Presenting a new(?) idea for free open source software development.

Discussion in 'C++' started by Ingvald Straume (from Norway - Europe), Aug 7, 2005.

  1. Hi!

    I'm a 32 years old novice to average programmer, and I have an idea
    which I believe to be fairly good: An authentification system to
    replace the old fashion password authentification method. The general
    idea is that a user - using the computer mouse - draws his/her
    signature onto a canvas on the login screen. The login program records,
    from millisecond to millisecond, the mouse motions and the curve drawn
    on the canvas by the user. Then the program compares the curve with an
    already stored pattern which has been preadapted to match the authentic
    users graphical mouse signature.

    I believe that this method will have some advantages compared to the
    traditional password security system:

    1) A graphical mouse login and authentification system is safe: Even if
    an intruder knows what the true user's signature looks like, he won't
    be able to reproduce it, because that requires that the signature is
    drawn in the true user's individual style and timing.

    2) Users will no longer need to remember passwords.

    A couple of years ago I wrote a demo-version ("beta 0.01 release") of
    the program. (Unfortunately It's in MS Visual Basic, because that was
    the tool available to me at the time of writing.) I will be happy to
    submit both the program and the source code, if anyone might be
    interested in discussing or colaborating on the idea.

    sincerely
    Ingvald Straume
    Norway, Europe
    Ingvald Straume (from Norway - Europe), Aug 7, 2005
    #1
    1. Advertising

  2. I'm not sure if that would be a good idea for everyone. I'm a horrible
    handwriter and so I would not be able to use a program like that.
    twoeyedhuman1111, Aug 7, 2005
    #2
    1. Advertising

  3. Ingvald Straume (from Norway - Europe) wrote:

    > Hi!
    >
    > I'm a 32 years old novice to average programmer, and I have an idea
    > which I believe to be fairly good: An authentification system to
    > replace the old fashion password authentification method. The general
    > idea is that a user - using the computer mouse - draws his/her
    > signature onto a canvas on the login screen. The login program records,
    > from millisecond to millisecond, the mouse motions and the curve drawn
    > on the canvas by the user. Then the program compares the curve with an
    > already stored pattern which has been preadapted to match the authentic
    > users graphical mouse signature.
    >


    I believe that you're idea can be realized, there are just a few issues that
    needs to be addressed first (perhaps you already thought of this):

    Is it possible to create an unique signature this way using the mouse, that
    can be reproduced? What is the trade-off between security and tolerance in
    regards to comparing the predefined signature to the signature produced?

    Also, I believe there is something similar already done, but that was more
    about being able to issue commands by moving the mouse in different
    patterns (can't remember the name, though).

    Lastly, good luck.
    --
    (Should insert humorous quotation here)
    Magnus Jonneryd, Aug 8, 2005
    #3
  4. Ingvald Straume (from Norway - Europe)

    ulrich Guest

    On 8 Aug 2005 10:52:30 +0200, Magnus Jonneryd
    <> wrote:

    > Also, I believe there is something similar already done, but that was
    > more
    > about being able to issue commands by moving the mouse in different
    > patterns (can't remember the name, though).


    the Opera browser features "mouse gestures".
    also, some PDAs (or similar devices) us a simplified alphabet to allow the
    user to handwrite her input to the touchsensitive screen, iirc.
    ulrich, Aug 8, 2005
    #4
  5. Ingvald Straume (from Norway - Europe)

    ulrich Guest

    On 7 Aug 2005 13:50:54 -0700, Ingvald Straume (from Norway - Europe)
    <> wrote:

    > Hi!
    >
    > I'm a 32 years old novice to average programmer, and I have an idea
    > which I believe to be fairly good: An authentification system to
    > replace the old fashion password authentification method. The general
    > idea is that a user - using the computer mouse - draws his/her
    > signature onto a canvas on the login screen. The login program records,
    > from millisecond to millisecond, the mouse motions and the curve drawn
    > on the canvas by the user. Then the program compares the curve with an
    > already stored pattern which has been preadapted to match the authentic
    > users graphical mouse signature.
    >
    > I believe that this method will have some advantages compared to the
    > traditional password security system:
    >
    > 1) A graphical mouse login and authentification system is safe: Even if
    > an intruder knows what the true user's signature looks like, he won't
    > be able to reproduce it, because that requires that the signature is
    > drawn in the true user's individual style and timing.
    >
    > 2) Users will no longer need to remember passwords.
    >
    > A couple of years ago I wrote a demo-version ("beta 0.01 release") of
    > the program. (Unfortunately It's in MS Visual Basic, because that was
    > the tool available to me at the time of writing.) I will be happy to
    > submit both the program and the source code, if anyone might be
    > interested in discussing or colaborating on the idea.



    i to not think that mouse is well suited for a human to reproduce a
    signature without frequent rage attacks...
    just think of the mouse being quite crappy, or dirty -
    more serious: how do you address the problem that mouse drivers may move
    the cursor on the screen by a different distance for the very same
    distance the mouse moved on the table? they all feature adjustable mouse
    speed, imho.

    and worse: i would never enter my signature graphically into any computer
    where the image _may_ be stored or even stolen by hackers...
    ulrich, Aug 8, 2005
    #5
  6. ulrich wrote:

    > On 7 Aug 2005 13:50:54 -0700, Ingvald Straume (from Norway - Europe)
    > <> wrote:
    >
    >> Hi!
    >>
    >> I'm a 32 years old novice to average programmer, and I have an idea
    >> which I believe to be fairly good: An authentification system to
    >> replace the old fashion password authentification method. The general
    >> idea is that a user - using the computer mouse - draws his/her
    >> signature onto a canvas on the login screen. The login program records,
    >> from millisecond to millisecond, the mouse motions and the curve drawn
    >> on the canvas by the user. Then the program compares the curve with an
    >> already stored pattern which has been preadapted to match the authentic
    >> users graphical mouse signature.
    >>
    >> I believe that this method will have some advantages compared to the
    >> traditional password security system:
    >>
    >> 1) A graphical mouse login and authentification system is safe: Even if
    >> an intruder knows what the true user's signature looks like, he won't
    >> be able to reproduce it, because that requires that the signature is
    >> drawn in the true user's individual style and timing.
    >>
    >> 2) Users will no longer need to remember passwords.
    >>
    >> A couple of years ago I wrote a demo-version ("beta 0.01 release") of
    >> the program. (Unfortunately It's in MS Visual Basic, because that was
    >> the tool available to me at the time of writing.) I will be happy to
    >> submit both the program and the source code, if anyone might be
    >> interested in discussing or colaborating on the idea.

    >
    >
    > i to not think that mouse is well suited for a human to reproduce a
    > signature without frequent rage attacks...
    > just think of the mouse being quite crappy, or dirty -
    > more serious: how do you address the problem that mouse drivers may move
    > the cursor on the screen by a different distance for the very same
    > distance the mouse moved on the table? they all feature adjustable mouse
    > speed, imho.


    This can probably be solved since the mouse moves with a constant speed
    (assuming that the user won't change speed during login) and will cause the
    signature to be evenly "flawed". Just one problem though, assume there's
    two users with virtually the same signature, but one of them uses bigger
    strokes... How do you distinguish between those?

    >
    > and worse: i would never enter my signature graphically into any computer
    > where the image _may_ be stored or even stolen by hackers...


    This on the other hand is probably quite a big flaw. But isn't this always a
    problem?

    --
    (Should insert humorous quotation here)
    Magnus Jonneryd, Aug 8, 2005
    #6
  7. Ingvald Straume (from Norway - Europe)

    ulrich Guest

    On 8 Aug 2005 14:09:30 +0200, Magnus Jonneryd
    <> wrote:

    >> and worse: i would never enter my signature graphically into any
    >> computer
    >> where the image _may_ be stored or even stolen by hackers...

    >
    > This on the other hand is probably quite a big flaw. But isn't this
    > always a
    > problem?


    yes, but my password cannot be used to sign real-world documents.
    just imagine a fax of poor quality: nobody could distinguish if i really
    signed the original, or if somebody copied a bitmap image of my signature.

    ulrich
    ulrich, Aug 8, 2005
    #7
  8. ulrich wrote:

    > On 8 Aug 2005 14:09:30 +0200, Magnus Jonneryd
    > <> wrote:
    >
    >>> and worse: i would never enter my signature graphically into any
    >>> computer
    >>> where the image _may_ be stored or even stolen by hackers...

    >>
    >> This on the other hand is probably quite a big flaw. But isn't this
    >> always a
    >> problem?

    >
    > yes, but my password cannot be used to sign real-world documents.
    > just imagine a fax of poor quality: nobody could distinguish if i really
    > signed the original, or if somebody copied a bitmap image of my signature.
    >
    > ulrich


    Good point, didn't think of that. I assumed that he meant that the signature
    you were supposed to use should be a symbol or something, not your real
    signature. But then you would have to remember that one and that would sort
    of negate the benefits of not having to remember ones password.

    --
    (Should insert humorous quotation here)
    Magnus Jonneryd, Aug 8, 2005
    #8
  9. Ingvald Straume (from Norway - Europe)

    Maett Guest

    ulrich wrote:

    > [snip]
    > and worse: i would never enter my signature graphically into any
    > computer where the image _may_ be stored or even stolen by hackers...


    But you would enter your password into this computer ?
    It "_may_ be stored or even stolen by hackers" even easier...

    Maett
    Maett, Aug 8, 2005
    #9
  10. Ingvald Straume (from Norway - Europe)

    Ram Guest

    >
    > I'm a 32 years old novice to average programmer, and I have an idea
    > which I believe to be fairly good: An authentification system to
    > replace the old fashion password authentification method. The general
    > idea is that a user - using the computer mouse - draws his/her
    > signature onto a canvas on the login screen. The login program records,
    > from millisecond to millisecond, the mouse motions and the curve drawn
    > on the canvas by the user. Then the program compares the curve with an
    > already stored pattern which has been preadapted to match the authentic
    > users graphical mouse signature.
    >
    > I believe that this method will have some advantages compared to the
    > traditional password security system:
    >
    > 1) A graphical mouse login and authentification system is safe: Even if
    > an intruder knows what the true user's signature looks like, he won't
    > be able to reproduce it, because that requires that the signature is
    > drawn in the true user's individual style and timing.
    >
    > 2) Users will no longer need to remember passwords.
    >
    > A couple of years ago I wrote a demo-version ("beta 0.01 release") of
    > the program. (Unfortunately It's in MS Visual Basic, because that was
    > the tool available to me at the time of writing.) I will be happy to
    > submit both the program and the source code, if anyone might be
    > interested in discussing or colaborating on the idea.


    How this is related to this newsgroup?
    Ram, Aug 9, 2005
    #10
  11. There is a trade-off, yes. But I think I've found an interresting way
    to deal with that problem.

    The program, the sorce code files and a ReadMe-file explaining the
    concept, may be downloaded from:

    http://www.refsdal.org/vb/Readme.doc
    http://www.refsdal.org/vb/SignatureDemo.zip

    You'll need Microsoft Windows and the proper VisualBasic framework
    installed to make the exe-file execute properly.

    -Ingvald
    Ingvald Straume (from Norway - Europe), Aug 9, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. C++HeadHunter
    Replies:
    3
    Views:
    438
    C++HeadHunter
    Dec 13, 2004
  2. Replies:
    124
    Views:
    2,013
    Robert C. Martin
    Nov 12, 2005
  3. Janos Koppany
    Replies:
    0
    Views:
    1,047
    Janos Koppany
    Aug 18, 2003
  4. Replies:
    131
    Views:
    2,140
    Robert C. Martin
    Nov 12, 2005
  5. Replies:
    134
    Views:
    1,849
    Robert C. Martin
    Nov 12, 2005
Loading...

Share This Page