????眼下平板電腦或智能手機(jī)上的鎖屏程序可謂鍵盤時(shí)代的遺物。隨著觸摸屏的出現(xiàn)，如今移動(dòng)設(shè)備上常用的“九宮格”式和四位密碼都過時(shí)了。然而，它們?nèi)匀辉趶V泛使用，盡管老有人站在別人身后偷窺，而用戶手指劃過屏幕時(shí)留下的油跡也會(huì)泄露密碼。

????美國(guó)羅格斯大學(xué)（Rutgers University）一項(xiàng)新研究表明，在平板電腦或智能手機(jī)上信手涂鴉可能是比谷歌（Google）安卓（ Android）操作系統(tǒng)所采用的標(biāo)準(zhǔn)模式鎖屏以及蘋果（Apple）所青睞的個(gè)人識(shí)別號(hào)碼（Personal Identification Numbers, PINs）更好的身份驗(yàn)證機(jī)制。

????研究報(bào)告的執(zhí)筆人之一、羅格斯大學(xué)電氣和計(jì)算機(jī)工程助理教授珍妮?林奎斯特稱：“目前移動(dòng)系統(tǒng)采用的商業(yè)化的鎖定和身份驗(yàn)證機(jī)制不太好用。我們棄用給用戶提示的老方法，轉(zhuǎn)而讓用戶在屏幕上信手涂鴉，不存在任何視覺提示或其他類型的指示?！?/p>

????這項(xiàng)研究的研究人員包括來自馬普信息學(xué)研究所（the Max-Planck Institute for Informatics）以及赫爾辛基大學(xué)（the University of Helsinki）的合作者。他們請(qǐng)63位被試者以“連續(xù)不規(guī)則多點(diǎn)觸控手勢(shì)”信手涂鴉，本質(zhì)上是以谷歌Nexus 10平板電腦的空白觸摸屏為畫布，以手指為筆作畫。沒有“九宮格”，也沒有模版，被試者即興創(chuàng)作的是“密畫”，而非密碼。

????隨后，研究人員要求被試者在短暫休息和令人分心的心算（從20倒數(shù)到0，同時(shí)想像一個(gè)圖形在自己腦海中轉(zhuǎn)動(dòng)）后，回想并重復(fù)自己剛剛畫的手勢(shì)。然后，在至少10天之后，研究人員再次測(cè)試了被試者的記憶（有6名被試者未回來參加第二次測(cè)試。）

????如同所有好的密碼一樣，手勢(shì)的關(guān)鍵在于復(fù)雜到能騙過窺視的人，但卻簡(jiǎn)單好記。

????關(guān)于手勢(shì)的正確性，林奎斯特解釋道：“你不必做到完美。你可以出一點(diǎn)錯(cuò)，只要不太多。這很大程度上取決于你想要采取的安全策略?！?/p>

????例如，手機(jī)身份驗(yàn)證程序可接受的密碼錯(cuò)誤率可能高于銀行保險(xiǎn)柜的安保系統(tǒng)。

????為了驗(yàn)證手勢(shì)是否匹配，研究團(tuán)隊(duì)采用了“模式識(shí)別”算法，將每個(gè)手勢(shì)與一套儲(chǔ)存的模版進(jìn)行比對(duì)，同時(shí)計(jì)算出每次解鎖操作的平均分。分?jǐn)?shù)高于特定閾值的解鎖操作就能獲準(zhǔn)進(jìn)入。

????That locking mechanism on your tablet computer or smartphone? It’s mostly a relic from the days of the keyboard. With the advent of touchscreens, the three-by-three grids and four-digit passcodes popular on today’s mobile devices are anachronistic. Yet they persist, despite “shoulder surfers” and the telltale oilsleft by swiping fingers.

????A new study from Rutgers University suggests that squiggling—yes, squiggling—on the screen of your tablet or smartphone may provide a better authentication mechanism than the standard pattern locks favored by Google’s GOOG 1.54% Android operating system and the Personal Identification Numbers (PINs) preferred by Apple’s AAPL -0.09% iOS.

????“The current locking and authentication mechanisms available for mobile systems commercially do not work so well,” said Janne Lindqvist, an assistant professor of electrical and computer engineering at Rutgers University and an author of the study. “Instead of having old methods or cued methods, we let people just generate gestures without any kind of visual cue or other kind of instructions.”

????The studies’ researchers, which included collaborators from the Max-Planck Institute for Informatics and the University of Helsinki, asked 63 participants to scrawl “continuous free-form multitouch gestures,” essentially finger-painting on the blank touchscreen canvas of a Google Nexus 10 tablet. No grid, no template: the subjects improvised a pass-doodle, rather than a password.

????The researchers then asked users to recall and redraw their scribbles after a short break and a bit of distracting mental math (counting down from 20 to 0 and rotating a shape in their minds). Next, the researchers retested the users’ memory after a minimum of 10 days. (Six subjects didn’t return for the second test.)

????The trick—as with any good password—was to concoct a gesture complex enough to dupe spies yet simple enough to remember.

????“You never need to be perfect,” Lindqvist said on reproducing a gesture swipe-for-swipe. “You can make a bit of errors, but not too much. It depends a lot on the security policy you want to implement.”

????For instance, authentication for a mobile device might accept a higher error rate than one protecting a bank vault.

????To verify matches, the team used a “recognizer” algorithm, which compared each gesture to a set of stored templates. The algorithm then calculated an average score for each attempt at unlocking. Gestures whose scores rose above a certain threshold value were authorized entry.