你是不是曾经忘记过邮箱密码?网上支付时你会不会对安全性有点担心?一种新的笔记认证系统即将诞生,只要你会写字,留下你得笔迹,就可以免去输入密码的麻烦和困扰。
Recognising your own handwriting rather than remembering a password could be used for online identification, new research shows.
一项新研究表明,要实现在线身份认证,可以采用识别自己笔迹的方式,而不再需要记住密码。
Your handwriting could be the best form of online security, say the developers of a new system that may one day replace difficult-to-remember passwords and PIN codes. With the new authentication program Dynahand, users just need to be able to recognise their own writing.
这种新系统的开发人员称,个人笔迹可以成为保障在线安全的最佳方式,该系统有朝一日可能会取代难记的密码和个人身份识别码。采用这种名为Dynahand的新型认证程序,用户只需能够识别他们自己的笔迹就可以了。
"I know it's my handwriting, but I don’t know how I know. I can't explain to somebody else how I do it," says Dr. Karen Renaud, a computer scientist and lecturer at the UK's University of Glasgow. She argues that's what makes the system more secure than coming up with a standard password, which is repeated over and over at different sites, can be shared with a friend, or stolen by an adversary.
“我知道这是我的笔迹,但我不清楚自己为何知道,也无法向其他人解释我是如何做到这一点的,”英国格拉斯哥大学讲师、计算机科学家卡伦-雷诺说道。她认为正是这一点使得该系统比利用一般的密码要更安全,因为后者会在多个不同的网站反复输入,可以被朋友分享,甚至会被怀有恶意的人所盗取。
The system works using handwritten numbers instead of letters because although others may be able to recognise your penned words, they're not so good at distinguishing your handwritten numerals.
该系统利用的是手写数字而非字母,这是因为别人或许能认出你的手写单词,却未必能轻易地识别出你手写的数字。
In the laboratory test, Renaud asked 11 people to write the numbers 0 to 9 several times. She asked other volunteers to provide samples of their numerals, too, but these were eventually used to distract the study participants. She then scanned the numbers into a computer and used a software program, or algorithm, written by colleague Elin Olsen, to analyse the characteristics of the handwriting, such as height and width of strokes. The algorithm also kept track of which numerals belonged to which person and whose handwriting was more similar or distinct.
在进行实验室测试时,雷诺让11个人把从0到9的数字写上几遍,接着她让其他志愿者也提供他们手写数字的样本,但这些样本最终只是用来分散实验参与者的注意力的。然后她将这些数字扫描进电脑,并利用同事埃琳-奥尔森编写的软件程序也就是算法来分析这些笔迹的特征,如笔划的高度和宽度等。通过算法,还进一步记下这些数字相应的书写者以及笔迹较相似或更为不同的人士。
At authentication, the program showed the participant a series of five-number handwritten PINs, each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it. Instead the participant clicked on the PIN written in his or her handwriting. If they got it right, the program showed them another set of PINs. They then clicked again on the correct image.
认证时,该程序给各参与者显示出一连串由五位数字组成的手写个人身份识别码,每个识别码都是从手写数字中随机抽取生成的。但数字本身并不重要,用户也无须去记住它们。参与者需要做的只是点击他们自己手写的识别码。如果他们选对了,那么程序就会显示出另一串认证码。接着他们就得再次点击选择正确的图像。
The program shows the user four sets of PINs, which takes about 28 seconds to complete, but ensures a higher level of security than just showing one set. And as with other PIN-password system, three wrong attempts and you're locked out.
该套程序一共会向用户显示四组身份识别码,虽然完成全部认证需时约二十八秒,但与只显示一组识别码比起来,四组的安全度更高。此外,与其他识别码或密码系统一样,如果你连续三次尝试失误,就会被锁定。
In the test, 10 of the 11 people recognised their own handwriting consistently. Although most of the people got it right, 11 participants is a low number to demonstrate the effectiveness of the technology, says Steve Furnell, professor of information systems security at the UK's University of Plymouth. "But the idea itself is very interesting," he says.
来自英国普利茅斯大学的信息系统安全教授史蒂夫-费内尔说,在此次测试中,11人中有10人始终都能认出自己的笔迹。虽然大部分人都选对了,但11名参与者还是人数太少,不足以证明该项技术的有效性。他又说道:“但这个想法本身是非常有趣的。”
In addition, although Renaud does not believe that this password method is robust enough to be used for sites with high-level security, such as online banking or e-commerce, it could work as a second layer on such sites, e.g., when you are changing an address or credit card information.
另外,雷诺认为虽然这种密码识别方法尚不够成熟,还无法用于高安全级别的网站上,如网上银行或电子商务,但却可以在此类网站上充当第二道安全防线,如在你修改地址或信用卡信息时使用。