{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T07:15:52Z","timestamp":1761808552828,"version":"3.40.3"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031212796"},{"type":"electronic","value":"9783031212802"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,11,19]],"date-time":"2022-11-19T00:00:00Z","timestamp":1668816000000},"content-version":"vor","delay-in-days":322,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>In this paper we present a new method of secure human-computer identification, which remains safe also in untrusted systems and environments. This method allows the elimination of any supplementary gadgets\/devices or theft-sensitive biometric data used by the Multi-Factor Authentication (MFA), and using only one secret as a universal private key for all obtainable online accounts. However, the features of this solution make it best suited for use by an mobile authenticator or by Authentication Authority with the Single-Sign-On (SSO) method of identity and access management, rather than for individual services. Such a key is used by our innovative challenge-response protocol to generate One-Time-Password, e.g., 6-digit OTP, could be calculated by a human in only 15\u00a0s, also offline on paper documents with an acceptable level of security required for post-quantum symmetric cyphers, thanks to the hard lattice problem with noise introduced by our new method, which we call Learning with Options (LWO). The secret has the form of an outline like a kind of handwritten autograph, designed in invisible ink on the mapping grid. The password generation process requires following such an invisible contour on the challenge matrix created randomly by the verifier and reading values from secret fields to calculate the OTP.<\/jats:p>","DOI":"10.1007\/978-3-031-21280-2_25","type":"book-chapter","created":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T08:30:15Z","timestamp":1668760215000},"page":"452-467","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Secure Human Identification Protocol with\u00a0Human-Computable Passwords"],"prefix":"10.1007","author":[{"given":"S\u0142awomir","family":"Matelski","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,11,19]]},"reference":[{"key":"25_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/3-540-46416-6_35","volume-title":"Advances in Cryptology","author":"T Matsumoto","year":"1991","unstructured":"Matsumoto, T., Imai, H.: Human identification through insecure channel. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 409\u2013421. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46416-6_35"},{"key":"25_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1007\/3-540-45682-1_4","volume-title":"Advances in Cryptology","author":"NJ Hopper","year":"2001","unstructured":"Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52\u201366. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_4"},{"doi-asserted-by":"crossref","unstructured":"Madhavan, M., Thangaraj, A., Sankarasubramanian, Y., Viswanathan, K.: NLHB: A non-linear hopper-blum protocol. In: 2010 IEEE International Symposium on Information Theory, pp. 2498\u20132502 (2010)","key":"25_CR3","DOI":"10.1109\/ISIT.2010.5513440"},{"key":"25_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/11535218_18","volume-title":"Advances in Cryptology","author":"A Juels","year":"2005","unstructured":"Juels, A., Weis, S.A.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293\u2013308. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_18"},{"unstructured":"Li, S., Shum, H.-Y.: Secure human-computer identification (Interface) systems against peeping attacks: SecHCI. IACR\u2019s Cryptology ePrint Archive: Report 2005\/268","key":"25_CR5"},{"doi-asserted-by":"crossref","unstructured":"Weinshall, D.: Cognitive authentication schemes safe against spyware. In: IEEE Symposium on Security and Privacy (S &P) (2006)","key":"25_CR6","DOI":"10.1109\/SP.2006.10"},{"unstructured":"Blocki, J., Blum, M., Datta, A., Vempala, S.: Toward human computable passwords. In: ITCS (2017)","key":"25_CR7"},{"doi-asserted-by":"publisher","unstructured":"Asghar, H.J., Pieprzyk, J., Wang, H.: A new human identification protocol and Coppersmith\u2019s baby-step giant-step algorithm. In: Zhou, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2010. Lecture Notes in Computer Science, vol. 6123, pp. 349\u2013366. Springer, Berlin, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13708-2_21","key":"25_CR8","DOI":"10.1007\/978-3-642-13708-2_21"},{"doi-asserted-by":"crossref","unstructured":"Blum, M., Vempala, S.: Publishable humanly usable secure password creation schemas. In: AAAI Conference on Human Computation and Crowdsourcing, HCOMP, pp. 32\u201341 (2015)","key":"25_CR9","DOI":"10.1609\/hcomp.v3i1.13233"},{"issue":"8","key":"25_CR10","doi-asserted-by":"publisher","first-page":"1643","DOI":"10.1109\/TIFS.2015.2421875","volume":"10","author":"HJ Asghar","year":"2015","unstructured":"Asghar, H.J., Steinfeld, R., Li, S., Kaafar, M.A., Pieprzyk, J.: On the linearization of human identification protocols: attacks based on linear algebra, coding theory, and lattices. IEEE Trans. Inf. Forensics Secur. 10(8), 1643\u20131655 (2015)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"doi-asserted-by":"crossref","unstructured":"Samadi, S., Vempala, S., Kalai, A.T.: Usability of humanly computable passwords. arXiv preprint arXiv:1712.03650 (2017)","key":"25_CR11","DOI":"10.1609\/hcomp.v6i1.13333"},{"unstructured":"Yan, Q., Han, J., Li, Y., Deng, R.H.: On limitations of designing usable leakage resilient password systems: attacks, principles and usability. In: 19th Network and Distributed System Security Symposium (NDSS) (2012)","key":"25_CR12"},{"doi-asserted-by":"crossref","unstructured":"Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.-C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177\u2013184 (2006)","key":"25_CR13","DOI":"10.1145\/1133265.1133303"},{"key":"25_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-40041-4_4","volume-title":"Advances in Cryptology","author":"J Alwen","year":"2013","unstructured":"Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57\u201374. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_4"},{"doi-asserted-by":"crossref","unstructured":"Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus, Cryptology ePrint Archive, Report 2015\/769","key":"25_CR15","DOI":"10.1007\/978-3-662-49096-9_9"},{"key":"25_CR16","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1016\/j.dcn.2014.07.009","volume":"10","author":"I Dumontheila","year":"2014","unstructured":"Dumontheila, I.: Development of abstract thinking during childhood and adolescence: the role of rostrolateral prefrontal cortex. Dev. Cognitive Neurosci. 10, 57\u201376 (2014)","journal-title":"Dev. Cognitive Neurosci."},{"issue":"3","key":"25_CR17","first-page":"943","volume":"4","author":"S Patil","year":"2018","unstructured":"Patil, S., Mercy, S., Ramaiah, N.: A brief survey on password authentication. Int. J. Adv. Res. Ideas Innov. Technol. 4(3), 943\u2013946 (2018)","journal-title":"Int. J. Adv. Res. Ideas Innov. Technol."},{"key":"25_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719\u2013737. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_42"},{"key":"25_CR19","doi-asserted-by":"publisher","first-page":"8547","DOI":"10.3390\/app10238547","volume":"10","author":"F Wang","year":"2020","unstructured":"Wang, F., Leng, L., Teoh, A., Chu, J.: Palmprint false acceptance attack with a generative adversarial network (GAN). Appl. Sci. 10, 8547 (2020)","journal-title":"Appl. Sci."},{"doi-asserted-by":"crossref","unstructured":"Brostoff, S., Inglesant, P., Sasse, A.: Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the BCS-HCI 2010, Dundee, UK (2010)","key":"25_CR20","DOI":"10.14236\/ewic\/HCI2010.13"},{"doi-asserted-by":"crossref","unstructured":"Jhawar, R., Inglesant, P., Courtois, N., Sasse, M.A.: Strengthening the security of graphical one-time PIN authentication. In: 5th International Conference on Network and System Security (2011)","key":"25_CR21","DOI":"10.1109\/ICNSS.2011.6059963"},{"doi-asserted-by":"crossref","unstructured":"Sadeghi, K., Banerjee, A., Sohankar, J., Gupta, S.K.S.: Geometrical analysis of machine learning security in biometric authentication systems. In: 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 309\u2013314 (2017)","key":"25_CR22","DOI":"10.1109\/ICMLA.2017.0-142"},{"doi-asserted-by":"crossref","unstructured":"Sadqi, Y., Belfaik, Y., Safi, S.: Web OAuth-based SSO systems security. In: Proceedings of the 3rd International Conference on Networking, Information Systems & Security, NISS (2020)","key":"25_CR23","DOI":"10.1145\/3386723.3387888"},{"key":"25_CR24","doi-asserted-by":"publisher","first-page":"5967","DOI":"10.3390\/s21175967","volume":"21","author":"AF Baig","year":"2021","unstructured":"Baig, A.F., Eskeland, S.: Security, privacy, and usability in continuous authentication, a survey. Sensors 21, 5967 (2021)","journal-title":"Sensors"},{"unstructured":"Project lab for i-Chip authentication. 2 August 2022. https:\/\/www.researchgate.net\/profile\/i-Chip-Authentication","key":"25_CR25"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-21280-2_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,4]],"date-time":"2023-01-04T17:15:21Z","timestamp":1672852521000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-21280-2_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031212796","9783031212802"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-21280-2_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"19 November 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taipei","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taiwan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ispec2022.ndhu.edu.tw\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2 invited papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}