SECURE Security is a prime concernEverything is encrypted at the user end before storing on the server. We never store the users password.
Summary
Visual Login provides a mechanism to authenticate a user using just his user name or email or mobile
number, and a unique user created pattern instead of a password.
Objective
Providing a convenience to the user by not requiring the user to remember their password
each time they want to login on the site that provides this mechanism. The biggest advantage to users is that they will no longer be required to remember multiple usernames
and passwords.
high level steps
First time use users will be required to register a pattern with vilogin.com, in lieu of their password. This
pattern created by a user will be used on multiple websites that employ the vilogin service. Essentially,
from the end-user perspective, the user is exchanging their passwords for multiple sites with a single
pattern, which will now be accepted by any website that is vilogin ready (or enabled).
Once an account is authenticated via a sms code sent to the user’s mobile phone, the account will then
be activated and will be available for use for authentication purposes across an unlimited number of
websites, such as email service providers, social networks, classifieds, dating sites – just about any site
that enforces username/password based authentication over the web.
Vilogin will act as a convenience service layer between online service providers and end
users, and will auto fill the challenge part of the login process (example the username or email) and
display a grid to the user on which the user will use his pointing device to connect the dots to replicate
their pattern.
Following authentication, the vilogin.com API will be used by the website to log the user in
Existing Patents and Niche
Authentication via pattern has already been patented by US Patent No WO2001077792A2 and has been
re-patented as a method with an improvement over the first method (US Patent No US20060206918),
by way of adding an extra layer of security by authentication the user with a username and password
each time the user authenticates himself using a pattern. The pattern is also encoded before
transmission to the server.
This really completely defeats the purpose of pattern authentication, based on the declared objectives
of using such system:
Providing a convenience to the user by not requiring the user to remember their password
each time they want to login on the site that provides this mechanism.
Making the user authenticate the pattern with their login/password, is not only counterproductive, but
is also idiotic at best, and borderline retarded at worst.
Improvements and Advantages of the VisuaLogin.com method:
1. We are a service that provides a pattern based authentication mechanism for users across
multiple websites that choose to offer this service. We provide APIs that interact with the user
on one end and the application layer of the service provider on the other end.
2. We offer several additional layers of security for the user. During registration, we confirm the
user’s identity (to circumvent identity theft) by forcing the user to confirm a verification code
sent to the email address on file.
3. Upon successful code verification, we require the registration of the users mobile phone to their
visual login account for optional identity verification as an added layer of security during future
pattern authentication sessions (instead of additional username/password verification)
4. We streamline and standardize the login user experience across all sites by using the users
mobile phone number as a primary identification/challenge token. Behind the scenes, this data
is then used to recall and set either the email address or login name as the first data entity in
the login process. The user now has to no longer keep track of and guess if the login text box for
any given site expects a email address or a login name. User doesn’t have to remember their
password either. The pattern does it all.
5. Additional security during each login attempt. The user may also elect to be verified via a sms
code required during each login, along with just pattern entry.
6. We can also store level 2 data such as addresses, name, age, cc info etc. This may be
programmatically provided to the site in question, based on set preferences and adequate
permissions.
7. For extra security, our patterns are 3 dimensional – which means that in addition to storing 2d
pattern data on the xy axis, we also store time as the 3rd dimensions for each leg or the grid as a
whole. This is especially important in public environments where others may see and try to
replicate your grid. To circumvent this, we also store time based data for each leg, such as the
speed of drawing each leg – or – the length of time paused between legs. This could be static (in
seconds) or as a ratio of total time.