Browse Prior Art Database

User Authentication Based on Contextual Input on a Touch Screen

IP.com Disclosure Number: IPCOM000246401D
Publication Date: 2016-Jun-05
Document File: 4 page(s) / 206K

Publishing Venue

The IP.com Prior Art Database

Abstract

Our idea consists of using a set of characters drawn on a touch screen to identify a given known user. There are several parameters that can be used for this purpose, e.g., shape, stroke count, rendering order, and speed. The most interesting and promising of these parameters is the pressure pattern, which can be obtained with pressure sensitive touch screens increasingly available in mobile devices.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 4

User Authentication Based on Contextual Input on a Touch Screen


I. General idea

A set of characters drawn on a touch screen can be used to identify a given user

There are several parameters that can be used to decide whether a certain character has been

drawn by the user. E.g.:

o Character shape

o Stroke count, rendering order and speed o Pressure pattern (novel!)

o …

These parameters can be obtained from pressure sensitive touch screens, which are increasingly available in mobile devices


II. Requirements

Pressure sensitive touch screen

Training: the system must be trained to learn the characters of the user that it intends to match

o Possibly best to constrain it to numeric inputs (10 characters)


III. Advantages

No cognitive burden on the user

o The user does not need to remember a password

Based on dynamic information

o Each time the user can be asked to enter a different number sequence, possibly related to the operation taking place

Stronger (more robust) than existing methods that only look at the shape of a given figure drawn on the touch screen

o Pressure information makes impersonation harder

Relatively easy to implement, use + not computationally expensive

IV. Limitations

Characters drawn on the touch screen become sensitive

o If intercepted by a malicious agent, can eventually be used to subvert authentication

Consequently it requires ensuring that the device where it is executed is not compromised o Not different than most of existing authentication solutions for mobile devices


V. Example use case

During a eBanking transaction:

o User is asked to write the last n (possibly n[34]) digits of the destination account, or the transaction amount, on the touch screen

o This information is used to validate that the transaction is being performed by the user

1


Page 02 of 4


VI. How does it work

Templates are build for the characteristics of interest among the training data

A character drawn by a given user is compared with the template for the user and accepted if its match probability exceeds a given threshold

Alternatively, the character can be compared with a set of templates (if available). In this case, it is accepted if the best match wrt. the templates corresponds to the user's template

o It is not necessary to compare to all other templates: a representative random sample is sufficient

One can build...