Turning Mobile Security Upside Down

Share this post:

Hackers won’t know which way your passcode points with this patent 

By James Kozloski, Computational and Applied Neuroscience scientist, IBM Research 

How many numbers long is your smartphone’s log in passcode? The standard four digits? (If you don’t use a login password, you should!) Because my work email and calendar are on my phone, I have to enter an eight-digit code. Not a big deal until I’m trying to pay for coffee, and the barista asks me to rescan my bar-code, so I have to re-enter those eight digits again (and sometimes again) – with angry caffeine-deprived patrons in line behind me.
My ideas for patents are often completely different and separate from my day-to-day job in studying neuroscience. I actually spend most of my time with healthcare clients working on neuro-degenerative diseases, deep brain stimulation, and pharmaceuticals, trying to understand the relationship between brain tissue and the functions that the brain implements, such as behavior selection.

I think of patents this way: what are the systems and methods around us that could be improved to solve a problem I’ve identified? So, even if I don’t have the specific technical expertise, I can explain how something should work, and then seek out a colleague with the expertise to bring something to a patentable stage.

In commiserating about smartphone passcode follies with a colleague, we realized that alpha-numeric digits for a passcode could be reduced if coupled with an orientation, since adding orientation would actually change the probability that any one digit is actually the correct digit. Now, the question becomes: is the “2” right side up? Or is the “2” at a 90 degree angle? Just one digit has multiple possibilities. 

You could say that patent 8,832,823: “User access control based on handheld device orientation” came out of wanting to access my phone (and pay for coffee) faster!

Secure disorientation

 

Think of device orientation like a keyboard’s “shift” key. It gives the device a new set of bits to access without needing a new physical key or character to enter. But the orientation precision needed is no greater than what’s needed to rotate a device’s screen. Easier to manipulate than a sticky “shift” key, but still difficult to guess – even if you password is “password.”

More options. Fewer keystrokes!

Turning your phone (or any mobile device with an accelerometer) as you enter a passcode is just one level of improved security. The patent also takes into account how to store the digits separately from the orientations. This means that even if your passcode is stolen (say from an online hack), your locally-stored orientations would prevent remote access. And vice versa, if your phone is stolen, there’s almost no chance the thief could replicate your “digit + orientation” passcode entry. 
Connecting a device’s local orientation, or accele-metric component, with alphanumeric codes stored by a remote web-based service (such as a bank or online store) means any website that requires a password can use this invention. Then locally, your phone’s OS can determine the orientation of portrait or landscape for a key press (regardless of character identity), and verify that the key press order – plus orientation order – is valid. And just as different passcodes give you access to different websites, different orientation passcodes could give you access to different parts of your phone.
So, hopefully during a not-too-distant future stop for coffee, when I’m armed with a two-key orientation passcode – that only accesses a digital payment option (and not my work email) – I won’t drop my phone when I have to turn it upside down!
More stories

A new supercomputing-powered weather model may ready us for Exascale

In the U.S. alone, extreme weather caused some 297 deaths and $53.5 billion in economic damage in 2016. Globally, natural disasters caused $175 billion in damage. It’s essential for governments, business and people to receive advance warning of wild weather in order to minimize its impact, yet today the information we get is limited. Current […]

Continue reading

DREAM Challenge results: Can machine learning help improve accuracy in breast cancer screening?

        Breast Cancer is the most common cancer in women. It is estimated that one out of eight women will be diagnosed with breast cancer in their lifetime. The good news is that 99 percent of women whose breast cancer was detected early (stage 1 or 0) survive beyond five years after […]

Continue reading

Computational Neuroscience

New Issue of the IBM Journal of Research and Development   Understanding the brain’s dynamics is of central importance to neuroscience. Our ability to observe, model, and infer from neuroscientific data the principles and mechanisms of brain dynamics determines our ability to understand the brain’s unusual cognitive and behavioral capabilities. Our guest editors, James Kozloski, […]

Continue reading