home download docs test people links

What is GRAPE?

GRAPE is a graphical password scheme that handles authentication by means of a numerical PIN, that users have to type on the basis of a secret sequence of objects and a graphical challenge.

The secret shared between the system and the user is a sequence of objects. The challenge issued by the system is a random arrangement of geometrical colored shapes in a matrix displayed on the screen. During her authentication session, the user is required to type as PIN the position of the secret object in the challenge matrix. To be more precise, the queries the user is required to answer are questions like "On which row of the screen do you see a green full triangle?". Hence, in order to compute the correct response, the user has to watch the screen and answer all the questions corresponding to her secret objects, according to a given protocol.

Features

The majority of graphical password schemes implementation requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, like old fashioned ATM terminals, smart cards and many low-price cellular phones. Moreover, some schemes require the user to accomplish a training process that can even span over two-three days.

GRAPE has been designed keeping in mind two important guidelines: usability and portability. In order to achieve these goals, following features are offered:

  • The graphical challenge can be effectively visualized and equally distinguishable both through small sized or cheap displays like the ones of the cellular phones, or through the classical 10 inch CRT monitor that still equips thousands of ATM terminals.
  • User responses can be composed as well by any sophisticated pointing device as by simple keypad.
  • The generation of challenges and the verification of user's responses are affordable also by computer with limited computational resources (e.g. smart cards, old-fashioned cell phones).
  • The user is simply required to recognize the position of some objects on the screen. She is not required to compute any function and she does not need to do any training process.


February 28, 2007