WO2021234727A2 - A multi-factor authentication system using gesture recognition and object presentation and method thereof - Google Patents

A multi-factor authentication system using gesture recognition and object presentation and method thereof Download PDF

Info

Publication number
WO2021234727A2
WO2021234727A2 PCT/IN2021/050468 IN2021050468W WO2021234727A2 WO 2021234727 A2 WO2021234727 A2 WO 2021234727A2 IN 2021050468 W IN2021050468 W IN 2021050468W WO 2021234727 A2 WO2021234727 A2 WO 2021234727A2
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
presentation
gesture
combination
Prior art date
Application number
PCT/IN2021/050468
Other languages
French (fr)
Other versions
WO2021234727A3 (en
Inventor
Vijay GNANADESIKAN
Elango Meenakshisundaram
Original Assignee
Notiontag Technologies Private Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Notiontag Technologies Private Limited filed Critical Notiontag Technologies Private Limited
Publication of WO2021234727A2 publication Critical patent/WO2021234727A2/en
Publication of WO2021234727A3 publication Critical patent/WO2021234727A3/en

Links

Definitions

  • the present invention relates to the field of digital authentication and access control systems. More particularly, it relates to the multi-factor authentication system using gesture recognition or object presentation or combination of both.
  • the present invention provides a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
  • the present invention enables multi factor authentication by adding gesture recognition or object presentation or combination thereof as a second factor along with other type of digital authentication modalities.
  • multi factor authentication comprises of two of the following;
  • facial recognition is used as a second authentication (something you are) along with other modalities such as access cards, pins, etc.
  • other modalities such as access cards, pins, etc.
  • single factor authentication is insufficient and multi-factor authentication is a standard requirement.
  • facial recognition as an authentication is the misuse of the stored facial biometric information to authenticate without authority. These are called Presentation Attacks such as morphing or faking the face with masks, photos, videos, 3D models, etc. Face morphing is the process of transforming one face image to look similar to another face. With face morphing, the possibility of wrong authentication is very high.
  • the current state of the art technologies includes passwords, facial / finger print / iris recognition, smartcards, one-time passwords (OTP), personal portable security devices, etc., or a combination of two or more of them.
  • OTP one-time passwords
  • privilege creep, insider abuse and numerous other issues are causing enterprises to turn to innovative techniques to solve emerging problems.
  • services that incorporate some combination of existing technologies All the systems provide some advantages over the other and also have limitations over the other with speed, security and integrity.
  • US 10567376 discloses a system and method for providing secure authorization to an electronic device by combining two or more security features of authentication processed at substantially the same time where at least one of the factors is a “tolerant” factor. By combining two or more factors such as a biometric factor and a second factor defined by user input, these are analyzed at substantially the same time where the tolerance factors can be reduced to allow access to the electronic device and/or an application running on the device without compromising security of the authentication.
  • US8627096 discloses a system and method for providing secure authorization to an electronic device by combining two or more security features of authentication process at substantially the same time where at least one of the factors is a "tolerant" factor.
  • a "tolerant" factor By combining two factors such as a facial recognition any screen gesture, these can be analyzed at substantially the same time such that the tolerance match required by the tolerant factors providing a better user authentication experience without reducing the overall security accuracy.
  • US20140310764 discloses an approach provided for authenticating and/or identifying a user through gestures.
  • a plurality of media data sets of a user performing a sequence of gestures are captured.
  • the media data sets are analyzed to determine the sequence of gestures.
  • Authentication of the user is performed based on the sequence of gestures.
  • US20180012227 discloses a system to authenticate an entity and/or select details relative to an action or a financial account using biometric, behavior-metric, electronic-metric and/or knowledge-metric inputs. These inputs may comprise gestures, facial expressions, body movements, voice prints, sound excerpts, etc. Features are extracted from the inputs and each feature converted to a risk score, which is then translated to a representative value, such as a letter or a number, i.e., a code or PIN that represents the input. For user authentication, the code is compared with a data base of legitimate/authenticated codes. In some embodiments a user selects specific information elements, such as an account or a payment amount using one or more of a biometric, a behavior-metric, an electronic -metric and/or a knowledge-metric input.
  • EP3493088 discloses a method for security gesture authentication. Specifically, and in one embodiment, a facial authentication is processed on a face of a user. Next, a security gesture authentication is performed based on a gesture made by the user. Finally, the user is provided access to a resource when both the facial authentication and security gesture authentication are successful.
  • WO2016183406 discloses systems and methods for authenticating a user of a computing device.
  • the system comprises one or more memory devices storing instructions, and one or more processors configured to execute the instructions to provide, to a computing device associated with a user, an indication of a prescribed authentication parameter.
  • the system also receives image data including an image of the user of the computing device captured using an image sensor of the computing device.
  • the present invention provides digital authentication coupled with facial recognition, no requirement for additional hardware. It restricts the misuse of stored facial biometric information.
  • Most of the current presentation attack detection systems such as morph detection and liveness check have flaws and the present invention can be used as an alternative solution.
  • the present invention can also be used with other digital authentication modalities.
  • the gesture could be a combination of multiple facial gesture such as blinking of eyes for certain number of times, turning face in a specific direction, and / or hand gesture like waving in a direction or showing set of figures in a position and / or symbolism, and an object that is presented.
  • a method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials comprising steps of: initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples in the memory unit by means of a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal from the memory unit by the processing unit; and comparing the generated real time values to the stored values, wherein the signal from user sample is generated by one of gesture or object presentation or combination thereof, and wherein an authentication signal is transmitted to an access control unit when a similarity of the generated values to the stored values satisfie
  • gestures or objects could be pre determined and could be picked from a list of choices via an input medium.
  • the authentication credentials or visual password is configured for a particular resource with following parameters: unit size, one or multiple types of authentication credentials for each unit of the credential, each type of authentication credential is configured with an option to have a name associated with it for reference, setting an option to receive the unit of the credential within a specified duration of time, setting an option to receive a type of authentication credential within a specified duration or time, and setting an option to utilize a designated area of frame for each unit of the authentication credential.
  • gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented.
  • the object presentation includes one or multiple common object types or custom objects or combination thereof.
  • the presentation includes the option to use a combination of gestures and objects presentation for each unit of authentication credential.
  • the common object can be one of a preconfigured list of object categories in a system performing the user authentication. It is another aspect of the present invention, wherein one or multiple common objects or custom objects or combination thereof can be used for each unit of the authentication credential.
  • the custom object is a uniquely identifiable object.
  • custom object can be positioned in a specific angle of view to be uniquely identifiable.
  • Figure 1 illustrates block diagram of a multi-factor authentication system using gesture recognition or object presentation or combination of both according to the present invention.
  • Figure 2 is a flow chart illustrating setting of an authentication credential or visual password according to the present invention.
  • Figure 3 illustrates gesture or object presentation or combination thereof as a second factor without additional hardware used according to the present invention.
  • Figure 4 is a flow chart illustrating method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials.
  • the present invention as herein described relates to a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
  • the method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials comprising steps of initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples in the memory unit by means of a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal from the memory unit by the processing unit; and comparing the generated real time values to the stored values.
  • the signal from user sample is generated by one of gesture or object presentation or combination thereof.
  • an authentication signal is transmitted to an access control unit when a similarity of the generated values to the stored values satisfies the similarity threshold to authenticate the user.
  • the method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
  • the gestures or objects could be pre-determined and could be picked from a list of choices via an input medium.
  • the authentication credentials or visual password is configured for a particular resource with following parameters: unit size, one or multiple types of authentication credentials for each unit of the credential, each type of authentication credential is configured with an option to have a name associated with it for reference, setting an option to receive the unit of the credential within a specified duration of time, setting an option to receive a type of authentication credential within a specified duration or time, and setting an option to utilize a designated area of frame for each unit of the authentication credential.
  • the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented. Based on the gesture or object presentation performs appropriate detection and processing to authenticate the user.
  • the object presentation includes one or multiple common object types or custom objects or combination thereof.
  • the presentation includes the option to use a combination of gestures and objects presentation for each unit of authentication credential.
  • a common object can be one of a preconfigured list of object categories in the system performing the user authentication.
  • one or multiple common objects or custom objects or combination thereof can be used for each unit of the authentication credential.
  • a custom object is a uniquely identifiable object.
  • a custom object in another preferred embodiment of the present invention, can be positioned in a specific angle of view to be uniquely identifiable.
  • the multi-factor authentication system using gesture recognition or object presentation or combination of both comprising of one or more video sources; one or more processing units; memory unit; optionally one or more display units.
  • the hardware components can be in one or multiple devices and/or distributed over a local network or over the internet.
  • the signal from user sample is generated by one of gesture recognition, object presentation and combination thereof.
  • the memory unit is coupled to a computer readable medium containing programmable code executable by a processing unit.
  • the memory unit is configured to store personalized user gestures and object presentation templates form enrolled user samples in an encrypted proprietary format.
  • the processing unit compares the detected user generated signal from the video source with the predefined set of personalized user signal and transmits an authentication signal if detected and predefined user signal match.
  • the authentication procedure to access a particular resource will be configured with various parameters by the administrators of that system. For instance, a company has a particular door where the user has to authenticate to open it with a 4 unit credential consisting of at least one custom object and one gesture presentation as shown in Figure 3. And the company also set up the time to perform the presentation such as 10 seconds for the object and 3 seconds for a gesture presentation. Further, the company will also set up a list of gestures that a user can pick from, and form a combination, to set their personal credentials. In this particular scenario, the user has to pick at least one of those gestures from the list and show at least one custom object as part of their credential set up process for up to 4 units.
  • the gestures or objects that can be chosen are pre-determined, and can be commonly described in plain language, it can be picked from a list of choices via an input medium such as a touch screen or with keyboard and mouse, or buttons with options on a device.
  • a common object type can be set up to be picked from a list of pre configured items.
  • a custom object needs to be shown to a video source for recording it as part of the user’s credential.
  • the enrollment procedure is followed by a user to set their authentication credential for access to a specific resource (digital or physical). Based on the configuration for authenticating to access that specific resource, the user will be guided to set up their credentials.
  • the user will pick what type of presentation he / she will perform for each of the 4 units. If the user selects a gesture presentation for a particular unit, he / she can choose from a list of the preconfigured options. For this he / she can utilize any input medium.
  • the system could also be set up to receive a visual input, using a video source, from the user for a gesture. The user repeats this process for the 4 units they are supposed to set up for their personal authentication credential for accessing this specific resource.
  • the user can be prompted to visually present the same to confirm their credentials, similar to re-typing a password on a computer to avoid misspellings while setting up a new password.
  • the user when a user is authenticating himself / herself to gain access to a resource protected by the system, the user is prompted to present his / her credentials visually in front of a camera. In case of a display available, then the user will be guided to present the units of his / her credentials one by one within the allotted time for each of the units. As the user present each gesture or object in the sequence, the display can guide the user through the process with visual cues. The same can be accomplished without a display by providing audio cues like a beep.
  • the system compiles this information, and performs the necessary processes, gesture recognition or objects detection for object types or object recognition for custom objects. All this information for each of the units along with positioning of the presentation on the screen and other attributes are provided to the authentication system. This information is compared with the previously saved credentials of the user to access this resource. If the presented credential matches with the saved credential beyond a particular threshold level, then the user authentication is considered to be successful and a corresponding signal is passed to the authentication system for further processing.
  • the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented.
  • the facial recognition is used to identify a user, also called as 1:N identification. It can also be used as an authentication of a user, also called as 1:1 verification. Face is a single factor of authentication of “what you are”, which is a biometric factor similar to fingerprint, iris, and voice. For most use cases, a single factor of authentication is not sufficient to grant access to a resource. Hence, multi factor authentication is performed. Multi-factor authentication is at least 2 factors out of the following:
  • the object presentation includes one or multiple common object types or custom objects or combination thereof.
  • the common object can be one of a preconfigured list of object categories in the system performing the user authentication.
  • Said common object types may include a pen, water bottle, wallet, mobile phone, hand bag, backpack, umbrella, key chain, or a combination as shown in Figure 3.
  • the authentication system can be configured to ensure the user sets a particular combination for each unit. For example, the user can show a count of two near his / her cheek while keeping his / her left eye closed and show their coffee mug (custom object) on the top left quadrant of the screen as shown in Figure 4.
  • the custom object may include an embossed dollar in a chain, a ring, a particular brand, model and color of a pen in a particular position that is uniquely recognized for matching as part of a preset unit of the password.
  • the user is provided options to choose one type of presentation or a combination of gesture and object presentation for a single unit of presentation.
  • the first unit can be a showing his / her wallet (custom object) along with a smile (a face gesture)
  • the second unit can be showing a count of 3 (finger gesture) and closing the right eye (face gesture), and so on.
  • the present invention provides a novel modality of digital authentication with gesture recognition or object presentation or combination thereof.
  • the present invention enables multi-factor authentication with facial recognition (“something you are”) by adding gesture recognition or object presentation or combination thereof as a second factor (“something you know” in case of gesture and common object presentation and both “something you know” and “something you have” in case of custom object presentation) without additional hardware. Also, it enhances the security against presentation attacks for facial recognition which is prone to various abuses with masking, morphing and other modalities.
  • the present invention enables multi-factor authentication by adding gesture or object or combination thereof, as a second factor (“something you know” and/or “something you have”) along with any other type of digital authentication modalities such as biometrics (something you are), access cards (something you have).
  • gesture biometric / recognition and/or object presentation provides an opportunity to set a new one for every authentication, like a password. For example, a user can have one gesture for one access control and can set a completely different one for a phone. These can be changed like how passwords can be changed.
  • the present invention is like a digital-visual password.

Abstract

The present invention relates to a method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials, comprising steps of initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples by a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal; and comparing the generated real time values to the stored values.

Description

A MULTI-FACTOR AUTHENTICATION SYSTEM USING GESTURE RECOGNITION AND OBJECT PRESENTATION AND METHOD THEREOF
FIELD OF THE INVENTION
The present invention relates to the field of digital authentication and access control systems. More particularly, it relates to the multi-factor authentication system using gesture recognition or object presentation or combination of both. The present invention provides a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware. Advantageously, the present invention enables multi factor authentication by adding gesture recognition or object presentation or combination thereof as a second factor along with other type of digital authentication modalities.
BACKGROUND OF THE INVENTION
In general, multi factor authentication comprises of two of the following;
1. Something you have (access cards, keys, etc.)
2. Something you know (passwords etc.)
3. Something you are (biometrics such as fingerprints, iris, face, etc.)
In many cases facial recognition is used as a second authentication (something you are) along with other modalities such as access cards, pins, etc. In many cases, both in physical and cyber security, single factor authentication is insufficient and multi-factor authentication is a standard requirement.
The main problem with facial recognition as an authentication is the misuse of the stored facial biometric information to authenticate without authority. These are called Presentation Attacks such as morphing or faking the face with masks, photos, videos, 3D models, etc. Face morphing is the process of transforming one face image to look similar to another face. With face morphing, the possibility of wrong authentication is very high.
Even with facial recognition as a second factor of authentication, there are problems with the current state of the art and it lacks the desired security in some use case such as identifying twins. One of the main approaches to tackle photos, videos, 3D models, and the like is using liveness detection. It is the process of identifying if the real person is there instead of a person with a face mask, a photograph or video is being presented.
For authentication, there are several emerging technologies assisting with such needs. The current state of the art technologies includes passwords, facial / finger print / iris recognition, smartcards, one-time passwords (OTP), personal portable security devices, etc., or a combination of two or more of them. However, privilege creep, insider abuse and numerous other issues are causing enterprises to turn to innovative techniques to solve emerging problems. There are some services that incorporate some combination of existing technologies. All the systems provide some advantages over the other and also have limitations over the other with speed, security and integrity.
For facial recognition, several anti- spoofing technologies assist with presentation attack detections including liveness detection with 3D scanning, depth sensor to differentiate 2D vs 3D face. However, they all require additional equipment at the presentation level for the end user. Challenge - response, such as gestures are also utilized for liveness detection in a generic manner. Morph detection algorithms are employed to detect presentation attacks. Such technologies are still very susceptible to much lower than desired security levels for many use cases such as financial transaction. Even with all these technologies, the factor of security against abuse of the stored facial biometric information is not tackled as it only focuses on presentation attacks and does not handle the additional factor of authentication such as ‘something you know’ or ‘something you have’.
Currently banks have not gone in to face recognition as a factor to authenticate because face photographs are available everywhere including but not limited to social media. If face becomes an authentication factor, then anyone can use the face photo / mask made out of it and gets authenticated. A phone or computer can be stolen, if a photograph or mask is made, currently it is not impossible to get into the system.
US 10567376 discloses a system and method for providing secure authorization to an electronic device by combining two or more security features of authentication processed at substantially the same time where at least one of the factors is a “tolerant” factor. By combining two or more factors such as a biometric factor and a second factor defined by user input, these are analyzed at substantially the same time where the tolerance factors can be reduced to allow access to the electronic device and/or an application running on the device without compromising security of the authentication.
US8627096 discloses a system and method for providing secure authorization to an electronic device by combining two or more security features of authentication process at substantially the same time where at least one of the factors is a "tolerant" factor. By combining two factors such as a facial recognition any screen gesture, these can be analyzed at substantially the same time such that the tolerance match required by the tolerant factors providing a better user authentication experience without reducing the overall security accuracy.
US20140310764 discloses an approach provided for authenticating and/or identifying a user through gestures. A plurality of media data sets of a user performing a sequence of gestures are captured. The media data sets are analyzed to determine the sequence of gestures. Authentication of the user is performed based on the sequence of gestures.
US20180012227 discloses a system to authenticate an entity and/or select details relative to an action or a financial account using biometric, behavior-metric, electronic-metric and/or knowledge-metric inputs. These inputs may comprise gestures, facial expressions, body movements, voice prints, sound excerpts, etc. Features are extracted from the inputs and each feature converted to a risk score, which is then translated to a representative value, such as a letter or a number, i.e., a code or PIN that represents the input. For user authentication, the code is compared with a data base of legitimate/authenticated codes. In some embodiments a user selects specific information elements, such as an account or a payment amount using one or more of a biometric, a behavior-metric, an electronic -metric and/or a knowledge-metric input.
EP3493088 discloses a method for security gesture authentication. Specifically, and in one embodiment, a facial authentication is processed on a face of a user. Next, a security gesture authentication is performed based on a gesture made by the user. Finally, the user is provided access to a resource when both the facial authentication and security gesture authentication are successful. WO2016183406 discloses systems and methods for authenticating a user of a computing device. The system comprises one or more memory devices storing instructions, and one or more processors configured to execute the instructions to provide, to a computing device associated with a user, an indication of a prescribed authentication parameter. The system also receives image data including an image of the user of the computing device captured using an image sensor of the computing device.
None of the prior arts discusses about a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware. Accordingly, there exists a need for a method of digital authentication with gesture recognition or object presentation or combination thereof. The present invention provides digital authentication coupled with facial recognition, no requirement for additional hardware. It restricts the misuse of stored facial biometric information. Most of the current presentation attack detection systems such as morph detection and liveness check have flaws and the present invention can be used as an alternative solution. The present invention can also be used with other digital authentication modalities.
OBJECTS OF THE INVENTION
One or more of the problems / limitations of the conventional prior art may be overcome by various embodiments of the present invention.
It is primary object of the present invention to provide a method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials.
It is another object of the present invention to provide a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
It is another object of the present invention, wherein the gesture could be a combination of multiple facial gesture such as blinking of eyes for certain number of times, turning face in a specific direction, and / or hand gesture like waving in a direction or showing set of figures in a position and / or symbolism, and an object that is presented.
It is another object of the present invention to enhance the security against presentation attacks for digital authentication.
It is another object of the present invention to enable a user to set a diverse range of gesture biometric or object presentation or combination thereof among different access control systems.
SUMMARY OF THE INVENTION
Thus, according to the basic aspect of the present invention there is provided a method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials, comprising steps of: initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples in the memory unit by means of a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal from the memory unit by the processing unit; and comparing the generated real time values to the stored values, wherein the signal from user sample is generated by one of gesture or object presentation or combination thereof, and wherein an authentication signal is transmitted to an access control unit when a similarity of the generated values to the stored values satisfies the similarity threshold to authenticate the user. It is another aspect of the present invention, wherein the method enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
It is another aspect of the present invention, wherein the gestures or objects could be pre determined and could be picked from a list of choices via an input medium.
It is another aspect of the present invention, wherein the authentication credentials or visual password is configured for a particular resource with following parameters: unit size, one or multiple types of authentication credentials for each unit of the credential, each type of authentication credential is configured with an option to have a name associated with it for reference, setting an option to receive the unit of the credential within a specified duration of time, setting an option to receive a type of authentication credential within a specified duration or time, and setting an option to utilize a designated area of frame for each unit of the authentication credential.
It is another aspect of the present invention, wherein the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented.
It is another aspect of the present invention, based on the gesture or object presentation performs appropriate detection and processing to authenticate the user.
It is another aspect of the present invention, wherein the object presentation includes one or multiple common object types or custom objects or combination thereof.
It is another aspect of the present invention, wherein the presentation includes the option to use a combination of gestures and objects presentation for each unit of authentication credential.
It is another aspect of the present invention, wherein the common object can be one of a preconfigured list of object categories in a system performing the user authentication. It is another aspect of the present invention, wherein one or multiple common objects or custom objects or combination thereof can be used for each unit of the authentication credential.
It is another aspect of the present invention, wherein the custom object is a uniquely identifiable object.
It is another aspect of the present invention, wherein the custom object can be positioned in a specific angle of view to be uniquely identifiable.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1: illustrates block diagram of a multi-factor authentication system using gesture recognition or object presentation or combination of both according to the present invention. Figure 2: is a flow chart illustrating setting of an authentication credential or visual password according to the present invention.
Figure 3: illustrates gesture or object presentation or combination thereof as a second factor without additional hardware used according to the present invention.
Figure 4: is a flow chart illustrating method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials.
DETAILED DESCRIPTION OF THE INVENTION WITH REFERENCE TO THE ACCOMPANYING FIGURES
It is to be understood that the present disclosure is not limited in its application to the details of construction and the arrangement of components set forth in the following description or illustrated drawings. The present disclosure is capable of other embodiments and of being carried out in various ways. Also, it is to be understood that the phraseology and terminology used herein is for the purpose of description and should not be regarded as limiting.
The present invention as herein described relates to a method for multi-factor authentication, which enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
Referring to Figures 2 to 5, the method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials, comprising steps of initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples in the memory unit by means of a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal from the memory unit by the processing unit; and comparing the generated real time values to the stored values.
In another preferred embodiment of the present invention, the signal from user sample is generated by one of gesture or object presentation or combination thereof.
In another preferred embodiment of the present invention, an authentication signal is transmitted to an access control unit when a similarity of the generated values to the stored values satisfies the similarity threshold to authenticate the user.
In another preferred embodiment of the present invention, the method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware. The gestures or objects could be pre-determined and could be picked from a list of choices via an input medium.
In another preferred embodiment of the present invention, the authentication credentials or visual password is configured for a particular resource with following parameters: unit size, one or multiple types of authentication credentials for each unit of the credential, each type of authentication credential is configured with an option to have a name associated with it for reference, setting an option to receive the unit of the credential within a specified duration of time, setting an option to receive a type of authentication credential within a specified duration or time, and setting an option to utilize a designated area of frame for each unit of the authentication credential. In another preferred embodiment of the present invention, the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented. Based on the gesture or object presentation performs appropriate detection and processing to authenticate the user.
In another preferred embodiment of the present invention, the object presentation includes one or multiple common object types or custom objects or combination thereof.
In another preferred embodiment of the present invention, the presentation includes the option to use a combination of gestures and objects presentation for each unit of authentication credential.
In another preferred embodiment of the present invention, a common object can be one of a preconfigured list of object categories in the system performing the user authentication.
In another preferred embodiment of the present invention, one or multiple common objects or custom objects or combination thereof can be used for each unit of the authentication credential.
In another preferred embodiment of the present invention, a custom object is a uniquely identifiable object.
In another preferred embodiment of the present invention, a custom object can be positioned in a specific angle of view to be uniquely identifiable.
Referring to Figure 1, in yet another embodiment of the present invention, the multi-factor authentication system using gesture recognition or object presentation or combination of both, said system comprising of one or more video sources; one or more processing units; memory unit; optionally one or more display units. The hardware components can be in one or multiple devices and/or distributed over a local network or over the internet. The signal from user sample is generated by one of gesture recognition, object presentation and combination thereof. The memory unit is coupled to a computer readable medium containing programmable code executable by a processing unit. The memory unit is configured to store personalized user gestures and object presentation templates form enrolled user samples in an encrypted proprietary format. The processing unit compares the detected user generated signal from the video source with the predefined set of personalized user signal and transmits an authentication signal if detected and predefined user signal match.
For illustration:
Referring to Figures 1 to 5, the authentication procedure to access a particular resource will be configured with various parameters by the administrators of that system. For instance, a company has a particular door where the user has to authenticate to open it with a 4 unit credential consisting of at least one custom object and one gesture presentation as shown in Figure 3. And the company also set up the time to perform the presentation such as 10 seconds for the object and 3 seconds for a gesture presentation. Further, the company will also set up a list of gestures that a user can pick from, and form a combination, to set their personal credentials. In this particular scenario, the user has to pick at least one of those gestures from the list and show at least one custom object as part of their credential set up process for up to 4 units. Since the gestures or objects that can be chosen are pre-determined, and can be commonly described in plain language, it can be picked from a list of choices via an input medium such as a touch screen or with keyboard and mouse, or buttons with options on a device. Similarly, a common object type can be set up to be picked from a list of pre configured items. However, a custom object needs to be shown to a video source for recording it as part of the user’s credential.
In another preferred embodiment of the present invention, the enrollment procedure is followed by a user to set their authentication credential for access to a specific resource (digital or physical). Based on the configuration for authenticating to access that specific resource, the user will be guided to set up their credentials. In the above-mentioned scenario, the user will pick what type of presentation he / she will perform for each of the 4 units. If the user selects a gesture presentation for a particular unit, he / she can choose from a list of the preconfigured options. For this he / she can utilize any input medium. Alternatively, the system could also be set up to receive a visual input, using a video source, from the user for a gesture. The user repeats this process for the 4 units they are supposed to set up for their personal authentication credential for accessing this specific resource.
In another preferred embodiment of the present invention, once the credential is set up, as a confirmation, optionally, the user can be prompted to visually present the same to confirm their credentials, similar to re-typing a password on a computer to avoid misspellings while setting up a new password.
In another preferred embodiment of the present invention, when a user is authenticating himself / herself to gain access to a resource protected by the system, the user is prompted to present his / her credentials visually in front of a camera. In case of a display available, then the user will be guided to present the units of his / her credentials one by one within the allotted time for each of the units. As the user present each gesture or object in the sequence, the display can guide the user through the process with visual cues. The same can be accomplished without a display by providing audio cues like a beep.
In another preferred embodiment of the present invention, once the user has completed presenting all the units of their credential, the system compiles this information, and performs the necessary processes, gesture recognition or objects detection for object types or object recognition for custom objects. All this information for each of the units along with positioning of the presentation on the screen and other attributes are provided to the authentication system. This information is compared with the previously saved credentials of the user to access this resource. If the presented credential matches with the saved credential beyond a particular threshold level, then the user authentication is considered to be successful and a corresponding signal is passed to the authentication system for further processing.
In another preferred embodiment of the present invention, the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented.
In another preferred embodiment of the present invention, the facial recognition is used to identify a user, also called as 1:N identification. It can also be used as an authentication of a user, also called as 1:1 verification. Face is a single factor of authentication of “what you are”, which is a biometric factor similar to fingerprint, iris, and voice. For most use cases, a single factor of authentication is not sufficient to grant access to a resource. Hence, multi factor authentication is performed. Multi-factor authentication is at least 2 factors out of the following:
• “what you have” such as RFID card, keys, OTP on mobile phone.
• “what you know” such as pins, passwords. • “what you are” such as face, finger print, voice, iris.
In most cases, multiple devices or sensors are needed to establish multi-factor authentication. However, face recognition or verification coupled with the system and method of present invention can establish multi-factor authentication without any additional sensors or devices because the present invention utilizes the same video input source and can provide all three factors of authentication.
In another preferred embodiment of the present invention, the object presentation includes one or multiple common object types or custom objects or combination thereof. The common object can be one of a preconfigured list of object categories in the system performing the user authentication. Said common object types may include a pen, water bottle, wallet, mobile phone, hand bag, backpack, umbrella, key chain, or a combination as shown in Figure 3.
In another preferred embodiment of the present invention, the authentication system can be configured to ensure the user sets a particular combination for each unit. For example, the user can show a count of two near his / her cheek while keeping his / her left eye closed and show their coffee mug (custom object) on the top left quadrant of the screen as shown in Figure 4.
In an aspect, the custom object may include an embossed dollar in a chain, a ring, a particular brand, model and color of a pen in a particular position that is uniquely recognized for matching as part of a preset unit of the password.
In another preferred embodiment of the present invention, the user is provided options to choose one type of presentation or a combination of gesture and object presentation for a single unit of presentation. For instance, the first unit can be a showing his / her wallet (custom object) along with a smile (a face gesture), the second unit can be showing a count of 3 (finger gesture) and closing the right eye (face gesture), and so on.
Thus, the present invention provides a novel modality of digital authentication with gesture recognition or object presentation or combination thereof. The present invention enables multi-factor authentication with facial recognition (“something you are”) by adding gesture recognition or object presentation or combination thereof as a second factor (“something you know” in case of gesture and common object presentation and both “something you know” and “something you have” in case of custom object presentation) without additional hardware. Also, it enhances the security against presentation attacks for facial recognition which is prone to various abuses with masking, morphing and other modalities.
Additionally, the present invention enables multi-factor authentication by adding gesture or object or combination thereof, as a second factor (“something you know” and/or “something you have”) along with any other type of digital authentication modalities such as biometrics (something you are), access cards (something you have). Advantageously, unlike biometric - face, fingerprint, iris etc., gesture biometric / recognition and/or object presentation provides an opportunity to set a new one for every authentication, like a password. For example, a user can have one gesture for one access control and can set a completely different one for a phone. These can be changed like how passwords can be changed. The present invention is like a digital-visual password.
The foregoing description comprises illustrative embodiments of the present invention. Having thus described exemplary embodiments of the present invention, it should be noted by those skilled in the art that the within disclosures are exemplary only, and that various other alternatives, adaptations, and modifications may be made within the scope of the present invention. Merely listing or numbering the steps of a method in a certain order does not constitute any limitation on the order of the steps of that method. Many modifications and other embodiments of the invention will come to mind to one skilled in the art to which this invention pertains having the benefit of the teachings presented in the foregoing descriptions. Although specific terms may be employed herein, they are used only in generic and descriptive sense and not for purposes of limitation. Accordingly, the present invention is not limited to the specific embodiments illustrated herein.

Claims

WE CLAIM:
1. A method for multi-factor authentication using gesture or object presentation or combination thereof as authentication credentials, comprising steps of: initiating an enrollment procedure using a video source for receiving generated signal from user sample for setting an authentication credential or visual password; optionally visually validating and confirming the visual password; storing generated signal data or templates from enrolled user samples in a memory unit; performing visual authentication by user at the time of authentication; receiving the generated signal from the user by means of a video source; comparing the generated signal from the user with the templates of enrolled user samples in the memory unit by means of a processing unit coupled to a computer readable medium containing programmable code; obtaining a personalized similarity threshold by comparison of generated user signal with predefined user signal from the memory unit by the processing unit; and comparing the generated real time values to the stored values, wherein the signal from user sample is generated by one of gesture or object presentation or combination thereof, and wherein an authentication signal is transmitted to an access control unit when a similarity of the generated values to the stored values satisfies the similarity threshold to authenticate the user.
2. The method as claimed in claim 1 enables multi-factor authentication with facial recognition by adding gesture or object presentation or combination thereof as a second factor without additional hardware.
3. The method as claimed in claim 1, wherein the gestures or objects could be pre-determined and could be picked from a list of choices via an input medium.
4. The method as claimed in claim 1, wherein the authentication credentials or visual password is configured for a particular resource with following parameters: unit size, one or multiple types of authentication credentials for each unit of the credential, each type of authentication credential is configured with an option to have a name associated with it for reference, setting an option to receive the unit of the credential within a specified duration of time, setting an option to receive a type of authentication credential within a specified duration or time, and setting an option to utilize a designated area of frame for each unit of the authentication credential.
5. The method as claimed in claim 2, wherein the gesture presentation to form a visual password could be a single or combination of multiple facial gestures, finger gestures, or hand gestures that is presented.
6. The method as claimed in claim 2, wherein based on the gesture or object presentation performs appropriate detection and processing to authenticate the user.
7. The method as claimed in claim 6, wherein the object presentation includes one or multiple common object types or custom objects or combination thereof.
8. The method as claimed in claim 2, wherein the presentation includes the option to use a combination of gestures and objects presentation for each unit of authentication credential.
9. The method as claimed in claim 7, wherein the common object can be one of a preconfigured list of object categories in a system performing the user authentication.
10. The method as claimed in claim 7, wherein one or multiple common objects or custom objects or combination thereof can be used for each unit of the authentication credential.
11. The method as claimed in claim 10, wherein the custom object is a uniquely identifiable object.
12. The method as claimed in claim 11, wherein the custom object can be positioned in a specific angle of view to be uniquely identifiable.
PCT/IN2021/050468 2020-05-17 2021-05-15 A multi-factor authentication system using gesture recognition and object presentation and method thereof WO2021234727A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202041006751 2020-05-17
IN202041006751 2020-05-17

Publications (2)

Publication Number Publication Date
WO2021234727A2 true WO2021234727A2 (en) 2021-11-25
WO2021234727A3 WO2021234727A3 (en) 2022-01-06

Family

ID=78709105

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2021/050468 WO2021234727A2 (en) 2020-05-17 2021-05-15 A multi-factor authentication system using gesture recognition and object presentation and method thereof

Country Status (1)

Country Link
WO (1) WO2021234727A2 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11256792B2 (en) * 2014-08-28 2022-02-22 Facetec, Inc. Method and apparatus for creation and use of digital identification
US9842250B2 (en) * 2015-05-13 2017-12-12 Capital One Services, Llc Systems and methods for authenticating a user based on captured image data

Also Published As

Publication number Publication date
WO2021234727A3 (en) 2022-01-06

Similar Documents

Publication Publication Date Title
Dasgupta et al. Advances in user authentication
US20080235788A1 (en) Haptic-based graphical password
Amin et al. Biometric and traditional mobile authentication techniques: Overviews and open issues
JP6757861B1 (en) Authentication system, authentication method, and program
TWI754964B (en) Authentication system, authentication device, authentication method, and program product
JP6399605B2 (en) Authentication apparatus, authentication method, and program
Kawamura et al. Eyedi: Graphical authentication scheme of estimating your encodable distorted images to prevent screenshot attacks
Srivastava et al. Continuous multi-biometric user authentication fusion of face recognition and keystoke dynamics
Addy et al. Physical access control based on biometrics and GSM
JP6891355B1 (en) Authentication system, authentication device, authentication method, and program
WO2021234727A2 (en) A multi-factor authentication system using gesture recognition and object presentation and method thereof
Meghanathan Biometric systems for user authentication
JP2011118561A (en) Personal identification device and personal identification method
Boonkrong et al. Biometric Authentication
Rila Denial of access in biometrics-based authentication systems
Wells et al. Privacy and biometrics for smart healthcare systems: attacks, and techniques
Tait Behavioural biometrics authentication tested using eyewriter technology
Yerramsetti et al. APPLICATION OF MULTI FACTORED BIOMETRIC MEASURE FOR DATA SECURITY IN ATM.
Hassan et al. Towards Secure Identification: A Comparative Analysis of Biometric Authentication Techniques
ugli Juraev et al. PROSPECTS OF BIOMETRICS IN INFORMATION SECURITY
KR100974294B1 (en) System and method for controlling biometric entrance
Tangawar et al. Survey Paper on Graphical Password Authentication System In Terms of Usability and Security Attribute
Sharma et al. Security gaps in authentication factor credentials
Jing PINWrite: A New Smartphone Authentication Scheme Using Handwriting Recognition
Furnell Biometric Technology and User Identity

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21809832

Country of ref document: EP

Kind code of ref document: A2