你是不是曾經(jīng)忘記過郵箱密碼?網(wǎng)上支付時你會不會對安全性有點擔心?一種新的筆記認證系統(tǒng)即將誕生,只要你會寫字,留下你得筆跡,就可以免去輸入密碼的麻煩和困擾。
Recognising your own handwriting rather than remembering a password could be used for online identification, new research shows.
一項新研究表明,要實現(xiàn)在線身份認證,可以采用識別自己筆跡的方式,而不再需要記住密碼。
Your handwriting could be the best form of online security, say the developers of a new system that may one day replace difficult-to-remember passwords and PIN codes. With the new authentication program Dynahand, users just need to be able to recognise their own writing.
這種新系統(tǒng)的開發(fā)人員稱,個人筆跡可以成為保障在線安全的最佳方式,該系統(tǒng)有朝一日可能會取代難記的密碼和個人身份識別碼。采用這種名為Dynahand的新型認證程序,用戶只需能夠識別他們自己的筆跡就可以了。
"I know it's my handwriting, but I don’t know how I know. I can't explain to somebody else how I do it," says Dr. Karen Renaud, a computer scientist and lecturer at the UK's University of Glasgow. She argues that's what makes the system more secure than coming up with a standard password, which is repeated over and over at different sites, can be shared with a friend, or stolen by an adversary.
“我知道這是我的筆跡,但我不清楚自己為何知道,也無法向其他人解釋我是如何做到這一點的,”英國格拉斯哥大學講師、計算機科學家卡倫-雷諾說道。她認為正是這一點使得該系統(tǒng)比利用一般的密碼要更安全,因為后者會在多個不同的網(wǎng)站反復輸入,可以被朋友分享,甚至會被懷有惡意的人所盜取。
The system works using handwritten numbers instead of letters because although others may be able to recognise your penned words, they're not so good at distinguishing your handwritten numerals.
該系統(tǒng)利用的是手寫數(shù)字而非字母,這是因為別人或許能認出你的手寫單詞,卻未必能輕易地識別出你手寫的數(shù)字。
In the laboratory test, Renaud asked 11 people to write the numbers 0 to 9 several times. She asked other volunteers to provide samples of their numerals, too, but these were eventually used to distract the study participants. She then scanned the numbers into a computer and used a software program, or algorithm, written by colleague Elin Olsen, to analyse the characteristics of the handwriting, such as height and width of strokes. The algorithm also kept track of which numerals belonged to which person and whose handwriting was more similar or distinct.
在進行實驗室測試時,雷諾讓11個人把從0到9的數(shù)字寫上幾遍,接著她讓其他志愿者也提供他們手寫數(shù)字的樣本,但這些樣本最終只是用來分散實驗參與者的注意力的。然后她將這些數(shù)字掃描進電腦,并利用同事埃琳-奧爾森編寫的軟件程序也就是算法來分析這些筆跡的特征,如筆劃的高度和寬度等。通過算法,還進一步記下這些數(shù)字相應的書寫者以及筆跡較相似或更為不同的人士。
At authentication, the program showed the participant a series of five-number handwritten PINs, each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it. Instead the participant clicked on the PIN written in his or her handwriting. If they got it right, the program showed them another set of PINs. They then clicked again on the correct image.
認證時,該程序給各參與者顯示出一連串由五位數(shù)字組成的手寫個人身份識別碼,每個識別碼都是從手寫數(shù)字中隨機抽取生成的。但數(shù)字本身并不重要,用戶也無須去記住它們。參與者需要做的只是點擊他們自己手寫的識別碼。如果他們選對了,那么程序就會顯示出另一串認證碼。接著他們就得再次點擊選擇正確的圖像。
The program shows the user four sets of PINs, which takes about 28 seconds to complete, but ensures a higher level of security than just showing one set. And as with other PIN-password system, three wrong attempts and you're locked out.
該套程序一共會向用戶顯示四組身份識別碼,雖然完成全部認證需時約二十八秒,但與只顯示一組識別碼比起來,四組的安全度更高。此外,與其他識別碼或密碼系統(tǒng)一樣,如果你連續(xù)三次嘗試失誤,就會被鎖定。
In the test, 10 of the 11 people recognised their own handwriting consistently. Although most of the people got it right, 11 participants is a low number to demonstrate the effectiveness of the technology, says Steve Furnell, professor of information systems security at the UK's University of Plymouth. "But the idea itself is very interesting," he says.
來自英國普利茅斯大學的信息系統(tǒng)安全教授史蒂夫-費內(nèi)爾說,在此次測試中,11人中有10人始終都能認出自己的筆跡。雖然大部分人都選對了,但11名參與者還是人數(shù)太少,不足以證明該項技術(shù)的有效性。他又說道:“但這個想法本身是非常有趣的。”
In addition, although Renaud does not believe that this password method is robust enough to be used for sites with high-level security, such as online banking or e-commerce, it could work as a second layer on such sites, e.g., when you are changing an address or credit card information.
另外,雷諾認為雖然這種密碼識別方法尚不夠成熟,還無法用于高安全級別的網(wǎng)站上,如網(wǎng)上銀行或電子商務(wù),但卻可以在此類網(wǎng)站上充當?shù)诙腊踩谰,如在你修改地址或信用卡信息時使用。