|
[Under consideration] Another way to lock/unlock the device
This is the discussion thread of the Brainstorm proposal Another way to lock/unlock the device
|
Re: [Under consideration] Another way to lock/unlock the device
Only to mentions that creative and innovative solutions are welcome. The person working in this area is Elena Reshetova, some of you met her in the maemo Summit in the Maemo 6 Security Framework session.
|
Re: [Under consideration] Another way to lock/unlock the device
Hi qgil && Elena,
There is any proposal to have an API where a 3rd party app can make use of it to lock or unlock the device? Run an application in full screen grabbing all the inputs is not an alternative, since that kind of approach inhibits the user to be visually alerted about new calls or messages, for example. The current implementation has a set of options to lock the screen, w/o password protection, and also it can be annoying to the user to type a numeric password instead of do a gesture, for example. It is not clear for me that an API is the best solution, since a poorly implementation can disclose some user information. If the platform provides that API, it will be passing the control of its security to a 3rd party application making a "vulnerability" point, a weakness. Unless if the platform provide a kind of capability system. Keeping in mind that an authentication can be done by validating at least of the following [1]: * Something you know, such as a PIN or password * Something you have, such as a smart card or token * Something you are, such as a fingerprint Maybe the platform should provide all that kind of methods that can be selected by a "theme-able" screen saver password dialog, configured by the 3rd party application, but controlled by the platform. Just to startup a discussion :) Thanks :P [1] CISSP Study Guide - www.isc2.org |
Re: [Under consideration] Another way to lock/unlock the device
How about something like MyKeyLock from Symbian ?
http://www.youtube.com/watch?v=JqHKzOW_mw8 |
Re: [Under consideration] Another way to lock/unlock the device
First of all, physical access is jackpot. Therefore, advanced, high secure methods of authentication aren't very effective because all data is plain text on flash. They're rather necessary on a different layer such as in whole disk encryption (LUKS, TrueCrypt) or keyring (gnome-keyring, keepassx).
Therefore, it makes sense to provide authentication methods in a library so one can authenticate with other services as well. These layers can be disabled or enabled by user request. This could range from SSH access to login on t.m.o. Sounds scary? Perhaps. But if you use a password to access your keepassx database, and this is compromised, your data inside is wide open. Whether you use the SSH key automagically once authed, or have to manually use it, is of no concern.
The following I came up with as well but they're rather easily circumvented however together with another method they're 'fun'. Also, it is important to note a PIN based authentication where user must press buttons to authenticate is not strong either because such can be read by human eye and camera (see skimming of ATM cards).
The user can select several authentication methods, and is able to stack these. For examples:
Pseudo-plausible deniability: Something else cool, is that when authentication keeps failing, thing logs in, but its all dummy honeypot... :D which could provide some kind of plausible deniability when one is forced to log in to their phone. Sidenote: None of the above covers locking the device again while this is important as well. References: Linux-PAM modules, BSD_auth, RFC2289 A One Time Password System, RFC1760 The S/KEY One Time Password System. |
Re: [Under consideration] Another way to lock/unlock the device
The two most viable solutions of above post: One Time Passwords and Public Key Infrastructure are added in Brainstorm. The proposals suggest to use currently available PAM modules.
|
Re: [Under consideration] Another way to lock/unlock the device
We have currently already 3 Methods to unlock the device, right?
1.) Click on the power Button once and use your finger to slide the regulator right 2.) open the camera slot to go from locked to unlocked camera mode directly 3.) use the lock-button (switch it up to lock or to unlock) I think i'll be only using method 3, because it's the fastest method to go back to your homescreen & I honestly think we don't need any more methods, because things like double click would require an enabled touchscreen in lockmode even when the screen doesn't show anything, which means more battery consumption instead of pressing a physical button. edit: When it comes to security, touchscreens can't scan fingerprints unfortunately, so I think we should stick to a predefined gesture that unlocks the device. Voice unlocking should be possible, too, but I wouldn't prefer that, since you need to unlock your phone in the public aswell. |
Re: [Under consideration] Another way to lock/unlock the device
solution no.1 is i think pretty cool for the end user in general...you guys could come up with something more innovative to unlock though
|
Re: [Under consideration] Another way to lock/unlock the device
I would prefer solution number seven (#7)
Solution 1, although convenient, does not offer enough security IMO, due to it being develop by third party. I would prefer that it is something built-in with the OS. If password is not known and someone decides to reset the phone to factory, all data is erased; or all data is unreadable sort of like a HDD when you use its lock/unlock code, if you lock the drive, when you enter a wrong code it wont work, not even by formatting as it will not be readable. As far as the other methods/solutions, honestly, i do not know/understand how they are intended to work, (solutions 4 and 3) Also, i dont know if the Android interactive method of locking the phone can be used, but i think thats a little more convenient than typing a password out. to play off of android's "draw lock", how about a simon says sequence: there are rows of colors column row A B C D E 1 red red red red red 2 blue blue blue blue blue 3 green green green green green 4 white white white white white [Edit: the grid did not come out like i thought it would but i hope you can see what i am trying to imply. 5 similar set columns with 4 different rows of colors. these colors represent the colored buttons that the operator will press in a sequence for his/her unlock pattern. Like "simon sez" the user will have to press the same color sequence they set initially to unlock the phone. see below for example] your sequence of presses can be something simple as 1A, 2A, 3A, 4A or something complicated as 1C, 4C, 1C, 4C, 2B, 2D, 1A, 1B, 3E (although that sequence may look complicated, to me i would remember it as up, down, up down, left, right, A, B, start[old cheat nintendo cheat code]) The user could memorize by either color pattern/sequence or position of thumb placement or whatever they visualize in there head. |
Re: [Under consideration] Another way to lock/unlock the device
what if it was something fun :)
a bit different plugin screensavers which respond to touch and let you unlock if you want. |
Re: [Under consideration] Another way to lock/unlock the device
to quantify:
i always wanted to do top secret spy style fake thumbprint identification. with flashing lights and awoogas if i get it wrong etc |
Re: [Under consideration] Another way to lock/unlock the device
Device locking desktop widget might be usefull for someone.
It shouldn't even be hard to implement since you can request screen blanking and keyboard/screen locking through dbus. |
Re: [Under consideration] Another way to lock/unlock the device
could the unlock screen be used in both landscape/portrait unlike now?
it'll be much easier to press the power button, swipe in portrait, then numerically enter lock code OR just enter a gesture (a la android) or something innovatetive and cool to then allow USING the phone functions directly. This is 1 of the most imp things in my opinion because its a real pain to take phone outta pocket, fumble to unlock and then switch arnd to enter it in landscape and then be able to access the phone menu, hope it gets implemented screen because current way is not very convenient. |
Re: [Under consideration] Another way to lock/unlock the device
I believe a "Lock Code" like S60 utilizes should be included. It is simple and effected and could use an on-screen keyboard for 10-key.
Something a little more exciting, would be something I have recently stumbled on for use in FireFox...FireGestures. Sure, Unlocking the device with a gesture is cool, but why stop there? Gesture 1: Unlock device. Gesture 2: Unlocks and starts camera application Gesture 3: Unlocks and starts A Gesture 4: Unlocks and starts B Gesture 5: Unlocks and starts C I don't have an N900 yet, but I wouldn't mind seeing this type of application be system wide even and be able to contain a lot of user-generated gestures for complete customization and control of the device, assuming there is no technical reason 50+ gestures couldn't be used! |
Re: [Under consideration] Another way to lock/unlock the device
I was just thinking about a gesture in front of the camera to turn the screen black and start something like flipclock as a panic button app in case you're surfing the internet and your boss comes by and/or picks up the phone. Could even be clap on clap off.
|
Re: [Under consideration] Another way to lock/unlock the device
Gesture for camera already enabled, slide the cover open. works well as switching on camera whilst closed would result in very repetitive shots.
Panic Button: hit the power button once and screen defocusesmfor dialog box. :D |
Re: [Under consideration] Another way to lock/unlock the device
Imagine clapping every time your boss walked pass you :D
|
Re: [Under consideration] Another way to lock/unlock the device
Quote:
1) clap 2) middle finger at the camera, just kidding. 4 fingers or ok sign 3) verbal word 4) can ir sensor trigger from hot coffee mug being held over it? Wait it's just a transmitter I forgot. 5) Sudden jolt from slapping the desk. The idea is he doesn't see you touch it and whatever the trigger is it can be played off and varied. If he happens to pick it up and touch the screen turning it back on all he sees is flipclock. |
Re: [Under consideration] Another way to lock/unlock the device
Ooookay... stop kidding... :p
Just help to make this Application full customizable. LINK Then you can use half press the Camera Button to access the Dashboard and if you want full press to access Flipclock instead of the desktop. ;) Or, if you want... full press of the camera button with closed shutter to lock your device. The Button is Hidden when the Keyboard is opened. So noone will see that you're pressing a Button when giving the device away. (or something else you want) Just my comment... :rolleyes: |
Re: [Under consideration] Another way to lock/unlock the device
I think the accelerometer could be used for unlocking/locking the screen.
You would just shake the phone and it unlocks, or you shake and the swipe to unlock screen popups. The approximity sensor would detect when you have the device pocketed, so it wouldn´t unlock accidentally. Locking by shaking could be done only from the desktop(s), so there wouldn´t be any accidental lockups when using applications. Intuitive and simple. |
Re: [Under consideration] Another way to lock/unlock the device
One problem with shaking as a lock/unlock mode: if the device is in your pocket and it's shaken enough, it's gonna switch modes...
|
Re: [Under consideration] Another way to lock/unlock the device
GrIDsure (link to youtube) could work on a phone, make effective use of a touchscreen and would be pretty secure - might be patented though.
Wiki description of GrIDsure here - apparently 100 times more secure than a traditional PIN. A subsequent analysis suggests weaknesses, but the system should still be more than sufficient protection for a handheld device. |
Re: [Under consideration] Another way to lock/unlock the device
Quote:
Hi We have successfully developed a GrIDsure app for the iPhone in two versions: 1) for unlocking and 2) providing 2 factor authentication from the iPhone on to the corporate LAN |
Re: [Under consideration] Another way to lock/unlock the device
Quote:
|
Re: [Under consideration] Another way to lock/unlock the device
Hi Millhouse
The patents are rigorously enforced by GrIDsure. We have been a GrIDsure VAR and software developer partner in the UK for over a year now. This work was sanctioned by them and using their developmental framework. We are now working with other GrIDsure partners to leverage our technology with theirs. As far as I know, there are no 100% cast-iron panaceas for secure access without making it unsuitable or totally onerous for the user, but the PIP creates an enabling technology for making life easier for people that want security with an understandable way of using it. Getting rid of user names and passwords, password ageing, etc can only be a good thing if the underlying technology works for a mobile community. This does it in a way that even children can use. |
Re: [Under consideration] Another way to lock/unlock the device
Thanks for that. Not much more I can add unless Quim or Elena want to get involved - not sure if they're looking for "free" (as in no cost) solutions or would be willing to partner with GrIDsure (and/or possibly yourself, ragspeed?)
|
Re: [Under consideration] Another way to lock/unlock the device
"Something you have" - much like this...
The Nokia BT necklace accessory: a remote bluetooth device, maybe in the form of a wear-around-the-neck gadget. Once you install the Nokia software that comes with it, it will effectively disable the need to authenticate if it's within 2 meters range of the neck gadget. In addition to the lock/unlock functionality, it may or may not also have support for the AVRCP protocol. Edit: I didn't say it cause it was so obvious to me, but just in case: If the N900 is not near this bluetooth key, you fall back to the most rigid inbuild authentication method, preferably a password. |
Re: [Under consideration] Another way to lock/unlock the device
GrIDsure seems like an interesting option. It won't work for everybody though. I've been watching the demos and I can't remember the patterns I see - as soon as there are numbers in there my pattern memory disappears. This is presumably because it's easy for me to remember numbers. The longer the PIN, the better. So, I would have to walk around with a note of my pattern.. not good! :) But I'm sure it'll work better for most other people than standard PIN codes.
|
Re: [Under consideration] Another way to lock/unlock the device
Quote:
Cognitive studies at various universities show that patterns in a sequence are easier to remember than usernames/passwords/PINS and much safer when shoulder-surfing is a risk. we resell RSA tokens as well so we are familar with the issues of actually losing a physical device which provides your OTP in a 2FA login situation. |
Re: [Under consideration] Another way to lock/unlock the device
A user called "DrEJV" in another forum has told us you here are "considering both a lock screen & lock device option. Nokia's phones generally don't have an x tries and you're out password option, but they do have an option to totally lock a phone with an sms sent to the phone with a secret passphrase - and it can only dial 1 number that you define. This would be great to have on the N900."
How is that idea received in this forum? |
Re: [Under consideration] Another way to lock/unlock the device
Quote:
|
| All times are GMT. The time now is 04:58. |
vBulletin® Version 3.8.8