1. Field of the Invention
The present disclosure relates to a touchscreen-enabled apparatus and a touchscreen-enabled gesture-based authentication method for improving the security of access-restricted computing devices.
2. Description of the Related Art
The portable nature of mobile computing devices, such as smartphones, tablet PCs and touch-enabled laptops, has necessitated the development of authentication mechanisms that prevent access to confidential information by denying unauthorized access. As a result, most mobile devices today include some form of authentication mechanism. While traditional systems were configured to utilize keypad input, the inclusion of touchscreen interfaces allows the authentication mechanisms to use touch, gesture and pattern-based input schemes to authenticate users and prevent unauthorized access to the device. More specifically, in a gesture-based authentication system, users may create a pre-defined “unlock” pattern that must be traced on the device screen, sometimes in relation to displayed visual elements. If the user-traced pattern matches with a pre-registered pattern, then the system may allow the user to access the device.
In another gesture-based authentication mechanism, a user is required to select an object displayed on the touchscreen only once. Thus, the user is restricted to repeatedly selecting the object in successive iterations. Authentication mechanisms such as these are deficient because the number of possible wrong combinations or challenge objects displayed on screen is not of sufficient complexity as to ensure the failure of unauthorized attempts to access the device. As a result, the security level achieved by such gesture or pattern-based authentication mechanisms is low as compared to conventional mechanisms that utilize alpha-numeric authentication (i.e.; passwords or key codes).
Increasing the complexity of gesture and pattern-based is further compounded by logistical difficulties introduced by the standard size of many mobile devices, such as smartphones. For example, in order to increase the challenge presented by a typical “unlock” pattern, the screen size of the device may have to be increased. This essentially limits the usefulness of this strategy for small screen devices. Moreover, the patterns employed by such strategies are usually simple enough so that a potential unauthorized user who has observed the pattern will be able to gain unauthorized access to the mobile device. Similarly, in the object-based authentication mechanism, if the unauthorized user knows the number of objects to be selected in a pre-pattern, then the total number of trials and challenges presented to the unauthorized user is decreased, increasing the probability that the unauthorized user will gain access to the mobile device.