A new system can look at a person’s finger making a motion in the air—like a signature or drawing a shape—to authenticate their identity. The framework, called FMCode, employs algorithms fed by a wearable sensor or camera, and can correctly identify users between 94.3% to 96.7% of the time on two different gesture devices after only seeing the passcode a few times, researchers say.
The method, described in a new paper by computer scientists Duo Lu and Dijiang Huang at Arizona State University, gets around some of the tricky privacy concerns surrounding biometrics like face recognition. It also overcomes the issue of remembering long strings of characters needed for most secure logins. Gesture interactions could be useful when a keyboard is impractical, like using a VR headset, or in a situation where minimizing contact with the surroundings is necessary for cleanliness, like an operating room.
In the paper, which was published on the Arxiv.org preprint server this month, the researchers spell out some of the hurdles they had to overcome to develop FMCode. Unlike passwords, finger motions in the air won’t be exactly the same each time, so a system has to be robust enough to recognize slightly different speeds and shapes while still catching fraudulent attempts. The system has to be able to do that with only a few examples since most users would be unwilling to write their passcode hundreds or thousands of times.
To tackle those issues, the researchers turned to machine learning. The team designed classifiers that can spot spoofs while tolerating minor variations from the real user, and built a convolutional neural network (CNN) to index finger motion signals with data augmentation methods that limits the amount of training needed at setup.
Giving a finger
FMCode is pretty secure against most guessing attempts and spoofing, or when an attacker knows the gesture, the researchers say. But no system is foolproof. FMCode can be tricked if the system isn’t first set up to verify the user with an account ID. The researchers also say they are planning future work to study attacks where a person’s gesture passcode is recorded and then replayed later in an attempt to fool the system.
Whether many people will be interested in gesture control, at least anytime soon, remains to be seen. The interest in and development of the technology has waxed and waned over the years, with movies like Minority Report and Iron Man causing spikes in attention around the futuristic interactions. Nintendo released a wired glove that could control some gaming aspects to lackluster sales in 1989 to Leap Motion, which was released to good reviews at its launch in 2013 but is still not mainstream. Companies like Sony are trying to make gesture interfaces happen, while Facebook, Microsoft, Magic Leap, and others are betting that we’ll need gesture control in their VR and AR environments.
The researchers queried the participants in the study on their thoughts on using FMCode versus other login methods, like traditional passwords and face recognition on mobile devices. While FMCode scored high for security, the users found it generally less easy to use and worse for speed. Of course, with improved hardware and a future with more security breaches, those concerns could disappear with a wave of the hand.