Presenting a new(?) idea for free open source software development.

[Ingvald Straume (from Norway - Europe)]

Hi!

I'm a 32 years old novice to average programmer, and I have an idea
which I believe to be fairly good: An authentification system to
replace the old fashion password authentification method. The general
idea is that a user - using the computer mouse - draws his/her
signature onto a canvas on the login screen. The login program records,
from millisecond to millisecond, the mouse motions and the curve drawn
on the canvas by the user. Then the program compares the curve with an
already stored pattern which has been preadapted to match the authentic
users graphical mouse signature.

I believe that this method will have some advantages compared to the
traditional password security system:

1) A graphical mouse login and authentification system is safe: Even if
an intruder knows what the true user's signature looks like, he won't
be able to reproduce it, because that requires that the signature is
drawn in the true user's individual style and timing.

2) Users will no longer need to remember passwords.

A couple of years ago I wrote a demo-version ("beta 0.01 release") of
the program. (Unfortunately It's in MS Visual Basic, because that was
the tool available to me at the time of writing.) I will be happy to
submit both the program and the source code, if anyone might be
interested in discussing or colaborating on the idea.

sincerely
Ingvald Straume
Norway, Europe

 

[twoeyedhuman1111]

I'm not sure if that would be a good idea for everyone. I'm a horrible
handwriter and so I would not be able to use a program like that.

 

[Magnus Jonneryd]

Hi!

I'm a 32 years old novice to average programmer, and I have an idea
which I believe to be fairly good: An authentification system to
replace the old fashion password authentification method. The general
idea is that a user - using the computer mouse - draws his/her
signature onto a canvas on the login screen. The login program records,
from millisecond to millisecond, the mouse motions and the curve drawn
on the canvas by the user. Then the program compares the curve with an
already stored pattern which has been preadapted to match the authentic
users graphical mouse signature.

I believe that you're idea can be realized, there are just a few issues that
needs to be addressed first (perhaps you already thought of this):

Is it possible to create an unique signature this way using the mouse, that
can be reproduced? What is the trade-off between security and tolerance in
regards to comparing the predefined signature to the signature produced?

Also, I believe there is something similar already done, but that was more
about being able to issue commands by moving the mouse in different
patterns (can't remember the name, though).

Lastly, good luck.

 

[ulrich]

Also, I believe there is something similar already done, but that was
more
about being able to issue commands by moving the mouse in different
patterns (can't remember the name, though).

the Opera browser features "mouse gestures".
also, some PDAs (or similar devices) us a simplified alphabet to allow the
user to handwrite her input to the touchsensitive screen, iirc.

 

[ulrich]

Hi!

I'm a 32 years old novice to average programmer, and I have an idea
which I believe to be fairly good: An authentification system to
replace the old fashion password authentification method. The general
idea is that a user - using the computer mouse - draws his/her
signature onto a canvas on the login screen. The login program records,
from millisecond to millisecond, the mouse motions and the curve drawn
on the canvas by the user. Then the program compares the curve with an
already stored pattern which has been preadapted to match the authentic
users graphical mouse signature.

I believe that this method will have some advantages compared to the
traditional password security system:

1) A graphical mouse login and authentification system is safe: Even if
an intruder knows what the true user's signature looks like, he won't
be able to reproduce it, because that requires that the signature is
drawn in the true user's individual style and timing.

2) Users will no longer need to remember passwords.

A couple of years ago I wrote a demo-version ("beta 0.01 release") of
the program. (Unfortunately It's in MS Visual Basic, because that was
the tool available to me at the time of writing.) I will be happy to
submit both the program and the source code, if anyone might be
interested in discussing or colaborating on the idea.

i to not think that mouse is well suited for a human to reproduce a
signature without frequent rage attacks...
just think of the mouse being quite crappy, or dirty -
more serious: how do you address the problem that mouse drivers may move
the cursor on the screen by a different distance for the very same
distance the mouse moved on the table? they all feature adjustable mouse
speed, imho.

and worse: i would never enter my signature graphically into any computer
where the image _may_ be stored or even stolen by hackers...

 

[Magnus Jonneryd]

i to not think that mouse is well suited for a human to reproduce a
signature without frequent rage attacks...
just think of the mouse being quite crappy, or dirty -
more serious: how do you address the problem that mouse drivers may move
the cursor on the screen by a different distance for the very same
distance the mouse moved on the table? they all feature adjustable mouse
speed, imho.

This can probably be solved since the mouse moves with a constant speed
(assuming that the user won't change speed during login) and will cause the
signature to be evenly "flawed". Just one problem though, assume there's
two users with virtually the same signature, but one of them uses bigger
strokes... How do you distinguish between those?

and worse: i would never enter my signature graphically into any computer
where the image _may_ be stored or even stolen by hackers...

This on the other hand is probably quite a big flaw. But isn't this always a
problem?

 

[ulrich]

This on the other hand is probably quite a big flaw. But isn't this
always a
problem?

yes, but my password cannot be used to sign real-world documents.
just imagine a fax of poor quality: nobody could distinguish if i really
signed the original, or if somebody copied a bitmap image of my signature.

ulrich

 

[Magnus Jonneryd]

yes, but my password cannot be used to sign real-world documents.
just imagine a fax of poor quality: nobody could distinguish if i really
signed the original, or if somebody copied a bitmap image of my signature.

ulrich

Good point, didn't think of that. I assumed that he meant that the signature
you were supposed to use should be a symbol or something, not your real
signature. But then you would have to remember that one and that would sort
of negate the benefits of not having to remember ones password.

 

[Maett]

[snip]
and worse: i would never enter my signature graphically into any
computer where the image _may_ be stored or even stolen by hackers...

But you would enter your password into this computer ?
It "_may_ be stored or even stolen by hackers" even easier...

Maett

 

[Ram]

I'm a 32 years old novice to average programmer, and I have an idea
which I believe to be fairly good: An authentification system to
replace the old fashion password authentification method. The general
idea is that a user - using the computer mouse - draws his/her
signature onto a canvas on the login screen. The login program records,
from millisecond to millisecond, the mouse motions and the curve drawn
on the canvas by the user. Then the program compares the curve with an
already stored pattern which has been preadapted to match the authentic
users graphical mouse signature.

I believe that this method will have some advantages compared to the
traditional password security system:

1) A graphical mouse login and authentification system is safe: Even if
an intruder knows what the true user's signature looks like, he won't
be able to reproduce it, because that requires that the signature is
drawn in the true user's individual style and timing.

2) Users will no longer need to remember passwords.

A couple of years ago I wrote a demo-version ("beta 0.01 release") of
the program. (Unfortunately It's in MS Visual Basic, because that was
the tool available to me at the time of writing.) I will be happy to
submit both the program and the source code, if anyone might be
interested in discussing or colaborating on the idea.

How this is related to this newsgroup?

 

[Ingvald Straume (from Norway - Europe)]

There is a trade-off, yes. But I think I've found an interresting way
to deal with that problem.

The program, the sorce code files and a ReadMe-file explaining the
concept, may be downloaded from:

http://www.refsdal.org/vb/Readme.doc
http://www.refsdal.org/vb/SignatureDemo.zip

You'll need Microsoft Windows and the proper VisualBasic framework
installed to make the exe-file execute properly.

-Ingvald