????眼下平板電腦或智能手機上的鎖屏程序可謂鍵盤時代的遺物。隨著觸摸屏的出現，如今移動設備上常用的“九宮格”式和四位密碼都過時了。然而，它們仍然在廣泛使用，盡管老有人站在別人身后偷窺，而用戶手指劃過屏幕時留下的油跡也會泄露密碼。

????美國羅格斯大學（Rutgers University）一項新研究表明，在平板電腦或智能手機上信手涂鴉可能是比谷歌（Google）安卓（ Android）操作系統所采用的標準模式鎖屏以及蘋果（Apple）所青睞的個人識別號碼（Personal Identification Numbers, PINs）更好的身份驗證機制。

????研究報告的執筆人之一、羅格斯大學電氣和計算機工程助理教授珍妮?林奎斯特稱：“目前移動系統采用的商業化的鎖定和身份驗證機制不太好用。我們棄用給用戶提示的老方法，轉而讓用戶在屏幕上信手涂鴉，不存在任何視覺提示或其他類型的指示?！?/p>

????這項研究的研究人員包括來自馬普信息學研究所（the Max-Planck Institute for Informatics）以及赫爾辛基大學（the University of Helsinki）的合作者。他們請63位被試者以“連續不規則多點觸控手勢”信手涂鴉，本質上是以谷歌Nexus 10平板電腦的空白觸摸屏為畫布，以手指為筆作畫。沒有“九宮格”，也沒有模版，被試者即興創作的是“密畫”，而非密碼。

????隨后，研究人員要求被試者在短暫休息和令人分心的心算（從20倒數到0，同時想像一個圖形在自己腦海中轉動）后，回想并重復自己剛剛畫的手勢。然后，在至少10天之后，研究人員再次測試了被試者的記憶（有6名被試者未回來參加第二次測試。）

????如同所有好的密碼一樣，手勢的關鍵在于復雜到能騙過窺視的人，但卻簡單好記。

????關于手勢的正確性，林奎斯特解釋道：“你不必做到完美。你可以出一點錯，只要不太多。這很大程度上取決于你想要采取的安全策略?！?/p>

????例如，手機身份驗證程序可接受的密碼錯誤率可能高于銀行保險柜的安保系統。

????為了驗證手勢是否匹配，研究團隊采用了“模式識別”算法，將每個手勢與一套儲存的模版進行比對，同時計算出每次解鎖操作的平均分。分數高于特定閾值的解鎖操作就能獲準進入。

????That locking mechanism on your tablet computer or smartphone? It’s mostly a relic from the days of the keyboard. With the advent of touchscreens, the three-by-three grids and four-digit passcodes popular on today’s mobile devices are anachronistic. Yet they persist, despite “shoulder surfers” and the telltale oilsleft by swiping fingers.

????A new study from Rutgers University suggests that squiggling—yes, squiggling—on the screen of your tablet or smartphone may provide a better authentication mechanism than the standard pattern locks favored by Google’s GOOG 1.54% Android operating system and the Personal Identification Numbers (PINs) preferred by Apple’s AAPL -0.09% iOS.

????“The current locking and authentication mechanisms available for mobile systems commercially do not work so well,” said Janne Lindqvist, an assistant professor of electrical and computer engineering at Rutgers University and an author of the study. “Instead of having old methods or cued methods, we let people just generate gestures without any kind of visual cue or other kind of instructions.”

????The studies’ researchers, which included collaborators from the Max-Planck Institute for Informatics and the University of Helsinki, asked 63 participants to scrawl “continuous free-form multitouch gestures,” essentially finger-painting on the blank touchscreen canvas of a Google Nexus 10 tablet. No grid, no template: the subjects improvised a pass-doodle, rather than a password.

????The researchers then asked users to recall and redraw their scribbles after a short break and a bit of distracting mental math (counting down from 20 to 0 and rotating a shape in their minds). Next, the researchers retested the users’ memory after a minimum of 10 days. (Six subjects didn’t return for the second test.)

????The trick—as with any good password—was to concoct a gesture complex enough to dupe spies yet simple enough to remember.

????“You never need to be perfect,” Lindqvist said on reproducing a gesture swipe-for-swipe. “You can make a bit of errors, but not too much. It depends a lot on the security policy you want to implement.”

????For instance, authentication for a mobile device might accept a higher error rate than one protecting a bank vault.

????To verify matches, the team used a “recognizer” algorithm, which compared each gesture to a set of stored templates. The algorithm then calculated an average score for each attempt at unlocking. Gestures whose scores rose above a certain threshold value were authorized entry.