CN101365193A - System and method for customer authentication execution based on customer behavior mode - Google Patents
System and method for customer authentication execution based on customer behavior mode Download PDFInfo
- Publication number
- CN101365193A CN101365193A CNA2007101406277A CN200710140627A CN101365193A CN 101365193 A CN101365193 A CN 101365193A CN A2007101406277 A CNA2007101406277 A CN A2007101406277A CN 200710140627 A CN200710140627 A CN 200710140627A CN 101365193 A CN101365193 A CN 101365193A
- Authority
- CN
- China
- Prior art keywords
- authentication information
- user
- pattern
- authentication
- behavior pattern
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a system and a method for executing the user authentication based on the behavioral pattern of a mobile terminal user. The system comprises a mobile terminal; the mobile terminal is provided with an input unit used for receiving the authentication information from the users; an authentication unit for extracting the users' behavioral pattern based on the authentication information; and a data communication unit for sending the authentication information and the behavioral pattern to an authentication server. The behavioral pattern based on the extracted authentication information includes the user characteristic behavioral patterns, such as a typing pattern, a mobile pattern, a sound pattern and a writing pattern. The system and the method for executing the user authentication based on the behavioral pattern of the mobile terminal user can improve the security and the flexibility of the user authentication system.
Description
Technical field
The present invention relates generally to a kind of system and method that is used for carrying out based on user behavior pattern authentification of user, relate in particular to a kind of be used for based on except the conventional authentication information such as the password relevant with user ID, such as the user move and the key entry pattern user behavior pattern carry out the system and method for authentification of user, thereby improved the fail safe and the flexibility of customer certification system.
Background technology
In the ecommerce based on Web bank, securities trading and the billed services of the Internet (Internet), need user authentication process to verify the identity that the user claims.Generally speaking, by comparing, carry out this user authentication process by the ID and the password of user input and the ID and the password (for example, template ID and password) that are registered in the database of a Verification System.Though this password method is the simplest owing to it and the most cheap instrument is widely used, but because people often select speech that name, birthday, telephone number, address such as the kinsfolk etc. guess easily and/or numeral as password, therefore this method has shortcoming.Especially, in case the user visits main service provider system by the portable terminal such as the mobile phone with small-sized keypad, the user only uses one group of very limited numerical character (sequence of 4 to 6 numerals typically) as his/her password usually.Therefore, need a kind of user authen method improve the especially fail safe of the customer certification system in mobile network environment, this user authen method substitutes or has strengthened this password method.
In order to address the above problem, advised adopting biologicall test to carry out more accurate authentification of user.A kind of method of differentiating a people based on his/her physiology or behavioural characteristic of biometric definiteness.Others must appear at differential point in person owing to (i) being reflected; And the discriminating of (ii) adopting this biometric techniques is without any need for password, and therefore this discrimination method is better than traditional password method.
Generally speaking, based on the user's physiological characteristic such as fingerprint, facial characteristics, iris, palmmprint, carry out biologicall test.Because these physiological characteristics are unique for individuality, and along with the time remains constantly, so they can serve as highly reliable and accurate discriminating form.Yet, should not depend on user's behavior based on the biologicall test of physiological characteristic, but depended on related input unit to a great extent.Thereby in order to improve the accuracy of discriminating, the whole cost of this bioassay system will inevitably increase inevitably.On the other hand, the behavior biologicall test such as thump dynamics have such as low-cost, the user uses easily and the control of remote access easily various advantages.Thump dynamics refers to how a kind of user goes up the method for keying in password at the input unit (for example, keyboard) of a customer certification system.
Need a kind of system and method that is used for the behavior biologicall test is integrated with a kind of conventional password method, thereby improve the fail safe and the flexibility of customer certification system.In addition,, more wish to comprise the behavior pattern of Move Mode and acoustic pattern and the behavior biologicall test such as the key entry pattern, carry out authentification of user based on various in order to improve the accuracy of this customer certification system.
Summary of the invention
The present invention relates to a kind of system and method that is used for carrying out authentification of user based on user's behavior pattern.
According to an embodiment, portable terminal comprises an input unit, it is configured to receive user authentication information, an authentication ' unit, it is configured to extract behavior pattern based on this authentication information, and a data communication unit, its be configured to this authentication information and the behavior pattern be delivered in the certificate server.This certificate server is configured to verify this user's identity by at least a and template authentication information and behavior pattern in this authentication information and the behavior pattern are compared.
This input unit of this portable terminal can comprise a keyseat, it is configured to receive the thump of being keyed in by this user, a movable sensor, it is configured to receive the signal that produces by mobile this portable terminal, a camera, and it is configured to catch the image that this user moves, a microphone, it is configured to import this user's sound, perhaps signature input equipment, and it is configured to import this user's signature.
In another embodiment, a kind of system that is used to carry out authentification of user comprises a database, this database configuration be the storing template authentication information and and the behavior pattern that is associated of this template authentication information, an input unit, this input unit is configured to from customer mobile terminal acceptance test authentication information and behavior pattern, and authentication ' unit, this authentication ' unit is configured to compare by template authentication information and the behavior pattern that will test at least one in authentication information and the behavior pattern and be stored in the database, verifies this user's identity.
This system can carry out the user authentication process in two stages: first authentication phase, be used for comparing with the template authentication information that is stored in database by testing authentication information, and verify this user's identity; And if this user's identity validation successfully passes through this first authentication phase, second authentication phase then is used for verifying this user's identity by this behavioral test pattern and this template behavior pattern of being stored in database are compared.
In another embodiment, provide a kind of method that is used to register authentication information.This method comprises from the user and receives authentication information and check whether this user selects to use the behavior pattern that is associated with this authentication information to verify the operation of this user's identity.If determine that this user has selected to use behavior pattern, then extract behavior pattern, and this authentication information and this behavior pattern of being extracted are stored in the database based on this authentication information.
This method may further include reception about the behavior pattern type and with the operation of information of the behavior tolerance value that is associated of pattern, wherein this tolerance value is used as the error margin of verifying this user identity.
Still in another embodiment, provide a kind of method that is used for carrying out authentification of user at portable terminal.This method comprises from this mobile phone users acceptance test authentication information, extract the behavioral test pattern based on this authentication information, passed to certificate server and asked authentification of user by testing authentication information and behavior pattern, and the operation that receives the result of this checking from this certificate server.This certificate server is configured to compare the identity of verifying this user by at least one and template authentication information and the behavior pattern that will test in authentication information and the behavior pattern.
In another embodiment, provide a kind of method that is used for carrying out authentification of user at certificate server.This method comprises the acceptance test authentication information and based on the behavior pattern of extracting from the test authentication information of portable terminal, and compares and carry out first authentication phase by testing authentication information and being stored in template authentication information in the database.In the method, whether if this first authentification of user is achieved success, then checking needs second authentication phase.Then, if need to determine this second authentication phase, then this behavioral test pattern and the template behavior pattern that is stored in the database are compared.In addition, among the result of this first and second authentication phase at least one can be passed to this portable terminal.
Description of drawings
Can understand the present invention best with reference to following detailed description in conjunction with the accompanying drawings:
Fig. 1 has described the configuration according to a kind of customer certification system of one embodiment of the invention;
Fig. 2 shows the detailed configuration according to a kind of customer certification system of one embodiment of the invention, and this customer certification system comprises that one is connected to certificate server to portable terminal;
Fig. 3 has described the configuration according to a kind of input unit of one embodiment of the invention, and this input unit is included in the portable terminal;
Fig. 4 A has set forth chart according to the exemplary key entry pattern of one embodiment of the invention to 4E, and this exemplary key entry pattern comprises thump duration, pressure, the time interval and the stand-by period of being keyed in by the user;
Fig. 5 shows according to one embodiment of the invention a kind of and is used for the process of entering password by mobile portable terminal;
Fig. 6 has proposed a kind of data structure configuration that comprises authentication information and behavior pattern, and it is stored in the authentication information database according to one embodiment of the invention;
Fig. 7 has described the method flow diagram that a pair according to an embodiment of the invention is used to register authentication information and behavior pattern;
Fig. 8 A and 8B have described the graphical user interface that is used for authentication information and behavior pattern are registered in portable terminal according to one embodiment of the invention;
Fig. 9 has set forth the method flow diagram that is used for carrying out at portable terminal authentification of user according to a pair of one embodiment of the invention; And
Figure 10 has described the method flow diagram that is used for carrying out at certificate server authentification of user according to a pair of one embodiment of the invention.
Embodiment
In the following description, will illustrate many specific detail.Yet it is conspicuous not having in these specific detail some or all also can implement these embodiment.In other example, in order not obscure with the present invention, known process, operation or element will can not be described in detail.
The present invention relates to a kind of system and method that is used for carrying out authentification of user based on the behavior pattern of mobile phone users.In one embodiment, this system comprises a portable terminal, this portable terminal has an input unit that is used for receiving from the user authentication information, an authentication ' unit, this authentication ' unit is used for extracting based on this authentication information this user's behavior pattern, and a data communication unit, this data communication units be used for this authentication information and the behavior pattern be delivered to certificate server.This input unit of this portable terminal can comprise one or more input equipment such as keyseat, movable sensor, microphone, touch-screen and camera, it receives with thump, move, the authentication information of sound and signature form (for example, ID and the password that is associated with this ID).These input equipments can be used as built-in assembly and are installed in this portable terminal, perhaps can be connected in this portable terminal by wire/wireless.Based on this authentication information that receives by this input unit, extract behavior pattern, the behavior pattern include, but are not limited to this user such as key entry pattern, Move Mode, acoustic pattern and write user characteristics behavior pattern the pattern.These behavior patterns had both been represented this authentication information, represented user's behavior feature again, had improved the safe class of this system.
In one embodiment, this certificate server comprises a data communication units that is used for receiving from this portable terminal this authentication information and behavior pattern, an authentication information database that is used for storing template authentication information and corelation behaviour pattern, and one be used for comparing the authentication ' unit of carrying out authentification of user by this template authentication information and/or the behavior pattern of will this received authentication information and/or behavior pattern and being stored in database.This database may further include a behavior authentification of user mark, this mark about whether based on behavior pattern and with the behavior tolerance value (that is error margin) that is associated of pattern come the act of execution authentification of user.
This certificate server can depend on behavior authentification of user mark and carry out one or two stage in two stages of user authentication process.In initial user authentication phase, this authentication ' unit of this certificate server compares received authentication information and those authentication informations that are stored in this authentication information database.If the identity that the user claims is verified in this initial user authentication phase, and the behavior, the authentification of user mark was set to open, then, come the act of execution user authentication phase by this received behavior pattern is compared with those behavior patterns that are stored in this authentication information database.
In following part, describe several embodiment with reference to the accompanying drawings in detail according to above-mentioned principle of the present invention.
Fig. 1 has described a kind of configuration of the customer certification system according to one embodiment of the invention.As shown in Figure 1, this customer certification system 1000 comprises that at least one is used for receiving the authentication information that comprises ID and password from the user, and the portable terminal 1100. that extracts behavior pattern based on this authentication information in addition, certificate server 1200 is connected to this portable terminal 1100 by communication network 1300, this certificate server based on this authentication information that receives from this portable terminal 1100 and/or the behavior pattern carry out authentification of user.Should be noted that this portable terminal 1100 can be the portable equipment with any type of mobile communication ability, for example cellular phone, PDA (personal digital assistant), kneetop computer and similar devices.In addition, this communication network 1300 can be the radio data network of any type, for example, uses CDMA, TDMA, GSM technology, Internet or wireless and combination in any cable data network.
Fig. 2 has described a kind of detailed configuration of customer certification system 1000 shown in Figure 1.This portable terminal 1100 comprises an input unit 1120, an authentication ' unit 1140 and a data communication unit 1160.This input unit 1120 receives authentication information from the user, and received authentication information is sent in this authentication ' unit 1140.As shown in Figure 3, this input unit 1120 can comprise an I/O interface 1127, this interface is used for sending data slave unit controller 1126 to this authentication ' unit 1140, and this device controller 1126 is used to control the input equipment such as keyseat 1121, movable sensor 1122, microphone 1123, touch-screen 1124 and camera 1125 or the operation of transducer.For example, this device controller 1126 receives control signal from this authentication ' unit 1140, to control the operation of this input equipment or transducer, and preliminary treatment and the analog signal conversion that will receive from this input equipment become the digital signal of expression authentication information, and these digital signals are sent into this authentication ' unit 1140 by I/O interface 1127.This authentication ' unit 1140 is extracted behavior pattern based on this authentication information that receives from this input unit 1120 then.
Below, describe the example of the user behavior pattern that is extracted by authentication ' unit 1140 in detail to 4E and Fig. 5 with reference to Fig. 4 A.
In one embodiment, this authentication ' unit 1140 of portable terminal 1100 is extracted the key entry pattern based on this authentication information by keyseat 1121 inputs.For example, if the user by keyseat 1121 input his/her ID and password, then this authentication module 1140 can extract the key entry pattern based on the thump of this ID that imports and/or password.The key entry pattern can be represented by in three distinct variablees at least one, just, duration (promptly, the user is by the time quantum of next particular key), the time interval (promptly, the time quantum that the user spends between key that is knocked and key) or pressure (that is, the user is by the amount of pressure of next particular key).
Fig. 4 A has described to 4E and has illustrated when the user keys in Serial No.s " 1,3,5,7 " as password by keyseat 1121, and the example of being extracted by the authentication ' unit 1140 of portable terminal 1100 is keyed in the chart of pattern.
Shown in Fig. 4 A, if the user presses corresponding to numeral " 1,3,5; 7 " key, its duration is respectively 300 milliseconds, 500 milliseconds, 700 milliseconds and 250 milliseconds, then at least a portion in this duration time sequence " 300; 500,700,250 " can be used as the key entry pattern.Before the duration time sequence of being measured by input unit 1120 is delivered to authentication ' unit 1140, can this duration time sequence be converted to the value of another kind of form by device controller 1126.According to the needed safe class of this Verification System, this duration can be quantized into the value of different resolution.For example, if this Verification System needs a low-down safe class, then each duration can be based on a predetermined threshold value, for example 500 milliseconds, converts in two binary values " 0 " and " 1 " to.In this case, duration time sequence " 300,500,700,250 " can convert binary number sequence " 0,1,1,0 " to, then, these binary numbers is passed to the authentication ' unit 1140 of portable terminal 1100.On the other hand, if need a higher safe class in the Verification System, then the duration can be quantized into more high-resolution value.
In addition, the input unit 1120 of portable terminal 1100 can be measured the user and press key to key in the pressure of ID and/or password.In this case, input unit 1120 may further include a transducer that is used to measure the pressure of the key of pressing keyseat 1121.For example, shown in Fig. 4 B, if the user keys in Serial No. " 1,3; 5,7 " with the pressure of 700Pa, 500Pa, 170Pa and 250Pa respectively by keyseat 1121, then force value sequence " 700; 500,170,250 " or at least a portion wherein can be used as the key entry pattern.As mentioned above, depend on the needed safe class of this Verification System, this measured force value can be quantized into the value of different resolution.
Equally, the input unit 1120 of portable terminal 1100 can be measured the key of user's key entry and the time interval between the key.For example, shown in Fig. 4 C, if the user keys in Serial No. " 1; 3,5,7 " with 600 milliseconds of the time intervals, 300 milliseconds and 1000 milliseconds respectively by keyseat 1121, time interval value sequence " 600,300,1000 " or at least a portion wherein can be used as the key entry pattern.Similarly, according to the needed safe class of this Verification System, this measured time interval value can be quantized into the value of different resolution.
In one embodiment, shown in Fig. 4 D, from by next key the time be carved into the duration (hereinafter being called " stand-by period ") in the moment of pressing next key and can measure as the key entry pattern.Replacedly, key entry pattern can be extracted from the geometrical relationship between the value of duration, pressure and the stand-by period of being measured by input unit 1120.For example, shown in Fig. 4 E, measured duration value can be marked and drawed in line chart, thereby makes the line segment that connects two concurrent values and the angle between the x axle (for example, α °, β °, γ °) can be used as the key entry pattern.In addition, the key entry pattern of extracting from authentication information is not limited to above-mentioned example, that is, and and duration, pressure and stand-by period, and the combination of above-mentioned key entry pattern can be used for representing the key entry pattern of authentication information.
In one embodiment, the authentication ' unit 1140 of portable terminal 1100 is extracted behavior pattern based on the authentication information by movable sensor 1122 inputs.This movable sensor 1122 can comprise that any type is used to discern the equipment that the user moves, for example two or three-axle magnetic field transducer or the wearable device such as data glove.For example, if the user move portable terminal 1100 with point out his/her ID and password, then movable sensor 1122 can therefrom extract behavior pattern, i.e. the various features that move of user.Especially, at least one in behavior pattern distance, direction and the speed that can be moved by the user represented.
Fig. 5 has described an instantiation procedure, and wherein the user is by moving a portable terminal and enter password according to being presented at instruction on the portable terminal.For example, after the user was by the input of the keyseat on the portable terminal 1100 ID, this portable terminal 1100 presented an instruction of entering password on display unit 1130.Then, according to the instruction that is presented on the display unit 1130, the user begins to move this portable terminal 1100 to draw dedicated graphics, and a star for example is as password.This user can press dedicated button on the portable terminal 1100 and indicate and finish this password of input.After this, the display unit 1130 of portable terminal 1100 shows the image of the motion track of being caught by movable sensor 1122, then then based on carrying out authentification of user according to the behavior pattern of extracting that moves of being caught.For example, comprise motion track that this moves and at least one in the two or three dimensions coordinate system of speed or duration based on the behavior pattern of the mobile extraction of being caught.
In another embodiment, the authentication ' unit 1140 of portable terminal 1100 is extracted behavior pattern based on the authentication information by microphone 1123 inputs.Especially, when the user says ID and/or password, microphone 1123 these users' of record of portable terminal 1100 sound.The behavior pattern of extracting based on this user voice comprises the inherent feature such as tone, and custom such as speed and tone or the feature that deliberately produces.In one embodiment, the acquistion feature of sound can be as behavior pattern to verify this user's identity.The user can by with usual different mode pronounce ID and/or password.For example, this user can be with the specific part of or more loudly pronounce password longer than the other parts of password.Can use the phonetic analysis algorithm of any suitable, extract such behavior pattern based on the sound that is write down.
In one embodiment, the authentication ' unit 1140 of portable terminal 1100 is extracted behavior pattern based on the authentication information by touch-screen 1124 inputs.The user can import the signature of representing ID and/or password with pen on touch-screen 1124.Then, this input unit 1120 extracts behavior pattern from the signature of being imported, and for example along with the signature track in past time, this user imports the pressure of this signature and the variation of speed.These behavior patterns of extracting from this signature comprise the signature inherent feature, and custom or the intentional feature that produces.
In another embodiment, the authentication ' unit 1140 of portable terminal 1100 is extracted behavior pattern based on the authentication information by camera 1125 inputs.Especially, the camera 1125 of portable terminal 1100 can be caught the user static state or the motion picture that move of expression authentication information, and authentication ' unit 1140 can therefrom be extracted behavior pattern.For example, at least one in behavior pattern track, direction and the speed that can be moved by the user who is caught in the picture represented.
Though described some examples of behavior pattern in the above embodiments, but be not limited to this by the behavior pattern that the input unit 1120 of portable terminal 1100 is extracted, and can comprise any information except the physiological characteristic such as fingerprint, iris and acoustic tones, expression user behavior feature.
Get back to Fig. 2, the authentication ' unit 1140 of portable terminal 1100 is delivered to the authentication information of input and the behavior pattern of extracting based on this authentication information in the certificate server 1200 by data communication units 1160.As shown in Figure 2, this certificate server 1200 comprises a data communication unit 1220, an authentication ' unit 1240, this authentication ' unit is used for carrying out authentification of user based on the authentication information and/or the behavior pattern that receive by this data communication units 1220, and an authentication information database 1260, this authentication information database is used for storing template authentication information and behavior pattern.
Fig. 6 has proposed a kind of authentication information and the example arrangement of the behavior pattern that is associated with this authentication information, and authentication information and behavior pattern are stored in the authentication information database 1260.As shown in Figure 6, authentication information database 1260 has been stored one group of verify data for each user's registration, comprises ID, password, indicates whether behavior certification mark and the corelation behaviour pattern information of usage behavior pattern in carrying out authentification of user.In the registration phase of describing in detail after a while, if the user is chosen in usage behavior pattern in the authentification of user, then certification mark is set to ON the behavior, and the behavior pattern of extracting from authentication information is stored in the authentication information database 1260.
As shown in Figure 6, pattern information can comprise a tolerance value that is used for behavior pattern the behavior.This tolerance value (that is error margin) can be used for user rs authentication in following this mode.That is to say, if the identity that the difference between behavioral test pattern (extracting from the authentication information by user input) and the template behavior pattern (being stored in the authentication information database 1260) less than this tolerance value, is then verified this user and claimed.For example, as shown in Figure 6, have ID " KSK " and the user selected to use two kinds of key entry patterns, i.e. duration and blanking time,, and a tolerance value is set for every kind of key entry pattern as behavior pattern.At registration phase, the user can be provided with a different tolerance value for every kind of key entry pattern.In addition, tolerance value can with the identical unit, those unit of behavior pattern in represent, perhaps can be expressed as this tolerance value and the behavior mode value ratio.
In addition, at registration phase,, can produce more than one group behavior pattern by repeating input authentication information more than once for each user.In this case, the behavior pattern of a whole group can be used as the template behavior pattern and is stored in the authentication information database 1260.Replacedly, typical value, for example the mean value of the behavior pattern of a whole group can be stored in the authentication information database 1260.
In one embodiment, when carrying out user authentication process, can update stored in the template behavior pattern in this authentication information database 1260.For example, if in user authentication process, verified the identity that the user claimed, then the behavioral test pattern of using in this user authentication process (for example can be replaced the template behavior pattern that is stored in the authentication information database 1260, the template behavior pattern of nearest registration), perhaps can be registered in addition in this authentication information database 1260.
As shown in Figure 2, in authentication phase, the authentication ' unit 1240 of certificate server 1200 is by the test authentication information and/or the behavior pattern that will receive from data communication units 1220 and be stored in authentication information the authentication information database 1260 and/or behavior pattern compares and carries out authentification of user.For example, authentication ' unit 1240 can be used the data of ID retrieve stored in authentication information database 1260, and ID is included in the test authentication information as keyword.If in authentication information database 1260, do not find this ID, user authentication failure then, then certificate server 1200 can send to portable terminal 1100 with a request that is used for registering new authentication information.On the other hand, if in authentication information database 1260, find this ID, then by testing authentication information (that is password) and/or behavior pattern and being stored in authentication information in the authentication information database 1260 and/or behavior pattern compares and carries out authentification of user.
Whether in authentication phase, the behavioral test pattern can compare with the behavior pattern that is stored in the authentication information database 1260, drop within the predetermined permissible range to check difference between the two.In this case, according to the needed safe class of this Verification System, can determine different tolerance values.For example, the tolerance value of setting is more little, can keep high more safe class in Verification System.As mentioned above, authentication information database 1260 can comprise the tolerance value that is associated with the template behavior pattern.
In ensuing discussion, describe a kind of various embodiment that are used to register authentication information and carry out the method for authentification of user based on the behavior pattern of extracting according to authentication information in detail with reference to Fig. 7 to 10.
Fig. 7 has described a kind of being used at the flow chart of registering the method for authentication information and behavior pattern according to the Verification System of one embodiment of the invention.At registration phase, the user taked one be used for he/her authentication information is registered in the step of Verification System, its authentication information comprises ID and password.In addition, the behavior pattern that this user can optionally register and this authentication information is associated.Especially, when the mobile terminal accessing certificate server, this certificate server sends to portable terminal with a request that is used for the explicit user interface, and this user interface is used for input authentication information (operation 710).In response to the request from certificate server, portable terminal shows a user interface that is used for input authentication information.For example, shown in Fig. 8 A, this portable terminal 1100 shows the window 810 and 820 that is used to import ID and password respectively, and a button 840 that is used to begin to register authentication information and/or corelation behaviour pattern.Then, this user import his/she authentication information and begin to register this authentication information (operation 720).For example, this user is input ID and password in window 810 and 820 respectively, and selector button 840 is to begin to register this authentication information.In addition, this user can select one or more option, and this option extracts behavior pattern about whether and/or about the type of behavior pattern from authentication information.For example, if this user selects an OptionButton 830, then portable terminal shows a user interface that is used to select the different options of behavior pattern, shown in Fig. 8 B.As shown in the figure, this user can select a review button 850, will extract behavior pattern from this authentication information with indication.In addition, this user determines the type of the behavior pattern that will use, and/or with the size of the behavior tolerance value that is associated of pattern.For example, shown in Fig. 8 B, in case the key entry pattern is used as behavior pattern, this user can select at least one review button 860, selecting duration, pressure and in the stand-by period which will be, and in window 870, import corresponding tolerance value as behavior pattern.In one embodiment, according to needed safe class in the Verification System, this user can determine whether behavior pattern is quantized into a certain resolution.In addition, to determine that these options can be pre-determined or determined automatically by Verification System by the user though in Fig. 8 A and 8B, described the different options of usage behavior pattern.
In operation 720, if the user begins to register authentication information, then whether mobile terminal check will extract behavior pattern (operation 730) from authentication information.If the user selects not usage behavior pattern in authentification of user, then only authentication information is registered in (operation 740) in the certificate server.For example, if the user not review button 850 just press the button 840 (that is, in case not usage behavior pattern in authentification of user), then from the authentication information of being imported, do not extract behavior pattern, and only authentication information be registered in the certificate server.On the other hand,, then extract the corelation behaviour pattern, and this corelation behaviour pattern is registered in (operation 750) in the certificate server based on the authentication information of being imported if the user selects the usage behavior pattern.For example, if the user presses the button 840 that is used to register authentication information, review button 850 is then handled the above-mentioned authentication information by user's input with reference to Fig. 3 to 5 simultaneously, for example with thump, move, the form of sound, signature or image, to extract the corelation behaviour pattern.
Fig. 9 and 10 has described a kind of flow chart that is used for carrying out according to one embodiment of the invention the method for authentification of user.Fig. 9 shows the operation that is used to receive authentication information and extracts behavior pattern, and it can be carried out in customer mobile terminal, and Figure 10 shows the operation that is used for carrying out based on authentication information and behavior pattern authentification of user, and it can be carried out in certificate server.
As shown in Figure 9, if the user passes through the mobile terminal accessing certificate server, then this mobile terminal request user input comprises the authentication information of ID and password, for example shown in Fig. 8 A (operation 910).Then, if user's input authentication information (operation 920), then this portable terminal extracts behavior pattern (operation 930) based on the authentication information of being imported, and this authentication information and the behavior pattern of being extracted are delivered to (operation 940) in the certificate server.
In response to authentication information and the behavior pattern transmitted from portable terminal, certificate server is carried out authentification of user by will received information comparing with the information in the authentication information database of being stored in, and this is explained in more detail with reference to Figure 10.If verified the identity that the user claimed in certificate server, then certificate server will indicate checking result's message to send in the portable terminal.If be proved to be successful, then allow user capture to be used to provide the main system (operation 950 and 960) of relevant online service.Otherwise, if authentication failed then can require the user once more by portable terminal input authentication information (operation 950 and 920).
Figure 10 has presented and has been used at certificate server based on the operation of carrying out authentification of user from the authentication information and the behavior pattern of portable terminal transmission.As shown in figure 10, if certificate server is from portable terminal acceptance test authentication information and behavior pattern (operation 1002), then certificate server will be by testing authentication information and/or behavior pattern and being stored in authentication information in the authentication information database and/or behavior pattern compares and carries out authentification of user.
In one embodiment, certificate server is carried out the user authentication process in following two stages.In first authentication phase, certificate server compares (operation 1004) with authentication information and the authentication information that is stored in the authentication information database.If in first authentication phase, the authentication failed of the identity of being claimed (operation 1006 and 1016), then certificate server can send one and is used for once more that the request of input authentication information sends to portable terminal.On the other hand, if be proved to be successful, then whether the certificate server inspection needs behavior authentication (operation 1008), for example is stored in the behavior certification mark in the authentication information database by reference, as mentioned above.If do not need to determine the behavior authentication, then finish checking (operation 1014).In this case, can allow one of this user capture to be used to provide the main system of relevant online service.Otherwise if need to determine behavior authentication, then certificate server is by with this behavioral test pattern be stored in behavior pattern in the authentication information database and compare and carry out second user rs authentication (operation 1010).In operation 1012,, then can allow main system of user capture if determine to be proved to be successful; Otherwise if determine authentication failed (operation 1016), then certificate server can send a request that is used for once more input authentication information to portable terminal.
In user authentication phase, certificate server can adopt the pattern matching algorithm of any suitable such as euclidean distance metric, will test authentication information and behavior pattern and the authentication information and the behavior pattern that are stored in the authentication information database compare.Replacedly, certificate server can adopt the pattern matching or the recognizer of any other type such as neural net, SVMs and genetic algorithm in user authentication process.
When having described in a particular embodiment when of the present invention, should approve of and to realize these embodiment with the form of hardware, software, firmware, middleware or its combination, and can in system, subsystem, assembly or sub-component wherein, utilize these embodiment.When realizing with form of software, the element of embodiment is the instructions/code section that is used to carry out necessary task.This program or code segment can be stored in the computer-readable medium, such as processor readable medium or computer program.Replacedly, they can pass through transmission medium or communication linkage, by the computer data signal that is included in the carrier wave, or are transmitted by the signal of carrier modulation.This computer-readable medium or processor readable medium can be the media of any type, and it can be with readable and executable form storage of machine (for example, processor, computer etc.) or transmission information.
Claims (22)
1. portable terminal comprises:
An input unit, it is configured to receive user authentication information;
An authentication ' unit, it is configured to extract behavior pattern based on this authentication information; And
A data communication unit, its be configured to this authentication information and the behavior pattern pass to certificate server;
Wherein, this certificate server is configured to verify this user's identity by at least a and template authentication information and behavior pattern in this authentication information and the behavior pattern are compared.
2. portable terminal according to claim 1 is characterized in that, this input unit comprises a keyseat, and it is configured to receive the thump keyed in by this user as this authentication information,
Wherein, pattern comprises the key entry pattern of extracting based on this thump the behavior.
3. portable terminal according to claim 2, it is characterized in that, this key entry pattern comprises that this user presses the duration of a key of this keyseat, the time interval that the user is spent between the key of keying in this keyseat and key, and this user presses in the pressure of a key of this keyseat at least one.
4. portable terminal according to claim 1 is characterized in that, this input unit comprises a movable sensor, and it is configured to receive by moving signal that this portable terminal produced as this authentication information,
Wherein, pattern comprises Move Mode based on this received signal extraction the behavior.
5. portable terminal according to claim 4 is characterized in that, this Move Mode comprises at least one in the distance, direction and the speed that move of this portable terminal.
6. portable terminal according to claim 4 is characterized in that, this movable sensor comprises a three-axle magnetic field transducer.
7. portable terminal according to claim 1 is characterized in that, this input unit comprises a camera, and it is configured to catch image that secondary this user moves as authentication information,
Wherein, pattern comprises the Move Mode that extracts based on this image of catching the behavior.
8. portable terminal according to claim 1 is characterized in that, this input unit comprises a microphone, and its sound that is configured to import this user is as this authentication information,
Wherein, pattern comprises the acoustic pattern that extracts based on this sound of importing the behavior.
9. portable terminal according to claim 8 is characterized in that, this acoustic pattern comprises the duration of a sound of the sound that this is imported and at least one in the tone.
10. portable terminal according to claim 1 is characterized in that, this input unit comprises a signature input equipment, and its signature that is configured to import this user is as this authentication information,
Wherein pattern comprises the writing pattern of extracting based on this writing of importing the behavior.
11. portable terminal according to claim 10 is characterized in that, this signature input equipment comprises a touch-screen.
12. portable terminal according to claim 1 is characterized in that, this input unit is configured to be wirelessly connected to this authentication ' unit.
13. portable terminal according to claim 1 is characterized in that, this portable terminal is a personal communication devices with wireless communication ability.
14. a system that is used to carry out authentification of user comprises:
A database, this database configuration be the storing template authentication information and and the behavior pattern that is associated of this template authentication information;
An input unit, this input unit are configured to from customer mobile terminal acceptance test authentication information and behavior pattern; And
An authentication ' unit, this authentication ' unit are configured to compare by this template authentication information and the behavior pattern that will test at least one in authentication information and the behavior pattern and be stored in this database, verify this user's identity.
15. system according to claim 14 is characterized in that, this authentication ' unit is carried out:
First authentication phase is used for comparing with the template authentication information that is stored in this database by testing authentication information, verifies this user's identity; And
If this first authentication phase is successfully passed through in this user's authentication, then second authentication phase is used for verifying this user's identity by this behavioral test pattern and this template behavior pattern that is stored in this database are compared.
16. a method that is used to register authentication information comprises:
Receive authentication information from the user;
Check whether this user has selected to use the behavior pattern that is associated with this authentication information to verify this user's identity;
If determine that this user has selected to use behavior pattern, then extract behavior pattern based on this authentication information; And
This authentication information and this behavior pattern of being extracted are stored in the database.
17. method according to claim 16 further comprises:
Reception about the behavior pattern type and with the information of the behavior tolerance value that is associated of pattern,
Wherein this tolerance value is used as the error margin of verifying this user identity.
18. a method that is used for carrying out at portable terminal authentification of user comprises:
From this mobile phone users acceptance test authentication information;
Extract the behavioral test pattern based on this test authentication information;
Passed to certificate server and asked authentification of user by testing authentication information and behavior pattern, wherein, this certificate server is configured to compare the identity of verifying this user by at least one and template authentication information and the behavior pattern that will test in authentication information and the behavior pattern; And
Receive the result of this checking from this certificate server.
19. a method that is used for carrying out at certificate server authentification of user comprises:
Reception is based on from the test authentication information of portable terminal and test authentication information and the behavior pattern extracted;
Compare and carry out first authentication phase by testing authentication information and being stored in template authentication information in the database;
If this authentification of user is achieved success in first user authentication phase, then check whether need second authentication phase;
If need to determine this second authentication phase, then this behavioral test pattern and the template behavior pattern that is stored in this database are compared; And
Among the result of this first and second authentication phase at least one is delivered to this portable terminal.
20. a computer-readable recording medium, it is used for storage computation machine executable code segment, carries out a kind of method with the processor of order customer certification system, comprising:
Receive authentication information from the user;
Check whether this user has selected to use the behavior pattern that is associated with this authentication information to verify this user's identity;
If this user has selected to use behavior pattern, then extract behavior pattern based on this authentication information; And
This authentication information and this behavior pattern of being extracted are stored in the database.
21. a computer-readable recording medium is used for storage computation machine executable code segment, carries out a kind of method with the processor of order customer certification system, comprising:
From this mobile terminal user acceptance test authentication information;
Extract the behavioral test pattern based on this test authentication information;
Passed to certificate server and asked authentification of user by testing authentication information and behavior pattern, wherein, this certificate server is configured to compare the identity of verifying this user by at least one and template authentication information and the behavior pattern that will test in authentication information and the behavior pattern; And
Receive the result of this checking from this certificate server.
22. a computer-readable recording medium is used for storage computation machine executable code segment, carries out a kind of method with the processor of order customer certification system, comprising:
Reception is based on from the test authentication information of portable terminal and test authentication information and the behavior pattern extracted;
Compare and carry out first authentication phase by testing authentication information and being stored in template authentication information in the database;
If this authentification of user is achieved success in this first user authentication phase, then check whether need second authentication phase;
If need to determine second authentication phase, then this behavioral test pattern and the template behavior pattern that is stored in this database are compared; And
Among the result of this first and second authentication phase at least one is delivered to this portable terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101406277A CN101365193A (en) | 2007-08-09 | 2007-08-09 | System and method for customer authentication execution based on customer behavior mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101406277A CN101365193A (en) | 2007-08-09 | 2007-08-09 | System and method for customer authentication execution based on customer behavior mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101365193A true CN101365193A (en) | 2009-02-11 |
Family
ID=40391272
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101406277A Pending CN101365193A (en) | 2007-08-09 | 2007-08-09 | System and method for customer authentication execution based on customer behavior mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101365193A (en) |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488859A (en) * | 2009-02-27 | 2009-07-22 | 上海凌锐信息技术有限公司 | Network security authentication system based on handwriting recognition and implementing method thereof |
| CN101887499A (en) * | 2010-07-08 | 2010-11-17 | 北京九合创胜网络科技有限公司 | User identity management method and system |
| CN102725712A (en) * | 2009-11-09 | 2012-10-10 | 因文森斯公司 | Handheld computer systems and techniques for character and command recognition related to human movements |
| CN102810162A (en) * | 2011-06-03 | 2012-12-05 | 梅健 | Verification system based on pen strength identification |
| CN103065077A (en) * | 2013-01-06 | 2013-04-24 | 于朔 | Real user authentication method and real user authentication device |
| CN103152324A (en) * | 2013-01-29 | 2013-06-12 | 北京凯华信业科贸有限责任公司 | User authentication method based on behavior features |
| CN103530543A (en) * | 2013-10-30 | 2014-01-22 | 无锡赛思汇智科技有限公司 | Behavior characteristic based user recognition method and system |
| CN103533546A (en) * | 2013-10-29 | 2014-01-22 | 无锡赛思汇智科技有限公司 | Implicit user verification and privacy protection method based on multi-dimensional behavior characteristics |
| CN103685218A (en) * | 2012-09-18 | 2014-03-26 | 美国博通公司 | System and method for location-based authentication |
| CN104053020A (en) * | 2013-03-15 | 2014-09-17 | 深圳市九洲电器有限公司 | Method and system for realizing electronic commerce interaction by set-top box |
| CN105099701A (en) * | 2015-07-29 | 2015-11-25 | 努比亚技术有限公司 | Terminal and terminal authentication method |
| CN105556917A (en) * | 2013-05-13 | 2016-05-04 | 俄亥俄州立大学 | Motion-based identity authentication of an individual with a communications device |
| CN106055948A (en) * | 2012-03-23 | 2016-10-26 | 原相科技股份有限公司 | User identification system and method for identifying user |
| CN106170793A (en) * | 2013-11-05 | 2016-11-30 | 鑫潽瑞科技股份有限公司 | System, method and apparatus for secure log |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| CN106453205A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
| CN107122641A (en) * | 2017-04-25 | 2017-09-01 | 杭州安石信息技术有限公司 | Smart machine owner recognition methods and owner's identifying device based on use habit |
| CN107580707A (en) * | 2015-09-11 | 2018-01-12 | 谷歌有限责任公司 | Group member is identified based on input interactive mode |
| CN107615706A (en) * | 2015-03-29 | 2018-01-19 | 塞丘雷德塔奇有限公司 | Persistent subscriber certification |
| WO2018126338A1 (en) * | 2017-01-03 | 2018-07-12 | Nokia Technologies Oy | Apparatus, method and computer program product for authentication |
| CN108352022A (en) * | 2015-08-27 | 2018-07-31 | 万事达卡国际股份有限公司 | System and method for monitoring computer authentication procedure |
| CN108960195A (en) * | 2018-07-25 | 2018-12-07 | 中国建设银行股份有限公司 | Identity checking method and system |
| CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
| CN109242489A (en) * | 2018-08-15 | 2019-01-18 | 中国银行股份有限公司 | Authentication mode selection method and device |
-
2007
- 2007-08-09 CN CNA2007101406277A patent/CN101365193A/en active Pending
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488859A (en) * | 2009-02-27 | 2009-07-22 | 上海凌锐信息技术有限公司 | Network security authentication system based on handwriting recognition and implementing method thereof |
| US9174123B2 (en) | 2009-11-09 | 2015-11-03 | Invensense, Inc. | Handheld computer systems and techniques for character and command recognition related to human movements |
| CN102725712A (en) * | 2009-11-09 | 2012-10-10 | 因文森斯公司 | Handheld computer systems and techniques for character and command recognition related to human movements |
| CN102725712B (en) * | 2009-11-09 | 2016-09-07 | 因文森斯公司 | Handheld computer system and about the character of mankind's activity and the technology of command recognition |
| CN101887499A (en) * | 2010-07-08 | 2010-11-17 | 北京九合创胜网络科技有限公司 | User identity management method and system |
| CN102810162A (en) * | 2011-06-03 | 2012-12-05 | 梅健 | Verification system based on pen strength identification |
| CN106055948A (en) * | 2012-03-23 | 2016-10-26 | 原相科技股份有限公司 | User identification system and method for identifying user |
| CN106055948B (en) * | 2012-03-23 | 2019-11-08 | 原相科技股份有限公司 | User's identification system and the method for recognizing user |
| CN103685218A (en) * | 2012-09-18 | 2014-03-26 | 美国博通公司 | System and method for location-based authentication |
| CN103685218B (en) * | 2012-09-18 | 2018-09-21 | 安华高科技通用Ip(新加坡)公司 | System and method for location-based certification |
| CN103065077A (en) * | 2013-01-06 | 2013-04-24 | 于朔 | Real user authentication method and real user authentication device |
| CN103152324B (en) * | 2013-01-29 | 2016-01-27 | 北京凯华信业科贸有限责任公司 | The user authen method of Behavior-based control feature |
| CN103152324A (en) * | 2013-01-29 | 2013-06-12 | 北京凯华信业科贸有限责任公司 | User authentication method based on behavior features |
| CN104053020A (en) * | 2013-03-15 | 2014-09-17 | 深圳市九洲电器有限公司 | Method and system for realizing electronic commerce interaction by set-top box |
| CN105556917A (en) * | 2013-05-13 | 2016-05-04 | 俄亥俄州立大学 | Motion-based identity authentication of an individual with a communications device |
| CN105556917B (en) * | 2013-05-13 | 2019-06-28 | 俄亥俄州立大学 | Use the based drive personal identification of communication equipment |
| CN103533546A (en) * | 2013-10-29 | 2014-01-22 | 无锡赛思汇智科技有限公司 | Implicit user verification and privacy protection method based on multi-dimensional behavior characteristics |
| CN103530543A (en) * | 2013-10-30 | 2014-01-22 | 无锡赛思汇智科技有限公司 | Behavior characteristic based user recognition method and system |
| CN103530543B (en) * | 2013-10-30 | 2017-11-14 | 无锡赛思汇智科技有限公司 | A kind of user identification method and system of Behavior-based control feature |
| CN106170793A (en) * | 2013-11-05 | 2016-11-30 | 鑫潽瑞科技股份有限公司 | System, method and apparatus for secure log |
| CN107615706A (en) * | 2015-03-29 | 2018-01-19 | 塞丘雷德塔奇有限公司 | Persistent subscriber certification |
| CN105099701A (en) * | 2015-07-29 | 2015-11-25 | 努比亚技术有限公司 | Terminal and terminal authentication method |
| CN105099701B (en) * | 2015-07-29 | 2018-06-26 | 努比亚技术有限公司 | A kind of method of terminal and terminal authentication |
| CN106453205A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Identity verification method and identity verification device |
| CN106453205B (en) * | 2015-08-07 | 2019-12-10 | 阿里巴巴集团控股有限公司 | identity verification method and device |
| CN108352022A (en) * | 2015-08-27 | 2018-07-31 | 万事达卡国际股份有限公司 | System and method for monitoring computer authentication procedure |
| CN108352022B (en) * | 2015-08-27 | 2023-02-17 | 万事达卡国际股份有限公司 | System and method for monitoring computer authentication programs |
| US11310281B2 (en) | 2015-08-27 | 2022-04-19 | Mastercard International Incorporated | Systems and methods for monitoring computer authentication procedures |
| CN107580707A (en) * | 2015-09-11 | 2018-01-12 | 谷歌有限责任公司 | Group member is identified based on input interactive mode |
| CN106384027A (en) * | 2016-09-05 | 2017-02-08 | 四川长虹电器股份有限公司 | User identity recognition system and recognition method thereof |
| US11283631B2 (en) | 2017-01-03 | 2022-03-22 | Nokia Technologies Oy | Apparatus, method and computer program product for authentication |
| WO2018126338A1 (en) * | 2017-01-03 | 2018-07-12 | Nokia Technologies Oy | Apparatus, method and computer program product for authentication |
| CN107122641B (en) * | 2017-04-25 | 2020-06-16 | 杭州义盾信息技术有限公司 | Intelligent equipment owner identification method and intelligent equipment owner identification device based on use habit |
| CN107122641A (en) * | 2017-04-25 | 2017-09-01 | 杭州安石信息技术有限公司 | Smart machine owner recognition methods and owner's identifying device based on use habit |
| CN109088855A (en) * | 2018-07-12 | 2018-12-25 | 新华三信息安全技术有限公司 | A kind of identity authentication method and equipment |
| CN108960195B (en) * | 2018-07-25 | 2021-02-26 | 中国建设银行股份有限公司 | Identity verification method and system |
| CN108960195A (en) * | 2018-07-25 | 2018-12-07 | 中国建设银行股份有限公司 | Identity checking method and system |
| CN109242489B (en) * | 2018-08-15 | 2020-08-25 | 中国银行股份有限公司 | Authentication mode selection method and device |
| CN109242489A (en) * | 2018-08-15 | 2019-01-18 | 中国银行股份有限公司 | Authentication mode selection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101365193A (en) | System and method for customer authentication execution based on customer behavior mode | |
| US20070236330A1 (en) | System and method for performing user authentication based on user behavior patterns | |
| US20220075856A1 (en) | Identifying and authenticating users based on passive factors determined from sensor data | |
| EP2784710B1 (en) | Method and system for validating personalized account identifiers using biometric authentication and self-learning algorithms | |
| JP4939121B2 (en) | Methods, systems, and programs for sequential authentication using one or more error rates that characterize each security challenge | |
| CN103548031B (en) | Picture gesture authentication | |
| US7360239B2 (en) | Biometric multimodal centralized authentication service | |
| JP4463526B2 (en) | Voiceprint authentication system | |
| US9262615B2 (en) | Methods and systems for improving the security of secret authentication data during authentication transactions | |
| US20030074201A1 (en) | Continuous authentication of the identity of a speaker | |
| CN106415570A (en) | Dynamic keyboard and touchscreen biometrics | |
| MXPA05011799A (en) | User authentication by combining speaker verification and reverse turing test. | |
| EP2368213A2 (en) | Biometric identity verification | |
| US20180204049A1 (en) | Manual signature authentication system and method | |
| US20220172729A1 (en) | System and Method For Achieving Interoperability Through The Use of Interconnected Voice Verification System | |
| JP2023549934A (en) | Method and apparatus for user recognition | |
| JP6693126B2 (en) | User authentication system, user authentication method and program | |
| Clarke et al. | Biometric authentication for mobile devices | |
| JP2002512409A (en) | Electronic device and method for authenticating a user of the device | |
| KR100876628B1 (en) | User terminal and authenticating apparatus for user authentication using user's behavior pattern information and method for authenticating using the same | |
| US20070233667A1 (en) | Method and apparatus for sample categorization | |
| CN111090846B (en) | Login authentication method, login authentication device, electronic equipment and computer readable storage medium | |
| CN110546638A (en) | Improvements in biometric authentication | |
| JP4840036B2 (en) | Biometric authentication apparatus and method | |
| KR101546390B1 (en) | Method of processing authentication information, apparatus performing the same and media storing the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090211 |