Comments
Summary
The article TapSongs: Tapping Rhythm-Based Passwords on a Single Binary Sensor, by Jacob O. Wobbrock, discusses a new way to login to a mobile device based on tapping a specific rhythm. Using any sort of binary sensor (has two states: tap down, and tap up), the system can record the times and duration of time that the user has tapped, and compare it against a previously determined tapping rhythm. The user creates a TapSong by tapping a rhythm maybe from a song or another familiar source, and repeats it about 15 times for the system to compute the average time between notes and the length of notes, and also to lower the average standard deviation of time differences. Every human being innately can recognize and reproduce a rhythm, but everyone plays the rhythm completely differently. When someone tries to login, the system time-warps the tapped rhythm linearly (i.e. stretches the sequence to fit the time length of the master TapSong), and measures the relative time difference between notes to determine if the TapSong is the correct login code. It also will measure the length of time that the user has held down for each note, which corresponds to a musical range between staccato and legato styles. In user studies, Wobbrock found that other users who watched and even heard the rhythm could only login as an imposter 10% of the time. This was attributed mostly to the fact that every human will reproduce a tap a little differently than someone else but always consistently with their own performances. The diagram below shows the possible standard deviations for the time location of each note in “Shave and a Haircut, Two Bits.”
Discussion
I thought this seemed like a very promising idea. I have played music all of my life (both piano and saxophone), and I have learned through the years that everyone has their own style. If two musicians are looking at the same sheet music and try to play it exactly the same, their performances will still be completely different. There will be differences in articulation style (staccato vs. legato), note length, rest hesitation, etc. So the fact that this TapSong system can differentiate between staccato and legato notes by measuring the length of time that the user keeps their finger down for a note is great. Since everyone has their own style (even non-musicians), then even if an imposter has the rhythm in front of them, and it is a recognizable song, then they still will have trouble logging in because they will not be able to emulate your individual style. And this technology could be easily implemented with existing technology like touch-screen devices and even the new headphone remote that Apple produces (which was discussed in the article). So, I would not be surprised if we are logging into our cell phones and iPods and even computers using our favorite song within the next year.
You seem to focus on the technique and application of the TapSongs whereas I am more interested in the implications and theory of it. We both have drawn similar conclusions about its usefulness due to being difficult to forge. Really, it's about as good as signature verification, except it is hard to see this signature and the system can actually verify it. (Whereas signatures are ignored entirely.)
ReplyDelete