Upgrade to Pro — share decks privately, control downloads, hide ads and more …



UIGesture base password lib


Cory D. Wiles

April 18, 2014


  1. GESTURE PASSWORDS Cory D. Wiles - Senior iOS Developer

  2. DIGITAL SECURITY * Much talk over the past 5 years

    has been in regards to security of data on the device * encryption, remote wipe, etc. * Not as much on entry into the device & Conversation has changed with TouchID
  3. DAYS OF THE OLD • PIN and Passwords • ATMs

    • Desktop (native) • Web (desktop browser) worked well in the pc era
  4. SAME STUFF DIFFERENT DAY • PIN and Passwords • Tablets

    and Smart Phones PostPC era still being used. It sucks and is horrible UX.
  5. BIOMETRICS • IMHO Apple has “cracked this” with TouchID •

    http://www.apple.com/iphone-5s/videos/#video-touch * Simple and effective * Before they cracked it I had an idea
  6. ORIGINAL CONCEPT * also had idea to create “combination lock”

    password * http://blog.corywiles.com/please-enter-your-password-gesture
  7. ALMOST ORIGINAL • Android (too simplistic and easy to guess)

    • Windows (resetting is too complex) • http://windows.microsoft.com/en-us/windows-8/picture-passwords • http://forums.sqlmag.com/forums/aft/98454 Android - lack of flexibility in gesture. strict pattern Windows - you still have to have alphanumeric password. Theirs is just an option
  8. ALMOST THIEVES • Apple awarded gesture related patents * beat

    me to the punch

    http://appleinsider.com/articles/13/09/03/apple-tech-gesture-based-application- specific-unlocking
  10. APPLE PATENT FOR IPHONE COMBO LOCK SECURES YOUR EWALLET http://www.intomobile.com/2010/03/08/apple-patent-for-iphone-combo-lock-

  11. PROBLEMS TO SOLVE • Practical means of better securing information

    utilizing multi- touch • Provide a self contained way of resetting password without external system or libraries * Why I choose to create a software solution * Felt others did it wrong & I love a challenge * Even if Apple did release their it would be system wide and private framework (Siri)
  12. FUTURE IS NOW • TouchID • Samsung acquisition of Fingerprint

    Cards • Apple already includes API’s for: • Facial recognition • Smiling • Blinking Times are changing and how we approach security on devices What’s next?
  13. THE SIGN OF THE TIMES When you look at sign

    language as a communication tool it beholds such beauty and elegance. It is the calligraphy of gesture communication. The potential for this, as an example, is develop a new gesture “language”. Much like we have spoken and computer languages, but with consistency. The power of this would be unlimited and easy to use and interpret. With the current usage of multi-gesture it is always a singular expression, but when examining sign language a single gesture has to the ability to express an emotion or entire concept. It is multi-dimensional. Unlike, the computational and processing dependencies listed above that come with using voice interaction, all legacy and future multi-touch hardware have the ability to implement a new era of gestures. * http://blog.corywiles.com/the-sign-language-of-the-times * Evolution of gestures * Sign language will be inspiration * I give you * http://www.cmu.edu/homepage/computing/2012/spring/touche.shtml
  14. KELLER Helen Keller mastered several methods of communication, including touch-lip

    reading, Braille, speech, typing and finger-spelling.
  15. DIFFERENTIATOR • Forgot and Reset • Use random gallery sample.

    Pick “n” out of “x” number of photos * Inherit flaw within any password isn’t complexity (length, alphanumeric) but the human memory
  16. BENEFITS • Support for disabled • Easy to implement •

    Not as easily guessable like mother’s maiden name or pet’s name • Easy for people to remember
  17. TECHNICAL FEATURES • NSSecureCoding* • protect against data access, but

    “xpc exploit” • Static lib or framework • Persistent to any backing store (Memory, CoreData, NSUserDefaults, sqlite or file system, keychain or iCloud)* • Reminder images are saved even if you delete them from device In progress of implementing* ! *just objects. that is why you can
  18. DEVIL IN THE DETAILS • As of iOS 3.2 utilize

    UIGestureRecognzier • Standard objects • would love to access to write to CPU like TouchID • Wasn’t concerned about actual point accuracy. • Import note about UIGestureRecognizers. • By default once the gesture is recognized touches* methods are cancelled. Result is that you can’t add “extra” processing in the standard method. • normally this isn’t a problem b/c all you care about it knowing what “type” of gesture occurred, but I need to “draw” the gesture on the screen. • cancelsTouchesInView = NO; * Need to add in feature that allows to register “storage class”. By default would use NSUserDefaults. * too hard to have accurate variance for point, plus finger sizes are different. you could tell someone your password and it would fail
  19. DEMO Will be posting code in next few weeks to