Hackers won’t know which way your passcode points with
By James Kozloski, Computational and Applied Neuroscience
scientist, IBM Research
How many numbers long is your smartphone’s log in passcode?
The standard four digits? (If you don’t use a login password, you should!)
Because my work email and calendar are on my phone, I have to enter an
eight-digit code. Not a big deal until I’m trying to pay for coffee, and the barista
asks me to rescan my bar-code, so I have to re-enter those eight digits again
(and sometimes again) – with angry caffeine-deprived patrons in line behind me.
My ideas for patents are often completely different and separate
from my day-to-day job in studying neuroscience. I actually spend most of my
time with healthcare clients working on neuro-degenerative diseases, deep
brain stimulation, and pharmaceuticals, trying to understand the relationship
between brain tissue and the functions that the brain implements, such as
I think of patents this way: what are the systems and methods around
us that could be improved to solve a problem I’ve identified? So, even if I
don't have the specific technical expertise, I can explain how something should
work, and then seek out a colleague with the expertise to bring something to a
In commiserating about smartphone passcode follies with a
colleague, we realized that alpha-numeric digits for a passcode could be
reduced if coupled with an orientation, since adding orientation would actually
change the probability that any one digit is actually the correct digit. Now,
the question becomes: is the "2" right side up? Or is the
"2" at a 90 degree angle? Just one digit has multiple possibilities.
You could say that patent 8,832,823: “User access
control based on handheld device orientation” came out of wanting to access my
phone (and pay for coffee) faster!
Think of device orientation like a keyboard’s “shift”
key. It gives the device a new set of bits to access without needing a new
physical key or character to enter. But the orientation precision needed is no
greater than what’s needed to rotate a device’s screen. Easier to manipulate
than a sticky “shift” key, but still difficult to guess – even if you password
More options. Fewer keystrokes!
Turning your phone (or any mobile device with an
accelerometer) as you enter a passcode is just one level of improved security.
The patent also takes into account how to store the digits separately from the
orientations. This means that even if your passcode is stolen (say from an
online hack), your locally-stored orientations would prevent remote access. And
vice versa, if your phone is stolen, there’s almost no chance the thief could
replicate your “digit + orientation” passcode entry.
Connecting a device’s local orientation, or accele-metric
component, with alphanumeric codes stored by a remote web-based service (such
as a bank or online store) means any website that requires a password can use
this invention. Then locally, your phone’s OS can determine the orientation of portrait
or landscape for a key press (regardless of character identity), and verify that
the key press order – plus orientation order – is valid. And just as different
passcodes give you access to different websites, different orientation
passcodes could give you access to different parts of your phone.
So, hopefully during a not-too-distant future stop for
coffee, when I’m armed with a two-key orientation passcode – that only accesses
a digital payment option (and not my work email) – I won’t drop my phone when I
have to turn it upside down!
More about IBM's 2014 patent leadership
Labels: invention, mobile, patent, security, social media