Apple reveals new Password Gestures to Strengthen the Authentication Process of Future iDevices and Macs
Earlier today we posted a report titled "Two new Biometric Patents from Apple Surface Covering Anti-Spoofing Measures and More" that covered a new "doodle" authentication process. In another patent application filing published by the US Patent & Trademark Office today, Apple reveals the next level of passcode authentication process for iDevices and Macs that involve a color coded combination feature covering "password gestures." The new method is to both strengthen the current authentication process using Touch ID and to provide an alternative method of authentication for those Apple fans that have decided to opt out of using Touch ID due to their distrust of the US government's NSA spying processes that have been in the news of late. The race is on to secure these next-gen authentication processes, as others like Samsung have patents on record for this, though Apple's filings are dated a year or more ahead of theirs. And with Apple suing Samsung over "Slide to Unlock," securing patents for this advanced process is important. UPDATE April 19, 2014 11 PM PST - Addressing Fanatical Android Fans
Apple's Patent Background
Electronic devices and in particular portable electronic devices (e.g., portable media players, cellular telephones and notebook and tablet computers) are increasingly used for storing various types of information. Such information may include confidential information such as phone numbers, personal and professional contacts, electronic communications, information relating to finances or financial accounts, business related projects and documents, personal photos and videos, personal and business contacts, and so forth. Storing such information on a portable electronic device allows a user to access the information wherever the user may take the device. However, storing such information on a portable electronic device may also increase the risk that confidential information may be lost, stolen, or accessed by an unauthorized person.
Some electronic devices are configured with security measures to decrease accessibility of confidential information to unauthorized parties. However, conventional security measures such as the use of alphanumeric security codes (e.g., passwords, personal identification numbers [PINs], etc.) may not provide adequate security. In particular, screens or fields for entering a password or PIN may be visible to a bystander who may be able to view the entered security code. Furthermore, users may select a password or PIN which may be guessed relatively easily and may not provide a high degree of security for the stored confidential information.
Apple's Invention Thinks beyond Touch ID for Security
Apple's invention generally relates to electronic devices, and more specifically to techniques for entering authentication gestures into electronic devices. Today's invention revelations add to the secure measure of Apple's Touch ID. Apple notes that the invention relates to the use of security measures based on non-alphanumeric inputs that are user configurable (as opposed to purely biometric inputs) to control access to restricted information or functions.
Apple notes that access to confidential information may be based on a gesture input via a touch sensitive input device, such as a touch sensitive display or touchpad. A gesture may be used to invoke one or more authentication screens, such as, a gesture entry screen, a gesture replay screen, and a gesture re-entry verification screen, for accessing confidential information or functions that may be otherwise unavailable.
In certain embodiments of the present disclosure, an authentication gesture entry screen is displayed to allow a user to enter a desired gesture via an array of visible and/or invisible touch sensing areas displayed on a touch sensitive display. To enter or input the authentication gesture, the user travels a path along the touch sensing areas using one or more fingers until achieving a desired gesture.
A gesture replay screen is then displayed to allow the user to repeatedly view an estimate of the gesture initially entered by the user on the gesture entry screen until the user decides to stop the repeated replays. A gesture verification screen is subsequently displayed to allow the user to re-enter the initially entered and viewed gesture via a similar array of visible and/or invisible touch sensing areas displayed on the touch sensitive display.
If the re-entered gesture is substantially the same as the gesture entered and viewed on the gesture entry and gesture replay screens, respectively, then the verified gesture is saved for the purpose of user authentication and/or authorization.
Although Apple emphasizes that this new passcode gesture system is for iDevices, they also note that it could also apply to Macs with a touchpad or a desktop using their magic trackpad or other method, perhaps using the magic mouse with a gesture input update.
Apple's patent FIG. 5 noted below depicts an example of entered gestures; FIG. 6 depicts an example of an entry of a gesture and a strength indicator on the screen; and FIGS. 6A-6D depict alternative examples of entries of gestures and corresponding strength indicators on the screen.
Entry of Gesture and Color-Varying Visible Traces of the Gesture
Apple's patent FIG. 8 noted below depicts an example of an entry of a gesture and color-varying visible traces of the gesture on the screen of FIG. 4
As depicted in FIG. 8 above, the visible traces 74A, 74B, 74C, 74D may originate from the center of the estimated position of the gesture, and follow the path of gesture strokes performed by the user until the completion of the gesture.
The visible traces 74A, 74B, 74C, 74D may be displayed with both varying colors and lengths depending on gesture parameters such as the speed of the gesture stroke 64, the strength of the gesture, and the time elapsed during the entering of the gesture. For example, again referring to FIG. 8, as the user moves his or her finger through the path from graphical element 60A to graphical element 60I, the visible traces 74A, 74B, 74C, 74D may each display varying colors 76A-76D (e.g., red, orange, yellow, green, and so forth) according to the speed of the gesture stroke, as the speed of the gesture stroke may contribute to the strength of the gesture.
Setting the new Passcode Gesture Authentication Security Feature
According to Apple, the authentication process may begin with the electronic device displaying the gesture entry screen #62A. For example, the gesture entry screen may appear as depicted in Apple's patent FIG. 12. The user may see an introductory screen element #102, and selectable screen element #104 (noted below in the yellow box) prompting the user to select the screen element to setup or establish an authentication gesture.
The gesture replay screen #62B, as depicted in Apple's patent FIG. 15, may be included in the gesture authentication process to allow the user to view or review one or more complete cycles of the gesture entered by the user on the previous gesture entry screen #62A. That is, instead of entering a gesture, the user watches via the replay screen a repeated replay of the already entered gesture to commit the entered gesture to memory and/or to confirm that the replayed gesture is indeed the gesture intended by the user.
The Verification Process
In the verification process noted in patent FIG. 19 above, Apple notes that if the re-entered gesture is estimated as incorrect or inconsistent with the initially entered gesture (e.g., entered via gesture entry screen 62A), then each contact disc of each graphical element inconsistent with those of the initially entered gesture may display a color 114B (e.g., red or orange) to indicate a discrepancy of the gesture to the user.
An Apple Flowchart
Apple isn't Alone in Seeking New Authentication Combination Processes
There's a rush of patent filings from tech companies in respect to locking down their version of future Authentication processes. In March of this year we illustrated a patent figure from a recent patent filing by Raytheon covering a new biometric process that involved a combination of differing finger fingerprints with a retina scan in a custom authentication pass process.
Last week Samsung filed for a new authentication process patent to shore up the security process when using their new fingerprint scanner as noted below. Patent Bolt will be reviewing that patent very shortly. The patent figures below illustrate that they will provide the options to users to set a combination security code for their e-wallet application.
Trust in the security process is going to be a huge factor in determining when it'll really be safe to use e-commerce electronic wallets in the future. The race is on to get these patents granted and secured as it could be a big deal in respect to future patent disputes.
Apple credits Brandon Casey, Jake Logan, Erik Cressall and Stephen Cotterill as the inventors of patent application 20140109010 which was originally filed in Q4 2012. Apple also filed a second application by the same name under number 20140109018. Considering that this is a patent application, the timing of such a product to market is unknown at this time.
A Note for Tech Sites covering our Report: We ask tech sites covering our report to kindly limit the use of our graphics to one image. Thanking you in advance for your cooperation.
Android Fans Get Upset Over Nothing
A band of fanatical Android fans have decided to express their anger over Apple's patent application covered in this report on Reddit today (April 19, 2014) based on a faulty byline from Cult of Android. One Android fan begins his tirade with "this is the most outrageous thing I ever seen. For Apple to not only copy what is clearly an Android feature...."
Android fans have failed to actually compare Apple's patent application to that of Google's patent application 20110283241. This number was provided by an angry Android fan in our comment section below. I deleted the rest of his insulting language because it's irrelevant to the argument.
What I'm hearing from the Android community is that they looked at a series of dots on a screen noted in Apple's patent application above and immediately thought that they were the same dots on an Android phone screen. If they would actually read what's in the patent filing they'd be able to clearly see that Apple's approach is completely different from merely hitting static dots on a screen in a particular set pattern like a phone pad.
Apple's patent clearly shows that the pathway chosen to reach the dots on a touchscreen could be tracked and set as an authentication code. In patent FIG. 6C noted above we're clearly able to see a user getting from the first dot to the third dot taking a looping path instead of going through the second dot. The touch-based pattern to get to the third dot is what's being logged in as an authentication "gesture" and a part of the authentication code. That's far beyond simply hitting static dots like Google's lock page.
In Apple's patent point number 062 they further note: "Thus, in the depicted example a simple gesture from a first graphical element to a second graphical element, excluding path, speed, distance, and so forth, may yield at least 81 (i.e., 9.times.9 touch sensing areas) possible combinations." Imagine when you actually add speed to the equation. Does Android use speed as one of it's measures in determining an authentication code? Does their patent cover this functionality at all? Does the touch areas around the dots count as part of the authentication code in Android? Of course not. Android's lock screen is simply a matter of hitting of static dots.
In another patent point Apple states: "In one embodiment, the gesture entry screen is displayed to allow a user to enter a desired gesture via an array of visible graphical elements including illuminated dots, invisible touch-sensing areas including hidden dots and/or hidden lines, or a combination of visible graphical elements and touch-sensing areas on a touch-sensitive display.
To enter or input the gesture, the user travels a path at least along, between, near, or around the visible graphical elements using one or more fingers until achieving a desired gesture, or until a strength estimation indicator displayed on the gesture entry screen indicates to the user that the entered gesture is estimated as a strong gesture.
Does Google's patent decribe this kind of sophistication for their authentication system. No, it's just about static dots in a particular pattern.
Angry Android fans just saw dots and screamed blue murder. These excitable fans simply jumped to conclusions that Apple's patent was copying Google's static dot method and stopped thinking.
Apple has a similar static dot system on iDevices today. It's a simple numeric pad styled passcode page as noted below in a screenshot of my iPad. Its numbers are in hollow dots. No Android fan has ever lost their cool over that simple passcode visual. And yet when the hollow dots with numbers in them turn into simple black dots, the monkeys ratlle their cages, foam at the mouth, hurl insults, use profanity and scream that Apple copied Google's Android feature. How insanely shallow.
Apple's latest patent simply advances what Apple already has in place today: a Passcode lock page. It goes so far beyond Google's black dots and simple sequences that it's not even funny. It's incomparable. Apple is already miles ahead of Android with Touch ID, yet some Apple fans may not choose to use it for any number of reasons. So Apple is planning to accomodate those fans by providing them with a more sophisticated passcode mechanism that's already in place today.
At the end of the day, why are Androider's so upset? Well, responsible Androiders aren't. It's only their fanatical wing of fans in this case that have gone mad because someone screamed that a series of static button images translated into Apple stealing Google's oh so boring invention. It's simply not the case if they would have actually taken the time to read the patent application that we linked to for their convenience. I guess that's just not in the cards for these angry folks, and I can't help that.
Though if it makes you feel any better, Cult of Android's article, that was written by a long standing Apple fan, made the same mistake of jumping to conclusions based on a visual image.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. Revelations found in patent applications shouldn't be interpreted as rumor or fast-tracked according to rumor timetables. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 4am to 8pm MST and sporadically over the weekend.
New on Patent Bolt this Week
Samsung Invents Squeeze, Squash and Stretch Controls for Future Flexible Displays and Galaxy Smart Devices
An Avalanche of new Google Contact Lens Patents Come to Light
Google Invents Micro Camera System for Future Contact Lenses