1. Field of the Invention
The present invention relates to an apparatus and method for inputting a graphical password that combine representative pictures and elemental pictures of a graphic to form a graphical password and that receive the graphic for user authentication.
Also, the present invention relates to an apparatus and method for inputting a graphical password that form a password by combining pictures of a graphic with a rotation direction of a wheel interface for user authentication.
Also, the present invention relates to increasing the number of cases for a password using a wheel interface for a higher security level of an embedded system that has a low security level due to a limited type and length of letters input as a password.
2. Discussion of Related Art
In general, an embedded device has a numerical password consisting of 4 digits according to traditional practice or for user convenience. The password of the embedded device has a very low security level.
A 4-digit password provides a very low security level. The number of cases for the 4-digit password is a total of 10,000. If it is assumed that a person can manually directly attempt to crack a password once a second, the security level of the 4-digit password can be cracked within about 3 hours. This means that a person holding a lost embedded device will probably find out the password. If an embedded device such as a mobile phone or a personal digital assistant (PDA) storing a lot of personal information is lost, there is a high risk of leakage of the personal information.
A higher security level for the password requires an increased number of cases for the password. This results from an increased length of the password or an increased number of cases for each digit of the password.
A method for increasing a password length will first be described. If a numerical password used in the embedded device has an increased length of 5 to 6 digits, the number of cases for the password increases to a total of 105 to 106. A financial IC chip actually embedded in a mobile phone for mobile banking is recommended to use a 6-digit password. This may block a person from manually directly attempting to crack the password to some extent, but may be difficult to block a crack attempt using a computer. It is well known that a 6-digit password can be cracked within several seconds by a computer. Since a longer password may make it difficult for a user to remember, an increased length of the password is not a fundamental solution to prevent from cracking.
A method for increasing the number of cases for a password by increasing the case number of each digit of the password will now be described. If alphabetic letters, numbers, and special characters are used for the password, the number of cases for a 4-digit password becomes 954. A current embedded system mainly uses a numerical password because of a limited input module of the embedded system and in consideration of user convenience. For a mobile phone, if a user must use a password consisting of alphabetic letters, numbers, and special characters, this will greatly increase a number of times the user presses the keypad. This may degrade user convenience.
Schemes using a password for security of an embedded system must satisfy the following requirements.
The schemes must increase a security level of a password used in the embedded system for security. Since in a general embedded system a password-based access control is used as security means, a higher security level of the password guarantees the security of the embedded system.
In addition to having a higher security level, the password must be easy for a user to remember. In general, since a higher security level of the password requires an increased case number for the password, it may become difficult for a user to remember the password. In this case, the user may try to use words from a dictionary or from his or her personal information to make a password easier to remember, which rather decreases the security level of the password. Accordingly, there is a need for a password having a higher security level and being easy for a user to remember.
A password must be easy for a user to input on an embedded system. Since the embedded system has generally a limited type of input device, it is difficult to input a variety of passwords consisting of letters, numbers, special characters, and the like. For user convenience, a password input system must be configured so that a user easily inputs a password.
As a technique of satisfying security requirements based on the password of the embedded system, there is a graphical password-based scheme for making it easy for a user to remember the password with a higher security level in the embedded system. The graphical password is created by a user using a GUI and pictures. A person may be able to remember a graphical password more easily than a text-based password. Research has shown that a person can remember pictures more easily than texts.
An example of security technology based on a graphical password is disclosed in U.S. Pat. No. 5,559,961 (Aug. 24, 1996) entitled “Graphical Password”. The prior technique relates to a graphical password apparatus and method in which a graphic image is displayed on a screen and a series of parts of the image are sequentially selected by a user to form a password.
However, the prior technique is suitable for implementing a graphical password in a general computer having an input device such as a mouse, but not for an embedded system that generally has a screen too small to display detailed pictures. The prior technique is also inconvenient to select a part of a graphic image displayed on the screen using an input device used in the embedded system. The input device employed in the embedded system is a touch pad or a touch screen. The former generally is inconvenient to use, and the latter does not serve fine selection due to its small screen to input with a blunt finger.