1. Field of the Invention
The present invention generally relates to the field of access control and authentication and in particular to graphical methods of user authentication.
2. Background of the Invention
Today, access to many office buildings, bank accounts, email accounts, or other physical and virtual locations requires the use of a password. Passwords, or personal identification number (PIN) codes, are the predominant form of user authentication used on almost all computing platforms including: personal computers, cell phones, personal digital assistants (PDAs), copiers and printers, and cash dispensers such as automated teller machines (ATMs). Passwords are also used to access online accounts.
A strong password, that is more difficult to break and provides greater security, consists of a sequence of symbols randomly and uniformly chosen from a large alphabet. Unfortunately, strong passwords are hard to remember. This leads to a situation where users choose weak passwords or write their passwords down because they cannot reliably commit strong passwords to memory.
Another common problem encountered for the user is that there are too many alphanumeric accounts and passwords to remember. The same person using electronic means to gain access to her office and her various accounts may have to remember a large number of passwords. When the number of accounts a user possesses grows, it becomes a challenge to memorize all the passwords associated with these accounts. The user may resort to using the same password for different purposes which compromises the security of her accounts.
Difficulty of using alphanumeric passwords has prompted considerable research on alternative ways to authenticate users. One such alternative is the use of graphical passwords based on the observation that humans have excellent image recognition capabilities.
In a typical graphical user authentication system, the user chooses one or more secret images during a setup phase. During the challenge phase, the user is presented with a grid of images as a challenge set. The challenge set consists of decoy images and one of the images that the user has chosen as her secret image during the prior setup phase. The user answers the challenge by identifying the secret image to the system. Multiple rounds of challenges are performed until the likelihood of a random unauthorized login is sufficiently small. In each challenge round, a different secret image is used, which means that the user must memorize as many images as there are rounds. For example, if 10 images are presented per challenge round, then the probability of randomly guessing the correct image in each round is approximately one tenth. Psychological factors impact the probability and therefore the probability of each guess may not be exactly 1/10. If four challenge rounds are used to grant access, the probability of a random and unauthorized access is reduced to approximately one over ten thousand or the fourth power of one tenth. Therefore, four rounds have a random guessing probability that approximately equals the probability of guessing a 4-digit PIN number as it is used to log into an ATM. The security can be improved by presenting more images per round. However, when handheld and mobile devices are being used, it is difficult to present a large number of images simultaneously on the display of the mobile device because the portability of the device also mandates the display to be small.
FIG. 1A illustrates a first conventional fixed grid graphical user authentication system. FIG. 1B shows a schematic caricature version of the first conventional fixed grid graphical user authentication system.
The system shown in FIG. 1B presents a fixed grid arrangement of images to the user. All but one of the images shown are decoy images 110. One of the images is a secret image 120 that has been previously selected by the user. To be authenticated, the user must identify the correct secret images in several rounds of trials. The decoy 110 and secret 120 images are not pictures of faces.
Most conventional fixed grid systems use a 3×3 grid to correspond to the keypad of the telephone. Further, most conventional systems use images that belong to the user himself. The whole image is used, so each secret image corresponds to a total of one secret.
An exemplary implementation of this first conventional method is described in “Déjà Vu: A User Study Using Images for Authentication,” Rachna Dhamija, Adrian Perrig, Proceedings of the 9th USENIX Security Symposium, 2000.
FIG. 2A shows a second conventional fixed grid graphical user authentication system. FIG. 2B shows a schematic caricature version of the second conventional fixed grid graphical user authentication system.
The system shown in FIG. 2B also presents a fixed grid arrangement of images to the user. In this system too, all but one of the images shown are decoy images 210 and one of the images is a secret image 220 that has been previously selected by the user. Here too, the user must identify the correct secret image in several rounds of trials. In the second system, however, the decoy 210 and secret 220 images are pictures of human faces. Recognition of human faces is easier for a user.
This second conventional method is described in “Distributed Client/Server Computer Network,” A. E. Ryan, U.S. Pat. No. 6,981,016, issued Dec. 27, 2005, and in “Personal identification devices and access control systems,” John H. E. Davies, U.S. Pat. No. 5,608,387, issued Mar. 14, 1997.
Both systems use whole images as their decoy and secret images and are prone to attacks by shoulder surfing, social engineering, image analysis and a variety of other types of attacks. Shoulder surfing occurs when an attacker looks over a user's shoulder and is able to view the some portion of the image. By viewing only the upper portion, or any other border portion of the image, the attacker is able to identify the whole image in a grid.
The conventional fixed grid systems require extensive training of the user. This is due to the fact that the user may need to memorize a greater number of pictures.
The larger the number of images shown in a grid, the lower the probability of a random guess. So, to increase security, it is desirable to fit a large number of images in the grid. The fact that the images may become unrecognizable if reduced to be smaller than a certain size, makes the conventional fixed grid arrangements unsuitable for handheld and mobile devices with smaller screens.
Therefore, there is a need for graphical authentication systems and methods that provide improved security. There is a further need for graphical authentication systems and methods that may be deployed on handheld mobile devices with small screens.