Graphical User-ID with Partial Match Scheme and Application for Mobile Web-Services

In recent years, biometric technologies for user identification are advancing rapidly. And, the traditional text-based user ID and password is used. It is difficult to user to input texts, causes much time to input a text. To decrease the problem, we proposed Graphical User IDEntifier Scheme (GUIDES) and Graphical user-ID suggestion. This scheme can give a user a user-ID similar to the user-specified user-ID when the user specifies the same user-id that has already been registered. We showed effectiveness of GUIDES including suggestion scheme. In this paper, we propose a new method, called Graphical userID with Partial Match Scheme. This scheme can input userID that is not the correct registered user-ID but similar to it when authenticating user-ID.


I. INTRODUCTION
Users which use mobile terminals have been increasing recently.In addition, mobile-related technologies on CPU, memory, touch-screen, and networking devices have been progressing.A user of an internet shopping service can access to the user's shopping history which is only accessible to the user.Therefore, such web services provide users user authentication using user-ID and password.
The traditional method of user identifier inputting of password is a text-based method.Although this user identifier scheme based on the user-id and password is simple and popular in PC environment, this scheme is not appropriate for a mobile user.This scheme has some crucial problems, when a user uses a mobile device.These are 1) it is difficult for a mobile user to input his/her user-id and password via a virtual keyboard, and 2) a user frequently forgets his/her user-id and password which the user registered for a special web service.Some password management application services are available to manage a pair of user-id and password per a web service.However, the pair of the user-id and the password can be easily stolen and this may cause an illegal use of such user's data.In order to solve reducing user-id input time and reduction of memory burden, we previously proposed GUIDES (Graphical User IDEntifier using Sketching) [1].
Moreover, we proposed a suggestion function to improve a registration success rate.
In this paper, we propose GUIDES with Partial Match.User-ID authentication rate of the previously proposed GUIDES was not so high, although its memorability is high.Because, the user remembers the shape of the trajectory, but the user does not remember whether user drew trajectory to right place of grid.So, we propose a partial match scheme to solve this problem.If users use our partial match scheme, when users authenticate his/her user-ID, users can authenticate by inputting user-ID which similar to the registered user-ID.Users don't need to correctly input the same registered user-ID.We examined effectiveness of user-ID partial match scheme.

II. GRAPHICAL USER IDENTIFIER SCHEME (GUIDES) [1]
In our previous paper [1], we proposed a Graphical User Identifier Scheme Using Sketching for Mobile Web-Services (GUIDES).There are many existing schemes on text-based user-ID.All of the text-based user-ID schemes have the following problem: 1) the more length it is, the more difficult to remember, 2) the user-ID space is large enough to identify an individual user.Our GUIDES solves these problems.
Fig. 1 shows GUIDES architecture.GUIDES has a user registration function and user authentication function.
The basic architecture of GUIDES is shown in Fig. 1, in which a user registers their graphical user-ID, GUID, during the registration phase.The system transforms the GUID into its symbolic representation, Sym-GUID.The system then checks whether there is an existing Sym-GUID in the GUID database.If there is, the system suggests another GUID similar to the user-inputted GUID.If not, the GUID is stored in the database.During the authentication phase, after obtaining a GUID from the user, the GUID is also transformed into the Sym-GUID as in the registration phase.If the GUID exists in the GUID DB, the user is requested to input their password.Fig. 2 shows GUID and Sym-GUID.
We conducted evaluation experiment to ascertain effectiveness of GUIDES.We compared a conventional text-based user-ID scheme (randomly generated 7 characters) and GUIDES.Also, we recruited ten participants to join the three experiments.
EX1: Success rate measurement EX2: The time required for the GUID input is measured EX3: Memorability check (the success rate measurement was conducted on the three days after EX1) Figure 1.GUIDES architecture Results of evaluation is shown in Table I.GUIDES obtained a high success rate than text-based user-ID scheme.Also, GUIDES required shorter input time than text-based user-ID scheme.Furthermore, memorability of GUIDES was superior to the text-based user-ID.Moreover, in our previous paper [2], we proposed user-ID suggestion function.When the user-ID to be registered has been already registered, user-ID similar to that the user would like to register is recommended to the user.
  II.With Suggestion Scheme's registration success rate is higher than Without Suggestion Scheme's.Also, the difference of inputting times is small.Therefore, there seems to be no difference.Then, we confirmed the effectiveness of our Suggestion Function.

III. PARTIAL MATCH SCHEME
In this paper, we focus on GUIDES with Partial Match Scheme.This scheme can authenticate user-ID that is similar to the registered user-ID when users authenticate user-ID.
Formally, GUIDES is described as follow.Assume that there is the GUID database DB = i d , where i d is a triplet of GUID, i g , Sym-GUID i s and user profile i u for each user.i s is obtained using a transformation function Support that a user wants to register q g , the q s is obtained from F ( q g ).The q s is whether there exists an If not exists, then the triplet of ( q g , q s , q u ) are added to DB.If k s exists, ' q g is constructed and suggested to the user.This function's name is Suggestion Function.Suggestion Function suggests user-ID which is resemble original to users.Using Suggest Function user-ID is . In the authentication phase, given the exists, then the obtained p s is the user GUID, followed by password input.Next, we explain GUIDES with Partial Match.GUIDES the grids of 6 * 6 are used.A User draws a trajectory on the grids.Moreover, GUIDES stored the trajectory in user-ID database as its user-ID.To store the shape of the trajectory drawn by the user is easy to user because the shape may be meaningful for only the user.However, it is difficult to correctly remember the position of the trajectory drawn by the user.The user fails to authenticate the user-ID by not be able to input the user-ID precisely.We propose GUIDES with Partial Match in order to solve this problem.
Partial match scheme can authenticate user-ID that is similar to the registered user-ID when authenticating.User-ID that is similar to the registered user-ID is a user-ID that has shifted the registered user-ID up, down, left, or right.When the user registers the user-ID, the system saves the user-ID that the user drew and the user-ID similar to the user-ID that the user has drawn in the database.As a result, after the users register the user-ID one time, the system will register the five user-ID in the database.Then, when the users feel that the position of the registered user-ID is ambiguous, user can authenticate the user-ID.However, the system if you have registered five user-ID in the database, the problems occur.In that case, the sum of the user-ID that the system can be registered in the database is reduced.
GUIDES were using a grid of 6 * 6. GUIDES's user-ID space of that time is 10 10 .In a method of partial match, the size of the grid changes to 7 * 7 in order to increase the total of the user-ID which can be registered in the database.Partial Match Scheme's user-ID space of that time is 11 10 .
Fig. 6 shows one example of Partial Match Scheme.The left figure of Fig. 6 shows user's registered user-ID.The right figure of Fig. 6 shows user-ID that is similar to registered user-ID.If users draw right trajectory shown in Fig. 6, system can authenticate user-ID.
Formally, Partial Match Scheme is described as follow.Assume that there is similar GUID = i h , similar Sym-GUID i t .i h = g (x+1, y), g (x-1,y), g (x, y+1), g (x, y-1).i t = s (x+1, y), s (x-1,y), s (x, y+1), s (x, y-1).In registration phase, the user draws i g .When system register k g , at the same time the system will register the k h .Also, system register k s , at the same time the system will register the k t

IV. EVALUATION EXPERIMENT
In this section, we describe evaluation experiments and their results to show effectiveness of our Partial Match Scheme.GUIDES and GUIDES with Partial Match were implemented on Android 4.3 devices using JAVA.First, we checked registration success rate, meaning how much the GUID is successfully registered.Second, we checked authentication success rate, meaning how much the GUID is successfully authenticated.Third, the time for inputting GUID is measured.These tasks were conducted by each of subjects three times.Partial match scheme is compared with the GUIDES.
Five participants were recruited to join in these experiments.Each participant first registered his/her GUID.These length values were chosen to create the same user-ID space.Each participant input his/her GUID three times in the user authentication phase.At that time, We measure the authentication success rate.The average input time is then calculated by aggregating all the input time for authentications.Also, in advance, we saved one million user-ID in database.Moreover, we confirmed the change of registration success rate of the user-ID using the Partial Match Scheme by changing the number of grids from 6*6 to 7*7.
We conducted three experiments.These are experiments of measuring registration success rate, authentication success rate and input time.Therefore, five user ID is registered in one time registration.

A. Experiment of Registration Success Rate
If we used Partial Match Scheme, system saves registered user-ID and similar registered user-ID in registration phase.As a result, sum of registrable user-ID which is using Partial Match Scheme is fewer than GUIDES's.Therefore, the registration success rate of the user-ID using the Partial Match Scheme decreases.We changed the number of grids from 6*6 to 7*7 in order to solve this problem.As a result, we increased the total number of user-ID that can be registered by the user-ID using the Partial Match Scheme.
The result of experiment is shown in Table III.Table III shows that GUID registration success rate using Partial Match Scheme and GUIDES.Average registration success rate of With Partial Match Scheme is 73.4%, and that of GUIDES is 66.8%.Registration success rate of With Suggestion Scheme is higher 6.6% than registration success rate of GUIDES.From the first experiment, using Partial Match Scheme is not awkward to use for users to register his/her own user-ID.

B. Experiment of Authentication Success Rate
We measured user authentication rate of the user-ID for both the GUIDES and Partial Match Scheme after 3 days.We have measured the user authentication rate in order to check whether there to change the memorability when using the partial match.Then, we compared G of user-ID authentication rate to a Partial Match Scheme's user-ID authentication rate.Here, length of the trajectory was defined as 7-14.In addition, the user so that the user can easily remember the trajectory drew your initials.
The result of experiment is shown in Table IV.Table IV shows that GUID authentication success rate using Partial Match Scheme and GUIDES.Average authentication rate in the case of using the Partial Match Scheme was 66.8%.Average authentication rate in the case of GUIDES was 66.8%.Average authentication rate of Partial Match Scheme is 6.6% less than the GUIDES.Here, we measured a significant difference by Welch's ttest.The results was 0.81 > 0.05.Namely, we found that there is no significant difference.Therefore, it says that memorability is no change.

C. Experiment of Input Time
We measured input time of the user-ID for both the GUIDES and Partial Match Scheme.We compared the time of Partial Match Scheme and the time of GUIDES in order to check whether there to change the user's workload when using the Partial Match Scheme.The result of experiment is shown in Table V.Table V shows that GUID input time using Partial Match Scheme and GUIDES.Average input time in the case of using the Partial Match Scheme was 7.91 sec.Average input time in the case of GUIDES was 5.88 sec.Average input time of Partial Match Scheme is 2.03 sec.more than the GUIDES.Here, we measured a significant difference by Welch's t-test.The results was 0.32 > 0.05.Namely, we found that there is no significant difference.Therefore, it says that reduction of the user's workload is no change.

V. UESR AUTHERNTICATION IN MOBILE WEB APPLICATIONS
In this chapter, we explain applications of GUIDES.GUIDES is the input method of the user-ID of the mobile terminal.Here, we describe to be used as the Web Application as an application example of GUIDES.We use GUIDES at the input of the user-ID, use the graphical password at the input of the password.There is login screen to the Web site, as shown in Fig. 7. First, the user presses a user registration button.After that, the screen shifts to the user registration screen of GUIDES, as shown in Fig. 8.Then, the user draws a user-ID which you want to register.In this case, if the user ID that the user registration has already been registered, the previously proposed Suggest Function is used.Then, the system can suggest a new user-ID to the user.Next, the user presses a user authentication button.Then, as shown in Fig. 9, the screen shifts to a user authentication screen of GUIDES.In addition, user draws a trajectory that the user has registered.Here, it is possible to improve the authentication rate by utilizing the proposed partial match method.Then, after drawing the user-ID, the screen shifts to the password input screen as shown in Fig. 10.This time OBIR [3] is being used as a graphical password in the password entry screen.If the password is inputted, the screen shifts my page as shown in Fig. 11.

VI. RELATED WORK
Although our method proposed here is not a graphical password scheme, many graphical password schemes has been studied for the last decade [4].Graphical password is classified as drawing-based and selection-based schemes.The typical examples in the first category are Draw-a-secret (DAS) [5], TMD [6], TMO [7], and Pass-Go [8], while the second category includes Passpoint [9].Many graphical passwords are mainly proposed to prevent a user from dictionary attacks and shouldersurfing attacks.None of the graphical passwords can be used as replacement of user-ID.Despite developments of the graphical passwords as well as those of the user authentication frameworks, no user-ID schemes as a replacement of text-based user-ID have yet been proposed, especially appropriate for mobile users.

VII. CONCLUSION
In this paper, we proposed user-ID authentication processing scheme, called Partial Match Scheme.We were sure effectiveness of Partial Match Scheme.We compared the user-ID registration success rate, authentication success rate and input time of Partial Match Scheme and GUIDES.Moreover, there was a little bit difference of Partial Match Scheme and GUIDES on the input-time and authentication success rate.As a result, it is shown that our Partial Match Scheme is effective to authenticating user-ID.
In the future, we will improve Partial Match Scheme to become higher authentication success rate.In addition, we will create a web application using the GUIDES and Suggest Function and Partial Match Scheme.In addition, we will examine the effectiveness of our research.
Addition-based suggestion (ADD-Suggest)  Detour-based suggestion (DETOUR-Suggest)  Pattern-based suggestion (PATTERN-Suggest) Fig. 3 and Fig. 4, Fig. 5 are example of suggest function.We conducted evaluation experiment to show effectiveness of user-ID suggestion function.We compared "With Suggestion Scheme" and "Without Suggestion Scheme".Moreover, we conducted the following two experiments.EX1: Registration success rate EX2: Inputting time of GUID The result of experiments is shown in Table

Figure 6 .
Figure 6.Example of partial match scheme (Left: registered user-ID, Right: similar registered user-ID)

Figure 7 .
Figure 7. Top page for login to the web site

Figure 8 .
Figure 8. User registration screen of GUIDES

Figure 11 .
Figure 11.Screen of authentication

TABLE I .
RESULT OF EVALUATION

TABLE II .
RESULT OF EVALUATION

TABLE IV .
RESULT OF AUTHENTICATION SUCCESS RATE