Description:Field of the Invention:
The present invention relates generally to a method and device for authenticating an electronic device, and more particularly, to a method and device for unlocking an electronic device.

Background of the Invention:
In this digital era, with the accelerated development of electrical and electronic industries there is a parallel growth of interest in protection of personal information.

A password is most widely used to protect personal information and asset information. Such a protection method allows a connection to a specific system or access to personal information using a password set by a user. Examples of systems using passwords include personal electronic devices such as mobile communication terminals and computers, Televisions, bank accounts, various Internet sites, and domestic electronic keys. When the password of one of the systems is exposed, an unauthorized person can access other systems using the same password as the exposed password. Consequently, a series of damages can be caused. Thus, it is imperative to keep password secure. In doing so, following problems are currently experienced:
1. In order to prevent the password exposure, it is recommended for a user to periodically change the password. This periodic password change imposes a heavy burden on the users.
2. Similarly, when an additional device such as an authentication key or a card is used, other persons cannot access the personal information and asset information without the additional device. But when the additional device is provided to other persons, the personal information and the asset information may be easily exposed to other persons.

Other problems remaining unsolved till date in spite of the existing authentication methods includes:
1. Existing authentication systems store a secret string or a gesture in the back end which needs to be put in during authentication process. This creates the obvious problem of the secret string or gesture being seen by adversary/attacker by shoulder spoofing during authentication process.
2. Existing authentication methods have a static security level that cannot be changed for the authentication method. User cannot opt for varying security levels using the same authentication method but has to change complete authentication method itself.
3. User may want to experience varying forms for inputting the passkeys depending on the time of the day as well as location. For instance, in workplace or library, user may prefer some input providing method while at home may prefer a completely different way to unlock the system.
4. During authentication in existing authentication methods, user's interest is low as the process involves drawing a fixed pattern or entering the same password every time. This becomes monotonous and hence results in poor user experience.

Accordingly, there is a need for a method and device that provide for easy authenticating an electronic device while at the same time retaining security level of the password set.

Summary of the Invention:
This summary is provided to introduce a selection of concepts in a simplified format that are further described in the detailed description of the invention. This summary is not intended to identify key or essential inventive concepts of the claimed subject matter, nor is it intended for determining the scope of the claimed subject matter.

Accordingly, the present invention provides a method for authentication of an electronic device which is based on application and verification of a logic or relation as set by the user. In a preferred embodiment, the method outputs a set of passcodes. The method further comprises receiving a passkey from a user corresponding to the set of passcodes. The method furthermore comprises comparing the passkey received from the user with an internal passkey, wherein the internal passkey is generated on the basis of the set of passcodes and at least one arithmetical and/or logical operation.

In an aspect of the invention, the method may further comprise randomly generating the set of passcodes for outputting. By way of non-limiting example, the set of passcodes randomly generated include one or more of: a set of pin based passcodes, a set of biometric based passcodes, a set of pattern based passcodes, a set of gesture based passcodes, a set of password based passcodes, and combinations thereof. By way of non-limiting example, the set of biometric based passcodes include one or more of: face recognition, retina based recognition, palm print based recognition, finger print based recognition, voice based recognition, heart beating rate based recognition, muscle contraction based recognition, blood flow rate based recognition, iris based recognition and ear print based recognition.

In another aspect of the invention, the method may further comprise at least one of: receiving the at least one arithmetical and/or logical operation from the user during a registration phase. By way of a non-limiting example, that method may include receiving a plurality of arithmetical and/or logical operations from the user. By way of yet another non-limiting example, the method may include deriving from a single arithmetical and/or logical operation, a plurality of arithmetical and/or logical operations.

In yet another aspect of the invention, the method may further comprise receiving from the user at least one selection in relation to a level of security. By way of non-limiting example, the level of security may depend upon one or more of: a time related parameter; a content related parameter; an application related parameter; a location based parameter; a secondary device proximity based parameter; a usage related parameter; and a user preference. In still another aspect of the invention, the method may further comprise selecting or deriving from the at least one arithmetical and/or logical operation thus received from the user, at least one arithmetical and/or logical operation based on the selected level of security.

In a further embodiment of the invention, wherein the outputting the set of passcodes is performed on a primary device or alternatively is performed at least partly on a secondary device in operable relationship with a primary device. Likewise, in an embodiment of the present invention, the passkey is received from a primary device or alternatively is received at least partly from a secondary device in operable relationship with a primary device.

By way of non-limiting example, the arithmetical operation includes one or more of addition, subtraction, multiplication, division, exponential function, modulus operator, increment operator, decrement operator, a root function, factorial function, a permutation operation, a combination operation, a concatenation operation, a shifting operation and a replacement operation. By way of non-limiting example, the logical operation includes one or more of AND operation, OR operation, XOR operation, NOT operation, NAND operation, NOR operation and XNOR operation.

The present invention furthermore provides a device for authentication that comprises an output unit for outputting a set of passcodes; a receiving unit for receiving a passkey from a user corresponding to the set of passcodes; and a comparator unit for comparing the passkey received from the user with an internal passkey, wherein the internal passkey is generated on the basis of the set of passcodes and at least one predefined arithmetical and/or logical operation.

To further clarify advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended figures. It is appreciated that these figures depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying figures.

Brief Description of Figures:
These and other features, aspects, and advantages of the present invention will become better understood when the following detailed description is read with reference to the accompanying figures in which like characters represent like parts throughout the figures, wherein:
Figure 1 illustrates a flow chart for authentication of an electronic device in accordance with an embodiment of the present invention;
Figure 2 illustrates a more detailed flow chart for authentication of the electronic device in accordance with an embodiment of the present invention;
Figure 3 illustrates a block diagram of device for authentication in accordance with an embodiment of the present invention;
Figure 4 illustrates the authorization process involving random numbers and arithmetical operations, wherein the passkey authorization code is received via a touch based input mechanism;
Figure 5 illustrates yet another authorization process involving random numbers and arithmetical operations, wherein the passcodes is depicted at an edge of the device;
Figure 6 illustrates the authorization process involving random numbers and arithmetical operations, wherein the passkey is received via a voice based input mechanism;
Figure 7 illustrates the authorization process involving random codes and logical operations, wherein the passkey is received via pattern based input mechanism;
Figure 8 illustrates the authorization process involving random codes and logical operations, wherein the passkey is received via a gesture based input mechanism;
Figure 9 illustrates the authorization process involving random numbers and arithmetical operations, wherein the passcode is depicted on a secondary device and the passkey is received via a touch based input mechanism on a primary device;
Figure 10 illustrates the authorization process involving random numbers and arithmetical operations, wherein the passcode is depicted on a primary device and the passkey is received via a touch based input mechanism on a secondary device;
Figure 11 illustrates the authorization process involving random numbers and arithmetical operations, wherein a first passcode is depicted on a primary device, a first passkey is received via a touch based input mechanism on the primary device, a second passcode is depicted on a secondary device and a second passkey is received via a touch based input mechanism on the secondary device;
Figure 12 illustrates a process of setting the at least one arithmetical and/or logical operation;
Figure 13 illustrates yet another process of setting the at least one arithmetical and/or logical operation; and
Figure 14 illustrates a process of setting a level of security and at least one arithmetical and/or logical operation corresponding to the set level of security.

Further, skilled artisans will appreciate that elements in the figures are illustrated for simplicity and may not have been necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the figures with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.

Detailed Description:
For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.

It will be understood by those skilled in the art that the foregoing general description and the following detailed description are exemplary and explanatory of the invention and are not intended to be restrictive thereof.

Reference throughout this specification to “an aspect”, “another aspect” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrase “in an embodiment”, “in another embodiment” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.

The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by "comprises... a" does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.

Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The system, methods, and examples provided herein are illustrative only and not intended to be limiting.

Embodiments of the present invention will be described below in detail with reference to the accompanying figures.

Referring to figure 1, there is illustrated a method (100) for authorization of an electronic device, said method comprising: outputting a set of passcodes (101); receiving a passkey from a user corresponding to the set of passcodes (102); and comparing the passkey received from the user with an internal passkey (103). In an embodiment of the invention, the internal passkey is generated on basis of the set of passcodes and at least one arithmetical and/or logical operation. In case the passkey received from the user is matching with the generated internal passkey, authorization is provided to the user to access the electronic device.

Now referring to figure 2, there is illustrated a more detailed method for authorization (200) of the electronic device. The method (200) comprises checking (201) a level of security and at least one arithmetical and/or logical operation as set by the user. A set of random passcodes is generated (202) and the at least one arithmetical and/or logical operation is applied (203) to the set of random passcodes as per the security level set by the user to generate an internal passkey.

Although not demonstrated in figure 2, the internal passkey thus generated may be tested to satisfy one or more predetermined criteria. By way of a non-limiting example, if the set of random passcodes are numbers and the operations are arithmetical in nature, then it can be checked whether the internal passkey has a “zero” value. By way of another non-limiting example, it can be checked whether the internal passkey has a less than a predetermined number of digits. By way of yet another non-limiting example, if the set of random passcodes are pattern based passcodes and the operations are logical in nature, then it can be checked whether the internal passkey is a “straight” value. By way of still another non-limiting example, it can be checked whether the internal passkey has a less than a predetermined number of points of contact. It can be generally said that in some cases, some types of passkeys may be prohibited and thus, it can be checked whether the internal passkey thus generated falls within the proscribed type of passkeys. However, in case no such criteria exist, this step can be skipped.

The method (200) further includes a step of storing (204) the internal passkey thus generated. The method further includes a step of displaying (205) the set of random passcodes to the user. The method then checks (206) whether the user has entered a passkey corresponding to the displayed passcodes. In case the user has entered a passkey, it is determined as to whether the user entered passkey is equal to the saved internal passkey (207). If the user entered passkey is equal to the saved internal passkey, the electronic device is authenticated (208) while on the other hand, if the user entered passkey is NOT equal to the saved internal passkey, the electronic device is NOT authenticated. In an aspect of the invention, in case the electronic device is NOT authenticated, the method may, subject to satisfaction of one or more criteria, return to once again generating a set of random passcodes. By way of a non-limiting example, if user has entered incorrect passkeys for less than a predetermined number of times, the method may return to generating a set of random passcodes.

It can be thus seen that the invention will offer the user with an opportunity to enter varying passkeys, which can be substantially different every time. As the authentication method involves at least one arithmetical and/or logical operation, with the arithmetical and/or logical operation being held as a secret (or is not exposed), it would be difficult for an adversary/attacker to crack the authentication system. Thus, it can be observed that the authorization method of the present invention is highly secured compared to any of the existing authentication methods and tends to especially decrease the chances of the passkey being compromised by shoulder-surfing.

It can be observed that by increasing or decreasing a security level, the complexity of the authentication process can be easily varied. Also, the security level can be automatically increased or decreased based on a wide variety of parameters such as location, time etc.

It can be observed that the authentication method is not limited to the type of input keys and can be applied to wide variety of input keys including for example, various forms like Num pad, Pattern-matching, Speech based Number recognition etc. thus providing the user utmost comfort.

It is believed that a user will enjoy the authentication process, thereby increasing user experience. The user can experience varying ways in which passkeys would be input by her/him. The authentication method provides ample scope to club existing authentication methods like Pattern-matching and Voice based Recognition; thereby increasing the security level of existing authentication methods and for the combined system as a whole as well as keeping the authentication process interactive and engaging in nature.

The proposed method can provide a layer which would be invisible to the existing authentication methods but would enhance their security. This layer would dynamically provide for varying passkeys/patterns/speech etc. for the respective existing authentication method.

By way of a non-limiting example, construction of a device that implements the method as described above is illustrated in figure 3. The device (300) comprises an output unit (301) for outputting a set of passcodes, a receiving unit (302) for receiving a passkey from a user corresponding to the set of passcodes, and a comparator unit (303) for comparing the passkey received from the user with an internal passkey, wherein the internal passkey is generated on the basis of the set of passcodes and at least one predefined arithmetical and/or logical operation.

The device further comprises a random passcode generation unit (304) that generates a set of random passcodes for outputting via the output unit. The device further comprises a storage device (305) for storing at least one predefined arithmetical and/or logical operation. The device furthermore comprises an arithmetic and logic unit (306) which receives the set of random passcodes generated by the random passcode generation unit (304), retrieves the at least one predefined arithmetical and/or logical operation from the storage device (305) and applies the at least one predefined arithmetical and/or logical operation upon the received set of random passcodes for generating the internal passkey. The internal passkey thus generated is stored on the storage device. The device may further comprise a security level unit (307), which stores the security level as stored by the user (if any), and takes care of applying the security level at the time of generating the internal passkey.

While in the above paragraphs the method and the device have been described, functioning of the authentication method will be described in detailed by referring to some on-limiting examples.

As mentioned above, the proposed authentication method is based on application and verification of a relation set by user and for the sake simplicity, that relation set by the user is assumed to be:
Operand 1 Operand 2 Operand 3
with Operator 1 being “*” (Multiply); and Operator 2 being “+” (Addition).

For authenticating, the device generates three random digits, each random digit corresponding to an operand and together being referred to as passcodes. The user has to apply the logic (which is the sequence of the operators, in this case, as shown above), previously set by user, on the random digits (passcodes) to compute a value. The value so computed is the passkey to authenticate the device.

Now referring to figure 4, in an example the device generates 3, 2 and 9 as the three random digits and displays the digits 3, 2 and 9 in a passcode display area (401). The device calculates an internal passkey by applying the logic as previously set (*, +) on the random digits. In the present instance, the value will be:
3 * 2 + 9 = 15

The device allows for the user to input a passkey using an input unit (402). In some instance, the system may also depict the passkey thus provided in a passkey display area (403).

Upon receiving the passkey, the device compares the passkey thus received from the user with the internal passkey. In case the passkey received from the user is 15 i.e. matches with the internal passkey, the device is authenticated.

It may be noted that the next time the authentication is being performed the device generates three random digits and displays the digits in the passcode display area (401). Since the passcodes are randomly generated, the chances the same passcode (i.e. 3, 2 and 9 will be generated) is substantially less. Assuming that the device now generates 4, 5 and 6 as the three random digits, then the device calculates an internal passkey by applying the logic as previously set on the random digits. In the present instance, the value will be:
4 * 5 + 6 = 26

The device now allows for the user to input a passkey using an input unit (402). Upon receiving the passkey, the device compares the passkey thus received from the user with the internal passkey. In case the passkey received from the user is 26 i.e. matches with the internal passkey, the device is authenticated.

The user can set any relation by choosing the operators. Following could be the domain of operators the user can opt from: addition, subtraction, multiplication, division, exponential function, modulus operator, increment operator, decrement operator, a root function, factorial function, a permutation operation, a combination operation, an append operation, a concatenation operation, a shifting operation and a replacement operation. The effect of choosing the operators is illustrated for some of the operators by way of non-limiting example.

Addition: The addition operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 4 and 2, then the passkey will be: 4 + 2 = 6.

Subtraction: The subtraction operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 4 and 2, then the passkey will be: 4 - 2 = 2.

Multiplication: The multiplication operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 4 and 2, then the passkey will be: 4 * 2 = 8.

Division: The division operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 4 and 2, then the passkey will be: 4 / 2 = 2.

Modulus: The modulus operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 3 and 2, then the passkey will be: 3 mod 2 = 1.

Exponent: The exponent operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 3 and 2, then the passkey will be: 3 ^ 2 = 9.

Append: The append operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 3 and 2, then the passkey will be: 3 append 2 = 32.

Neglect left: The neglect left operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 3 and 2, then the passkey will be: 3 Neglect_left 2 = 2.

Neglect right: The neglect right operator can be set on any two operands. By way of example, if the passcodes generated (randomly generated digits) are 3 and 2, then the passkey will be: 3 Neglect_right 2 = 3.

User defined operator: The User defined operator can be set on any two operands. By way of a non-limiting example, if the User defined operator is "difference" and the passcodes generated (randomly generated digits) are 3, 2 and 9 then the passkey will be:
3 difference 2 difference 9 = 17
as difference between 3 and 2 is 1
difference between 2 and 9 is 7

Following could be the non-exhaustive domain of User defined operators the user can opt from: difference operator, summing operator, product operator, partition operator, user customized BODMAS rules, etc.

The examples provided above merely for the purposes of illustration and are non-exhaustive list of operators.

While applying the logic on the randomly generated digits, standard rules for solving mathematical expression shall be followed. This is to exclude any possible ambiguous expression such as:
" 3 * 2 + 9 " may produce passkeys as
(3 * 2) + 9 = 15 ......... (1)
3 * (2 + 9) = 33 ......... (2)

Hence, the operators shall be applied to the randomly generated digits in an order according to the universally accepted BODMAS rule:
B Brackets first
O Orders (i.e. Powers and Square Roots, etc.)
DM Division and Multiplication (left-to-right)
AS Addition and Subtraction (left-to-right)

Thus, in above mentioned examples, valid passkey would be derived using equation (1) which is in line with BODMAS rule and not equation (2).

As illustrated in figure 5, while user is authenticating, the randomly generated digits (501) can appear at the Edge. The user can provide the passkey in a region (502).

As illustrated in figure 6, in an alternative example, instead of receiving the passkey from the user in the form of a keyed input, the passkey can be received from the user in the form of a voice based command / input. In particular, the device may read-out (602) the passcodes i.e. 3, 2 and 9 in addition to displaying (601) the same. The user’s voice command (603) will be received. The voice command will be recognized to check whether the user has provided the appropriate passkey (15 in the present instance). In case the voice command provided by the user matches with the internal passkey, the user will be authenticated. In case the user is not interested in providing the voice based command, he may choose to key-in the passkey by activating the key-in option (604).

The operators need not necessarily be mathematical operators only. They can be any logical operator as mentioned above. Moreover, Logical operators such as AND operation, OR operation, XOR operation, NOT operation, NAND operation, NOR operation and XNOR operation can be performed on randomly generated digits. The above is illustrated in Figure 7, wherein the user is presented or provided with an input means for receiving therefrom a pattern based input.

For instance, if the system displays 3, 2 and 9 and if the set logic is Operator 1: AND; Operator 2: XOR. Applying the logical operators in sequence we can see that the internal passkey (which is pattern based) will be: “Any pattern including dots at position 3 AND 2 XOR dot at position 9”.

It shall be noted that since
3 AND 2 = 2 AND 3;
the sequence in the pattern between dot at position 3 & at position 2 can be reversed. However, since Operator 2 is 'Logical XOR', hence the pattern must consist of either dots at position (3 AND 2 / 2 AND 3) or dot at position 9 only but not together the dots at position 2, 3, 9.

Thus, it can be seen that many patterns can be said to satisfy the above condition and all such patterns which satisfy the above condition can function as the passkey. In particular, referring to figure 7(a), it can be seen that the pattern (701) includes dots at position 3 AND position 2 and NOT position 9. Thus, the same functions as a passkey which will result authentication of the device. Likewise referring to figure 7(b), it can be seen that the pattern (702) includes dots at position 3 AND position 2 and NOT position 9 and hence, the same functions as a passkey which will result authentication of the device. On the other hand, referring to figure 7(c), it can be seen that while pattern (703) includes dot at position 2, it fails to include the dot at position 3 and hence, the same is NOT a passkey which will result authentication of the device. Likewise, referring to figure 7(d), it can be seen that while pattern (704) includes dot at position 3, it fails to include the dot at position 2 and hence, the same is NOT a passkey which will result authentication of the device. Now referring to figure 7(e), it can be seen that while pattern (705) includes dot at position 9 and fails to include the dot at position 3 or the dot at position 2 and hence, the same is a passkey which will result authentication of the device. Likewise, referring to figure 7(f), it can be seen that while pattern (706) includes dot at position 9 and fails to include the dot at position 3 or the dot at position 2 and hence, the same is a passkey which will result authentication of the device. Now referring to figure 7(g), since the pattern (707) includes dots at position 2, 3 and 9, the same is NOT a passkey which will result authentication of the device. Also, referring to figure 7(h), it can be observed that the pattern (708) does not include dots at position 2 AND 3. Also, it can be observed that it does not include dot at position 9 (in the absence of dots at position 2 AND 3) and hence, the same is NOT a passkey which will result authentication of the device.

While figure 7 relates to the relation being based on logical operators and the input means being a pattern based input, it is to be noted that the input means can be changed. For example, as illustrated in figure 8, the input means can be gesture based input means wherein the user may set gestures and relation among them.

For instance, logic could be set as:
Operator 1: AND
Operator 2: OR

The system displays, let’s say, 2T 1S¬R 1FU (Here T denotes tap, SR denotes swipe right, FU denotes flick up, SL denotes swipe left, FD denotes flick down, etc. and the number before them denotes the frequency for that gesture). Thus, as illustrated in figure 8(a), in the above case, user would execute the function as 2T (801) (which means tap two times) AND 1SR (802) (which means swipe right one time). Alternatively, as illustrated in figure 8(b), the user could execute the function 1FU (803) (which means flick up one time) to authenticate.

It may be noted that the gesture based commands are NOT restricted to what has been illustrated in figure 8. By way of non-limiting example, some of the other gestures that can be used include a Tap gesture, a Double tap gesture, a swipe right gesture, a swipe left gesture, a flick up gesture, flick down gesture, a rotate gesture and a spread gesture.

It may be further noticed that the passkey input means could be based on biometric based passcodes, which can be selected from: face recognition, retina based recognition, palm print based recognition, finger print based recognition, voice based recognition, heart beating rate based recognition, muscle contraction based recognition, blood flow rate based recognition, iris based recognition and ear print based recognition.

For instance, the authentication method based on application and verification of a relation:
(Operand 1 Operand 2) (Operand 3 Operator 4)
with, logic could be set as:
Operator 1: AND
Operator 2: OR
Operator 3: AND

The system displays, let’s say, FAR, RER, TIR and MIR (Here FAR denotes face recognition, RER denotes retina based recognition and TIR denotes thumb finger based recognition and MIR denotes middle finger based recognition, etc.). Thus, in the above case, user could provide Face Input AND Retina Input or alternatively, the thumb finger print AND the middle finger print to authenticate.

In yet another instance, the authentication method based on application and verification of a relation:
Operand 1 Operand 2 Operand 3
with, logic could be set as:
Operator 1: AND
Operator 2: XOR

The system displays, let’s say, FAR, RER and TIR (Here FAR denotes face recognition, RER denotes retina based recognition and TIR denotes thumb finger based recognition). Thus, in the above case, user could provide Face Input AND Retina Input or alternatively, ONLY the thumb finger print (without providing Face Input AND Retina Input) to authenticate.

It may be noted that the invention is not restricted to the particular types of passkey input means and any type of passkey input means such as pin based mechanism, biometric based mechanism, pattern based mechanism, gesture based mechanism, password based mechanism, and combinations thereof can be implemented.

For example, the authentication method based on application and verification of a relation:
Operand 1 Operand 2 Operand 3
with, logic could be set as:
Operator 1: AND
Operator 2: XOR

The system displays, let’s say, 2T, FAR and RER (Here 2T denotes two taps, FAR denotes face recognition and RER denotes retina based recognition). Thus, in the above case, user could provide two taps AND Face Input or alternatively, ONLY the Retina Input (without providing 2 taps AND face Input) to authenticate.

It is also to be noted that the method of the present invention can be performed in a distributed system, comprising for example a primary device which is to be authenticated and a secondary device, which may be in communication with the primary device. The manner in which the primary device and the secondary communication device are in operational communication with each other include a wire-based communication or a wireless based communication.

In terms of a wireless based communication, the mode of communication can be either a long range based or a short range based. By way of non-limiting example, a short range based communication can include a Wi-Fi® based communication or a ZigBee® based communication or a Bluetooth® based communication or a RFID based communication, etc.

To illustrate the above, reference is drawn to figures 9 to 11, wherein figure 9 illustrates a primary device (901) in communication with a secondary device (902). The passcode (903) is outputted by the secondary device (after receiving the same from the primary device), while the passkey (904) from the user is received by the primary device. On the other hand figure 10 illustrates a primary device (1001) in communication with a secondary device (1002) with the passcode (1003) being outputted by the primary device, and the passkey (1005) from the user is received by the secondary device via an input unit (1004). In this case, the secondary device then transmits the passkey to the primary device.

Now referring to figure 11, there is illustrated a scenario there is provided a primary device (1101) and a secondary device (1102). Assuming the authentication to be based on multiple passkeys or a staged authentication, a first passcode (1103) is outputted by the primary device and a fist passkey (1104) is received via an input unit (1105) as provided on the primary device. Likewise, a second passcode (1106) is outputted by the secondary device and a second passkey (1107) is received via an input unit (1108) as provided on the secondary device. The secondary device then transmits the second passkey to the primary device.

One of the aspect of the invention is that the at least one arithmetical and/or logical operation is preferable as defined by the user. The user can set at least one arithmetical and/or logical operation during a registration phase. Now referring to figures 12 and 13, there are illustrated some mechanisms for setting of the at least one arithmetical and/or logical operation.

Referring in particular to figure 12, the user is provided with a graphical user interface depicting a set of operators (1201) that can be chosen by the user for creating the arithmetical and/or logical operation. By way of a non-limiting example, the user may drag-and-drop (or select in general) an operator at a designated position (1202, 1203 or 1204) in the arithmetical and/or logical operation. While in figure 12, space is shown for three operators, the number of operator to be used in an arithmetical and/or logical operation can be defined by the user and can be either less or more.

Referring in particular to figure 13, the user is provided with a graphical user interface depicting a set of operators (1301) at the edge that can be chosen by the user for creating the arithmetical and/or logical operation. Instead of presenting the relation (as is the case in figure 12), in figure 13 there are provided input boxes (1302) for the ease of the user. The user may select any operator from the edge portion to be placed in a particular input box. The number of input boxes can be increased or reduced as per user’s convenience.

In a preferred aspect of the invention, the user is also able to provide at least one selection in relation to a level of security. Based on the level of security thus selected by the user, the complexity of the authentication method can be increased or decreased. By way of non-limiting example, the level of security is dependent upon one or more of a time related parameter; a content related parameter; an application related parameter; a location based parameter; a secondary device proximity based parameter; a usage related parameter; and a user preference.

By way of a non-limiting example, the various types of passkey input mechanism can have an associated predefined security rating (which may for example, be set by the manufacturer). The predefined security rating may be stored in the memory in the form of a table during the manufacturing. In an example, predefined security rating may specify a high security rating for password authentication technique, medium security rating for pattern authentication technique, and low security rating for biometric authentication technique based on facial information. Thus, based on the level of security chosen by the user, the passkey input mechanism can be chosen and presented to the user.

By way of a non-limiting example, based on current location, the authentication method can automatically switch between:
1) Keypad based input or pattern based input;
2) Pattern based input or voice based input;
3) Keypad based input or voice based input;
and so on for other input methods.

By way of yet another non-limiting example, if we consider a user preference based selection of level of security, the authentication method may be such that:
• In early hours of the day, user might be sleepy and hence do not want to type instead prefer voice based input; or
• In workplace or library, user may prefer pattern/keypad based input while at some secure place like home may prefer voice based input;
• and so on for other input methods.

Either as an alternative or as an addition to the above, two or more arithmetic and/or logic operation may be stored in the storage device for use and based on the selected level of security, at least one arithmetic and/or logic operation can be chosen. The two or more arithmetic and/or logic operations can be either provided by the user or can be derived from a single arithmetic and/or logic operation as provided by the user. The user may select the security level in two ways namely manually setting-up of security levels and automatic setting-up of security levels.

Manually setting up of security levels:
By way of a non-limiting example, as illustrated in figure 14, the user may be presented with a graphical user interface depicting a set of operators (1401) at one edge that can be chosen by the user for creating the arithmetical and/or logical operation. The user is presented with input boxes (1402) for the ease of the user. At another edge, the user is presented with a selection of the level of security (1403). The user can construct multiple arithmetic/logical operations, each corresponding to a particular level of security. Once an arithmetic/logical operation has been constructed, he can choose a security level and store the arithmetic/logical operation in mapped relation with the security level.

Automatically setting-up security levels:
In this case, the user can simply choose maximum security level say (Sk). Thus the user can set an arithmetic/logical operation by specifying 'k' operators. So the arithmetic/logical operation would look like:
Operand 1 ... Operand i .. Operand (k+1)

By way of example, if the user chooses maximum security level as S3, an arithmetic/logical operation with three operators may be created and the user will be required to choose the three operators. Assuming for the purposes of illustration that the user chooses the following arithmetic operators:
Operator 1: * (Multiply)
Operator 2: + (Addition)
Operator 3: - (Subtraction),
the arithmetic/logical operation would look like:
Operand 1 * Operand 2 + Operand 3 - Operand 4 ……(3)

The arithmetic/logical operation as identified by equation (3) will be allocated to the highest security level i.e. to security level S3. The arithmetic/logical operation will be automatically and gradually truncated from the right and will be allocated remaining security levels in a decreasing order.

Thus, the arithmetic/logical operation allocated to security level 2 would look like:
Operand 1 * Operand 2 + Operand 3 ……(4);
while the arithmetic/logical operation allocated to security level 1 would look like:
Operand 1 * Operand 2 ……(5).

Once the various security levels have been set up, the user may define the condition under which the security level has to be applied. As mentioned above, invoking an application of the security level may be defined in terms of one or more of a time related parameter; a content related parameter; an application related parameter; a location based parameter; a secondary device proximity based parameter; a usage related parameter; and a user preference.

For example, the user may set Security levels as per location and apply logic dynamically as follows:
S3:
Operator 1 : * (Multiply)
Operator 2 : + (Addition)
Operator 3 : - (Subtraction)
e.g. 3 * 2 + 9 - 8 = 7

S2:
Operator 1 : * (Multiply)
Operator 2 : + (Addition)
e.g. 3 * 2 + 9 = 15

S1:
Operator 1 : * (Multiply)
e.g. 3 * 2 = 6

User Mode/User Accessibility:
Using this authentication method, the system may also provide user option to save logic/relation for authentication for particular access modes. For instance user may set

'Logic 1' for access to 'Normal/Full mode' access as :
Operator 1 : * (Multiply)
Operator 2 : + (Addition)
Operator 3 : - (Subtraction)

'Logic 2' for access to 'Restricted mode' access as:
Operator 1 : * (Multiply)
and so on.

Thus, when user applies 'Logic 1' on the randomly generated digits and inputs the passkey as per 'Logic 1', s/he will get access to 'Normal/Full mode'.

However, if user applies 'Logic 2' on the same randomly generated digits and inputs the passkey as per 'Logic 2', s/he will get access to 'Restricted mode'.

It may be noted that the authentication method as described above can be applied to a wide variety of electronic devices including but not limited to mobile communication terminals such as mobile phones & tablets and computers etc., televisions, domestic electronic keys, and other electronic devices. In addition, the authentication method can be applied during accessing electronic information including by way of example, E-mail login system, Banking, Profile login systems of sites etc.

While specific language has been used to describe the disclosure, any limitations arising on account of the same are not intended. As would be apparent to a person in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein.

The figures and the forgoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment. For example, orders of processes described herein may be changed and are not limited to the manner described herein. Moreover, the actions of any flow diagram need not be implemented in the order shown; nor do all of the acts necessarily need to be performed. Also, those acts that are not dependent on other acts may be performed in parallel with the other acts. The scope of embodiments is by no means limited by these specific examples. Numerous variations, whether explicitly given in the specification or not, such as differences in structure, dimension, and use of material, are possible. The scope of embodiments is at least as broad as given by the following claims.

Claims:We Claim:

1. An authentication method (100), comprising the steps of:
outputting (101) a set of passcodes;
receiving (102) a passkey from a user corresponding to the set of passcodes; and
comparing (103) the passkey received from the user with an internal passkey, wherein the internal passkey is generated on the basis of the set of passcodes and at least one arithmetical and/or logical operation, wherein the at least one arithmetical and/or logical operation is predefined

2. The authentication method as claimed in claim 1 further comprising: randomly generating (202) the set of passcodes for outputting, wherein the set of passcodes randomly generated include one or more of: a set of pin based passcodes, a set of biometric based passcodes, a set of pattern based passcodes, a set of gesture based passcodes, a set of password based passcodes, and combinations thereof.

3. The authentication method as claimed in claim 1 further comprising: receiving the at least one arithmetical and/or logical operation from the user during a registration phase.

4. The authentication method as claimed in claim 1 further comprising:
receiving from the user at least one selection in relation to a level of security; and
selecting or deriving, from the at least one arithmetical and/or logical operation thus received from the user during a registration phase, at least one arithmetical and/or logical operation based on the selected level of security, wherein the level of security is dependent upon one or more of:
• a time related parameter;
• a content related parameter;
• an application related parameter;
• a location based parameter;
• a secondary device proximity based parameter;
• a usage related parameter; and
• a user preference.

5. The authentication method as claimed in claim 1, wherein the outputting the set of passcodes is performed on a primary device.

6. The authentication method as claimed in claim 1, wherein the outputting the set of passcodes is performed at least partly on a secondary device in operable relationship with a primary device.

7. The authentication method as claimed in claim 1, wherein the passkey is received from a primary device.

8. The authentication method as claimed in claim 1, wherein the passkey is received at least partly from a secondary device in operable relationship with a primary device.

9. A device for authentication, said device comprising:
an output unit (301) for outputting a set of passcodes;
a receiving unit (302) for receiving a passkey from a user corresponding to the set of passcodes; and
a comparator unit (303) for comparing the passkey received from the user with an internal passkey, wherein the internal passkey is generated on the basis of the set of passcodes and at least one arithmetical and/or logical operation, wherein the at least one arithmetical and/or logical operation is predefined.

10. The device for authentication as claimed in claim 9 further comprising: a random passcode generating unit (304) for randomly generating the set of passcodes for outputting.

11. The device for authentication as claimed in claim 9 further comprising: a storage device (305) for storing the at least one arithmetical and/or logical operation received from the user during a registration phase.

12. The device for authentication as claimed in claim 9 further comprising: an arithmetic and logic unit (306) for applying the arithmetical and/or logical operation to the set of passcodes to derive the internal passkey, wherein the internal passkey thus derived is stored in a storage device (305) and the comparator unit (303) retrieves the internal passkey from the storage device (305) for comparison.

13. The device for authentication as claimed in claim 9 further comprising: a security level unit (307) for receiving and storing at least one level of security, wherein the security level unit (307) is adapted to selecting or deriving from the at least one arithmetical and/or logical operation thus received from the user during a registration phase, at least one arithmetical and/or logical based on the selected level of security.