inventor
Thomas Gebel
Original Assignee
Thomas Gebel
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomas Gebel filed Critical Thomas Gebel
Priority to AU2002354431A priority Critical patent/AU2002354431A1/en
Publication of WO2003049001A2 publication Critical patent/WO2003049001A2/en
Publication of WO2003049001A3 publication Critical patent/WO2003049001A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Alphabet finite set of symbols.
  • String consists of zero, one ore more concatenated symbols of some alphabet.
  • An expression can describe a value.
  • a letter such as an 'a' is an abstraction that exists through one or several definitions and is concretised by one ore more real representations for instance by sound or a marked/drawn curlicue.
  • Character table two forms of representations where one representation implies the other and vice versa, is mathematically to be described as a bijective function between the two representations. Whether any value has been defined lack signification.
  • a picture is a limited area containing at least two dots of different colours.
  • the picture is limited by a square frame with the side 'k'.
  • Picture panel On arbitrary chessboard B a picture unlike every other picture in B, is placed in each square.
  • the names of the pictures are integral numbers.
  • a picture panel can contain a picture panel "behind" each picture in it.
  • F is a function of a picture panel, this panel is conducted from a well-arranged state to another.
  • the 'm' transpositions are stored in transposition matrix M.
  • a user is a client of one or several servers.
  • a server has zero or several users.
  • a user logs on to a server by means of user name and, or password.
  • the security of a password is expressed as a quotient of integers indicating the probability that an unauthorized attempt to access will fail.
  • a bad password does not have sufficient length and, or complexity compared to known and, or expected technique.
  • ASCII American Standard Code for Information Interchange
  • ASCII consisted of seven bits.
  • the extended version Extended ASCII which has eight bits consisting of 256 characters in total, is most often put into practice.
  • ASCII means in precise technical language the use of seven bits. In a wide- ranging sense it often refer to eight bits.
  • X, Y are integers greater than zero.
  • G is the owner of all picture panels h n and even the owner of potential sub panels of h n .
  • both pictures that are displayed directly in G, or in the entire hierarchy of picture panels, can be referred to as well. Coherence will determine what is meant by notation of a picture panel.
  • F does not say anything about the way F works. If nothing else is indicated, let F be a pseudo-random-function with a very long period.
  • the security of a password refers to the probability of a successful illegitimate attempt to login before any illegitimate attempts to login has taken place. The probability of illegitimate access is not governed entirely by combinatorics.
  • a password must also contain a certain complexity. Passwords must not contain combinations of symbols that can be found in a dictionary. In general a password must not contain a string that potentially have any meaning in a public context.
  • N the probability that the first illegitimate attempt to login is successful is: l/(s r -N).
  • a password that is considered as secure may be used to protect messages on an answering machine as well as launch codes for ballistic missiles.
  • definition 10 For example a password containing strings that exists in dictionaries, the white pages, names, years, events, mnemonics such as: MOVEA , JSR.
  • a password is not just a string in some alphabet. It must be generated, distributed, used, verified, updated, backed up, and handled in event of exposure and finally destructed.
  • the perspective has to be broadened and also include the system that the password is set to protect, and the organisation using the system.
  • Axiom 6 it is not possible to represent a value in a "good” password without making the password "bad". It is likely that a person with ease remembers a password that represents something in the everyday life, but since one alphabet is used to represent both passwords and information, one cannot syntactical express a value with common letters without the loss of complexity in the password. That is because the alphabet is a representation of a common article of value.
  • a combinatorical advantage when creating passwords is that strings forming meaningful words are just a fraction of the possible numbers of (finite)strings.
  • a drawback is that a "good" password is likely to be hard to remember due to the lack of a meaningful representation. In reality this can lead to shortage in security.
  • the security policy prescribes a frequent change of passwords, it may risk that the user generates new passwords that to some extent can be derived from earlier ones. If the system administrator generates the passwords for the user, the user might forget it, or write it down. It is not possible to alter the complexity in a password without actually changing the password. This implies that all users have to change passwords if the all over system security has to be risen.
  • a user that gains access to several resources by passwords on separate systems might be a security hazard for the system owners. If only one password is used on several systems, the representation of the password is more or less identical on the different systems, and different encryption of the password files can help an attempt to crack a multi used password.
  • the difference between the function and the suggested language is that the user has not explicitly made the transformation.
  • the user describes a value with words which are then transformed by the function, the user probably does not even remember the function output, only the input (otherwise the function is not necessary).
  • the user is aware of the value but also masters the representation.
  • AKF_inlog By combining the function and the irregular language, a hybrid called AKF_inlog is defined.
  • the purpose of the irregular language is to enable a user to produce simple passwords in a simple way.
  • the function contributes to the uniqueness in every individuals language.
  • the irregular language is created by letting the ability of association create values. Assume that people to some extent think different, then this plurality further adds up to the uniqueness of the individual languages along with the function.
  • the irregular language uses pictures as representation and the values are created with association while viewing the images. Instead of sequentially selecting letters from an alphabet in order to create a new password, one can sequentially chose pictures from a set. I claim that it is a language when it is possible to select a sequence of pictures(create words) from a finite set of pictures(alphabet) since the pictures are subject for my association and thereby given meaning (value).
  • Figure 3 shows a model of a picture panel (def. 4). To the left, a table containing the Swedish alphabet, punctuation and control characters. To the right, a selection from an arbitrary large alphabet. Each shadowed square symbolizes a unique picture.
  • the first and second passwords are not to short but the third is. All three passwords are bad due to the lack of complexity.
  • pictures in a picture panel are represented as coordinates. By periodically letting F act upon the picture panel, the pictures are exchanging positions with each other periodically. This implies that all picture sequences of a given length with unique pictures has equal complexity. There are no bad passwords, only short or long ones.
  • FIG 4 three sequences of pictures selected from some picture panel.
  • the sequences can be regarded as passwords. All users have different picture panels(since F has acted upon each at least once.)
  • the same pictures in different systems are represented differently physically (bit pattern) and logically (different positions).
  • F The purpose of F is to create different representations for users although the same pictures may be used. Users probably associates different for a given picture which implies that both value and representation can be regarded as unique for each user.
  • F on the picture panels secures that different systems have different representations, all user within a certain system have different representations, the representation for a specific user alters periodically since the pictures exchange position before each attempt to logon.
  • a password p ⁇ 011 based on characters from the ASCII table with the length ⁇ 011 can be made more secure(def 9) by increasing both complexity in p ⁇ 011 and/or the length L ⁇ 011 .
  • a selected sequence of pictures from some picture panel is to be regarded as a password, pPICTURE ⁇ the j ength L PICTURE p PICTURE c an ⁇ be ma ⁇ j e safer by increasing fa complexity since it is constant for any given length of the sequence.
  • An increase of L PICTURE will contribute to an increased security, but also an increase of the picture set in the picture panel(s).
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • AKF_inlog can do this by:
  • the set of pictures can increase arbitrary
  • Figure 6 displays a hierarchy of picture panels, were each grid symbolizes a picture panel.
  • the hierarchy can be extended arbitrary. If the picture panels have a fixed picture size of say 100, a hierarchy of depth three is needed to represent 10 6 pictures.
  • AKF_inlog operates by a common alphabet shared by the server and the client, where the symbols are integers.
  • the pictures shown to the user are placed in a picture panel where each picture corresponds to a number or a position.
  • a user clicks on the pictures that correspond to the password it is merely the picture panels coordinates for the picture that are registered and sent to the server.
  • the server or the network knows even of the existence of any pictures. (The server might know about registered control images).
  • a user has established a new user account on some server and wishes to use AKF_inlog to authenticate.
  • the technique will be explained in six steps.
  • the user needs a AKF_inlog client application (AKA) which can be required from a CD- ROM or downloaded from some network.
  • AKA AKF_inlog client application
  • the basic version of the AKA includes 400 gif pictures with a varying quality and resolution. If the user wishes to other pictures, these can be chosen now or later.
  • the standard pictures are named: O.gif, l.gif ... 399.gif The names are randomly selected why w.gif on one system is very unlikely to correspond to w.gif on another system.
  • the user selects the alternative "Mount new server" in the AKA installation menu, (the paradigm centres the user), and the AKA establish a connection with the desired server.
  • the server creates a square matrix with X*Y elements (def. 1).
  • the default size is 400.
  • Each element is unique and is a integer in the range [0..399] i.e. [0..X*Y -1].
  • a function F acts upon the matrix by exchanging positions of the elements in a way that the contents does not correspond to the index. A copy of the matrix is returned to the client. See figure 7.
  • the matrix returned from the server can on the AKA act as a picture panel, and will from now on in this example be referred to as the picture panel "BP".
  • BP picture panel
  • a suitable partition will be made to fit in the "BP”.
  • a main picture panel consisting 100 pictures is created and then three sub picture panels also with 100 elements each. The sub panels are activated by right clicking on the three upper leftmost pictures in the main picture panel. (This is merely a suggestion, the AKA can at any time be reconfigured by the user).
  • the BP is now interpreted as four picture panels on the AKA.
  • the correspondence to BP on the server is actually a one dimensional vector where each index addresses a integer element that can be mapped to the AKA in bijective way. In order to make understanding easier the notation of matrixes will be used.
  • the 400 default pictures included with the AKA are stored in a catalogue on the clients hard drive as the files: O.gif, l.gif, ...399.gif BP2 are displayed on the clients screen as a grid containing the said pictures.
  • the initially empty grid is filled up from the upper left corner, to the right, and down, as shown in figure 9. To the right in figure 9, the upper left corner of the active picture panel.
  • the grid displayed on the screen is indexed by an incremental series. When the user clicks on an image, it is the index or position "q" that is registered.
  • a picture sequence of length L used as a password is stored as the positions of the pictures, that is ⁇ q0,ql..q(L-l) ⁇ .
  • the AKA sends the vector passwd[], and the transposition matrix M to the server.
  • the server recreates BP2 from BP and M, and verify the password.
  • the server can either approve access or perform additional security controls by requiring verification of control images.
  • AKF_inlog let the user register any number of pictures for cross checking.
  • the registration process can be done in numerous ways. The simplest is to click on some pictures, which are sent to the server along with the coordinates. Each time the client tries to logon, AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected pictures to AKA in a special window. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
  • the second method of registering pictures asks the client to describe some selected pictures in words.
  • the comments together with coordinates for the corresponding pictures are sent to the server.
  • AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected text strings describing pictures. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
  • the second method is by far the safest and most efficient method for cross checking since semantics is the only reference to the pictures, whilst even a chimpanzee can match pairs of identical pictures.
  • the cross checking is not an additional password since the user does not have to memorize or produce the output.
  • the purpose is to verify the validity of the transposition.
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • This language can either be learned by heart by the user, or created and maintained with
  • AKF inlog can do this by:
  • the set of pictures can increase arbitrary
  • AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
  • This language can either be learned by heart by the user, or created and maintained with
  • AKF_inlog can do this by:
  • Every user has access to a unique language with a unique representation for every value (Axiom 6), also the representation of every value changes periodically.

Abstract

The technical part of the application includes a theory part with axioms and definitions. A common part describing general principles. A special part where axiom, theories and principles are applied to solve problems. The major problems solved are the reduction of complexity on passwords, and how to safe use a single password on several systems. To understand definitions and discussions, basic knowledge about set theory and the field of computer science is required.

Description

Method for graphical authentication
Preface
I intend to describe a complex of problems that arise when authenticating towards computerized systems with monitors and to present a technique solving these problems. The technique I name: "AKF_inlog".
To overcome the problem by exact notation and thereby renouncing the content, I have chosen to use personal words and connotations in'yarious connections to stress the relevance of the issue. In the case subjective words and connotations will occur in italics. This will only apply for a few words in italics. An italicised sentence is aimed to draw attention whereas definitions are black and italicised.
Theory
In general
The concepts and variables defined here will exist throughout the entire document, if nothing else is mentioned.
Axoim
1. Alphabet: finite set of symbols.
2. String: consists of zero, one ore more concatenated symbols of some alphabet.
3. Grammar: rules which form strings from an alphabet.
4. Semantics: the relation between symbols and the value it represents.
5. Language: when semantics and grammar co-operate.
6. Value: An expression can describe a value. A letter such as an 'a' is an abstraction that exists through one or several definitions and is concretised by one ore more real representations for instance by sound or a marked/drawn curlicue.
7. Everything which is real can be regarded as representations even when no value has been defined.
8. Collective perception: a common article of value is the prerequisite of understanding and communication.
9. Character table: two forms of representations where one representation implies the other and vice versa, is mathematically to be described as a bijective function between the two representations. Whether any value has been defined lack signification.
10. The more chaos found in a string, the more information is contained in it. The more organised a string is, the less information does it carry.
Definitions
1. B is a chessboard (quadratic matrix) with Y rows and X columns. If nothing else is being mentioned X=Y=20. The X*Y squares in B all have the side 'k'.
2. Coordinates: Every square b1J in B corresponds to a pair of integers: x1 and y1.
3. Vector equivalence By means of modulo arithmetic's a bijective mapping can be made from B's coordinates to a one dimensional vector with the length X* Y.
A picture is a limited area containing at least two dots of different colours. The picture is limited by a square frame with the side 'k'.
4. Picture panel On arbitrary chessboard B, a picture unlike every other picture in B, is placed in each square. The names of the pictures are integral numbers. A picture panel can contain a picture panel "behind" each picture in it.
5. Let F be a function of an arbitrary picture panel where 'm' pictures exchange positions (with each other): 0<=m<= X*Y. As F is a function of a picture panel, this panel is conducted from a well-arranged state to another. The 'm' transpositions are stored in transposition matrix M.
6. A user is a client of one or several servers. A server has zero or several users.
7. Password and user name are strings in an alphabet.
8. A user logs on to a server by means of user name and, or password.
9. The security of a password is expressed as a quotient of integers indicating the probability that an unauthorized attempt to access will fail.
10. A bad password does not have sufficient length and, or complexity compared to known and, or expected technique.
Explanations
By axiom 7. The applicability may be questionable although the representations do exist. Abstract representations "probably" do not exist. The representations are essential in order to carry out manipulations, relational comparisons and to define new values such as: vowel.
By axiom 9. It is obvious that a character table can be viewed as two alphabets with equal numbers of symbols. Both alphabets have exactly the same semantics but different representations. In that way the Swedish alphabet and the integral series [0..28] can represent a character table. Example: f(a)=0 =>f (0)=a.
By axiom 9. The most common table of characters in the PC world is the ASCII (American Standard Code for Information Interchange). ASCII composes combinations of the smallest logical units: bits symbolized by 0 and 1. Sequences of seven bits represents signs, the English alphabet, digits, punctuation and control signs. Seven bits imply that 27=128 different signs can be represented with ASCII. The representation does not depend on the fact that the computer works in a binary system. Therefore basis two can be replaced by basis 16 (hexadecimal). Both forms of representation are different names for a certain bit sequence and therefore a character. Originally ASCII consisted of seven bits. The extended version (Extended ASCII) which has eight bits consisting of 256 characters in total, is most often put into practice. ASCII means in precise technical language the use of seven bits. In a wide- ranging sense it often refer to eight bits.
By definition 1. X, Y are integers greater than zero.
By definition 2 and definition 3. Let the coordinates (x1, y1) be equivalent to the value: [i mod(X*Y) + j*(X*Y)]. For X=Y=4 0<=i, j<=3, a two dimensional matrix is formed, see figure 1. A one dimensional vector can represent a two dimensional matrix, when determining k = i mod(X*Y) + j*(X*Y) for each pair of integers (i, j). The inverse from k to (i, j) is unambiguous, as a bijective correlation exists between the two ways of indexing. (The above mentioned example can not be transferred into a body of integral numbers because multiplicative inverse does not exist for any numerals with the exception pf zero.) Figure 2 shows a one dimensional vector with integral values. By definition 4.
Assume a panel of pictures 'G' containing H numbers of picture panels {h^h^h ...h""1}. G is the owner of all picture panels hn and even the owner of potential sub panels of hn. By means of G, both pictures that are displayed directly in G, or in the entire hierarchy of picture panels, can be referred to as well. Coherence will determine what is meant by notation of a picture panel.
By definition 5.
The definition of F does not say anything about the way F works. If nothing else is indicated, let F be a pseudo-random-function with a very long period.
By definition 9. Definition makes it possible to speak about a high security instead of small probabilities. A password with the length of 'r' from an alphabet with 's' numbers of symbols, makes a combination of sr possible. The first time an illegitimate attempt to login failed, the probability of succeeding was 1 out of sr. The next illegitimate attempt will have the probability 1 of (sr -l) success. For every unsuccessful attempt, breaking the password, the security of the password will decrease. In general the security of a password refers to the probability of a successful illegitimate attempt to login before any illegitimate attempts to login has taken place. The probability of illegitimate access is not governed entirely by combinatorics. A password must also contain a certain complexity. Passwords must not contain combinations of symbols that can be found in a dictionary. In general a password must not contain a string that potentially have any meaning in a public context.
Let the total number of illegal combinations be N, which implies that the above mentioned example is more realistic rephrased: the probability that the first illegitimate attempt to login is successful is: l/(sr -N). By assuming N« sr , N will be neglected if nothing else is mentioned.
The value of the resource that is password protected, is not considered in the definition. A password that is considered as secure may be used to protect messages on an answering machine as well as launch codes for ballistic missiles. By definition 10. For example a password containing strings that exists in dictionaries, the white pages, names, years, events, mnemonics such as: MOVEA , JSR.
Introduction
A user that has access to ten different systems that all suggests a renewal of passwords on a weekly basis, has during two years consumed more than one thousand different passwords and not once written any password down. Probably not.
A password is not just a string in some alphabet. It must be generated, distributed, used, verified, updated, backed up, and handled in event of exposure and finally destructed. In general, to discuss security in a meaningful way the perspective has to be broadened and also include the system that the password is set to protect, and the organisation using the system.
Security issues relevant to this report are length and complexity of passwords, and how many passwords one person is using. The term security will only be reflected by those parameters.
Problems
1. COMPLEXITY
By Axiom 6, it is not possible to represent a value in a "good" password without making the password "bad". It is likely that a person with ease remembers a password that represents something in the everyday life, but since one alphabet is used to represent both passwords and information, one cannot syntactical express a value with common letters without the loss of complexity in the password. That is because the alphabet is a representation of a common article of value.
A combinatorical advantage when creating passwords, is that strings forming meaningful words are just a fraction of the possible numbers of (finite)strings. A drawback is that a "good" password is likely to be hard to remember due to the lack of a meaningful representation. In reality this can lead to shortage in security. Example: if the security policy prescribes a frequent change of passwords, it may risk that the user generates new passwords that to some extent can be derived from earlier ones. If the system administrator generates the passwords for the user, the user might forget it, or write it down. It is not possible to alter the complexity in a password without actually changing the password. This implies that all users have to change passwords if the all over system security has to be risen.
MANY
A user that gains access to several resources by passwords on separate systems, might be a security hazard for the system owners. If only one password is used on several systems, the representation of the password is more or less identical on the different systems, and different encryption of the password files can help an attempt to crack a multi used password.
It is hard or even impossible for a system owner to protect a system from users generating "bad" passwords by means of a multi used "favourite" password, or rotating a few among several systems. On the other hand, if a user have to many passwords there is a risk that the user write them down, or'simply reduce the number by substitution with a favourite".
Solution to problem 1
The written language that we use to describe thoughts, events and objects, that is values, is the same used for communication. This implies that written values can be red by others. A password like "sunrise" is considered as bad due to the low complexity. It would be desirable if a user in a simple way could tie the value of "sunrise" to a string like: " fcrg 0hj8J_=e". This could easily be done with a function that takes a "regular" word as input, and a has a "complex" derivate as output.
Suppose a irregular language defined with symbols from the Swedish alphabet, punctuation, and numbers, forming unique words, i.e. strings.
If only one person knows about the language, the demand for complexity on passwords can be withdrawn, that is, all words of equal length are equal "secure" since the complexity is implied by the irregular definition of the language.
The difference between the function and the suggested language is that the user has not explicitly made the transformation. In order to apply the function, the user describes a value with words which are then transformed by the function, the user probably does not even remember the function output, only the input (otherwise the function is not necessary).
When using the irregular language to create passwords, thoughts are formulated with words.
The user is aware of the value but also masters the representation.
By combining the function and the irregular language, a hybrid called AKF_inlog is defined.
The purpose of the irregular language is to enable a user to produce simple passwords in a simple way. The function contributes to the uniqueness in every individuals language. The irregular language is created by letting the ability of association create values. Assume that people to some extent think different, then this plurality further adds up to the uniqueness of the individual languages along with the function.
Opposed to how the Swedish language is constructed, by defining values and representations and then glue with semantics, the irregular language uses pictures as representation and the values are created with association while viewing the images. Instead of sequentially selecting letters from an alphabet in order to create a new password, one can sequentially chose pictures from a set. I claim that it is a language when it is possible to select a sequence of pictures(create words) from a finite set of pictures(alphabet) since the pictures are subject for my association and thereby given meaning (value).
For one picture there may be as many associations as there are people. If the set of pictures is well defined in terms of numbers of pictures and motives, and commonly known, there exists a collective knowledge about representation but individual values tied to each representation.
The most important difference between two languages like Swedish and a irregular based on pictures, is that in Swedish one can produce an idea, i.e. a value and then express it with letters while values are created by associations while viewing the pictures, the observer can not control exactly what value that is created. In order to purposeful express a value such as a feeling, one would have to paint the picture that by association corresponded to the value which was to be represented. However one can swiftly select a number of pictures in order to create a password.
Figure 3, shows a model of a picture panel (def. 4). To the left, a table containing the Swedish alphabet, punctuation and control characters. To the right, a selection from an arbitrary large alphabet. Each shadowed square symbolizes a unique picture.
Instead of typing characters when producing passwords, a picture panel that F (def. 5) has acted on at lest once can be used as basis for selection of sequences of pictures. The created password has a specific meaning for the creator, not shared by others. This implies that the demand for complexity can be discarded.
Example
Three passwords:
1) red blue yellow
2) triangle circle square
3) hello
The first and second passwords are not to short but the third is. All three passwords are bad due to the lack of complexity. In networks and computers pictures in a picture panel are represented as coordinates. By periodically letting F act upon the picture panel, the pictures are exchanging positions with each other periodically. This implies that all picture sequences of a given length with unique pictures has equal complexity. There are no bad passwords, only short or long ones.
Figure 4, three sequences of pictures selected from some picture panel. The sequences can be regarded as passwords. All users have different picture panels(since F has acted upon each at least once.) The same pictures in different systems are represented differently physically (bit pattern) and logically (different positions).
Solution to problem 2
To use a password safe on several systems, the correlation between the password representations on the different systems ought to be as low as possible, preferable zero. If a text based password like "SKIPPER" is used by one user on more than one system, it is considered as one password even though different systems may have internal bit patterns and tables of characters.
By the use of picture panels on the different systems, the correlation between the internal representations are heavily reduced (by F). There are still some connection between the representations of the passwords on the different systems since the length of the password is equal, and to some extent the same pictures may be used on different systems.
The purpose of F is to create different representations for users although the same pictures may be used. Users probably associates different for a given picture which implies that both value and representation can be regarded as unique for each user.
The use of F on the picture panels secures that different systems have different representations, all user within a certain system have different representations, the representation for a specific user alters periodically since the pictures exchange position before each attempt to logon.
Using pictures depicting letters is not a great security hazard. Because of this, a user can actually use a password such as "SKIPPER" on several systems since the letters are in fact pictures with unique positions and names. The correlation that exists is the length of the picture sequence, and maybe the picture set. The passwords in the different systems are represented differently with very low correlation (depends on F). It is possible that exactly the same pictures are being used on different systems, hence an unambiguous relation may be established between two password representations on different systems. This could in the worst case lead to that all of a users password are to be considered as revealed if one password is visually identified by another person than the user.
A password p^011 based on characters from the ASCII table with the length ^011, can be made more secure(def 9) by increasing both complexity in p^011 and/or the length L^011. A selected sequence of pictures from some picture panel is to be regarded as a password, pPICTURE ^ the jength LPICTURE pPICTURE c an ^ be ma{je safer by increasing fa complexity since it is constant for any given length of the sequence. An increase of LPICTURE will contribute to an increased security, but also an increase of the picture set in the picture panel(s).
It is not possible to exactly compare the security of an arbitrary p^011 ith an arbitrary
P , since the ASCII table has a fixed length of encoding (seven or eight bits) while the picture set can be increased arbitrary.
Example
An eight bits ASCII password consisting of eight characters makes one combination out of (28)8 = 2568 = 1.84*1019. A sequence of eight pictures selected from a picture panel containing 1000 pictures, makes one combination out of 10008= 1024, that is, 6.42 pictures correspond combinatorically to eight ASCII characters. If the picture panel instead contained 106 pictures 3.21 pictures would correspond to an eight character ASCII password. By creating passwords as picture sequences selected from some picture panel it is possible to use short passwords for which the security can be increased arbitrary by increasing the picture set in the picture panel(s). Standpoint
AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
This language can either be learned by hart by the user, or created and maintained with AKF_inlog. AKF_inlog can do this by:
1 introducing a new alphabet with a arbitrary large set of pictures,
2 motive and picture names are randomly generated for every user,
3 the pictures periodically changes names on the client,
4 the set of pictures can increase arbitrary,
5 Before each authentication, at least zero pictures exchange positions with each other, by some pseudo random pattern,
6 the change is sent to the server together with the password to the server.
Special
Introductory explanation
The way of representing pictures as shown in figure 5, is well suited for small sets of pictures, say <=300 depending on the resolution and complexity(motive) of the picture, as well as screen characteristics. To the left, a computer with a CRT-screen. (CRT = Cathode Ray Tube). In the middle, a picture panel. To the right, four pictures from the picture panel. In order to display a large number of pictures on the same screen area, say 106 pictures several picture panels can be linked together in a recursive way, forming hierarchies.
Figure 6 displays a hierarchy of picture panels, were each grid symbolizes a picture panel. The grid in the middle of figure 6, symbolizes the picture panel a user selects pictures from in order to logon, the shaded squares symbolizes pictures.
By clicking with the left mouse button on a picture, it is selected as part of a password. By right clicking on a picture, the picture panel "behind" the picture is activated and shown in full size on the screen(containing other pictures). The hierarchy can be extended arbitrary. If the picture panels have a fixed picture size of say 100, a hierarchy of depth three is needed to represent 106 pictures.
Depth = 1 » 100*10° = 102 pictures. Depth = 2 -» 100* 102 = 104 pictures. Depth = 3 * 100* 104 = 106 pictures. Depth = n 102n pictures.
AKF_inlog operates by a common alphabet shared by the server and the client, where the symbols are integers. The pictures shown to the user are placed in a picture panel where each picture corresponds to a number or a position. When a user clicks on the pictures that correspond to the password, it is merely the picture panels coordinates for the picture that are registered and sent to the server. Nor the server or the network knows even of the existence of any pictures. (The server might know about registered control images). Tangible example of execution
A user has established a new user account on some server and wishes to use AKF_inlog to authenticate. The technique will be explained in six steps.
Step l
The user needs a AKF_inlog client application (AKA) which can be required from a CD- ROM or downloaded from some network. The basic version of the AKA includes 400 gif pictures with a varying quality and resolution. If the user wishes to other pictures, these can be chosen now or later. The standard pictures are named: O.gif, l.gif ... 399.gif The names are randomly selected why w.gif on one system is very unlikely to correspond to w.gif on another system.
Step 2
The user selects the alternative "Mount new server" in the AKA installation menu, (the paradigm centres the user), and the AKA establish a connection with the desired server. When a new user is created on a system, the server creates a square matrix with X*Y elements (def. 1). The default size is 400. Each element is unique and is a integer in the range [0..399] i.e. [0..X*Y -1]. A function F acts upon the matrix by exchanging positions of the elements in a way that the contents does not correspond to the index. A copy of the matrix is returned to the client. See figure 7.
The matrix returned from the server can on the AKA act as a picture panel, and will from now on in this example be referred to as the picture panel "BP". Depending on screen characteristics, a suitable partition will be made to fit in the "BP". In the case of 400 pictures, a main picture panel consisting 100 pictures is created and then three sub picture panels also with 100 elements each. The sub panels are activated by right clicking on the three upper leftmost pictures in the main picture panel. (This is merely a suggestion, the AKA can at any time be reconfigured by the user).
The BP is now interpreted as four picture panels on the AKA. The correspondence to BP on the server is actually a one dimensional vector where each index addresses a integer element that can be mapped to the AKA in bijective way. In order to make understanding easier the notation of matrixes will be used.
Step 3
Each authentication process is proceeded by F (def. 5)acting upon the picture panel in AKA, also the very first time the system is used. In figure 8, to the left, a part of BP before F has acted on BP. In the middle, parts of the transposition matrix M generated by F. To the right, BP has been modified and is now called BP2. Step 4
The 400 default pictures included with the AKA, are stored in a catalogue on the clients hard drive as the files: O.gif, l.gif, ...399.gif BP2 are displayed on the clients screen as a grid containing the said pictures. The initially empty grid is filled up from the upper left corner, to the right, and down, as shown in figure 9. To the right in figure 9, the upper left corner of the active picture panel.
Step 5
The grid displayed on the screen is indexed by an incremental series. When the user clicks on an image, it is the index or position "q" that is registered. A picture sequence of length L used as a password, is stored as the positions of the pictures, that is {q0,ql..q(L-l)}. The sequence of positions are with BP2 transformed to a text string called passwd[] which holds BP2:s elements for index qn, where passwd[0] = BP2[q0], passwd[l] = BP2[l]...passwd[L-l] = BP2[L-1].
In order to logon the AKA sends the vector passwd[], and the transposition matrix M to the server. The server recreates BP2 from BP and M, and verify the password.
Step 6
If the password was valid, the server can either approve access or perform additional security controls by requiring verification of control images.
Control pictures
The first time used, AKF_inlog let the user register any number of pictures for cross checking. The more pictures used, the better security. The registration process can be done in numerous ways. The simplest is to click on some pictures, which are sent to the server along with the coordinates. Each time the client tries to logon, AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected pictures to AKA in a special window. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
The second method of registering pictures, asks the client to describe some selected pictures in words. The comments together with coordinates for the corresponding pictures are sent to the server. Each time the client tries to logon, AKA sends the password as described earlier. If the password is accepted as valid by the server, the server returns some randomly selected text strings describing pictures. The user now has to find the corresponding pictures in the AKA picture panel. If the right positions are sent to the server the client will be granted access.
The second method is by far the safest and most efficient method for cross checking since semantics is the only reference to the pictures, whilst even a chimpanzee can match pairs of identical pictures.
The cross checking is not an additional password since the user does not have to memorize or produce the output. The purpose is to verify the validity of the transposition.
Standpoint 1
AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
This language can either be learned by hart by the user, or created and maintained with
AKF inlog. AKF inlog can do this by:
1 introducing a new alphabet with a arbitrary large set of pictures,
2 motive and picture names are randomly generated for every user,
3 the pictures periodically changes names on the client,
4 the set of pictures can increase arbitrary,
5 Before each authentication, at least zero pictures exchange positions with each other, by some pseudo random pattern,
6 the change is sent to the server together with the password to the server.
Standpoint 2
AKF_inlog is based on that every user has a unique language to express values within. This enables users to create passwords that does not carry the same meaning to others than themselves.
This language can either be learned by hart by the user, or created and maintained with
AKF_inlog. AKF_inlog can do this by:
1 introducing a new alphabet with a arbitrary large set of sounds,
2 sound and sound names are randomly generated for every user,
3 the sounds periodically changes names on the client,
4 the set of sounds can increase arbitrary,
5 Before each authentication, at least zero sounds exchange positions with each other, by some pseudo random pattern,
6 the change is sent to the server together with the password to the server.
New / special
Every user has access to a unique language with a unique representation for every value (Axiom 6), also the representation of every value changes periodically.

Claims

Claim 1
I claim the rigths on the procedure described in the following six points when physical signals are propagated through physical networks with the purpose of determining the identity of the signal source.
1 introducing a new alphabet with a arbitrary large set of pictures,
2 motive and picture names are randomly generated for every user,
3 the pictures periodically changes names on the client,
4 the set of pictures can increase arbitrary,
5 Before each authentication, at least zero pictures exchange positions with each other, by some pseudo random pattern,
6 the change is sent to the server together with the password to the server.
Claim 2
I claim the rigths on the procedure described in the following six points when physical signals are propagated through physical networks with the purpose of determining the identity of the signal source.
1 introducing a new alphabet with a arbitrary large set of sounds,
2 sound and sound names are randomly generated for every user,
3 the sounds periodically changes names on the client,
4 the set of sounds can increase arbitrary,
5 Before each authentication, at least zero sounds exchange positions with each other, by some pseudo random pattern,
6 the change is sent to the server together with the password to the server.
PCT/SE2002/001975 2001-10-30 2002-10-30 Method for graphical authentication WO2003049001A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002354431A AU2002354431A1 (en) 2001-10-30 2002-10-30 Method for graphical authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0103598A SE0103598D0 (en) 2001-10-30 2001-10-30 AKF_inlog
SE0103598-9 2001-10-30

Publications (2)

Publication Number Publication Date
WO2003049001A2 true WO2003049001A2 (en) 2003-06-12
WO2003049001A3 WO2003049001A3 (en) 2003-10-30

Family

ID=20285806

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2002/001975 WO2003049001A2 (en) 2001-10-30 2002-10-30 Method for graphical authentication

Country Status (3)

Country Link
AU (1) AU2002354431A1 (en)
SE (1) SE0103598D0 (en)
WO (1) WO2003049001A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359726A1 (en) * 2013-06-04 2014-12-04 Mark Rodney Anson Login Process for Mobile Phones, Tablets and Other Types of Touch Screen Devices or Computers
WO2015088364A1 (en) * 2013-12-09 2015-06-18 NORD-SYSTEMS Sp.z o.o. Method of generating graphical access passwords

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5559961A (en) * 1994-04-04 1996-09-24 Lucent Technologies Inc. Graphical password
DE19620346A1 (en) * 1996-05-21 1997-11-27 Bosch Gmbh Robert Graphical password log-in procedure for user of data terminal in computer system
US5928364A (en) * 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
US6209104B1 (en) * 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US20020029341A1 (en) * 1999-02-11 2002-03-07 Ari Juels Robust visual passwords

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5559961A (en) * 1994-04-04 1996-09-24 Lucent Technologies Inc. Graphical password
US5928364A (en) * 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
DE19620346A1 (en) * 1996-05-21 1997-11-27 Bosch Gmbh Robert Graphical password log-in procedure for user of data terminal in computer system
US6209104B1 (en) * 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US20020029341A1 (en) * 1999-02-11 2002-03-07 Ari Juels Robust visual passwords

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140359726A1 (en) * 2013-06-04 2014-12-04 Mark Rodney Anson Login Process for Mobile Phones, Tablets and Other Types of Touch Screen Devices or Computers
US10120989B2 (en) * 2013-06-04 2018-11-06 NOWWW.US Pty. Ltd. Login process for mobile phones, tablets and other types of touch screen devices or computers
WO2015088364A1 (en) * 2013-12-09 2015-06-18 NORD-SYSTEMS Sp.z o.o. Method of generating graphical access passwords

Also Published As

Publication number Publication date
AU2002354431A1 (en) 2003-06-17
SE0103598D0 (en) 2001-10-30
AU2002354431A8 (en) 2003-06-17
WO2003049001A3 (en) 2003-10-30

Similar Documents

Publication Publication Date Title
US8918849B2 (en) Secure user credential control
JP4421892B2 (en) Authentication system and method based on random partial pattern recognition
US9100194B2 (en) Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US8666065B2 (en) Real-time data encryption
JP5133248B2 (en) Offline authentication method in client / server authentication system
US9519770B2 (en) Transaction card for providing electronic message authentication
EP1803251B1 (en) Method and apparatus for providing mutual authentication between a sending unit and a recipient
US7024690B1 (en) Protected mutual authentication over an unsecured wireless communication channel
US20060206919A1 (en) System and method of secure login on insecure systems
US20090150991A1 (en) Password generation
CN114868143A (en) Destination addressing for transactions associated with a distributed ledger
CN101064602A (en) Cipher inputting method and system
Thorsteinson et al. NET security and cryptography
WO2010011715A2 (en) Keyboard display posing an identification challenge for an automated agent
Still Cybersecurity needs you!
US20080250505A1 (en) Methods And Systems For Generating A Symbol Identification Challenge
US20160012617A1 (en) Apparatus and method for providing feedback on input data
Gabor et al. Security issues related to e-learning education
WO2003049001A2 (en) Method for graphical authentication
CN116628759A (en) MNSS platform communication Cookie data blurring method and data management method
Hanif et al. A new shoulder surfing and mobile key-logging resistant graphical password scheme for smart-held devices
CN101025874A (en) Method for generating meaningless password using logical expression
Lalitha et al. A novel authentication procedure for secured web login using coloured Petri net
Rajavat et al. Textual and graphical password authentication scheme resistant to shoulder surfing
Namprempre et al. Mitigating dictionary attacks with text-graphics character CAPTCHAs

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP