Graphical Passwords
Essay by 24 • March 23, 2011 • 1,561 Words (7 Pages) • 1,045 Views
Title Page Passfaces SDK Overview Toolkit Version 3.0 Document Revision 3.0 March 2006 www.passfaces.com
Passfaces SDK Overview
Front Matter Copyright Notice No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computer language, in any form or by any means, without the express written permission of Passfaces Corporation. This computer program is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this program, or any portion of it, is both a civil and criminal offense, punishable by law. Trademark Information Passfaces is a registered trademark of Passfaces Corporation. All other company and product names are trademarks of their respective owners. Patent Information Passfaces technology is protected under US and other applicable patents.
Ð'©2006 Passfaces Corporation 2
Passfaces SDK Overview
Introduction This document describes the Passfaces Software Developers' Kit (SDK) Ð'Ї a collection of software components and example HTML pages that provide an easy and flexible path to providing user authentication using Passfaces within your own Web-based application. The SDK consists of the following primary components: A server-side Java class package ��
��
��
��
Passface Client (user interface) Passfaces Library (database of face images) Detailed integration information Although Passfaces can run on dedicated hardware, it is designed to run on existing Windows and UNIX-based security systems so that no additional hardware is required. The reference implementation provided is a simple JSP application that will run on Java servlet-capable application servers. The Passfaces Library is a database of serialized .JPG files from which to assign a user's Passface authentication set. The User Interface, or Passfaces Client, comprises a highly parameterized JavaScript, Active X component, and Java applet that represent the core of the Passfaces system. Functional Flow Passfaces is based on the human brain's ability to recognize individual faces. The simplest way to think of Passfaces is that faces are used instead of alphanumeric characters as an access code. As with passwords, new users are asked to sign-up for Passfaces log on access. Users are assigned a set of Passfaces typically consisting of 5 separate images. The number of images assigned is determined in advance by the system administrator and ranges between 3 and 7.
Ð'©2006 Passfaces Corporation 3
Passfaces SDK Overview
Once Passfaces are assigned, users are taken through an optimized enrollment process designed to familiarize them with their Passfaces. This one-time process takes about 3 minutes; it can be thought of as placing a Passfaces cookie in the user's brain. Once the exercise is complete, users can use their Passfaces to log on anytime, anywhere. During the logon process, users are asked to select their assigned Passfaces from 3 by 3 grids each containing one Passface and 8 decoys of the same general appearance. The faces appear in random positions within the grid each time. This process is repeated until all of the assigned Passfaces are identified. Once correctly identified the user is logged on. Operational Flow Passfaces and decoys for each registered user are stored in a database. During logon, all associated images, decoys and Passfaces, are sent to the end user and presented through the user's Web browser. Images are presented one grid at a time. Once the user has clicked on one face from every grid, the Passfaces Client sends a one-time positional reference to the server as an HTTP form. This result is an ASCII string (two characters for each Passface). The result may be used in place of a password. It also may be compressed or passed through a one-way function using existing databases or directory services. Face reference numbers of the Passfaces and decoy faces are stored at the application server. For example, if a user's account is configured to require 5 Passfaces, 45 face references are recorded and stored. The list of face references is presented to the Passfaces Client as a configuration parameter during the logon session. The Passfaces Client then reads and displays the corresponding JPEG face images within the user's browser. As with passwords, the messages from client to server contain the user's authentication secret and should be encrypted to prevent interception. Users must be sure they are authenticating to a trusted party and not an impostor. Using SSL achieves both of these requirements without the need for any additional cryptography. It is reassuring to note that the authentication process cannot commence without the presentation of user-specific configuration data. The presentation of this specific information further authenticates the site without requiring any additional action from the end user.
Ð'©2006 Passfaces Corporation 4
Passfaces SDK Overview
Software Developers' Kit The Passfaces SDK contains the software and information required to integrate Passfaces into an existing authentication framework. Using an SDK approach gives organizations the ability to configure Passfaces to fit the current operating environment, limiting or eliminating the need to make any substantial changes to the existing system. The following items are included in the Passfaces SDK. Passfaces Client Ð'- Passfaces Web browser user interface (Active X, Java, or JavaScript) is used to set control parameters and facilitate interaction with the end user. ��
��
��
��
Passfaces Image Database Ð'- Collection of face images. Reference Implementations Ð'- Examples and demonstration code used for integrating Passfaces into an existing security application. HTML Files Ð'- These files demonstrate how to replace passwords in a Web based environment. Passfaces Client The Passfaces Client runs in the user's browser and provides the user interface for enrolling
...
...