{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:HZHE5TQI2UP33J2HN3ZVH7FHHC","short_pith_number":"pith:HZHE5TQI","canonical_record":{"source":{"id":"1709.04959","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-14T19:56:29Z","cross_cats_sorted":[],"title_canon_sha256":"4e89866934677a45ad11f47cc6c9dbfb70704ed6893b8bbaa7a35481e75b19c4","abstract_canon_sha256":"579fcef316adc30973fd9223e174ffd0ec7e344263eaee6098bb29aee4ed38c5"},"schema_version":"1.0"},"canonical_sha256":"3e4e4ece08d51fbda7476ef353fca738b73d0ebb2c7eb180e449d77ed7b05657","source":{"kind":"arxiv","id":"1709.04959","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.04959","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"arxiv_version","alias_value":"1709.04959v2","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.04959","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"pith_short_12","alias_value":"HZHE5TQI2UP3","created_at":"2026-05-18T12:31:21Z"},{"alias_kind":"pith_short_16","alias_value":"HZHE5TQI2UP33J2H","created_at":"2026-05-18T12:31:21Z"},{"alias_kind":"pith_short_8","alias_value":"HZHE5TQI","created_at":"2026-05-18T12:31:21Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:HZHE5TQI2UP33J2HN3ZVH7FHHC","target":"record","payload":{"canonical_record":{"source":{"id":"1709.04959","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-14T19:56:29Z","cross_cats_sorted":[],"title_canon_sha256":"4e89866934677a45ad11f47cc6c9dbfb70704ed6893b8bbaa7a35481e75b19c4","abstract_canon_sha256":"579fcef316adc30973fd9223e174ffd0ec7e344263eaee6098bb29aee4ed38c5"},"schema_version":"1.0"},"canonical_sha256":"3e4e4ece08d51fbda7476ef353fca738b73d0ebb2c7eb180e449d77ed7b05657","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:34:28.751948Z","signature_b64":"OkiSwJipByfNVQVr9A6UQgu+0Lc4FmZk3XcVbqoQON7xRu66GFSSN+JnxW+UpLZWWIVc+6cxS99wLpUaYqrHCA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"3e4e4ece08d51fbda7476ef353fca738b73d0ebb2c7eb180e449d77ed7b05657","last_reissued_at":"2026-05-18T00:34:28.751386Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:34:28.751386Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1709.04959","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:34:28Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"AhX5Xk3Mg/GnECPIWP//1QRGJJSIBcUyNgzpWNYdbuDcc4hZxjNNXbgYadwOBew1JyTe3Rhf/x1GV/EsXI4FBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-24T19:53:19.490565Z"},"content_sha256":"ea6aa301d50340c952be62fe659b2856ddf947adbd4cd62eba55e7e4e56731e3","schema_version":"1.0","event_id":"sha256:ea6aa301d50340c952be62fe659b2856ddf947adbd4cd62eba55e7e4e56731e3"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:HZHE5TQI2UP33J2HN3ZVH7FHHC","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Towards Baselines for Shoulder Surfing on Mobile Authentication","license":"http://creativecommons.org/publicdomain/zero/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Adam J. Aviv, Flynn Wolf, John T. Davin, Ravi Kuber","submitted_at":"2017-09-14T19:56:29Z","abstract_excerpt":"Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or prevent the threat of shoulder surfing, our understanding of how the attack performs on current systems is less well studied. In this paper, we describe a large online experiment (n=1173) that works towards establishing a baseline of shoulder surfing vulnerability for current unlock authentication systems. Using controlled video recordings of a victim"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.04959","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:34:28Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"TNRl4672vnl6UN+n+BbFODiq9wtiTpGKTVmSy4eMHdnXue8bAZewUsJQ5N2Ko/aSsveIlSYjIeGuxb9vDK96Bw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-24T19:53:19.490904Z"},"content_sha256":"0d18f28e59fac40affeb08a587709193e592a44046383478f622eb7135d3747f","schema_version":"1.0","event_id":"sha256:0d18f28e59fac40affeb08a587709193e592a44046383478f622eb7135d3747f"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/bundle.json","state_url":"https://pith.science/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-24T19:53:19Z","links":{"resolver":"https://pith.science/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC","bundle":"https://pith.science/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/bundle.json","state":"https://pith.science/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/state.json","well_known_bundle":"https://pith.science/.well-known/pith/HZHE5TQI2UP33J2HN3ZVH7FHHC/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:HZHE5TQI2UP33J2HN3ZVH7FHHC","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"579fcef316adc30973fd9223e174ffd0ec7e344263eaee6098bb29aee4ed38c5","cross_cats_sorted":[],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-14T19:56:29Z","title_canon_sha256":"4e89866934677a45ad11f47cc6c9dbfb70704ed6893b8bbaa7a35481e75b19c4"},"schema_version":"1.0","source":{"id":"1709.04959","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1709.04959","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"arxiv_version","alias_value":"1709.04959v2","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1709.04959","created_at":"2026-05-18T00:34:28Z"},{"alias_kind":"pith_short_12","alias_value":"HZHE5TQI2UP3","created_at":"2026-05-18T12:31:21Z"},{"alias_kind":"pith_short_16","alias_value":"HZHE5TQI2UP33J2H","created_at":"2026-05-18T12:31:21Z"},{"alias_kind":"pith_short_8","alias_value":"HZHE5TQI","created_at":"2026-05-18T12:31:21Z"}],"graph_snapshots":[{"event_id":"sha256:0d18f28e59fac40affeb08a587709193e592a44046383478f622eb7135d3747f","target":"graph","created_at":"2026-05-18T00:34:28Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or prevent the threat of shoulder surfing, our understanding of how the attack performs on current systems is less well studied. In this paper, we describe a large online experiment (n=1173) that works towards establishing a baseline of shoulder surfing vulnerability for current unlock authentication systems. Using controlled video recordings of a victim","authors_text":"Adam J. Aviv, Flynn Wolf, John T. Davin, Ravi Kuber","cross_cats":[],"headline":"","license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-14T19:56:29Z","title":"Towards Baselines for Shoulder Surfing on Mobile Authentication"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1709.04959","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ea6aa301d50340c952be62fe659b2856ddf947adbd4cd62eba55e7e4e56731e3","target":"record","created_at":"2026-05-18T00:34:28Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"579fcef316adc30973fd9223e174ffd0ec7e344263eaee6098bb29aee4ed38c5","cross_cats_sorted":[],"license":"http://creativecommons.org/publicdomain/zero/1.0/","primary_cat":"cs.CR","submitted_at":"2017-09-14T19:56:29Z","title_canon_sha256":"4e89866934677a45ad11f47cc6c9dbfb70704ed6893b8bbaa7a35481e75b19c4"},"schema_version":"1.0","source":{"id":"1709.04959","kind":"arxiv","version":2}},"canonical_sha256":"3e4e4ece08d51fbda7476ef353fca738b73d0ebb2c7eb180e449d77ed7b05657","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"3e4e4ece08d51fbda7476ef353fca738b73d0ebb2c7eb180e449d77ed7b05657","first_computed_at":"2026-05-18T00:34:28.751386Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:34:28.751386Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"OkiSwJipByfNVQVr9A6UQgu+0Lc4FmZk3XcVbqoQON7xRu66GFSSN+JnxW+UpLZWWIVc+6cxS99wLpUaYqrHCA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:34:28.751948Z","signed_message":"canonical_sha256_bytes"},"source_id":"1709.04959","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ea6aa301d50340c952be62fe659b2856ddf947adbd4cd62eba55e7e4e56731e3","sha256:0d18f28e59fac40affeb08a587709193e592a44046383478f622eb7135d3747f"],"state_sha256":"2ab400a6dda152c438d23aac91b668f36bc86e88e9b5a68dae272b8c9c46bb88"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Jj70ooX0jE+vrihIA2xky+5mq8nENc6V3/18N5+so8TRl42iu3viHeD7y26PkQMs+A6zLN8cmYGTAFzksz0XDw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-24T19:53:19.492777Z","bundle_sha256":"3de59882e560d13f25ba95b702546148b80e015338f25b810cedc454dd630b50"}}