The background of the present disclosure is hereinafter introduced with the discussion of techniques relating to its context. However, even when this discussion refers to documents, acts, artifacts and the like, it does not suggest or represent that the discussed techniques are part of the prior art or are common general knowledge in the field relevant to the present disclosure.
The present disclosure relates to the information technology field. More specifically, this disclosure relates to the control of access to protected resources.
Control of access to resources to be protected for security reasons is a significant issue in computing systems. A typical example is a portable computing device, such as a smartphone. In this case, a protection process may be used to lock the smartphone when it is not in operation; and the protection process then requires specific actions to unlock the smartphone, in order to resume its normal operation. The protection process is based on a secret, i.e., a piece of information that is known only to an authorized user. In this way, it is possible to prevent (or at least to hinder) unauthorized persons to get access to the smartphone (for example, when it is stolen or lost) and then to any sensitive data that may be stored therein.
The protection process may be of different types. A conventional approach is based on a secret password (or PIN) to be typed. Alternatively, the protection process (especially when a touch-screen is available) may be based on a gesture to be performed on a picture. A number of possibilities are practicable for this purpose.
For example, the protection process may require the drawing of a secret path, such as by connecting points in a grid.
The protection process may require the selection of a secret sequence of portions/zones within an image; in addition, the protection process may require the execution of a secret movement or sequence of movements.
The protection process may require the movement of secret pieces of an image to secret locations.
The protection process may show a picture and a grid of random numbers, and then it may require the dragging of a secret number on top of a secret spot of the picture.
The protection process may display an image (selected randomly within a set) and requires the identification of an object or a person inside the image (such as by its name).
The protection process may require an initialization phase wherein the user populates images with metadata based on a self-knowledge (for example, middle names or anniversary dates of persons, visiting dates of locations). In use, the protection process displays a plurality of images of a specific category (predetermined by the user or selected randomly); at the same time, the protection process displays a specific criterion for selecting the images in a required order (predetermined by the user or selected randomly as well) based on their metadata (for example, in ascending or descending order of names/dates).
Nevertheless, the protection process is generally susceptible of further improvements.
Indeed, the secret may be difficult to remember or, conversely, easy to discover.
Moreover, the protection process may be subject to several attacks, such as shoulder-surfing attacks, brute-force attacks and surface analysis attacks; particularly, the secret may be caught by snooping behind the user (for example, in public environments, especially when they are very crowded), the secret may be hacked by performing repeated unlocking attempts automatically and the secret may by discovered by looking for corresponding finger greases, respectively.
The protection process may require relatively long operations to initialize it; and the protection process may also require the storing of a relatively large amount of information for its operation.
Moreover, the protection process may require a relatively complex reasoning. This may be difficult and time consuming for the user, thereby making the protection process awkward in practice.