Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSecurity Gets a New Face

October 1996 / Bits / Security Gets a New Face
Russell Kay

Here's a twist on security that gives new meaning to the word "facetime." The old definition of facetime involves trying to remember people's names as you mingle at parties. But for the U.K. company Visage Development, facetime refers to an authentication mechanism that requires users to recognize a series of faces before they can access their computers.

Instead of asking a user to remember a password or carry an authentication token, the Visage program presents a row of three faces, some of which the user has learned to recognize. Faces are typically 16-level gray-scale images, 50 pixels square, and each has a number. The faces appear for about a second before they're covered up by a masking image that hides the pictures from bystanders. Then another row of faces appears for a second and is covere d up. Finally, a third row ( see the screen ). The user types in or clicks on the three numbers of the faces recognized; this is verified, and access is granted or denied.

The faces are taken from a database of generic faces. Each time, the three key faces appear in different positions, and the surrounding faces are randomly selected from the rest of that database.

Visage requires an initial training period of five to 10 minutes, during which the user chooses three faces from the image database, then practices recognizing those faces. What's innovative about Visage is that it's a genuine one-time password that requires no extra hardware, does away with password changes and the attendant administrative hassles, and is easier than ever for users. No smart cards, no challenge-response number pairs, and no fingerprint readers are required. In one test, a user who left on maternity leave returned six months later and was able to successfully log in righ t away. Tests conducted by University of Cardiff psychologist Hadyn Ellis have verified the reliability and recallability of facial recognition as an authentication mechanism. Another test involved one group of people using Visage and another using personal identification numbers (PINs). After three months of no usage at all, the subjects were tested on their recall: Faces scored 100 percent, PINs 0.

The strength of Visage is based on our ability to recognize a face almost instantly (i.e., in about 20 milliseconds), combined with our inability to describe it in words that would let someone else pick out that same face from a group of similar ones. Also, the number of faces displayed per row, the number of rows in the grid, and the number of matches required, can all be configured to individual situations. Asking the user to pick three faces from five rows of four faces each and then to repeat with a new grid provides enough security to meet the standards of the British Computer-Electronics Security Group.

The company (contact William Visick, +01442 230471; fax +01442 212142; bvisick@cix.compulink.co.uk) is primarily interested in licensing the Visage technology, not in developing user-level products itself. Visage is currently available for NetWare 3 and 4, and a Windows NT version is nearing completion.

One Picture's Worth a Thousand PINs

screen_link (99 Kbytes)

Visage asks users to recognize faces, rather than remembering personal identification numbers.

Up to the Bits section contentsGo to previous article: Go to next article: Future WatchSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network