時尚雙語:新型手寫數字 讓網上交易更安全
Recognising your own handwriting rather than remembering a password could be used for online identification, new research shows.
Your handwriting could be the best form of online security, say the developers of a new system that may one day replace difficult-to-remember passwords and PIN codes. With the new authentication program Dynahand, users just need to be able to recognise their own writing.
"I know it's my handwriting, but I don’t know how I know. I can't explain to somebody else how I do it," says Dr. Karen Renaud, a computer scientist and lecturer at the UK's University of Glasgow. She argues that's what makes the system more secure than coming up with a standard password, which is repeated over and over at different sites, can be shared with a friend, or stolen by an adversary.
The system works using handwritten numbers instead of letters because although others may be able to recognise your penned words, they're not so good at distinguishing your handwritten numerals.
In the laboratory test, Renaud asked 11 people to write the numbers 0 to 9 several times. She asked other volunteers to provide samples of their numerals, too, but these were eventually used to distract the study participants. She then scanned the numbers into a computer and used a software program, or algorithm, written by colleague Elin Olsen, to analyse the characteristics of the handwriting, such as height and width of strokes. The algorithm also kept track of which numerals belonged to which person and whose handwriting was more similar or distinct.
At authentication, the program showed the participant a series of five-number handwritten PINs, each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it. Instead the participant clicked on the PIN written in his or her handwriting. If they got it right, the program showed them another set of PINs. They then clicked again on the correct image.
The program shows the user four sets of PINs, which takes about 28 seconds to complete, but ensures a higher level of security than just showing one set. And as with other PIN-password system, three wrong attempts and you're locked out.
In the test, 10 of the 11 people recognised their own handwriting consistently. Although most of the people got it right, 11 participants is a low number to demonstrate the effectiveness of the technology, says Steve Furnell, professor of information systems security at the UK's University of Plymouth. "But the idea itself is very interesting," he says.
In addition, although Renaud does not believe that this password method is robust enough to be used for sites with high-level security, such as online banking or e-commerce, it could work as a second layer on such sites, e.g., when you are changing an address or credit card information.
你是不是曾經忘記過郵箱密碼?網上支付時你會不會對安全性有點擔心?一種新的筆記認證系統即將誕生,只要你會寫字,留下你得筆跡,就可以免去輸入密碼的麻煩和困擾。
一項新研究表明,要實現在線身份認證,可以採用識別自己筆跡的方式,而不再需要記住密碼。
這種新系統的開發人員稱,個人筆跡可以成爲保障在線安全的最佳方式,該系統有朝一日可能會取代難記的密碼和個人身份識別碼。採用這種名爲Dynahand的新型認證程序,用戶只需能夠識別他們自己的筆跡就可以了。
“我知道這是我的筆跡,但我不清楚自己爲何知道,也無法向其他人解釋我是如何做到這一點的,”英國格拉斯哥大學講師、計算機科學家卡倫•雷諾說道。她認爲正是這一點使得該系統比利用一般的密碼要更安全,因爲後者會在多個不同的網站反覆輸入,可以被朋友分享,甚至會被懷有惡意的人所盜取。
該系統利用的是手寫數字而非字母,這是因爲別人或許能認出你的手寫單詞,卻未必能輕易地識別出你手寫的數字。
在進行實驗室測試時,雷諾讓11個人把從0到9的數字寫上幾遍,接着她讓其他志願者也提供他們手寫數字的樣本,但這些樣本最終只是用來分散實驗參與者的注意力的。然後她將這些數字掃描進電腦,並利用同事埃琳•奧爾森編寫的軟件程序也就是算法來分析這些筆跡的特徵,如筆劃的高度和寬度等。通過算法,還進一步記下這些數字相應的書寫者以及筆跡較相似或更爲不同的人士。
認證時,該程序給各參與者顯示出一連串由五位數字組成的手寫個人身份識別碼,每個識別碼都是從手寫數字中隨機抽取生成的。但數字本身並不重要,用戶也無須去記住它們。參與者需要做的只是點擊他們自己手寫的識別碼。如果他們選對了,那麼程序就會顯示出另一串認證碼。接着他們就得再次點擊選擇正確的圖像。
該套程序一共會向用戶顯示四組身份識別碼,雖然完成全部認證需時約二十八秒,但與只顯示一組識別碼比起來,四組的安全度更高。此外,與其他識別碼或密碼系統一樣,如果你連續三次嘗試失誤,就會被鎖定。
來自英國普利茅斯大學的信息系統安全教授史蒂夫•費內爾說,在此次測試中,11人中有10人始終都能認出自己的筆跡。雖然大部分人都選對了,但11名參與者還是人數太少,不足以證明該項技術的有效性。他又說道:“但這個想法本身是非常有趣的。”
另外,雷諾認爲雖然這種密碼識別方法尚不夠成熟,還無法用於高安全級別的網站上,如網上銀行或電子商務,但卻可以在此類網站上充當第二道安全防線,如在你修改地址或信用卡信息時使用。
