I Introduction
With the rapid development of intelligence, the password becomes the guarantee of normal operation of intelligent mechanism such as networks. The multivariate, multiformalized and widely applied cryptographs have become an urgent need, and the production of various passwords also face to hard attackers. Classical studies of the password problem going back over 35 years (Morris and Thompson, 1979; Feldmeier and Karn, 1990; Klein, 1990) have shown that, as a result, human users tend to choose and handle alphanumeric passwords very insecurely [5]. The following password problem is well known in the security community:
The password problem [5]: (1) Passwords should be easy to remember, and the user authentication protocol should be executable quickly and easily by humans.
(2) Passwords should be secure, i.e. they should look random and should be hard to guess; they should be changed frequently, and should be different on different accounts of the same user; they should not be written down or stored in plain text.
The first idea for GPWs was described by Blonder (1996) [7]. His approach was to let the user click, with a mouse or stylus, on a few chosen regions in an image that appeared on the screen. If the correct regions were clicked in, the user was authenticated, otherwise the user was rejected.
We think of giving users greater freedom, and greatly reflect personalized; exploring the relationship between facts and assumptions, there should be no gap between users and passwords.
“Graphical password” will be abbreviated as GPW, and “TopsnutGPW” is the abbreviation of “Graphical passwords based on the idea of topological structure plus number theory”. We will use the knowledge of graph theory to design the socalled TopsnutGPWs in [33].
GPW schemes have been proposed as a possible alternative to textbased schemes. Two principal research questions proposed by Wiedenbeck et al. [5] are stated below:
RQ 1: Are GPWs a viable alternative to alphanumeric passwords in terms of security, as well as password creation, learning, performance, and retention?
RQ 2: Are users’ perceptions of GPWs different from those of alphanumeric passwords?
How to answer the above problems? And furthermore can we meet more problems in researching GPWs?
Although people have designed many GPWs, no report tells us much of them were applied to business and practice (Ref. [1], [2], [3]). However, QR codes (they are referred as a printable computer language) can be considered as a type of GPWs that are used widely in the world, since it has the characteristics of large amount of information, strong error correcting ability, quick and comprehensive reading and so on. Clearly, QR code is a successful example of GPW’ applications in mobile devices by fast, relatively reliable and other functions. Unfortunately, some of people can use QR codes to design traps for good people, since many people can not know their own QR codes and can not input their own QR codes by hand. The generation, recognition, scanning, making, decoding and designing of QR codes have become popular, in other words, QR codes can not be used to those places requiring highlevel security.
By our observation, the existing GPWs wants people to learn more and remember more, and are lack of individualization, transformation, and persistent knowledge, etc. Many GPWs are not equal to users such that users have no right to choose their own formats or to make some of their favorite passwords. Needless to say, improving GPWs must be required.
Ii The existing GPWs
Iia Basic constitutions of the existing GPWs

Login Screen in public or private places: one picture/image or a group of pictures/images, or an grid.

GPW’s Length: number of pictures/images, number of clickpoints (styluspoints); number of drawing traces in grid.

Order: order of pictures/images selected by users, order of positions in a series of clickpoints (resp. touchpoints).

Personal replaceability: most of GPWs do not support personal replaceability frequently.

Geometric metric: geometric positions of clickpoints, touchpoints, lines, curves in 2Dplane.

Transformation: alphanumeric passwords can be transformed into pictures/images, and vice versa.

Round number of authentication: most of GPWs have only one round authentication.

Compounding: Few number of GPWs consist of images and with alphanumeric passwords.

GPWs’ spaces: many GPWs have small spaces.

Pictures changed frequently: many of the existing GPWs’ have no such function.
We point out that for being suitable to large number of people, most of the existing GPWs contain no mathematical computation. Also, it seems difficult to let most of people like a fixed picture/image when they input their graphical passwords.
IiB Possible attacks to the existing GPWs
The existing attack types can be categorized as software attacks and nonsoftware attacks including dictionary attack, shoulder surfing attack, hiddencamera spyware attack, social engineering attack, bruteforce attack, intersection analysis attack, graphical dictionary attacks, guess attacks, smudge attacks, intersection analysis attack, and so on.
The most common of these attacks based on password space are common with the bruteforce search and dictionary attack. Gao et al. [3] have summarized the main attacks to the existing GPWs as follows:
Shoulder surfing refers to someone using direct observation techniques to capture passwords.
Brute force attack is also known as exhaustivesearch attack, since it involves systematically searching all possible elements in the theoretical password space until the correct one is found.
Dictionary attack
involves guessing passwords from an exhaustive list called a dictionary (from a prearranged list of values) which typically consisting of all passwords with higher possibility of being remembered easily, ordering from most to least probable.
Intersection attack is where all the password images are part of the challenge sets, and decoy icons are changed in each round. Intruders can use the intersection of two challenge sets to reveal the password images.
Social Engineering is a technique used by hackers or other attackers to gain access to seemingly secure systems through obtaining the needed information (for example, a username and password) from a person rather than breaking into the system through electronic or algorithmic hacking techniques. Social Engineering has: (i) tricking; (ii) phishing and pharming.
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence spyware, which includes adware, Trojan horse, keystrokeloggers, mouseloggers and screenscrapers, is usually installed on a user’s personal computer without permission, is typically invisible to the user and difficult to detect. Spyware contains: (i) keystrokeloggers; (ii) mouseloggers; (iii) screenscrapers; (iv) other spyware.
In the end of the article [3], the authors point out: “(1) From a password scheme designer’s perspective, he must make his password scheme more secure and reliable, using methods where: Focus on increasing password entropy without sacrificing usability and memorability; minimize the pattern in the scheme; keyboard input or mouse click information not fixed for each login; add realtime SMS (Short Messaging Service) verification if necessary. (2) From a user’s perspective, he should make his password more secure by: Avoid pattern and easy password when set a password; use security antivirus software; not open unidentified web pages; not install suspicious plugins; not use websites requiring sensitive personal information in an insecure environment. However, for some systems which require high security levels, it is appropriate to sacrifice some usability to ensure the absolute security.”
IiC There are several rounds in the authentication of the existing GPWs
The authors in [6] introduce a socalled S3PAS for producing GPWs. This scheme seamlessly integrates both textual and GPWs and is resistant to shouldersurfing, hiddencamera and spyware attacks. During the registration phase, users select a string as the original password. The length of depends on different environments and different security requirements. During password creation, at the th round, a user selects a letter/number in the th triangle with by and . After rounds, the user gets the desired password .
Remark 1.
TopsnutGPWs can be designed in many rounds in the process of authentication for meeting high security requirements.
IiD GPWs for mobile devices
GPWs for mobile devices have been investigated in [12], [13], [14], [15] and [36]. Suo, in her article [15], has proposed the following suggestions:

Approaches to overcome limitations of a touch screen computer for graphical password designs.

The relationship between user password choices and the complexity of the background image.

The relationship between background image choice and successful authentication rate.

The relationship between tolerance rate and successful rate.

Security concerns of using GPW for touch screen devices.

Assess the future of GPW for touch screen devices.
Suo shows her GPW for mobile devices (see Fig. 1).
Iii TopsnutGPWs for mobile devices
We use standard notation and terminology of graph theory that can be found in [8], in which there are many graph colorings were introduced and investigated by algorithmic methods. Gallian [4] presents a large survey on graph labellings, over 2000 papers collected. We present our investigation of GPWs on mobile devices by using TopsnutGPWs based on the idea appeared in [9] and [10]. In Fig.2, we show a screen for TopsnutGPWs, in which there are three regions, we drag small circles from the left menu to the working region, and then drag a line or a curve to join some pairs of small circles in the working region. In the above procedure, small circles and lines (or curves) can automatically past to each other like that in Microsoft office Visio (see Fig. 3). The following process is to label the circles and lines with numbers or letters (see Fig. 4Fig. 6).
Iiia TopsnutGPWs
In two articles [9] and [10], Wang et al. show an idea of “topological structures plus number theory” for designing newtype GPWs (abbreviated as TopsnutGPWs), and have designed some TopsnutGPWs in the techniques of graph theory. Wang et al. [9] are interesting on devising TopsnutGPWs for mobile devices with touch screen, such as smart phones, iPad and those are popular handheld touch devices. By their principle of “needing conditions as little as possible, maximizing users’ needs as large as possible” they develop TopsnutGPWs for different accounts, easily remembering, frequently changing, embodying, individual favorite, withstanding popular attacks. Clearly, the key on generating TopsnutGPWs is to increase usability and security simultaneously (Ref. [2]).
Definition 1.
Let be a graph of graph theory, and be a coloring/labelling defined as , where is a subset of , and is an integer set. We call this labeled graph a TopsnutGPW.
Fig.7 shows an edge that joins two vertices and , also, we call two vertices and as the ends of the edge . In graph theory, two vertices and can be joined by a line or a curve to form an edge , and they are drawn in 2Dplane by no requirements of geometric metrics. There are four TopsnutGPWs shown in Fig.8, in fact, they are one TopsnutGPW by the definition of TopsnutGPWs. The development goals of TopsnutGPWs are stated in the following:
1. Both users and authentication need little storage space.
2. User needs little scientific knowledge of mathematics, and authentication can identify more complex scientific knowledge of mathematics, chemistry, physics and biology.
3. Operate by human fingers on mobile devices with touch screen, which can be used at home or private places for resisting shoulder surfing attack or other physical attacks.
4. Only need small circles, line/curve segments (colored, colorless, continuous and dotted lines/curves); small circles and line segments can be dynamically connected up together, and latters/numerals can be marked on small circles and line/curve segments.
5. Part of TopsnutGPWs can be privately customization, that is, let users construct and select their favorite and nonforgetting topological structures, as well as choose their own mathematical or nonmathematical techniques.
6. To achieve successfully transformation between lowlevel passwords and advanced passwords.
7. Pursuit of simple yet quick principles.
8. Inherit the advantages of traditional graphical cryptography and twodimensional codes (QR code) as much as possible.
9. Take into account the emergence of intelligent graphical passwords (smart GPWs) for achieving sustainable development.
IiiB Examples of TopsnutGPWs
First example is shown in Fig.10, we can see how to generate a simple TopsnutGPW.
A user is logging for his business, he got the first screen shown in Fig.10(A) after inputting his account. He dragged several small circles into the working region, see Fig.10(B), and labeled the small circles with numbers shown in Fig.10(C). The authentication shown in Fig.10(F) is a combined TopsnutGPW made by a key Fig.10(D) and a lock Fig.10(E). This TopsnutGPW was designed first in [11], called a twin oddgraceful labelling, and it has its own vertex labels
and its own edge labels form two oddinteger sets
and . It is easy to see that the number labeled to an edge just equals the absolute value of difference of two numbers labeled to two small circles that are the ends of this edge.In Fig.10, three steps (B), (C) and (D) can be arranged into other orders. For example, we can join some pairs of unlabeled small circles for making a topological structure selected by users, and then label the small circles (or lines or curves) with numbers. Different orders are very important, since they will meet the records in authentication.
Second example is shown in Fig.11. At the first step of log in, the user get three screens (a), (b) and (c), which will appear circularly before the user select one topological structure. The selected topological structure shown in Fig.11(d) is as the same as one shown in Fig.10(D). Next the user will label the small circles and lines of the topological structure with numbers such that three numbers labeled to an edge and two ends of the edge meet a predetermined requirement.
IiiC Properties of TopsnutGPWs
All of human activities can be expressed in “language” we have thought, where “language” is a combination of pictures, sounds, videos, scientific languages, scientific symbols, scientific knowledge, biological techniques, etc. So, TopsnutGPW is a particular “language”, and can be considered as a platform for designing various TopsnutGPWs.
IiiC1 Properties
The study of the “language” has the significance of graph theory and practical application. We have the following advantages of “language”:

There is a vast number of graphs with smaller orders (see [18]).

There exist enormous numbers of graph colorings and labellings in graph theory (see [4]). And new graph colorings/labellings come into being everyday.

For easy memory, some simpler operations like addition, subtraction, absolution and finite modular operations are applied.

There are many nonpolynomial algorithms. For example, drawing nonisomorphic graphs is very difficult and nonpolynomial; for a given graph, finding out all possible colorings/labellings are impossible, since these colorings/labellings are massive data. Many graph problems are NPcomplete.

As known, tree structures can adapt to a large number of labellings, in addition to graceful labeling, no other labellings reported that were established in those tree structures having smaller vertex numbers by computer, almost no computer proof. Because construction methods are complex, this means that using computers to break down GPWs will be difficult greatly.

The number of one style of different labellings/colorings is large, and no method is reported to find out all of such labellings/colorings.

There are many mathematical conjectures (open problems) in graph labellings, such as the famous graceful tree conjecture, oddgraceful tree conjecture, etc.

Many labellings of trees are convertible to each other (see [34]).

TopsnutGPWs are suitable to a wide range of people, since they have much interesting, strongly mathematical logic and many mathematical conjectures.

One key corresponds to more locks, or more keys corresponds to one lock only.

TopsnutGPWs realize the coexistence of two or more labellings on a graph, which leads to the problem of multilabelling decomposition of graphs, and brings new research objects and new problems to graph theory.

There are connections between TopsnutGPWs and other type of passwords. For example, small circles in the TopsnutGPWs can be equipped with fingerprints and other biological information requirements, and users’ pictures can be embedded in small circles, greatly reflects personalization.

Number theory, algebra and graph theory are the strong support to TopsnutGPWs.

TopsnutGPWs are easy to avoid nonsoftware attacks, since people can use their mobile devices in private or semiprivate places. However, TopsnutGPWs should resist various spyware like Trojan horse viruses.
IiiC2 Connections of TopsnutGPWs
By means of graph labellings, Wang et al. [11] show some new graph labellings in the procedure of building TopsnutGPWs such that a graph can admits two different labellings. Based on trees, Yao et al. [34] show the equivalent connections among eight different labellings under the setordered graceful condition.
IiiD Construction of TopsnutGPWs
We can apply many constructive techniques and graph colorings/labellings of graph theory on the Topsnut platform when we design a myriad of TopsnutGPWs. An example shown in Fig. 12 introduce the connection between colorings of planar graphs. In Fig. 12, is a maximal planar graph having a 4coloring and a 3facecoloring; is a 3regular planar graph obtained from ; the Klein fourgroup enables us to obtain having a proper 3edgecoloring. The deletion of numbers of vertices and faces yields , and add one to the edge labels of under modular , where and , to get . By the same way in producing we can obtain . It is not hard to see that with , where is the label of edge of with . So, three TopsnutGPWs , and form an Abelian additive graphical group of modular 3, and each can be considered as the unit element of this graphical group.
IiiD1 Recursive graphs
We define a class of recursive graphs in the way:
Definition 2.
Let be an operation defined on graphs. If each can be produced from by the operation , and is not generated by doing the operation to some graph, then we call a recursive graph and a root, as well as a recursive operation.
The recursive operations contain the triangularly edgeidentifying operation, the triangularly embedded edgeoverlapping operation and the triangularly singleedgepaste operation, and so on.
A triangularly embedded edgeoverlapping operation (TEEoO) on maximal planar graphs is defined as: Let , be two maximal planar graphs, where has its own inner face bound and has its own outer face bound . We embed into such that the edge of the outer face bound of is overlapped with the edge of the inner face bound of into one, and do the same operation on the edges and , on the edges and . The resulting graph is called a TEEoOgraph, denoted as , and call a TEEoOfactor and a TEEoOobject. Clearly, any recursive maximal planar graph is a TEEoOgraph obtained by do a TEEoO to a inner face of a recursive maximal planar graph with the TEEoOfactor , namely, . In fact, any recursive maximal planar graph has the root , where TEEoO (see an example shown in Fig. 13). Other two examples are Apollonian network model and recursive maximal planar graphs.
Remark 3.
If a triangularly embedded edgeoverlapping operation (TEEoO) based on maximal planar graphs, that is, the TEEoOfactor and the TEEoOobject are maximal planar graphs, then we say TEEoO will close many properties of the TEEoOfactor and the TEEoOobject, such as various 4colorings. The same situations appear in the graphs made by the triangularly singleedgepaste operation. Sierpínski network model is constructed by another type of triangularly recursive operation.
Problem: (i) List recursive operations often used, and recursive graphs appeared in networks.
(ii) For a recursive operation , we show the characters of the recursive graphs and determine the root .
IiiD2 Xu’s methods based on maximal planar graphs
First of all, in designing TopsnutGPWs, we introduce useful and powerful Xu’s methods in his articles [19, 20, 21, 22] on his mathematical proof of Four Color Conjecture. The reasons of establishing TopsnutGPWs by using Xu’s methods are:

Easy to remember: use only 4 numbers (alternatively, 4 colors, or 4 letters, or 4 pictures, or 4 types of circles, etc.)

Maximal planar graphs have: (1) Normative standard, each face of any maximal planar graph is a triangle; (2) configuration complexity. Using computer to construct maximal planar graphs is generally irregular, and determining the number of nonisomorphic maximal planar graphs is NPhard.

It is difficult to find all 4colorings of a maximal planar graph. General attackers are not able to find 4colorings of maximal planar graphs by computer. Nearly 50 years, only two reports by American scientists overcome the planar graph 4coloring problem by computer and long working time.

Interchangeability. TopsnutGPWs can be contractible and extensible; the operations of graph theory can implement conversions between lowlevel cryptography and highlevel cryptography.
We show methods on maximal planar graphs for designing TopsnutGPWs’ structures as follows.
Method 1. The dumbbell transformation ([20, 21]). Fig.15 (a) is called a dumbbell graph in Xu’s operation. We cut the vertex shown in Fig.15(a) into two subvertices for getting Fig.15 (b), and Fig.15 (c) is obtained by doing a dumbbell transformation to Fig.15 (b).
In Fig.15 (c), from a large cycle 3’4323’ to a small cycle 1’2141’ , and from the small cycle 1’2141’ to the center vertex 3, we can get an alphanumeric password 3’4323’1’2141’3’3’, it has 18 units. Moreover, based on a path in Fig.15 (c), we can get another alphanumeric password having 35 units.
Moreover, in Fig.17 (f), the path can yields an alphanumeric password with 35 units. Clearly, , although Fig.15 (a) coincides with Fig.17 (d). Moreover, in Fig.15 (c), we can use a path to get an alphanumeric password with 41 units, and another path in Fig.17 (f) to get another alphanumeric password such that . Or, we can use a cycle to make a longunit alphanumeric password such that .
Remark 4.
(2) It is obviously difficult to draw completely Fig.15 (c) and Fig.17 (f) by two alphanumeric passwords and .
(3) Since there are many Xu’s dumbbell graphs in Fig.15 (c) and Fig.17 (f), we can implement the dumbbell transformation on these two TopsnutGPWs for generating more complex TopsnutGPWs and producing alphanumeric passwords having enough long units (they can be used to encrypt electronic documents, or to produce encryption keys) from these more complex TopsnutGPWs.
Method 2. How many TopsnutGPWs are there based on a maximal planar graph? In the view of authentication, this problem is very important such that two users have different TopsnutGPWs if they have selected just the same maximal planar graph. A Kempe change is to exchange two colors of a connected component of a 2coloring induced subgraph, and remain the colors of the other vertices unchanged in a colored graph. Two colorings and of a chromatic graph are called Kempe equivalent if can be obtained from by a sequence of Kempe changes. Xu, in his article [22], discover the Kempe’s equivalent class: Let be a chromatic graph. is called a Kempe graph if all colorings of are Kempe equivalent. And he studies the characteristics of Kempe maximal planar graphs, introduce the recursive domino method to construct Kempe maximal planar graphs, and propose two interesting conjectures. Xu partitions the Kempe equivalent classes of nonKempe graphs into three classes: treetype, cycletype, and circularcycletype, and point out that all these three classes can exist simultaneously in the set of 4colorings of one maximal planar graph [22].
Method 3. In Fig.18 and Fig.19, we show Xu’s Domino Extendingcontracting Operational System [20]. Xu’s methods can maintain the number of colors to be at most four in constructing planar graphs, and there are only two extending and contracting operations on 2wheel, 3wheel, 4wheel and 5wheel. Thereby, we say that Xu’s methods are simple and easy for users to make their TopsnutGPWs, and can make more complex TopsnutGPWs with hundred and thousand of vertices by the Domino Extendingcontracting Operational System (DECOS). Xu’s methods guarantee at most four colors are used in DECOS.
Method 4. We define two particular operations: the offspring operation and the splitting operation on vertices of planar graphs as follows (ref. [36]):
(i) In Fig.20 (a), we split the vertex with its neighbor set (where is adjacent to by the clockwise direction in the plane for keeping the planarity) into two subvertices and delete the edges with and ; next we join with by an edge, and join with each of , and join with each vertex of , respectively. Here, shown in Fig.20 (b). The resulting graph is still a planar graph (see Fig.20 (b)). The above procedure is called “doing a split operation to the vertex ” and call Fig.20 (b) to be a splitting graph of Fig.20 (a).
Similarly, Fig.20 (d) is a splitting graph after doing a split operation to the vertex of Fig.20 (a), and we join with each of ; and join with each vertex of with , respectively. Here, and shown in Fig.20 (d).
(ii) In an offspring operation, suppose that has its neighbor set , where is adjacent to by the clockwise direction in the plane for keeping the planarity. The vertex gives birth to two vertices and , and joins with to form two edges, respectively. Next, we delete the the edges with and , and join with each vertex of , and join with each vertex of respectively. Here, shown in Fig.20 (c). The resulting graph shown in Fig.20 (c), call it an offspring graph of Fig.20 (a), and the process from Fig.20 (a) to Fig.20 (c) is called an offspring operation on the vertex .
Furthermore, for obtaining Fig.20 (e), we do an offspring operation on the vertex shown in Fig.20 (a), where has its neighbor set , where is adjacent to by the clockwise direction in the plane for keeping the planarity. Let join with its two birthes to yield two edges, and we delete the the edges with and and, we join with each vertex of ; and join with each vertex of with , respectively. Here, and shown in Fig.20 (e).
Method 5. The concept of the flip operation was introduced by Wagner [31]. In 2001, Gao et al. [32] proved that every maximal planar graph with vertices contains at least flippable edges; and there exist some maximal planar graphs containing at most flappable edges. Moreover, Gao et al. showed that there were at least flippable edges in a maximal planar graph if .
In Fig.22, (b) is obtained from (a) by doing two split operations on two vertices ; and (c) is obtained from (b) by doing a split operation on vertex ; (d) is obtained from (c) by doing an offspring operation on vertex ; and (e) is obtained from (d) by doing two flip operations on two edges and , where two flip operations are to delete the edges and , and then join vertex with by an edge, next, join vertex with by an edge.
IiiD3 Triangularly edgeidentifying and edgesubdivision operations
Let be the set of planar graphs such that each one of has its outer face to be triangle and a proper 4coloring.
In Fig. 24, indicates the left planar graph having a 4coloring , indicates the right planar graph having a 4coloring and is the bottom planar graph having a 4coloring . We identify the edge of with the edge of into one edge denoted as , so we get a planar graph having it outer face , and then we identify the edge of with the edge of into one edge and identify the edge of with the edge of into one edge. Finally, we get a planar graph having a 4coloring obtained by three 4colorings , and . Clearly, the planar graph belongs to . We call the above procedure of building up a triangularly edgeidentifying operation. Conversely, we can subdivide into and , call such operation a triangular edgesubdivision operation, also, is triangularly edgesubdivisible.
If the topological structures of and are isomorphic to each other, then is triangularly regular subdivisible.
We can use these tow operations to study some properties of maximal planar graphs.
Remark 5.
(1) The triangularly edgeidentifying operation and triangular edgesubdivision operation will close many properties of the TEEoOfactor and the TEEoOobject, such as various 4colorings.
(2) The triangularly edgeidentifying operation and triangular edgesubdivision operation can be generalized to planar graphs having nontriangular outer faces.
IiiE Analysis of TopsnutGPWs
IiiE1 A general definition for TopsnutGPWs
We use the function concept to present a general definition of TopsnutGPWs as follows:
Definition 3.
Let stand up a lock (authentication), be a key (password), and be the password rule (a procedure of authentication). The function represents the state of “a key open a lock through the password rule , and call directly a TopsnutGPW.
A TopsnutGPW contains three major aspects: pattern, order and structure, also, the mathematical principles. Let and be the domain and the range of the function , respectively. The complex of the TopsnutGPW is determined by the password rule , the domain and the range . If one of cardinalities of and is the exponential form, then the complex of the TopsnutGPW is not polynomial; if the password rule is NPhard, thereby, so is the TopsnutGPW too.
In visualization, a TopsnutGPW is a labeled graph by a coloring/labelling belonging to a particular class . So, is defined as the basic difficulty of the TopsnutGPW , where parameters , , graph properties and coloring/labellings belonging to .
IiiE2 Methods to judge different TopsnutGPWs
All topological structures used in TopsnutGPWs are storage in computer by graph matrices. Four TopsnutGPWs shown in Fig.8 correspond a graph matrix shown in Fig.25, and the graph matrix is not equal to the graph matrix shown in Fig.26. Thereby, graph matrices enable us to judge different TopsnutGPWs.
IiiE3 Nonsymmetrization
TopsnutGPWs can solve the problem of “one key open two or more locks, and one lock can be opened by two or more keys” (onekeytomorelocks, onelocktomorekeys). In general, the onelocktomorekeys is a function
(1) 
where is a lock, and each is a key for . Conversely, the onekeytomorelocks is the inverse of the onelocktomorekeys as follows
(2) 
where is a key, and each is a lock with .
IiiE4 TopsnutGPW chains
We are given a sequence of TopsnutGPWs such that with , where each key is obtained by the key , then the TopsnutGPW is called an rank TopsnutGPW, the sequence is called a recursive TopsnutGPW chain. Obviously, the greater value of and the more difficult to be break down, but the difficulty of users’ memory then increases. Also, we can define another TopsnutGPW chain by with , or a Fibonacci TopsnutGPW chain defined by with .
Remark 6.
(1) It may be interesting to add the thought of Markov chain in TopsnutGPW chains.
(2) Recursive planar graphs , form a TopsnutGPW chains under a recursive operation . Here, may be one of the triangularly edgeidentifying operation, the triangularly embedded edgeoverlapping operation and the triangularly singleedgepaste operation, and so on.
IiiE5 Perfect labeling graphs
We consider an interesting class of graphs as studying TopsnutGPWs, we call such particular graphs as perfect labeling graphs defined by: “Let labeling be a given graph labelling, and let a connected graph have a labeling. If every connected proper subgraph of also admits this labeling, then we call a perfect labeling graph.” As known, all caterpillars are (odd)graceful, so each caterpillar is a perfect (odd)graceful labeling graph. In fact, caterpillars admit many graph labellings. By the technique used in [37], we can show that all lobsters are perfect (odd)graceful labeling graphs. We ask for: If every connected proper subgraph of a connected graph has a labelling, then does admits this labelling too? Clearly, a perfect labeling graph (like a mother) can be used to produce a crowd of TopsnutGPWs (like sons and girls). So, perfect labeling graphs can be used to solve problems of onekey vs morelocks, or onelock vs morekeys.
IiiE6 Connection between the TopsnutGPWs based on a graph
Suppose that a graph admits two different labellings with , where , and each holds a given restriction with (such as, is graceful, or oddgraceful, or edgemagic total and so on). So, we have two labeled graphs having labelling with , and we can have a correspondence between and such that for .
For example, a key has a labelling shown in Fig.10(D), and another key has a labelling shown in Fig.29(a). So, we have a correspondence defined by: , , , , , , and .
Remark 7.
A similar investigation has appeared in [34].
IiiE7 Dual labellings of TopsnutGPWs
Many of TopsnutGPWs made by graph labellings have their own dual labellings. Such dual labellings can be found in literature on graph labellings. We show an example in Fig.29 here, but presenting introduction in detail.
IiiE8 Difficult rank/grades of TopsnutGPWs
How to determine the difficult rank/grade of a TopsnutGPW? We have no any existing method now. Clearly, we will probe deeply TopsnutGPWs for getting more their properties and characteristics, for example, the length of a TopsnutGPW, the round number of authentication, nonsymmetrization, TopsnutGPW chain, etc. And we should measure these properties by mathematical techniques in order to show scientific ranks for TopsnutGPWs.
IiiF TopsnutGPWs’ spaces
IiiF1 TopsnutGPW’ graphspaces
Wang et al. have worked out constructions of large scale of TopsnutGPWs by given smaller scale TopsnutGPWs (Ref. [9, 10, 11, 28, 29, 30]). Wang et al. have built up a TopsnutGPW space by a given basis graph and a given group of smaller scale TopsnutGPWs such that each element of is denoted as , which is just a highlevel TopsnutGPW having at least vertices. We use to indicate the number of graphs of order , then Harary and Palmer [18] have shown the numbers of graphs of order (see Table1)
We, often, use trees to produce TopsnutGPWs, because trees admit many graph labellings [4]. Let and be the numbers of nonisomorphic trees and rooted trees, respectively. We have the numbers of trees of order in the Table2. Some particular TopsnutGPWs need the help of digraphs (see Table3).
IiiF2 Coloring/labelling spaces
IiiF3 Measuring TopsnutGPWs’ spaces
A graph is a graph having vertices and edges. The saying “distinct labellings ” means the distinct labellings belong to the class that contains ; similarly, the sentence “distinct colorings ” means the distinct colorings belong to the class that contains . However, the saying “different type labellings (resp. colorings)” means that a graph has all of different type labellings (resp. colorings). We define the following basic metric parameters for measuring TopsnutGPWs’ spaces:

, the number of nonisomorphic graphs.

, the number of nonisomorphic digraphs having vertices and arcs.

, the number of nonisomorphic graphs of order .

, the number of nonisomorphic digraphs of order .

, the number of distinct labellings of a graph for a special labelling .

, the number of distinct colorings of a graph .

, the number of distinct setcolorings of a graph .

, the number of different type colorings of a graph . Notice that for two graphs and , in general.

, the number of different type labellings of a graph . In general for two graphs and .

, the number of different type of setcolorings of a graph . In general for two graphs and .
We have four types of line/curve, dotline/curve, line circles, dotline circles in our design of TopsnutGPWs. In a graph , we have different line and dotline circles, and different line/curves and dotline/curves. Roughly speaking, we have different expressions of a graph . Thereby, the graph can yield the number of distinct TopsnutGPWs is
(3) 
with . All graphs can produce TopsnutGPWs as follows
(4) 
for . If we use colors to color lines and circles, we have TopsnutGPWs based on a graph , and TopsnutGPWs based on all graphs.
We take trees of order 10 for computing . In table2, we can see and . So, by the result due to Sheppard [17], each tree of order 10 has graceful labellings, that is, . We have
For all rooted trees of order 10, we have
As comparing, roughly saying, the earth sand amount is about , or (), which is 8 trillion to 13 trillion billion billion; and the number of stars in the most sophisticated telescope can be observed is about (). Suppose that there are ten billion people in the world, then so each person has ten billion TopsnutGPWs; or for one hundred billion people, thus, each person has one hundred billion TopsnutGPWs.
Since in Table1 consist of 60figure numbers, we can label a graph of order 24 by two or more styles, that means we can get digital passwords having more than 120figures. In other words, we will wait for Xu’s computer [16], Probe Machine computer, to break down our TopsnutGPWs.
Iv Conclusion and further researches
We have shown the constitution of the existing GPWs, and list several possible attack methods on the existing GPWs. We enjoy the TopsnutGPWs made by the idea proposed by Wang et al., and focus on the TopsnutGPWs used by mobile devices with touch screen. We can see that TopsnutGPWs having personal customization, high cultural degree and intelligence will also appear and gradually replace, update, and improve the existing passwords. And the password flows and password groups will run on information networks. We say our Topsnut as a platform, called Topsnutplatform, and we consider TopsnutGPWs as mathematical fingerprints. We can put some things into circles or lines on Topsnutplatform, and then join some pairs of circles to form a story having scientific techniques or life knowledge, and so on.
Iva Commercial GPWs
In [3], the authors mentioned: To date, there are only two commercial products of Drawmetric graphical password scheme. (1) An unlock scheme resembling a mini PassGo has been used to unlock screens on Google Android cell phones. (2) In the Window 8 system, Microsoft introduces a new graphical password. Where, VGO is a commercial graphical password scheme developed by Passlogix based on Blonder’s idea. A similar technique, visKey, was developed by Sfr, and is a commercial version of PassPoints for the PPC (Pocket Personal Computer). This scheme is used for screenunlock by tapping on a correct sequence of clickpoints with a stylus or finger. VisKey PPC combines easy handling with high security for mobile devices. Just a few clicks in a picture may offer a large theoretical password space. GrIDsure, a commercial product, is a graphical onetime PIN scheme, which makes PINs more resistant to shouldersurfing attacks by using graphical passwords on a grid.
Gao et al. summarized: The two products of the Drawmetric graphical password scheme demonstrate clearly that commercial product schemes must be easy to remember, simple to operate, and apply to systems which require low security level.
IvB More elements for innovating TopsnutGPWs
For the reason of revealing individuality, we can consider the following elements when producing TopsnutGPWs.

Use rectangle, triangle, star, polygon to enrich ends of vertices.

Make topological structures by words ([40]), see two Chinese character graphs (Hanzigraphs) shown in Fig.30, and label these topological structures with numbers to devote interesting TopsnutGPWs (see two examples shown in Fig. 31). We can prove that each tree can be decompose into Hanzigraphs. However, we use a symbol to denote the smallest number of Hanzigraphs that can be assembled into any tree having at least one edge, and want to compute the exact value of .

Use more mathematical knowledge in designing TopsnutGPWs. For example, we can label small circles and lines/curves with functions, such as , , , etc.

Topological structures can be used to describe chemical structures, in other words, TopsnutGPWs may be related with materials (see the left picture in Fig.32).

Use nonmathematical methods to designing TopsnutGPWs. For example, numbered musical notation can form a TopsnutGPW. In the song of Butterfly Lovers (also, Liangzhu, a beautiful story of Chinese love), the first three sections contain numbers , so we have a TopsnutGPW shown in the right picture in Fig.32, in which there is a directed chain .

Label small circles and lines/curves with letters such that the TopsnutGPWs forms a poem, an interesting sentence, and so on.
IvC Complex TopsnutGPWs
In [35] the authors introduce graph setcolorings and graph setlabellings for designing TopsnutGPWs. A setlabelling of a tree is shown in Fig.33.
The problem of graph setcolorings/labellings yields the socalled setmatrices in these setmatrices each element is a set only (see Fig.34).
IvD Biometric authentication
The socalled ”biometric” refers to the combination of computer and hightech, the use of human inherent physiological characteristics (such as fingerprint, face and iris image, etc.) and behavioral characteristics (such as handwriting, voice, gait) for personal identification. At present, the fingerprint identification is more common.
IvE Related with mathematical problems
Is there a password that cannot be deciphered (broken down)? In other words, are there mathematical conjectures or mathematical problems that can not be proved?

Applied software. We believe that one can design some GPW application software that has very smaller volume, and can be planted into encrypted electronic documents in order to decrypt the encrypted electronic documents by users’ GPWs such that there is not needing to instal such softwares in mobile phones, iPads, and computers for reading users’ GPWs.

Unknown labellings determined to graphs. Most labellings are not determined to graphs, even trees and simpler graphs.

Unknown connections between labellings of a graph. It is not easy to find some connections between labellings of a graph, except special trees [34]. In fact, we do not know how many graph labellings dose a given graph have, and furthermore we do not know all graph labellings at all.

Onekeytomorelocks, onelocktomorekeys. For a given key TopsnutGPW, determine all of lock TopsnutGPWs opened by this key; conversely, find all possible key TopsnutGPWs to open a given lock TopsnutGPW.

Setmatrices. Define operations to setmatrices, and find applications for them (see Fig.34).

Conjectures: We list several longtime conjectures of graph colorings/labellings in the following:
Conjecture 1.
1. (Behzad, 1965) Total coloring conjecture: .
2. (Alexander Rosa, 1966) [23] Each tree is graceful.
3. (Bermond, 1979) [24] Every lobster is graceful.
4. (Truszczyński, 1984)[25] All connected unicyclic graphs, except for or , are graceful.
5. (R.B. Gnanajothi, 1991) [26] Every tree is oddgraceful.
6. (Burris and Schelp, 1993, 1997) Vertex distinguishing edge coloring conjecture.
7. (Zhang Zhongfu, Liu Linzhong Wang Jianfang, 2002) Adjacent vertex distinguishing edge coloring conjecture.
8. (Zhang et al., 2008) Adjacent vertex distinguishing total coloring conjecture.
9. Unique 4color maximal plane graph conjecture, 9color conjecture [19].
10. (Bing Yao, 2005) [4] The oddgracefulness of trees is equivalent to the gracefulness of trees.
11. (Yang et al., 2016) [27] A graph having a proper total colorings with four distinguishing constraints holds .
The conjecture “Each tree is graceful” is a famous graceful tree conjecture (GTC). However, GTC is open now, only few classes of graphs were verified to support GTC. It seems to be very difficult to show a graph having no graceful labelling. Zhou et al. [37] have proven: Every lobster is oddgraceful.
Conjecture 2.
A maximal planar graph is 4colorable if and only if four labelled triangles shown in Figure 35 can tile fully .
IvF The power law in passwords
Let be the number of the passwords, and let be the number of people who can remember their passwords. We guess that and obey the scalefree distribution, that is, we have the power law
(5) 
Furthermore, we can get with , which is a balanced equation. However, no proof is reported for the equation (5) in our memory.
It has been mentioned in [5] that the power law of forgetting describes rapid forgetting soon after learning, followed by very slow dropoff thereafter (Bahrick, 1984; Wixted and Ebbesen, 1991). And most GPW schemes fall along the descending line in Eq. (5), where increased security implies decreased usability
. Systemassigned passwords are generated randomly to preclude attacks exploiting skewed distributions and use larger portions of the theoretical password space, but have high usability costs: longer training times or increased likelihood that users forget passwords.
We, finally, claim that every thing can become a password, and it is just beginning for TopsnutGPWs, except quantum networks in future.
V Acknowledgment
We are grateful to the anonymous referees for their valuable and helpful comments which lead to the improvement of the paper. The author, Bing Yao, gratefully thank the National Natural Science Foundation of China under grants No. 61163054, No. 61363060 and No. 61662066 for supporting our research on new type of graphical passwords. The author, Jin Xu, is supported by National Key R&D Program of China (No. 2016YFB0800700), National 973 Program of China (2013CB329600)
References
 [1] Xiaoyuan Suo, Ying Zhu, G. Scott. Owen. Graphical Password: A Survey. In: Proceedings of Annual Computer Security Applications Conference (ACSAC), Tucson, Arizona. IEEE (2005) 463472. (10 pages, 38 reference papers)
 [2] R. Biddle, S. Chiasson, and P.C. van Oorschot. Graphical passwords: Learning from the First Twelve Years. ACM Computing Surveys, 44(4), Article 19:141. Technical Report TR0909, School of Computer Science, Carleton University, Ottawa, Canada. 2009. (25 pages, 145 reference papers)
 [3] Haichang Gao, Wei Jia, Fei Ye and Licheng Ma. A Survey on the Use of Graphical Passwords in Security. Journal Of Software, Vol. 8, No. 7, July 2013, 16781698. (21 pages, 88 reference papers)
 [4] Joseph A. Gallian. A Dynamic Survey of Graph Labeling. The electronic journal of combinatorics, 17 (2016), # DS6. (440 pages, 2265 reference papers)
 [5] Susan Wiedenbeck, Jim Waters, JeanCamille Birget, Alex Brodskiy, Nasir Memon. PassPoints: Design and longitudinal evaluation of a graphical password system. Int. J. HumanComputer Studies 63 (2005) 102127.
 [6] Huanyu Zhao and Xiaolin Li. S3PAS: A Scalable ShoulderSurfing Resistant TextualGraphical Password Authentication Scheme. in 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW’07). IEEE 2007, vol. 2. Canada, 2007, pp. 467472.
 [7] G.E. Blonder. Graphical passwords. United States Patent 5559961, 1996.
 [8] J. A. Bondy, U. S. R. Murty. Graph Theory. Springer London, 2008.

[9]
Hongyu Wang, Jin Xu, Bing Yao. Exploring New Cryptographical Construction Of Complex Network Data. IEEE First International Conference on Data Science in Cyberspace. IEEE Computer Society, (2016):155160.
 [10] Hongyu Wang, Jin Xu, Bing Yao. The Keymodels And Their Lockmodels For Designing New Labellings Of Networks.Proceedings of 2016 IEEE Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC 2016) 5655568.
 [11] Hongyu Wang, Jin Xu, Bing Yao. Twin OddGraceful Trees Towards Information Security. Procedia Computer Science 107 (2017) 1520, DOI: 10.1016/j.procs.2017.03.050
 [12] W. Jansen, S. Gavrila, V. Korolev, R. Ayers, and R. Swanstrom. Picture Password: A Visual Login Technique for Mobile Devices, NIST ReportNISTIR7030, 2003.
 [13] T. Takada, and H. Koike. AwaseE: Imagebased authentication for mobile phones using user’s favorite images. HumanComputer Interaction with Mobile Devices and Services, vol. 2795, pp. 347351, SpringerVerlag, GmbH, 2003.
 [14] P. Dunphy, A. P. Heiner, and N. Asokan. A closer look at recognitionbased graphical passwords on mobile devices. In ACM Symposium on Usable Privacy and Security (SOUPS), July 2010.
 [15] Xiaoyuan Suo. A Study of Graphical Password for Mobile Devices. G. Memmi and U. Blanke (Eds.): MobiCASE 2013, LNICST 130, pp. 202214, 2014. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2014.

[16]
Jin Xu, Probe Machine. IEEE Transactions on Neural Networks and Learning Systems, 2016, 27(7): 14051416.
 [17] Sheppard, D.A. The factorial representation of balanced labeled graphs. Discrete Math. 15 (1976), 379388.
 [18] Harary F. and Palmer E. M. Graphical enumeration. Academic Press, 1973.
 [19] Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (1) Recursion Formulae of Chromatic Polynomial and FourColor Conjecture. Journal of Electronics and Information Technology. Vol.38 No.4, Jul. 2016, 763770.
 [20] Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (2) Domino Configurations and ExtendingContracting Operations. Journal of Electronics and Information Technology. Vol.38 No.6, Jul. 2016, 12711327.
 [21] Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (3) Purely Treecolorable and Uniquely 4colorable Maximal Planar Graph Conjectures. Journal of Electronics and Information Technology. Vol.38 No.6, Jul. 2016, 13291353.
 [22] Jin Xu. Theory on Structure and Coloring of Maximal Planar Graphs: (4) Operations and Kempe Equivalent Classes. Journal of Electronics and Information Technology. Vol.38 No.7, Jul. 2016, 15581585.
 [23] Alexander Rosa. On certain valuations of the vertices of a graph. Theory of Graphs (International Symposium in Rome in July 1966) pp. 349355. Eds. Gordon and Breach, New York; Dunod, Paris, 1967.
 [24] J. C. Bermond. Graceful Graphs. Radio Antennae and French Windmills. Graph Theory and Combinatorics, pp. 1337, Pitman, London, 1979.
 [25] M. Truszczyński. Graceful unicyclic graphs. Demonstatio Mathematica, 17 (1984), 377387.
 [26] R.B. Gnanajothi. Topics in Graph Theory. Ph. D. Thesis, Madurai Kamaraj University, 1991.
 [27] Chao Yang, Bing Yao, Han Ren. A Note on Graph Proper Total Colorings with Many Distinguishing Constraints. Information processing letters V 16, 6 396400. (2016)
 [28] Hongyu Wang, Bing Yao, Chao Yang, Sihua Yang, Xiang’en Chen, Ming Yao, Zhenxue Zhao. EdgeMagic Total Labellings Of Some Network Models. Applied Mechanics and Materials Vols. 347350 (2013) 27522757. DOI:10.4028/www.scientific.net/AMM.347350.2752.
 [29] Hongyu Wang, Bing Yao, Chao Yang, Sihua Yang, Xiang’en Chen. Labelling Properties Of Models Related with Complex Networks Based On Constructible Structures. Advanced Materials Research Vols. 765767 (2013) 11181123. DOI:10.4028/www.scientific.net/AMR.765767.1118.
 [30] Hongyu Wang, Jin Xu, Bing Yao. On Generalized Total Graceful labellings of Graphs. Ars Combinatoria, volume 139 July (2018). accepted
 [31] Wagner K. Bemerkungen zum vierfarbenproblem. Jahresbericht der Deutschen MathematikerVereinigung, 1936, 46: 2632.
 [32] Gao Z C, Urrutia J, and Wang J Y. Diagonal flips in labeled planar triangulations. Graphs and Combinatorics, 2004, 17(4): 647656. doi: 10.1007/s003730170006.)
 [33] Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Mingjun Zhang, Jianmin Xie, Ming Yao. Applying graph theory to graphical passwords. 2017 Academic Annual Conference, Specialized Committee Of Graph Theory And System Optimization, Chinese Society Of Electronics, Circuits And Systems, Tianjin University, August 1213, 2017.
 [34] Bing Yao, Xia Liu and Ming Yao. Connections between labellings of trees. Bulletin of the Iranian Mathematical Society, ISSN: 1017060X (Print) ISSN: 17358515 (Online), Vol. 43 (2017), 2, pp. 275283.
 [35] Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Meimei Zhao. Applying Graph SetLabellings Having Constraint Sets Towards New Graphical Passwords. (2017) submitted
 [36] Bing Yao, Hui Sun, Xiaohui Zhang, Jingwen Li, Guanghui Yan. Graph Theory Towards Designing Graphical Passwords For Mobile Devices. submitted to 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference, (2017)
 [37] Xiangqian Zhou, Bing Yao, Xiangen Chen and Haixia Tao. A proof to the oddgracefulness of all lobsters. Ars Combinatoria 103 (2012), 1318.
 [38] Bing Yao, Hui Sun, Meimei Zhao, Jingwen Li, Guanghui Yan. On Coloring/Labelling Graphical Groups For Creating New Graphical Passwords. submitted (2017)
 [39] Hui Sun, Xiaohui Zhang, Meimei ZHAO, Bing Yao. New Algebraic Groups Produced By Graphical Passwords Based On Colorings And Labellings. submitted (2017)
 [40] Bing Yao, Hui Sun, Xiaohui Zhang, Yarong Mu, Hongyu Wang, Jin Xu. Newtype Graphical Passwords Made By Chinese Characters With Their Topological Structures. submitted (2017)
Comments
There are no comments yet.