西部证券网上交易 时尚双语:新型手写数字 让网上交易更安全

时尚双语:新型手写数字 让网上交易更安全  

Recognising your own handwriting rather than remembering a password could be used for online identification
new research shows.
Your handwriting could be the best form of online security
say the developers of a new system that may one day replace difficult-to-remember passwords and PIN codes. With the new authentication program Dynahand
users just need to be able to recognise their own writing.
"I know it's my handwriting
but I don’t know how I know. I can't explain to somebody else how I do it
" says Dr. Karen Renaud
a puter scientist and lecturer at the UK's University of Glasgow. She argues that's what makes the system more secure than ing up with a standard password
which is repeated over and over at different sites
can be shared with a friend
or stolen by an adversary.
The system works using handwritten numbers instead of letters because although others may be able to recognise your penned words
they're not so good at distinguishing your handwritten numerals.
In the laboratory test
Renaud asked 11 people to write the numbers 0 to 9 several times. She asked other volunteers to provide samples of their numerals
too
but these were eventually used to distract the study participants. She then scanned the numbers into a puter and used a sofare program
or algorithm
written by colleague Elin Olsen
to analyse the characteristics of the handwriting
such as height and width of strokes. The algorithm also kept track of which numerals belonged to which person and whose handwriting was more similar or distinct.
At authentication
the program showed the participant a series of five-number handwritten PINs
each one randomly generated from the handwritten numerals. The number was not important and the user did not have to remember it. Instead the participant clicked on the PIN written in his or her handwriting. If they got it right
the program showed them another set of PINs. They then clicked again on the correct image.
The program shows the user four sets of PINs
which takes about 28 seconds to plete
but ensures a higher level of security than just showing one set. And as with other PIN-password system
three wrong attempts and you're locked out.
In the test
10 of the 11 people recognised their own handwriting consistently. Although most of the people got it right
11 participants is a low number to demonstrate the effectiveness of the technology
says Steve Furnell
professor of information systems security at the UK's University of Plymouth. "But the idea itself is very interesting
" he says.
In addition
although Renaud does not believe that this password method is robust enough to be used for sites with high-level security
such as online banking or e-merce
it could work as a second layer on such sites
e.g.
when you are changing an address or credit card information.

你是不是曾经忘记过邮箱密码？网上支付时你会不会对安全性有点担心？一种新的笔记认证系统即将诞生，只要你会写字，留下你得笔迹，就可以免去输入密码的麻烦和困扰。
一项新研究表明，要实现在线身份认证，可以采用识别自己笔迹的方式，而不再需要记住密码。
这种新系统的开发人员称，个人笔迹可以成为保障在线安全的最佳方式，该系统有朝一日可能会取代难记的密码和个人身份识别码。采用这种名为Dynahand的新型认证程序，用户只需能够识别他们自己的笔迹就可以了。
“我知道这是我的笔迹，但我不清楚自己为何知道，也无法向其他人解释我是如何做到这一点的，”英国格拉斯哥大学讲师、计算机科学家卡伦•雷诺说道。她认为正是这一点使得该系统比利用一般的密码要更安全，因为后者会在多个不同的网站反复输入，可以被朋友分享，甚至会被怀有恶意的人所盗取。
该系统利用的是手写数字而非字母，这是因为别人或许能认出你的手写单词，却未必能轻易地识别出你手写的数字。
在进行实验室测试时，雷诺让11个人把从0到9的数字写上几遍，接着她让其他志愿者也提供他们手写数字的样本，但这些样本最终只是用来分散实验参与者的注意力的。然后她将这些数字扫描进电脑，并利用同事埃琳•奥尔森编写的软件程序也就是算法来分析这些笔迹的特征，如笔划的高度和宽度等。通过算法，还进一步记下这些数字相应的书写者以及笔迹较相似或更为不同的人士。
认证时，该程序给各参与者显示出一连串由五位数字组成的手写个人身份识别码，每个识别码都是从手写数字中随机抽取生成的。但数字本身并不重要，用户也无须去记住它们。参与者需要做的只是点击他们自己手写的识别码。如果他们选对了，那么程序就会显示出另一串认证码。接着他们就得再次点击选择正确的图像。
该套程序一共会向用户显示四组身份识别码，虽然完成全部认证需时约二十八秒，但与只显示一组识别码比起来，四组的安全度更高。此外，与其他识别码或密码系统一样，如果你连续三次尝试失误，就会被锁定。
来自英国普利茅斯大学的信息系统安全教授史蒂夫•费内尔说，在此次测试中，11人中有10人始终都能认出自己的笔迹。虽然大部分人都选对了，但11名参与者还是人数太少，不足以证明该项技术的有效性。他又说道：“但这个想法本身是非常有趣的。”
另外，雷诺认为虽然这种密码识别方法尚不够成熟，还无法用于高安全级别的网站上，如网上银行或电子商务，但却可以在此类网站上充当第二道安全防线，如在你修改地址或信用卡信息时使用。