Multitouch Padlock

Like the title suggests, this is a multitouch padlock. I wrote it as a proof-of-concept. Eventually I may actually port this to android, but for now it remains in the browser.

Inputting a combination works by doing a rotation gesture around the center of the lock. When you start to turn it in the opposite direction, the number it inputed shows up in the text box in the top right. The padlock can accept anywhere from two to any number of numbers in the combination.

Before using the padlock, you train it by inputting the combination 5 times. Then, when you input your combination, it will compare the trails made by your fingers during your attempt with the trails made during training. If they're similar enough and the combination matches, you're allowed in.

Security-wise the project is a bit interesting, because I use the combination to encrypt the paths used to train the padlock. The only problem is that it's fairly easy to brute-force the combination, so I have to think about how I can get over that hurdle (I have some ideas about how to approach it).

To grab the multitouch data, I used an experimental version of Firefox that exposed multitouch data to the web page as DOM events. The status of this API is unknown to me, but I have a feeling it isn't present in Firefox 4.0. I believe Safari has a similar API, so I could easily port it over.

To render the padlock, I used Dojo's dojox.gfx API, which lets you draw vector graphics in a cross-browser fashion. To store the training data, I used the new HTML5 client-side storage APIs.

I did this as a research project at NYU Poly using a laptop that was on loan, so sadly I can no longer demo it.

I may or may not continue working on this project. It would be nice to put on the Android Market, and possibly make some money off of. At the same time, I've found that the padlock isn't necessarily foolproof, and can raise a lot of false negatives. As a result, it can be frustrating to use, especially for people who don't have as refined motor skills. I probably won't push the source code for this to GitHub, since I may choose to put it on the Android Market down the road, but that may not be for a while, since I'm busy with other projects for the time being, so anything could happen.