|
The patented visual Key technology |
|
|
Visual Key technology
A picture is worth a thousand words
|
Most operating systems and many programs require the user to identify himself.
Usually this is effected by typing in a text password. For security reasons,
these passwords should not be created associatively (NOT the children's
first names, NOT the wedding day, etc.). Furthermore, the passwords should
be changed regularly.
Thus most computer users have to memorize several difficult and ever
changing passwords. This results in severe safety gaps, as many users
either ignore these rules or - even worse - write their passwords down.
|
The disadvantages sketched above should be eliminated in an economical
and uncomplicated way. This can be achieved by the use of passwords
based on pictures. It is much easier for people to remember pictures
(or parts of pictures) than text. Besides, associations with pictures
are more variegated and individual.
The input of a visual password is effected by selecting several spots
in a picture (e.g. by mouse click). There are some more advantages to
this method:
- This procedure is not limited to systems equipped with
keyboards but may also be employed on touch screens or kiosk systems.
- In comparison to other methods, such as biometric identification
technologies, in general no additional hardware is required to
employ it, since virtually all today's computer systems are
equipped with a mouse or other input device.
- Contrary to biometric identification technologies, there is
no direct correlation between the identification and the person
identifying. Several persons may even use the same password.
|
As a first step to define a password the user chooses an image. This may
be any picture with a multitude of distinguishable details. Then the user
selects one or more spots in the picture by mouse click or using another
input device. The password will be created from the selected points and
their order.
The chosen details and their sequence are easy to remember. Additionally,
the picture itself helps the user to form individual associations ("there
is a BOAT on the RIVER, passing a MAN wearing a HAT").
In order to identify himself to the system later on, the user just has
to pick the selected spots in their original order in the given picture.
|
Before generating the password the program divides the selected picture
(not necessarily visibly to the user) into cells. The number of created
cells forms the maximum character set (the "alphabet") for the password,
each cell representing a single character.
In order to define a password, the user may select any desired spots in
the picture: The character of the cell belonging to the spot will be
transferred to the password. Later on, the user identifies himself by
choosing the same order of clicks, thus composing the same password again.
There are two different procedures to divide the image into cells:
|
The image is divided into regular sized cells (e.g. rectangles or hexagons).
When defining a password this grid is shifted with each input so that any
selected spot is situated exactly in the center of a cell. Since it is as
good as impossible to hit exactly the same spots (pixels) again when entering
the password, this shifting of the entire grid defines the whole cell as
valid input area, thus permitting small deviations in any direction.
Apart from the graphic, the cell size and the offsets of all grid shifts
must be stored. All this information will be needed to generate the correct
password from the user's input. However, it is neither necessary nor desirable
to store the password itself.
The security of the password depends on the cell size as well as the width
and height of the underlying graphic, since these data determine the total
number of cells and thus the range of the alphabet.
Our products SFR Password,
visKeeper and
visCrypt
use the regular allocation procedure.
Additionally, for each click the the first cell's value is randomized and stored.
Thus the first cell does not always represent the character "A" but may contain
any character.
|
With the irregular allocation of a graphic its particularities can be
taken into account (distinct spots, individual symbols, remarkable areas).
In this case the allocation is executed either manually or through appropriately
"intelligent" programs. In contrast to the first procedure there is no
unspecific fault tolerance. Therefore the user and the creator of the
mask have to agree upon which regions are valid to click (e.g. "edge"
or "surface").
In addition to the graphic the complete mask (the alphabet) must be stored.
Again the security level of the password depends on the range of the
alphabet (total number of defined areas).
You will find interesting facts about graphical passwords in the article
" The Design and Analysis of graphical Passwords" by the
USENIX Association.
|
|
|
|
News 
|
|
|
02/04/2010
|
|
SFR Calculator for Windows Phone
is available for a reduced price in February.
Pay only USD 4.97 for this perfect calculator using the discount code SFRFEB50.
Find out more about SFR Calculator here.
|
|
02/04/2010
|
|
SFR Password for Windows Phone
is available for a reduced price in February.
Pay only USD 11.40 for the most secure login solution using the discount code SFRFEB50.
Find out more about SFR Password here.
|
|
12/21/2009
|
|
SFR Software GmbH presents:
SFR Calculator for Windows Phone
SFR Calculator is the successor of our well known product calcPad for Pocket PC.
A brand new user interface and many new functions will make sure, you never
need or miss your old calculator again.
Find out more about SFR Calculator here.
|
|
|
