Blacklisting of frequently used gesture passwords

US 9,450,953 B2
Filed: 11/06/2013
Issued: 09/20/2016
Est. Priority Date: 11/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method implemented on a server for blacklisting gesture passwords, the method comprising:

receiving a vector from an electronic device, the vector representing a gesture password, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;

associating the received vector with a cluster of vectors each representing the same or similar gesture password based on a low distance from the received vector to the vectors in the cluster of vectors;

determining whether the association of the received vector with the cluster of vectors causes a number of vectors in the cluster to exceed a threshold value for a number of incidences of the same or similar vectors representing the same or similar gesture password;

when the number of vectors in the cluster exceeds the threshold value,updating a blacklist stored on the server to include the vectors within the cluster; and

sending to the electronic device a notification that the gesture password has been blacklisted.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of maintaining a blacklist for gesture-based passwords is provided. A data store of vectors corresponding to gestures is maintained on a blacklist server. Upon receiving a new gesture based password, an electronic device converts the password to a vector and forwards that vector to the blacklist server. The blacklist server assigns the vector to one of a cluster of vectors each having low distance from one another. If the increase in the occurrences of the number of vectors in the cluster results in a blacklist threshold being exceeded, the cluster of vectors is inputted to the blacklist. A notification can be sent back to the electronic device if the forwarded vector is on the blacklist or is inputted to the blacklist.

Citations

17 Claims

1. A method implemented on a server for blacklisting gesture passwords, the method comprising:
- receiving a vector from an electronic device, the vector representing a gesture password, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  associating the received vector with a cluster of vectors each representing the same or similar gesture password based on a low distance from the received vector to the vectors in the cluster of vectors;
  
  determining whether the association of the received vector with the cluster of vectors causes a number of vectors in the cluster to exceed a threshold value for a number of incidences of the same or similar vectors representing the same or similar gesture password;
  
  when the number of vectors in the cluster exceeds the threshold value,updating a blacklist stored on the server to include the vectors within the cluster; and
  
  sending to the electronic device a notification that the gesture password has been blacklisted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the vector is a non-invertible representation of the gesture password.
  - 3. The method of claim 1, wherein associating the received vector comprises using a density-based clustering algorithm to determine to which of the plurality of clusters of vectors the received vector belongs.
  - 4. The method of claim 3, wherein the density-based clustering algorithm is DBSCAN.
  - 5. The method of claim 4, wherein a parameter £
    - of the DBSCAN algorithm is equal to 0.3, and a parameter A of the DBSCAN algorithm is equal to 3.
  - 6. The method of claim 1, further comprising:
    - receiving a plurality of vectors from an input interface;
      
      arranging the plurality of vectors into a plurality of clusters, in which each vector in each cluster has a low distance from each other vector in the same cluster.
  - 7. The method of claim 6, wherein the arranging of the plurality of vectors into clusters comprises using a density-based clustering algorithm to place each of the plurality of vectors into one of the plurality of clusters.
  - 8. The method of claim 7, wherein the clustering algorithm is DBSCAN.
  - 9. The method of claim 8, wherein a parameter £
    - of the DBSCAN algorithm is equal to 0.3, and a parameter Λ
      
      of the DBSCAN algorithm is equal to 3.
  - 10. The method of claim 1, wherein encrypting the set of one or more strokes using a set of slowly varying functions comprises:
    - for each stroke in the set of one or more strokes,generating a d×
      
      n matrix B having the following properties

11. A method implemented on an electronic device for updating a blacklist stored on a server, the method comprising:
- receiving a gesture password via an input interface on the electronic device, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points;
  
  generating a vector representing the set of one or more strokes of the gesture password, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  transmitting the vector, without the gesture password from which the at least one vector is generated, from the electronic device to the server for updating a blacklist stored on the server to include the vector;
  
  receiving an indication from the server that the gesture password has been blacklisted;
  
  outputting a notification to a user interface to select a new password.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the at least one vector is a non-invertible representation of the gesture password.
  - 13. The method of claim 11, wherein encrypting the set of one or more strokes using a set of slowly varying functions comprises:
    - for each stroke in the set of one or more strokes,generating a d×
      
      n matrix B having the following properties

14. A server, comprising:
- a hardware processor;
  
  a memory coupled to the hardware processor, the memory storing executable instructions that, when executed by the hardware processor, cause the electronic device to;
  
  receive a vector from an electronic device, the vector representing a gesture password, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  associate the received vector with a cluster of vectors each representing the same or similar gesture password based on a low distance from the received vector to the vectors in the cluster of vectors;
  
  determine whether the association of the received vector with the cluster of vectors causes a number of vectors in the cluster to exceed a threshold value for a number of incidences of the same or similar vectors representing the same or similar gesture password;
  
  when the number of vectors in the cluster exceeds the threshold value,update a blacklist stored on the server to include the vectors within the cluster; and
  
  send to the electronic device a notification that the gesture password has been blacklisted.

15. An electronic device, comprising:
- a hardware processor;
  
  a memory coupled to the hardware processor, the memory storing executable instructions that, when executed by the hardware processor, cause the electronic device to;
  
  receive a gesture password via an input interface on the electronic device, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points;
  
  generate a vector representing the set of one or more strokes of the gesture password, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  transmit the vector, without the gesture password from which the at least one vector is generated, from the electronic device to a server for updating a blacklist stored on the server to include the vector;
  
  receive an indication from the server that the gesture password has been blacklisted;
  
  output a notification to a user interface to select a new password.

16. A non-transitory machine readable medium having tangibly stored thereon executable instructions for execution by a processor of a server, wherein the executable instructions, when executed by the processor, cause the electronic device to:
- receive a vector from an electronic device, the vector representing a gesture password, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points, the vector being a similarity-preserving vector generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  associate the received vector with a cluster of vectors each representing the same or similar gesture password based on a low distance from the received vector to the vectors in the cluster of vectors;
  
  determine whether the association of the received vector with the cluster of vectors causes a number of vectors in the cluster to exceed a threshold value for a number of incidences of the same or similar vectors representing the same or similar gesture password;
  
  when the number of vectors in the cluster exceeds the threshold value,update a blacklist stored on the server to include the vectors within the cluster; and
  
  send to the electronic device a notification that the gesture password has been blacklisted.

17. A non-transitory machine readable medium having tangibly stored thereon executable instructions for execution by a processor of an electronic device, wherein the executable instructions, when executed by the processor, cause the electronic device to:
- receive a gesture password via an input interface on the electronic device, wherein the gesture password comprises a set of one or more strokes, each stroke comprising a set of one or more points;
  
  generate at least one vector representing the set of one or more strokes of the gesture password, the at least one vector being a similarity-preserving vector such that similar gesture passwords are mapped to vectors having a low distance between each other, the at least one vector being generated by encrypting the set of one or more strokes using a set of slowly varying functions;
  
  transmit the vector, without the gesture password from which the at least one vector is generated, from the electronic device to a server for updating a blacklist stored on the server to include the vector;
  
  receive an indication from the server that the gesture password has been blacklisted;
  
  output a notification to a user interface to select a new password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Nechytaylo, Maksym, Theimer, Wolfgang Michael, Balon, Thomas
Primary Examiner(s)
King, John B

Application Number

US14/073,274
Publication Number

US 20150128233A1
Time in Patent Office

1,049 Days
Field of Search

726/6
US Class Current

1/1
CPC Class Codes

G06F 21/46   by designing passwords or c...

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04W 12/06   Authentication

H04W 12/12   Detection or prevention of ...

Blacklisting of frequently used gesture passwords

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Blacklisting of frequently used gesture passwords

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links