Microsoft describes hard-to-mimic authentication gesture

Photos. Messages. Bank account codes. And so much more—sit on a person's mobile device, and the question is, how to secure them without having to depend on lengthy password codes of letters and numbers. Vendors promoting other solutions are all around, including the ability to unlock your phone with swiping gestures.

A patent filed by Microsoft is proposing a gesture-unlock method that outdistances any others, to make the gesture work only for you. No tracing out patterns on a greasy screen for Microsoft's thinkers: WMPoweruser reported on the patent and what it is all about.

Microsoft in its patent described why the technology would be an improvement over other vendors' swiping functions. Microsoft's mission apparently is for a gesture that is as easy and fast for users as it is difficult for attackers to reproduce, even if the attacker is directly looking at the user to see how the latter is authenticating the device.

According to the patent, "For instance, a person simply observing a user unlocking his/her phone (e.g., over the shoulder attack) can easily figure out the four-digit passcode or the gesture used to unlock the device. As a result, an technique that prevents such over the shoulder attacks is desirable. Such a technique should be easy for the user to perform on the device, but hard for other users to replicate even after seeing the actual user performing it."

So what is this new technique? WMPoweruser said that Microsoft has now patented a new technique that captures biometric information such as finger position, finger length, angle between fingers, and more to provide authentication information with a simple gesture and to make sure it is actually you making the unlock request.

(This would mean security if someone were to look over your shoulder, because even though they saw what you were doing, it is less likely that they would be able to replicate it, said the Irish Examiner.)

Softpedia added, "Apparently, the system will be able to measure the angles between a user's finger, the exact timing of when your finger touches the screen, the size of your finger, and how much pressure is applied. As it turns out, these aspects are unique to each and every user out there."

The patent said that "During a training session, the user may repeatedly perform the authentication gesture. Values of multiple different can be detected from the training authentication gestures during the training period."

Then, it went on to discuss identification at log-in. "A person can perform the authentication gesture to log onto the device (or otherwise be authenticated by the device). Biometric features values can be detected from the authentication gesture during log-in and compared to those from the training session. A similarity of the values between the log-in authentication gesture and the training session can be determined. If the similarity satisfies the personalized similarity threshold, the person attempting to log-in is very likely the user. If the similarity does not satisfy the personalized similarity threshold, the person is likely an imposter. "

WMPoweruser said "the idea would work at a wide variety of screen sizes, including all the way up to the Xbox One with Kinect." (A set of figures in the patent showed a woman standing in front of a big screen, waving her arms with fingers opened and then the writing appears on the screen, "Welcome Back Auriana.")

Explore further: Google has ideas for funny-face device authentication