EP2435944A2 - A biometric security method, system and computer program - Google Patents

A biometric security method, system and computer program

Info

Publication number
EP2435944A2
EP2435944A2 EP10722395A EP10722395A EP2435944A2 EP 2435944 A2 EP2435944 A2 EP 2435944A2 EP 10722395 A EP10722395 A EP 10722395A EP 10722395 A EP10722395 A EP 10722395A EP 2435944 A2 EP2435944 A2 EP 2435944A2
Authority
EP
European Patent Office
Prior art keywords
registered user
biometric security
metrics
keyboard metrics
test
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10722395A
Other languages
German (de)
French (fr)
Inventor
Andrea Szymkowiak
Michael Charles Dowman
Leslie Derek Ball
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Abertay Dundee
Original Assignee
University of Abertay Dundee
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0909110A external-priority patent/GB2470579A/en
Priority claimed from GB0917761A external-priority patent/GB0917761D0/en
Application filed by University of Abertay Dundee filed Critical University of Abertay Dundee
Publication of EP2435944A2 publication Critical patent/EP2435944A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/16Devices for psychotechnics; Testing reaction times ; Devices for evaluating the psychological state
    • A61B5/165Evaluating the state of mind, e.g. depression, anxiety

Definitions

  • the present invention relates to a biometric security method, system and computer program; and more particularly, a biometric identity verification and emotional stress state evaluation method, system and computer program.
  • biometrics refers to a process for uniquely recognizing a person (or other biological entity) based upon one or more intrinsic physical or behavioral traits thereof. In effect, biometrics replaces the identity verification objects of traditional automatic identity verification systems with an identity verification attribute of a user. Thus, biometrics eliminates the above problem of lost or stolen identity verification objects, since an identity verification attribute is an inherent characteristic of a user, which requires no further, external actualisation.
  • a number of physiological biometric identity verification techniques have been developed in recent years. These methods essentially rely on the unique characteristics of a relevant body part to identify a user. Thus, an imposter could create and use a counterfeit copy of the relevant body part, to fool these methods into permitting an unauthorised access to a controlled resource. However, it is generally more difficult for a person to completely and accurately mimic the behaviour of another. This feature has been used in a number of behavioural identity verification techniques which rely on measurable, identifying behaviours of registered users. More particularly, previous behavioural identity verification techniques include voice and gait recognition.
  • Physiological biometric identity verification techniques merely require the presentation, for verification, of a relevant body part of a user (wherein the said body part might be removed from an authorised user, by an impostor).
  • a behavioural biometric identity verification method requires an interaction with a live person.
  • an impostor would be required to present a live authorised user to a behavioural biometric identity verification system, to gain access to a controlled resource.
  • prior art behavioural biometric identity verification methods provide no guidance as to whether an otherwise authorised user is requesting verification voluntarily or under duress.
  • Previous keystroke biometric systems have used a varity of algorithms to match timing data from login attempts to records of past timing data (eg. Neural networks, vector-space distance metrics, and multivariate Gaussian classifiers). These methods typically assume that keystroke timings follow a Gaussian distribution. However, this assumption is not always correct.
  • a biometric security method comprising the steps of: generating a plurality of test keyboard metrics from a received identity verification request; comparing a typing pattern expressed in the test keyboard metrics with those expressed in a one or more stored keyboard metrics from a plurality of registered users; refusing access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of those expressed in the stored keyboard metrics; and, otherwise, determining a closest matching registered user whose typing pattern most closely matches that expressed in the test keyboard metrics; comparing the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; and allowing access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user.
  • a biometric security system comprising a keyboard metric calculator configured in use to generate a plurality of test keyboard metrics from a received identity verification request; an identity comparator configured in use to determine whether a typing pattern expressed in the test keyboard metrics substantially matches a typing pattern expressed in a one or more stored keyboard metrics from a plurality of registered users; and in the event the typing pattern expressed in the test keyboard metrics substantially matches a plurality of the typing patterns expressed in the stored keyboard metrics, establish a closest matching registered user whose typing patterns, most closely match that of the test keyboard metrics; a stress state comparator configured in use to compare the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; an access controller configured in use to refuse access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of the typing patterns expressed in the stored keyboard metrics; and in the event a match is found, to allow access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches
  • an automated teller machine comprising the biometric security system of the second aspect.
  • a door entry system comprising the biometric security system of the second aspect.
  • a portable wireless device comprising the biometric security system of the second aspect.
  • the biometric security system of the second aspect In contrast with many biometric security systems which require the use of specialised hardware components (e.g. retinal scanner etc.), the biometric security system of the second aspect relies on identification through differential timings of keystrokes. Thus, the biometric security system of the second aspect does not require special hardware. Instead, the biometric security system of the second aspect merely requires a keyboard and a timing system.
  • specialised hardware components e.g. retinal scanner etc.
  • the biometric security system of the second aspect examines the differential keystroke timings in a one or more passwords provided by the user.
  • the biometric security method and system of the first and second aspects allow for a password to be easily changed (e.g. in the event the user suspects that their typing pattern is being imitated by a would-be imposter).
  • a discriminating method for a biometric security system comprising the steps of:-
  • the step of establishing a threshold value (Th) comprises the step of establishing the threshold value (Th) in accordance with the
  • V is the number of selected metrics and U is the number of ordered values.
  • the step of establishing a threshold value (Th) comprises the step of establishing the threshold value (Th) in accordance with the
  • Th V.U.(U + 2) expression in the event the number of ordered records is
  • V is the number of selected metrics and U is the number of ordered values.
  • the step of verifying that the identity verification request was received from a registered user of the biometric security system comprises the steps of:-
  • the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase substantially monotonically in accordance with distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
  • the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase linearly in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
  • the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase in a non-linear fashion in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
  • a biometric security system comprising means adapted to perform the discriminating method of the seventh aspect.
  • a biometric security computer program tangibly embodied on a computer readable medium, the computer program product including instructions for causing a computer to execute the discriminating method of the seventh aspect.
  • an automated teller machine comprising the biometric security system of the eighth aspect.
  • a door entry system comprising the biometric security system of the eighth aspect
  • a portable wireless device comprising the biometric security system of the eighth aspect.
  • a biometric security system implementing the discriminating method examines the differential keystroke timings in a one or more passwords provided by the user.
  • the biometric security method and system allow for a password to be easily changed (e.g. in the event the user suspects that their typing pattern is being imitated by a would-be imposter).
  • the discriminating method comprises a novel matching algorithm that provides a reduction in error of 56.25% compared to a straightforward multivariate Gaussian matching algorithm, or 42.86% reduction in error compared to the same Gaussian matching algorithm with an initial data pre-processing step in which outliers more than three standard deviations from the mean were moved to exactly three standard deviations from the mean.
  • the discriminating method achieves a large improvement in matching accuracy. This improvement is achieved because the discriminating method does not assume that the process by which timing data is created is Gaussian. Some of the improvements also arises because outliers can no longer have a big effect on the overall degree of match.
  • Figure 1 (a) is a flowchart of an offline processing phase of a preferred embodiment of the biometric security method
  • Figure 1(b) is a flowchart of an online processing phase of a preferred embodiment of the biometric security method
  • Figure 2 is a diagram of an example of a three-dimensional distribution of signatures acquired from a plurality of registered users of the biometric security system
  • FIG. 3 is a block diagram of a preferred embodiment of the biometric security system
  • Figure 4 is a graph showing a comparison of a length of time (calculated using the method of Figures 1(a) and 1(b)) between the release and depression of successive keys from two persons typing a same fixed length textual element;
  • Figure 5 is a graph showing a comparison of a length of time
  • Figure 6 is a graph showing a comparison of a length of time (calculated using the method of Figures 1 (a) and 1 (b)) between the release and depression of successive keys of a person in a normal and highly stressed condition;
  • Figure 7 is a graph showing a comparison of a length of time (calculated using the method of Figures 1 (a) and 1 (b)) a given key is held down by a person in a normal and highly stressed condition;
  • Figure 8 is a flowchart of an ordinal matching algorithm used in the online processing phase of the biometric security method of Figure 1(b);
  • Figure 9 (a) is a block diagram of an example of an ordered vector in the ordinal matching algorithm of Figure 8, wherein dimension of an ordered vector is odd valued;
  • Figure 9 (b) is a block diagram of an example of an ordered vector in the ordinal matching algorithm of Figure 8, whenever a dimension of an ordered vector is even-valued;
  • Figure 10 is a block diagram of an example of a weighting calculation process employed in the ordinal matching algorithm of Figure 8;
  • Figure 11 is a graph of results obtained from the ordinal matching algorithm of Figure 8 in a pilot study of 36 persons;
  • Figure 12 is a graph of the results of a multivariate Gaussian matching algorithm on data from the pilot study of Figure 11 ;and Figure 13 is a table of the equal error rates of the ordinal matching algorithm of Figure 11, the multivariate Gaussian matching algorithm of Figure 12, and a multivariate Gaussian matching algorithm in which outliers are respectively adjusted to be within two and three standard deviations from the mean.
  • biometric security method will provide a detailed description of two embodiments of the biometric security method. This will be followed with a description of the architecture of an embodiment of the biometric security system. The discussion will end with a brief description of an example of an implementation of the biometric security method.
  • the biometric security method is broadly divided into an offline processing phase and an online processing phase.
  • a user is registered with the biometric security system; and relevant identifying and emotional state indicator metrics are determined for the user, from an analysis of one or more typing patterns thereof, when exposed to conditions selected to induce a normal (and optionally a high) stress level.
  • the biometric security method uses the above-mentioned metrics to process a password (and/or username) provided by the user; and thereby verify the identity and assess the stress level (at that time) of the user.
  • the biometric security method registers a user with the biometric security system, by acquiring keyboard-related data from the user. More particularly, the method requires 10 the user to type (on a keyboard) a one or more times, a one or more fixed length textual elements, at least one of which will comprise a password (and/or the username) of the user.
  • the textual element(s) typed by the user will henceforth be known as a registration entry. It will be understood that at least some of the textual element(s) may be displayed to the user on an associated computer screen; and the user required to copy-type same. Alternatively or additionally, at least some of the textual element(s) may be played to the user through an audio component of the biometric security system; wherein the user is required to transcribe the audio output.
  • the biometric security method comprises the step of recording 12 the or each corresponding keystroke received from the user, when typing the registration entry.
  • the biometric security method may also comprise the step of measuring the force with which the user depresses the or each key on the keyboard when typing the registration entry.
  • the recorded raw temporal, force and keystroke data from the registration entry wilf henceforth be known as primary keyboard entry data.
  • the biometric security method comprises the step of manipulating 14 an emotional state of the user before and/or while the user is typing. More particularly, in a first embodiment a normal stress state is induced in the user; and in a second embodiment, a normal and a higher stress state are induced.
  • the biometric security method comprises the step of exposing the user (before and/or while they are performing the typing tasks) to a number of sounds selected from an International Affective Digitized Sound (IADS, [Bradley, M. M., and Lang, P. J. (1999). International Affective Digitized Sounds (IADS): Stimuli, Instruction Manual and Affective Ratings (Tech. Rep. No. B-2).
  • IADS International Affective Digitized Sound
  • a normal stress state is induced by exposing the user to a one or more so-called neutral (or non-arousing) everyday sounds (e.g. the sound made by a toothbrush, an electric fan or paper being crumpled); and a higher stress state is induced by exposing the user to a one or more sounds rated as being both extremely arousing and extremely unpleasant (e.g. an argument, baby crying, bee-buzzing or sirens).
  • neutral (or non-arousing) everyday sounds e.g. the sound made by a toothbrush, an electric fan or paper being crumpled
  • a higher stress state is induced by exposing the user to a one or more sounds rated as being both extremely arousing and extremely unpleasant (e.g. an argument, baby crying, bee-buzzing or sirens).
  • the biometric security method is not restricted to using sound to induce a normal or higher stress state in a user.
  • the biometric security method may use other mechanisms of inducing different stress states (e.g. variable lighting conditions ⁇ e.g. strobe frequencies>, temperature, galvanic stress etc.)
  • the biometric security method is not limited to selecting sounds from the IADS system. Instead, the skilled person will understood that sounds from other sources may be alternatively or additionally be used.
  • the biometric security method may also comprise the step of acquiring confirmatory data (as to whether a higher stress state is actually induced in the user on exposure to inter alia a highly unpleasant or arousing sound), by measuring a galvanic skin response (GSR) of the user while the user is typing.
  • GSR galvanic skin response
  • the method comprises the step of attaching a one or more electrodes to the skin of the user, to measure the conductivity thereof. Electrical skin conductance is dependent on the activity of sweat glands which (since they are innervated by the autonomic nervous system) is often used as an indicator of sympathetic activity related to emotional processing of stimuli. In particular, the user's skin's conductivity should increase in the event the user becomes stressed.
  • the biometric security method is not limited to using GSR for confirmation of the induction of a higher stress state.
  • the biometric security method may detect the induction of a particular stress state from other physiological variables, such as, altered pulse rate, blood pressure, pupil dilation, body temperature and respiration rate etc.
  • the biometric security method comprises a further step of processing the received primary keyboard entry data to calculate 16 a plurality of keystroke metrics therefrom.
  • the calculated keyboard metrics include: inter-key latency times (i.e. the length of time between releasing one key and pressing the next, which could be negatively valued in the event of an overlap between the depression of successive keys); hold times (i.e. the length of time a key is held down); and typing error measurements.
  • biometric security method is not limited to these keyboard metrics.
  • other metrics may also be used to characterise the primary keyboard entry data.
  • the biometric security method uses the calculated keyboard metrics to construct (18) a plurality of identifying signatures for the user, wherein at least some of the identifying signatures are associated (optionally through the previously acquired confirmatory data) to a one or more particular stress levels of the user.
  • the signatures could be represented by, for example, simple graphs or multidimensional modalities (e.g., Neumann, P., Tat, A., Zuk, T., and Carpendale, S. (2007). Keystrokes: Personalizing typed text with visualization. In Museth, K., Moller, T., and Ynnerman, A.
  • the biometric security method stores (20) the identifying signatures constructed for each user registered with the biometric security system. These identifying signatures are used during the subsequent online processing phase of the biometric security method to determine whether a would-be user of the biometric security system is actually registered therewith.
  • the hyperspace is shown as a three- dimensional space, wherein, for example, the ei, e 2 and e 3 dimensions respectively represent an "a" to "e" inter-key latency time; a "h” key holding time; and a "t" key holding time.
  • the biometric security method comprises the step of receiving 24 an identity verification request from a user.
  • the identity verification request comprises a one or more fixed length textual elements typed by the user in response to a prompt from the biometric security system.
  • the biometric security method analyses the request and generates 26 therefrom a plurality of keyboard metrics corresponding with those generated during the offline processing phase.
  • the keyboard metrics generated during the offline processing phase and the online processing phase will be known henceforth, as registered user metrics and test metrics respectively.
  • the biometric security method uses a matching algorithm (e.g. statistical vector comparison method ⁇ e.g. k nearest neighbour algorithm) an ordinal discriminator, Bayesian classifier or artificial neural network) to compare 28 the test metrics with the registered user metrics and generate a similarity measure therewith. From the similarity measure the biometric security method determines 30 whether the typing patterns expressed in the identity verification request correspond with any of those of the registered users of the biometric security system.
  • a matching algorithm e.g. statistical vector comparison method ⁇ e.g. k nearest neighbour algorithm
  • an ordinal discriminator e.g. k nearest neighbour algorithm
  • Bayesian classifier e.g. k nearest neighbour algorithm
  • test metrics TM 2 and TM 3 are respectively disposed proximally to the non-overlapping regions of the Useri and User 2 data clouds. Thus, it can be surmised that Useri and User 2 respectively made the identity verification requests from which the test metrics TM 2 and TM 3 were generated.
  • test metric TM 4 is disposed proximally to the overlapping regions of the Usen and User 2 data clouds. Thus, it may be necessary to provide a probabilistic measure of the extent to which the identity verification request was made by either Useri or User 2 .
  • test metric TM 5 is disposed distally from any of the registered user data clouds. Thus, it is very likely that the identity verification request was not made by a registered user of the biometric security system.
  • the biometric security method refuses 31 access to a controlled resource.
  • the biometric security method determines 32 the most closely matching registered user. Thereafter, the biometric security method uses the test metrics to determine 34 the likely stress state of the registered user on making the identity verification request. In particular, in the first embodiment, the biometric security method compares 34 the test keyboard metrics with a one or more stored keyboard metrics associated with a normal stress state of the user. Any significant deviation between the typing patterns expressed in the test keyboard metrics and those in the stored keyboard metrics is an indication that the corresponding identity verification request (from which the test keyboard metrics were derived) was created under stress or duress.
  • the biometric security method compares 34 the test keyboard metrics with a one or more stored keyboard metrics associated with a high stress state and a normal stress state of the closest matching registered user. From these comparisons, the biometric security method determines 34 whether the typing pattern expressed in the test keyboard metrics more closely matches that associated with a high or normal stress state of the closest matching registered user. For example, referring to Figure 2, let User 3 have a high valued "t" key holding time, when typing in a highly stressed state. In other words, User 3 had a highly- valued e 3 test metric when highly stressed.
  • TMi test metric is disposed proximal to the highly-valued ⁇ 3 periphery of the User 3 data cloud, it is likely that User 3 was highly stressed when making the relevant identity verification request. It will be realised that this is a very simple example and that a realistic representation of a highly-stressed state is likely to be considerably more complex and manifested in multiply correlated test metrics.
  • the biometric security method determines 34 that the registered user was in a normal stress state on making the identity verification request
  • the biometric security method grants 36 the registered user access to the resource controlled thereby.
  • the biometric security method initiates 38 further investigations of the circumstances of the identity verification request.
  • the biometric security system 40 comprises a registration controller 42 and an identity verification controller 44, the said controllers being adapted, in use, to respectively control and execute the offline user registration and online identity verification phases of the biometric security method.
  • the registration controller 42 is coupled with a text generator module 46, which is adapted, in use, to receive an activation signal from the registration controller 42, to cause the text generator module 46 to select a one or more textual elements to be typed by a prospective registrant with the biometric security system 40.
  • the text generator module 46 is also coupled with a display 48 and/or a speaker/headphones 50, which are adapted, in use, to respectively display or play a visual or an audio representation of a textual element to be typed by the prospective registrant.
  • the registration controller 42 is also coupled with an IADS source 52 comprising a repository of audio files of sounds selected and rated in accordance with the IADS protocol. More particularly, the registration controller 42 is adapted, in use, to select (in a preferably counter-balanced order) audio files from the IADS source 52; the said audio files being selected with the aim of inducing high and normal stress states in the prospective registrant. To this end, the registration controller 42 is adapted, in use, to transmit a selection control signal to the IADS source 52, to cause the IADS source 52 to select a particular audio file from its repository.
  • the IADS source 52 is further coupled with the speaker/headphones 50, which is adapted, in use, to receive an audio file (selected by the registration controller 42) from the IADS source 52 and play the audio file to the prospective registrant.
  • Both the registration controller 42 and the identity verification controller 44 are coupled with a keyboard 54; both controllers 42, 44 being adapted, in use, to receive a one or more keystroke signals from the keyboard 54, substantially as the prospective registrant or user making an identity verification request of the biometric security system 40, types on the keyboard 54.
  • the keyboard 54 may be a standard computer keyboard or a specially adapted keyboard (e.g. dedicated for a particular task).
  • a user making an identity verification request of the biometric security system 40 will henceforth be known as an access requester; and thereby differentiated from a prospective registrant (making a registration entry) of the biometric security system 40.
  • Both the registration controller 42 and the identity verification controller 44 are also coupled to a data recordal module 56, which is adapted, in use, to receive the afore-mentioned keystroke signals (generated by the interaction of the prospective registrant or the access requester with the keyboard 54) from the controllers 42, 44 and the aforementioned selection control signals from the registration controller 42,
  • the data recordal module 56 is also coupled with a clock 58; and adapted, in use, to receive time-keeping signals from the clock 58.
  • the data recordal module 56 is further adapted to use the time-keeping signals to calculate the relative timings of the keystroke signals received from the controllers 42, 44; and thereby form a keystroke profile for the prospective registrant or the access requester.
  • the data recordal module 56 may also be coupled with a force measuring sensor (not shown) which is adapted, in use, to measure the force with which the prospective registrant and/or the access requester depresses individual keys on the keyboard 54, when typing a registration entry or identity verification request.
  • a force measuring sensor not shown
  • the data recordal module 56 may supplement the relative timings of the keystroke signals with the force measurements to form a more complete keystroke profile of a prospective registrant and/or an access requester.
  • the data recordal module 56 is also adapted to receive the aforementioned selection control signals (transmitted by the registration controller 42 to the IADS source 52) from the registration controller 42. Furthermore, the data recordal module 56 is also optionally coupled with one or more skin conductivity sensors 58 comprising a one or more electrodes 60. The electrodes 60 and/or skin conductivity sensors 58 are adapted, in use, to be attached to the skin of the prospective registrant and detect changes in the conductivity of the skin. In this case, the data recordal module 56 is adapted, in use, to receive conductivity measurement data from the or each conductivity sensor 58, and use the conductivity measurement data to confirm that the selection control signals ⁇ received from the registration controller 42) are correlated with an actual stress state in the prospective registrant.
  • the biometric security system 40 further comprises a keyboard metric calculator 60, which is adapted, in use, to receive a keystroke profile (comprising the calculated relative timings of keystroke signals) from the data recordal module 56, together with a flag indicating whether the keystroke profile is derived from a prospective registrant or an access requester (i.e. is derived from an identity verification request).
  • the keyboard metric calculator 60 is further adapted, in use, to receive selection control signals (and optionally, conductivity measurement data) from the data recordal module 56.
  • the keyboard metric calculator 60 is coupled with a keystroke profile database 62 and an identity comparator 64 which is also coupled in a feedback loop with the keystroke profile database 62.
  • the keyboard metric calculator 60 is adapted, on receipt of a flag indicating that an associated keystroke profile is derived from a prospective registrant, to correlate the calculated relative keystroke timing components of the keystroke profile with the selection control signals (and optionally, conductivity measurement data); and store a record for the relevant prospective registrant in the keystroke profile database 62.
  • the keyboard metric calculator 60 is adapted on receipt of a flag indicating that an associated keystroke profile is derived from an access requester, to transmit the keystroke profile to the identity comparator 64.
  • the identity comparator 64 is adapted, in use, to interrogate the keystroke profile database 62 to ascertain whether the received keystroke profile bears any similarity to those stored in the keystroke profile database 62 (e.g. on the basis of a proximity measure formed in a hyperspace defined by the keystroke variables stored in the keystroke profile database 62).
  • the identity comparator 64 is adapted to activate an access controller 68, to refuse the access requester, access to a desired resource.
  • the keystroke profile database 62 is adapted to return to the identity comparator 64, details of the associated registered users.
  • the identity comparator 64 is optionally adapted to perform a further filtration step, on receipt of the details, to determine a single most closely matching keystroke profile and assign the access requester the identity of the relevant most closely matching registered user.
  • the identity comparator 64 is further coupled with a stress state determining module 66; and is adapted on receipt of the or each details of the most closely matching registered users, to transmit the details to the stress state determining module 66.
  • the stress state determining module 66 is coupled, in turn, to the keystroke profile database 62 and an access controller 68.
  • the stress state determining module 66 is adapted, on receipt of the details of the closest matching registered users, to interrogate the keystroke profile database 62, by comparing the keystroke profile of the access requester with those of the closest matching registered users; and using a similarity measure with the relevant data clouds, ascertain the stress state (i.e. high or normal stress state) of the access requester.
  • the stress state determining module 66 is adapted, on determining that the access requester was in a normal stress state when making the access request, to transmit a first flag to this effect to the access controller 68.
  • the access controller 68 is adapted, on receipt of the first flag, to grant the access requester access to the required resource.
  • the stress state determining module 66 is also adapted, on determining that the access requester was in a highly stressed state when making the access request, to transmit a corresponding second flag to the access controller 68.
  • the access controller 68 is optionally adapted, on receipt of the second flag, to activate a module (not shown) which is adapted, in use, to perform further investigations before transmitting the first flag to the access controller 68, to allow the access requester access to the required resource.
  • the access controller 68 is adapted, on receipt of the second flag, to issue a communication to the ID verification controller 44 to deny the access requester access to the required resource.
  • the keystroke profile database 62 is adapted, on failure to identify a close match between a received keystroke profile of an access requester and any of the keystroke profiles in the keystroke profile database 62, to return a third flag, to this effect, to the identity comparator 64.
  • the identity comparator 64 is adapted, on receipt of such a flag, to transmit a denial signal (not shown) to the identity verification controller 44.
  • the identity verification controller 44 is in turn adapted, on receipt of the denial signal, to issue a communication to this effect (e.g. through the display 48) to the access requester; and deny the access requester access to the required resource.
  • Example Implementation of the Biometric Security Method a statistical test is developed to determine whether there is a significant difference between the responses of different users. More particularly, 70 keyboard variables are determined from keyboard data acquired from five different users. The 70 keyboard variables comprise 36 hold times and 34 inter-key latency times.
  • the mean variance should usually be less than when the cases are randomly assigned to groups. How often the correct assignment to groups results in lower mean variance than random assignments to groups corresponds to a P value.
  • a given identity verification request be represented by the vector ⁇ 7 e 9T , wherein v is the number of keyboard metrics generated from the request.
  • L e 5K 1 " * be the registered user metrics of a given registered user (acquired during the offline processing phase of the biometric security method or from previously successful login attempts by the registered user), wherein u is the number of stored registered user records for that registered user.
  • the biometric security method selects 70 a candidate registered user.
  • this metric will be known henceforth as a test metric.
  • the values of the corresponding registered user metric I 1 e 9T are ranked 74 in ascending or descending order, to generate the ordered vector ⁇ ⁇ e ⁇ R" .
  • the maximal and minimal values of a given registered user metric define a range for that registered user metric.
  • the distance of the corresponding test metric from the centre of that range is described with respect to the rank of the closest valued registered user metric within the range.
  • Let u be odd-valued. Referring to the example depicted in Figure 9(a), u 5, and the central two elements ⁇ l3 and ⁇ , A of the ordered vector ⁇ , are each accorded weightings (o i
  • the two most proximal sandwiching elements ( ⁇ l2 and ⁇ lS ) [henceforth known as primary sandwiching elements] to the central elements are each accorded weightings (Oj 2 and ⁇ j, 5 ) of 1.5.
  • the most proximal sandwiching element Y n (henceforth known as the secondary sandwiching element) to the primary sandwiching elements is accorded a weighting (Oj 1 ) of 2.5.
  • a weighting is then determined 78 for the test metric from the weightings O v and O /J+
  • of the registered user metrics whose values bracket the test metric. More particularly, referring to the example depicted in Figure 10 let the registered user metric vector be given by /, [0.1, 0.4, 0.3, 0.6, 0.2]. Let /, be ranked in ascending order so that the ordered vector is given
  • Y 1 [y, ⁇ , Y, s , Y , 3 > Ya - Y 1A 1-
  • O, [2.5, 1.5, 0.5, 0.5, 1.5].
  • the weighting accorded to the test metric is the mean of the weighting values of the registered user metrics that bracket the test metric.
  • the weighting W 1 accorded to a is
  • TW total weighting
  • a threshold (Th) value is calculated 84 for
  • the identity verification request is accepted and the identity of the access requester verified 86 as that of the registered user if ⁇ w / s ⁇ Th .
  • a false reject rate was calculated by testing an access request of a registered user against 35 of the login records for that registered user.
  • the record used for the access request was the other (the 36 th ) record for that person.
  • the false accept rate is calculated by testing each of the thirty six stored login records (i.e. thirty six access requests in total) from the thirty five other users against a random selection of 35 of the stored login records for each of those users. Therefore, there are 1260 genuine login attempts and 42,840 imposter login attempts.
  • Figure 11 shows the result of using the improved discriminator. It can be seen that there are values of the sensitivity parameter that produce both a zero false accept rate and a zero false reject rate, although in each case a penalty is paid in terms of the other rate being at a high value.
  • each test metric is calculated using the Gaussian cumulative distribution function.
  • weighting is the proportion of samples for the registered user metric that would be expected to be more outlying than the value contained in the test metric based on the best estimate of the parameters of the Gaussian processes that hypothetically produced the data.
  • the product of these values was then taken for each variable in ⁇
  • the product of the mean weighting expected for the variable was calculated as ⁇ .5 v .
  • Figure 12 shows the results of the multivariate Gaussian matching algorithm.
  • the shape of the graph is very similar to that obtained with the ordinal discriminator, although there was no value of the sensitivity parameter which resulted in a false accept rate of zero.
  • a more important difference is that in the central part of the graph, where both the false accept and false reject rates are low, these rates are not as low as with the ordinal discriminator. This suggests that the Gaussian process is not an accurate model for how the timing data was produced.
  • the equal error rate represents the value of the sensitivity parameter at which the false accept rate is equal to the false reject rate. It provides a convenient way of comparing the performance of different algorithms using a single statistic.
  • Figure 13 compares the equal error rate with the improved discriminator, the multivariate Gaussian algorithm with no outlier corrections and two versions of the multivariate Gaussian algorithms in which outliers were respectively adjusted to be within three standard deviations and two standard deviations from the mean.
  • Figure 13 shows that the ordinal matcher results in a reduction in error of 56% as compared to the basic multivariate Gaussian matcher, and a reduction in error of 43% as compared to best version of the Gaussian matcher in which the data had been pre-processed by correcting outliers.
  • biometric security system and method has a vast range of potential applications to any environment in which it is necessary or desirable to control access to a resource and prevent un-authorised access thereto. More particularly, but not exclusively, the biometric security system and method may be used in automated teller machines, door entry systems, wireless devices (e.g. mobile phones, PDAs etc.). Similarly, the biometric security system and method may be used in validating credit card numbers and bank account numbers (i.e. when used online or entered using a touch-tone phone).

Abstract

A biometric security method comprising the steps of: generating a plurality of test keyboard metrics from a received identity verification request; comparing a typing pattern expressed in the test keyboard metrics with those expressed in a one or more stored keyboard metrics from a plurality of registered users; refusing access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of those expressed in the stored keyboard metrics; and, otherwise, determining a closest matching registered user whose typing pattern most closely matches that expressed in the test keyboard metrics; comparing the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; and allowing access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user.

Description

A BIOMETRlC SECURITY METHOD, SYSTEM AND COMPUTER PROGRAM
Technical field
The present invention relates to a biometric security method, system and computer program; and more particularly, a biometric identity verification and emotional stress state evaluation method, system and computer program.
Background
In today's increasingly digital world, automatic identity verification systems are finding growing application in a variety of areas, such as controlling access to secure facilities or authorising remote financial transactions. Indeed, the recent growth of web-based services such as online banking further emphasises the need for reliable automatic mechanisms of identity verification.
Traditional automatic identity verification systems rely on passwords or tokens. For simplicity, such passwords or tokens will henceforth be known as identity verification objects. However, an identity verification object may be easily forgotten (or lost) and/or stolen by a prospective impostor. Biometrics refers to a process for uniquely recognizing a person (or other biological entity) based upon one or more intrinsic physical or behavioral traits thereof. In effect, biometrics replaces the identity verification objects of traditional automatic identity verification systems with an identity verification attribute of a user. Thus, biometrics eliminates the above problem of lost or stolen identity verification objects, since an identity verification attribute is an inherent characteristic of a user, which requires no further, external actualisation. A number of physiological biometric identity verification techniques (including fingerprint pattern matching, facial, hand geometry and iris recognition) have been developed in recent years. These methods essentially rely on the unique characteristics of a relevant body part to identify a user. Thus, an imposter could create and use a counterfeit copy of the relevant body part, to fool these methods into permitting an unauthorised access to a controlled resource. However, it is generally more difficult for a person to completely and accurately mimic the behaviour of another. This feature has been used in a number of behavioural identity verification techniques which rely on measurable, identifying behaviours of registered users. More particularly, previous behavioural identity verification techniques include voice and gait recognition.
Previous studies (Gaines, R. Lisowski, W., Press, S. and Shapiro,
N. (1980), Authentication by keystroke timing: some preliminary results (Rand Report R-256-NSF). Santa Monica, CA: Rand Corporation) have shown that there is a consistent temporal sequence to latencies between successive keystrokes each time a person types a word. Furthermore, the pattern of latencies differs from one person to another. Thus, this feature has been used in typing pattern identity verification systems, which not only recognise a typed password, (and/or usemame), but also the intervals between characters in the typed password (and/or usemame), and the overall speeds (and patterns) with which the characters are typed
Physiological biometric identity verification techniques merely require the presentation, for verification, of a relevant body part of a user (wherein the said body part might be removed from an authorised user, by an impostor). However, a behavioural biometric identity verification method requires an interaction with a live person. Thus, an impostor would be required to present a live authorised user to a behavioural biometric identity verification system, to gain access to a controlled resource. However, prior art behavioural biometric identity verification methods provide no guidance as to whether an otherwise authorised user is requesting verification voluntarily or under duress.
Previous keystroke biometric systems have used a varity of algorithms to match timing data from login attempts to records of past timing data (eg. Neural networks, vector-space distance metrics, and multivariate Gaussian classifiers). These methods typically assume that keystroke timings follow a Gaussian distribution. However, this assumption is not always correct.
Summary of the Invention
According to a first aspect of the invention there is provided a biometric security method comprising the steps of: generating a plurality of test keyboard metrics from a received identity verification request; comparing a typing pattern expressed in the test keyboard metrics with those expressed in a one or more stored keyboard metrics from a plurality of registered users; refusing access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of those expressed in the stored keyboard metrics; and, otherwise, determining a closest matching registered user whose typing pattern most closely matches that expressed in the test keyboard metrics; comparing the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; and allowing access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user.
According to a second aspect of the invention there is provided a biometric security system comprising a keyboard metric calculator configured in use to generate a plurality of test keyboard metrics from a received identity verification request; an identity comparator configured in use to determine whether a typing pattern expressed in the test keyboard metrics substantially matches a typing pattern expressed in a one or more stored keyboard metrics from a plurality of registered users; and in the event the typing pattern expressed in the test keyboard metrics substantially matches a plurality of the typing patterns expressed in the stored keyboard metrics, establish a closest matching registered user whose typing patterns, most closely match that of the test keyboard metrics; a stress state comparator configured in use to compare the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; an access controller configured in use to refuse access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of the typing patterns expressed in the stored keyboard metrics; and in the event a match is found, to allow access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user. According to a third aspect of the invention there is provided a biometric security computer program, tangibly embodied on a computer readable medium, the computer program product including instructions for causing a computer to execute the biometric security method of the first aspect.
According to a fourth aspect of the invention there is provided an automated teller machine comprising the biometric security system of the second aspect.
According to a fifth aspect of the invention there is provided a door entry system comprising the biometric security system of the second aspect.
According to a sixth aspect of the invention there is provided a portable wireless device comprising the biometric security system of the second aspect.
In contrast with many biometric security systems which require the use of specialised hardware components (e.g. retinal scanner etc.), the biometric security system of the second aspect relies on identification through differential timings of keystrokes. Thus, the biometric security system of the second aspect does not require special hardware. Instead, the biometric security system of the second aspect merely requires a keyboard and a timing system.
The biometric security system of the second aspect examines the differential keystroke timings in a one or more passwords provided by the user. Thus, in further contrast with many prior art biometric security systems, which do not allow a biometric feature of interest to be readily changed, the biometric security method and system of the first and second aspects, allow for a password to be easily changed (e.g. in the event the user suspects that their typing pattern is being imitated by a would-be imposter).
According to a seventh aspect of the invention there is provided a discriminating method for a biometric security system, the discriminating method comprising the steps of:-
(a) selecting a plurality of metrics from an identity request received by the biometric security system, to generate a plurality of selected metrics;
(b) ordering a plurality of values of each metric corresponding to each selected metric to generate a plurality of ordered values, the values being obtained from a plurality of records of a registered user of the biometric security system;
(c) providing a weighting to substantially each of the ordered values according to its distance from a centre of the ordered values of each metric corresponding to a selected metric;
(d) determining a weighting for each selected metric according to the weighting provided to the or each ordered value whose value is closest to that of the selected metric;
(e) calculating a value of a total weighting for the received identity verification request from a sum of the weightings of the selected metrics therein;
(f) establishing a threshold value for determining whether the identity verification request was received from the registered user; and
(g) verifying that the identity verification request was received from a registered user in the event the total weighting of the identity verification request is at most substantially equal to the threshold, and otherwise repeating steps (b) to (g) for the rest of the registered users of the biometric security system. Preferably, the step of establishing a threshold value (Th) comprises the step of establishing the threshold value (Th) in accordance with the
expression , in the event the number of ordered records is
4 odd, wherein V is the number of selected metrics and U is the number of ordered values.
Preferably, the step of establishing a threshold value (Th) comprises the step of establishing the threshold value (Th) in accordance with the
Th = V.U.(U + 2) expression in the event the number of ordered records is
4(f/+l) even, wherein V is the number of selected metrics and U is the number of ordered values.
Preferably, the step of verifying that the identity verification request was received from a registered user of the biometric security system comprises the steps of:-
- selecting a value of a sensitivity variable (S) for tuning the discriminating method; and
- verifying that the identity verification request was received from a registered user in the event the total weighting of the identity verification request divided by the sensitivity factor is less than or equal to the threshold value.
Desirably, the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase substantially monotonically in accordance with distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric. Desirably, the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase linearly in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
Preferably, the step of providing a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase in a non-linear fashion in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
According to an eighth aspect of the invention there is provided a biometric security system comprising means adapted to perform the discriminating method of the seventh aspect.
According to a ninth aspect of the invention there is provided a biometric security computer program, tangibly embodied on a computer readable medium, the computer program product including instructions for causing a computer to execute the discriminating method of the seventh aspect.
According to a tenth aspect of the invention there is provided an automated teller machine comprising the biometric security system of the eighth aspect.
According to an eleventh aspect there is provided a door entry system comprising the biometric security system of the eighth aspect
According to a twelfth aspect there is provided a portable wireless device comprising the biometric security system of the eighth aspect. A biometric security system implementing the discriminating method examines the differential keystroke timings in a one or more passwords provided by the user. Thus, in further contrast with many prior art biometric security systems, which do not allow a biometric feature of interest to be readily changed, the biometric security method and system, allow for a password to be easily changed (e.g. in the event the user suspects that their typing pattern is being imitated by a would-be imposter). The discriminating method comprises a novel matching algorithm that provides a reduction in error of 56.25% compared to a straightforward multivariate Gaussian matching algorithm, or 42.86% reduction in error compared to the same Gaussian matching algorithm with an initial data pre-processing step in which outliers more than three standard deviations from the mean were moved to exactly three standard deviations from the mean.
More particularly, by treating timing data as ordinal rather than interval or ratio level data, the discriminating method achieves a large improvement in matching accuracy. This improvement is achieved because the discriminating method does not assume that the process by which timing data is created is Gaussian. Some of the improvements also arises because outliers can no longer have a big effect on the overall degree of match.
Brief Description of the Drawings An embodiment of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Figure 1 (a) is a flowchart of an offline processing phase of a preferred embodiment of the biometric security method;
Figure 1(b) is a flowchart of an online processing phase of a preferred embodiment of the biometric security method; Figure 2 is a diagram of an example of a three-dimensional distribution of signatures acquired from a plurality of registered users of the biometric security system;
Figure 3 is a block diagram of a preferred embodiment of the biometric security system;
Figure 4 is a graph showing a comparison of a length of time (calculated using the method of Figures 1(a) and 1(b)) between the release and depression of successive keys from two persons typing a same fixed length textual element; Figure 5 is a graph showing a comparison of a length of time
(calculated using the method of Figures 1(a) and 1(b)) a given key is held down by two persons typing a same fixed length textual element;
Figure 6 is a graph showing a comparison of a length of time (calculated using the method of Figures 1 (a) and 1 (b)) between the release and depression of successive keys of a person in a normal and highly stressed condition;
Figure 7 is a graph showing a comparison of a length of time (calculated using the method of Figures 1 (a) and 1 (b)) a given key is held down by a person in a normal and highly stressed condition; Figure 8 is a flowchart of an ordinal matching algorithm used in the online processing phase of the biometric security method of Figure 1(b);
Figure 9 (a) is a block diagram of an example of an ordered vector in the ordinal matching algorithm of Figure 8, wherein dimension of an ordered vector is odd valued; Figure 9 (b) is a block diagram of an example of an ordered vector in the ordinal matching algorithm of Figure 8, whenever a dimension of an ordered vector is even-valued;
Figure 10 is a block diagram of an example of a weighting calculation process employed in the ordinal matching algorithm of Figure 8; Figure 11 is a graph of results obtained from the ordinal matching algorithm of Figure 8 in a pilot study of 36 persons;
Figure 12 is a graph of the results of a multivariate Gaussian matching algorithm on data from the pilot study of Figure 11 ;and Figure 13 is a table of the equal error rates of the ordinal matching algorithm of Figure 11, the multivariate Gaussian matching algorithm of Figure 12, and a multivariate Gaussian matching algorithm in which outliers are respectively adjusted to be within two and three standard deviations from the mean.
Detailed Description of the Invention
Overview
Previous studies have shown that a sad mood induces a more monotonous and slower speech pattern compared to a happy mood
(Barrett, J., and Paus, T. (2002). Experimental Brain Research, 146{A)t 531-537). Previous studies have also shown that emotional stress or anxiety can affect the execution of a simple motor task resulting in a more varied application of force (Noteboom, J. T., Fleshner, M., and Enoka, R. M. (2001 ). Journal of Applied Physiology, 91(2), 821-83)] or timing
(Coombes, S. A., Janelle, C. M., and Duley, A. R. (2005). Journal of Motor Behaviour, 37(6), 425-436).
These observations are employed and advanced to develop a new and innovative biometric security mechanism which not only verifies the identity of a would-be user (to determine, for example, whether the user is authorised to gain access to a controlled resource), but also provides an indication of the stress level of the user at that time. An indication that the user is unusually highly stressed, could provide a warning that the user is acting under duress or is aware that he/she is doing something unwise or illicit. This warning could activate an additional security protocol to further investigate the circumstances of the user's identity verification request, before granting access to the user.
Accordingly, the following discussion will provide a detailed description of two embodiments of the biometric security method. This will be followed with a description of the architecture of an embodiment of the biometric security system. The discussion will end with a brief description of an example of an implementation of the biometric security method.
2. Description of the Biometric Security Method
The biometric security method is broadly divided into an offline processing phase and an online processing phase. During the offline processing phase, a user is registered with the biometric security system; and relevant identifying and emotional state indicator metrics are determined for the user, from an analysis of one or more typing patterns thereof, when exposed to conditions selected to induce a normal (and optionally a high) stress level. During the online processing phase, the biometric security method uses the above-mentioned metrics to process a password (and/or username) provided by the user; and thereby verify the identity and assess the stress level (at that time) of the user.
2.1. Detailed Description of the Offline Processing Phase of the Biometric Security method Referring to Figure 1 (a), in a first step of the offline processing phase, the biometric security method registers a user with the biometric security system, by acquiring keyboard-related data from the user. More particularly, the method requires 10 the user to type (on a keyboard) a one or more times, a one or more fixed length textual elements, at least one of which will comprise a password (and/or the username) of the user. For simplicity, the textual element(s) typed by the user will henceforth be known as a registration entry. It will be understood that at least some of the textual element(s) may be displayed to the user on an associated computer screen; and the user required to copy-type same. Alternatively or additionally, at least some of the textual element(s) may be played to the user through an audio component of the biometric security system; wherein the user is required to transcribe the audio output.
The biometric security method comprises the step of recording 12 the or each corresponding keystroke received from the user, when typing the registration entry. The biometric security method may also comprise the step of measuring the force with which the user depresses the or each key on the keyboard when typing the registration entry. For simplicity, the recorded raw temporal, force and keystroke data from the registration entry wilf henceforth be known as primary keyboard entry data.
The biometric security method comprises the step of manipulating 14 an emotional state of the user before and/or while the user is typing. More particularly, in a first embodiment a normal stress state is induced in the user; and in a second embodiment, a normal and a higher stress state are induced. To this end, the biometric security method comprises the step of exposing the user (before and/or while they are performing the typing tasks) to a number of sounds selected from an International Affective Digitized Sound (IADS, [Bradley, M. M., and Lang, P. J. (1999). International Affective Digitized Sounds (IADS): Stimuli, Instruction Manual and Affective Ratings (Tech. Rep. No. B-2). Gainesville, FL: The Center for Research in Psychophysiology, University of Florida]) system. More particularly, a normal stress state is induced by exposing the user to a one or more so-called neutral (or non-arousing) everyday sounds (e.g. the sound made by a toothbrush, an electric fan or paper being crumpled); and a higher stress state is induced by exposing the user to a one or more sounds rated as being both extremely arousing and extremely unpleasant (e.g. an argument, baby crying, bee-buzzing or sirens).
It will be appreciated that the biometric security method is not restricted to using sound to induce a normal or higher stress state in a user. In particular, the skilled person will understand that the biometric security method may use other mechanisms of inducing different stress states (e.g. variable lighting conditions <e.g. strobe frequencies>, temperature, galvanic stress etc.) It will be further understood that even when using sound to induce different stress states, the biometric security method is not limited to selecting sounds from the IADS system. Instead, the skilled person will understood that sounds from other sources may be alternatively or additionally be used.
The biometric security method may also comprise the step of acquiring confirmatory data (as to whether a higher stress state is actually induced in the user on exposure to inter alia a highly unpleasant or arousing sound), by measuring a galvanic skin response (GSR) of the user while the user is typing. To this end, the method comprises the step of attaching a one or more electrodes to the skin of the user, to measure the conductivity thereof. Electrical skin conductance is dependent on the activity of sweat glands which (since they are innervated by the autonomic nervous system) is often used as an indicator of sympathetic activity related to emotional processing of stimuli. In particular, the user's skin's conductivity should increase in the event the user becomes stressed. It will be appreciated that the biometric security method is not limited to using GSR for confirmation of the induction of a higher stress state. On the contrary, the biometric security method may detect the induction of a particular stress state from other physiological variables, such as, altered pulse rate, blood pressure, pupil dilation, body temperature and respiration rate etc.
The biometric security method comprises a further step of processing the received primary keyboard entry data to calculate 16 a plurality of keystroke metrics therefrom. The calculated keyboard metrics include: inter-key latency times (i.e. the length of time between releasing one key and pressing the next, which could be negatively valued in the event of an overlap between the depression of successive keys); hold times (i.e. the length of time a key is held down); and typing error measurements.
It will be appreciated that the biometric security method is not limited to these keyboard metrics. In particular, other metrics may also be used to characterise the primary keyboard entry data.
The biometric security method uses the calculated keyboard metrics to construct (18) a plurality of identifying signatures for the user, wherein at least some of the identifying signatures are associated (optionally through the previously acquired confirmatory data) to a one or more particular stress levels of the user. For visualisation purposes, the signatures could be represented by, for example, simple graphs or multidimensional modalities (e.g., Neumann, P., Tat, A., Zuk, T., and Carpendale, S. (2007). Keystrokes: Personalizing typed text with visualization. In Museth, K., Moller, T., and Ynnerman, A. (Eds.), Proceedings of Eurographics/IEEE-VGTV Symposium on Visualization (43-50), May 23-25, 2007, Norrkόping, Sweden). The biometric security method stores (20) the identifying signatures constructed for each user registered with the biometric security system. These identifying signatures are used during the subsequent online processing phase of the biometric security method to determine whether a would-be user of the biometric security system is actually registered therewith.
Take for example, the situation depicted in Figure 2, wherein three users (User^ User2 and Users) are registered with the biometric security system. The plurality of identifying signatures of a given registered user forms a data cloud within the hyperspace defined by the above-mentioned keystroke metrics. The volume of a given data cloud is at least partially a manifestation of the different stress states of the user associated therewith. In the present example, the hyperspace is shown as a three- dimensional space, wherein, for example, the ei, e2 and e3 dimensions respectively represent an "a" to "e" inter-key latency time; a "h" key holding time; and a "t" key holding time.
It will be appreciated that the situation depicted in Figure 2, is provided for example purposes only and should be interpreted accordingly. In particular, neither Figure 2 nor the accompanying textual description thereof, should be in any way construed as limiting the biometric security system and/or biometric security method to the depicted and described number of registered users and/or number of hyperspace dimensions embraced by the biometric security method and biometric security system. On the contrary, the biometric security method is capable of accommodating any number of registered users and of calculating any number of different keystroke metrics from the typing patterns of a given registered user.
2.2. Detailed Description of the Online Processing Phase of the Biometric security method
Referring to Figure 1 (b), during the online processing phase, the biometric security method comprises the step of receiving 24 an identity verification request from a user. The identity verification request comprises a one or more fixed length textual elements typed by the user in response to a prompt from the biometric security system. On receipt of the identity verification request, the biometric security method analyses the request and generates 26 therefrom a plurality of keyboard metrics corresponding with those generated during the offline processing phase. For simplicity, the keyboard metrics generated during the offline processing phase and the online processing phase will be known henceforth, as registered user metrics and test metrics respectively.
The biometric security method then uses a matching algorithm (e.g. statistical vector comparison method {e.g. k nearest neighbour algorithm) an ordinal discriminator, Bayesian classifier or artificial neural network) to compare 28 the test metrics with the registered user metrics and generate a similarity measure therewith. From the similarity measure the biometric security method determines 30 whether the typing patterns expressed in the identity verification request correspond with any of those of the registered users of the biometric security system.
Returning to the example depicted in Figure 2, the data cloud for
User3 is well separated from that of Useri and User2. However, the data cloud of Useη partially overlaps with that of User2. A test metric TMή is disposed proximally to the User3 data cloud. Thus, it can be surmised that the User3 (and not Usen or User2) made the identity verification request from which the test metric TMi was generated. Similarly, test metrics TM2 and TM3 are respectively disposed proximally to the non-overlapping regions of the Useri and User2 data clouds. Thus, it can be surmised that Useri and User2 respectively made the identity verification requests from which the test metrics TM2 and TM3 were generated. However, the test metric TM4 is disposed proximally to the overlapping regions of the Usen and User2 data clouds. Thus, it may be necessary to provide a probabilistic measure of the extent to which the identity verification request was made by either Useri or User2. In contrast, the test metric TM5 is disposed distally from any of the registered user data clouds. Thus, it is very likely that the identity verification request was not made by a registered user of the biometric security system.
Returning to Figure 1(b), in the event there is no close match between the test metrics and any of the registered user metrics, the biometric security method refuses 31 access to a controlled resource.
However, in the event there is a close match between the test metrics and at least one of the registered user metrics, the biometric security method determines 32 the most closely matching registered user. Thereafter, the biometric security method uses the test metrics to determine 34 the likely stress state of the registered user on making the identity verification request. In particular, in the first embodiment, the biometric security method compares 34 the test keyboard metrics with a one or more stored keyboard metrics associated with a normal stress state of the user. Any significant deviation between the typing patterns expressed in the test keyboard metrics and those in the stored keyboard metrics is an indication that the corresponding identity verification request (from which the test keyboard metrics were derived) was created under stress or duress.
In the second embodiment, the biometric security method compares 34 the test keyboard metrics with a one or more stored keyboard metrics associated with a high stress state and a normal stress state of the closest matching registered user. From these comparisons, the biometric security method determines 34 whether the typing pattern expressed in the test keyboard metrics more closely matches that associated with a high or normal stress state of the closest matching registered user. For example, referring to Figure 2, let User3 have a high valued "t" key holding time, when typing in a highly stressed state. In other words, User3 had a highly- valued e3 test metric when highly stressed. Since the TMi test metric is disposed proximal to the highly-valued β3 periphery of the User3 data cloud, it is likely that User3 was highly stressed when making the relevant identity verification request. It will be realised that this is a very simple example and that a realistic representation of a highly-stressed state is likely to be considerably more complex and manifested in multiply correlated test metrics.
Returning to Figure 1(b), in the event the biometric security method determines 34 that the registered user was in a normal stress state on making the identity verification request, the biometric security method grants 36 the registered user access to the resource controlled thereby. However, should the biometric security method determine 34 that the registered user was in a highly stressed state on making the identity verification request, the biometric security method initiates 38 further investigations of the circumstances of the identity verification request.
3. Description of the Architecture of the Biometric security system
Referring to Figure 3, the biometric security system 40 comprises a registration controller 42 and an identity verification controller 44, the said controllers being adapted, in use, to respectively control and execute the offline user registration and online identity verification phases of the biometric security method. With this in mind, the registration controller 42 is coupled with a text generator module 46, which is adapted, in use, to receive an activation signal from the registration controller 42, to cause the text generator module 46 to select a one or more textual elements to be typed by a prospective registrant with the biometric security system 40. To this end, the text generator module 46 is also coupled with a display 48 and/or a speaker/headphones 50, which are adapted, in use, to respectively display or play a visual or an audio representation of a textual element to be typed by the prospective registrant.
Similarly, the registration controller 42 is also coupled with an IADS source 52 comprising a repository of audio files of sounds selected and rated in accordance with the IADS protocol. More particularly, the registration controller 42 is adapted, in use, to select (in a preferably counter-balanced order) audio files from the IADS source 52; the said audio files being selected with the aim of inducing high and normal stress states in the prospective registrant. To this end, the registration controller 42 is adapted, in use, to transmit a selection control signal to the IADS source 52, to cause the IADS source 52 to select a particular audio file from its repository. The IADS source 52 is further coupled with the speaker/headphones 50, which is adapted, in use, to receive an audio file (selected by the registration controller 42) from the IADS source 52 and play the audio file to the prospective registrant.
Both the registration controller 42 and the identity verification controller 44 are coupled with a keyboard 54; both controllers 42, 44 being adapted, in use, to receive a one or more keystroke signals from the keyboard 54, substantially as the prospective registrant or user making an identity verification request of the biometric security system 40, types on the keyboard 54. The keyboard 54 may be a standard computer keyboard or a specially adapted keyboard (e.g. dedicated for a particular task). As an aside, for simplicity and brevity, a user making an identity verification request of the biometric security system 40 will henceforth be known as an access requester; and thereby differentiated from a prospective registrant (making a registration entry) of the biometric security system 40. Both the registration controller 42 and the identity verification controller 44 are also coupled to a data recordal module 56, which is adapted, in use, to receive the afore-mentioned keystroke signals (generated by the interaction of the prospective registrant or the access requester with the keyboard 54) from the controllers 42, 44 and the aforementioned selection control signals from the registration controller 42, The data recordal module 56 is also coupled with a clock 58; and adapted, in use, to receive time-keeping signals from the clock 58. The data recordal module 56 is further adapted to use the time-keeping signals to calculate the relative timings of the keystroke signals received from the controllers 42, 44; and thereby form a keystroke profile for the prospective registrant or the access requester.
The data recordal module 56 may also be coupled with a force measuring sensor (not shown) which is adapted, in use, to measure the force with which the prospective registrant and/or the access requester depresses individual keys on the keyboard 54, when typing a registration entry or identity verification request. In this case, the data recordal module 56 may supplement the relative timings of the keystroke signals with the force measurements to form a more complete keystroke profile of a prospective registrant and/or an access requester.
The data recordal module 56 is also adapted to receive the aforementioned selection control signals (transmitted by the registration controller 42 to the IADS source 52) from the registration controller 42. Furthermore, the data recordal module 56 is also optionally coupled with one or more skin conductivity sensors 58 comprising a one or more electrodes 60. The electrodes 60 and/or skin conductivity sensors 58 are adapted, in use, to be attached to the skin of the prospective registrant and detect changes in the conductivity of the skin. In this case, the data recordal module 56 is adapted, in use, to receive conductivity measurement data from the or each conductivity sensor 58, and use the conductivity measurement data to confirm that the selection control signals {received from the registration controller 42) are correlated with an actual stress state in the prospective registrant.
The biometric security system 40 further comprises a keyboard metric calculator 60, which is adapted, in use, to receive a keystroke profile (comprising the calculated relative timings of keystroke signals) from the data recordal module 56, together with a flag indicating whether the keystroke profile is derived from a prospective registrant or an access requester (i.e. is derived from an identity verification request). Similarly, the keyboard metric calculator 60 is further adapted, in use, to receive selection control signals (and optionally, conductivity measurement data) from the data recordal module 56.
The keyboard metric calculator 60 is coupled with a keystroke profile database 62 and an identity comparator 64 which is also coupled in a feedback loop with the keystroke profile database 62. The keyboard metric calculator 60 is adapted, on receipt of a flag indicating that an associated keystroke profile is derived from a prospective registrant, to correlate the calculated relative keystroke timing components of the keystroke profile with the selection control signals (and optionally, conductivity measurement data); and store a record for the relevant prospective registrant in the keystroke profile database 62.
Similarly, the keyboard metric calculator 60 is adapted on receipt of a flag indicating that an associated keystroke profile is derived from an access requester, to transmit the keystroke profile to the identity comparator 64. The identity comparator 64 is adapted, in use, to interrogate the keystroke profile database 62 to ascertain whether the received keystroke profile bears any similarity to those stored in the keystroke profile database 62 (e.g. on the basis of a proximity measure formed in a hyperspace defined by the keystroke variables stored in the keystroke profile database 62).
In the event a close match cannot be found, the identity comparator 64 is adapted to activate an access controller 68, to refuse the access requester, access to a desired resource. However, in the event of the identification of a one or more close matches; the keystroke profile database 62 is adapted to return to the identity comparator 64, details of the associated registered users.
The identity comparator 64 is optionally adapted to perform a further filtration step, on receipt of the details, to determine a single most closely matching keystroke profile and assign the access requester the identity of the relevant most closely matching registered user. Similarly, the identity comparator 64 is further coupled with a stress state determining module 66; and is adapted on receipt of the or each details of the most closely matching registered users, to transmit the details to the stress state determining module 66. The stress state determining module 66 is coupled, in turn, to the keystroke profile database 62 and an access controller 68. More particularly, the stress state determining module 66 is adapted, on receipt of the details of the closest matching registered users, to interrogate the keystroke profile database 62, by comparing the keystroke profile of the access requester with those of the closest matching registered users; and using a similarity measure with the relevant data clouds, ascertain the stress state (i.e. high or normal stress state) of the access requester. The stress state determining module 66 is adapted, on determining that the access requester was in a normal stress state when making the access request, to transmit a first flag to this effect to the access controller 68. The access controller 68 is adapted, on receipt of the first flag, to grant the access requester access to the required resource. However, the stress state determining module 66 is also adapted, on determining that the access requester was in a highly stressed state when making the access request, to transmit a corresponding second flag to the access controller 68. The access controller 68 is optionally adapted, on receipt of the second flag, to activate a module (not shown) which is adapted, in use, to perform further investigations before transmitting the first flag to the access controller 68, to allow the access requester access to the required resource. Alternatively, the access controller 68 is adapted, on receipt of the second flag, to issue a communication to the ID verification controller 44 to deny the access requester access to the required resource.
Contrastingly, the keystroke profile database 62 is adapted, on failure to identify a close match between a received keystroke profile of an access requester and any of the keystroke profiles in the keystroke profile database 62, to return a third flag, to this effect, to the identity comparator 64. The identity comparator 64 is adapted, on receipt of such a flag, to transmit a denial signal (not shown) to the identity verification controller 44. The identity verification controller 44 is in turn adapted, on receipt of the denial signal, to issue a communication to this effect (e.g. through the display 48) to the access requester; and deny the access requester access to the required resource.
4. Example Implementation of the Biometric Security Method In the present example, a statistical test is developed to determine whether there is a significant difference between the responses of different users. More particularly, 70 keyboard variables are determined from keyboard data acquired from five different users. The 70 keyboard variables comprise 36 hold times and 34 inter-key latency times.
Take the responses of two persons, divide the responses into two groups; and calculate the mean of the variances in each group. In the event each group corresponds to the responses of a single person, the mean variance should usually be less than when the cases are randomly assigned to groups. How often the correct assignment to groups results in lower mean variance than random assignments to groups corresponds to a P value.
In the present example, pairwise comparisons were made between all 35 people in the pilot study. In all cases P < 0.001. Thus, we can be very confident that all these people have distinct keystroke signatures. This was true for holds and latencies together; latencies only; and holds only. Indeed, referring to Figure 4 considerable and relatively stable differences can be seen between the inter-key latency times of the first and second users. Similarly, referring to Figure 5, it can be seen that the variance of the hold times of a first user significantly differ from those of the second user.
Considering the determination of the stress state condition of the users, the data from the present example showed a significant difference between neutral and stressed conditions (true for holds and latencies together, holds only and latencies only). In particular, holds and latencies: P < 0.002; holds only: P < 0.003; and latencies only P < 0.002. More particularly, referring to Figures 6 and 7, it can be seen that the timings of key presses, and of how long each key is held down, are significantly altered in the presence of stress, and thus indicate that keystrokes dynamics could be used to identify anomalous on-line behaviour.
5. Improved Discrimination for the Biometric Security System and Method
Let a given identity verification request be represented by the vector α7 e 9T , wherein v is the number of keyboard metrics generated from the request. Similarly, let L e 5K1"* be the registered user metrics of a given registered user (acquired during the offline processing phase of the biometric security method or from previously successful login attempts by the registered user), wherein u is the number of stored registered user records for that registered user.
Referring to Figure 8, on receipt of an identity verification request, the biometric security method selects 70 a candidate registered user. A metric a, (i = 1 to v) is then selected 72 from the identity verification request. For simplicity, this metric will be known henceforth as a test metric. Thereafter, the values of the corresponding registered user metric I1 e 9T (from the stored registered user records) are ranked 74 in ascending or descending order, to generate the ordered vector γ} e <R" . Central element(s) in the ordered vector γ, are determined and weightings accorded 76 to individual elements (^, , J = I to u) in the ordered vector depending on their ranked position relative to the central elements. More particularly, the maximal and minimal values of a given registered user metric define a range for that registered user metric. The distance of the corresponding test metric from the centre of that range is described with respect to the rank of the closest valued registered user metric within the range. Let u be odd-valued. Referring to the example depicted in Figure 9(a), u=5, and the central two elements γl3 and γ,A of the ordered vector γ, are each accorded weightings (oi|3 and 01,4) of 0.5. Similarly, the two most proximal sandwiching elements (γl2 and γlS ) [henceforth known as primary sandwiching elements] to the central elements are each accorded weightings (Oj2 and θj,5) of 1.5. Furthermore, the most proximal sandwiching element Yn (henceforth known as the secondary sandwiching element) to the primary sandwiching elements is accorded a weighting (Oj 1) of 2.5. Generalising from the specifics of the present example, it can be seen how the process continues to the peripheries of the ordered vector γr .
Similarly, let u be even valued. Referring to the example depicted in Figure 9(b), u=4 and the central element γl2 of the ordered vector is accorded a weighting (oi>2) of 0. Similarly, the primary and secondary sandwiching elements {γΛ , γtl \ and/,4 ) are respectively accorded weightings
(θi,i, θj,3 and 01,4) of 1.0, 1.0 and 2.0. As before, generalising from the specifics of the present example, it can be seen how the process continues to the peripheries of the ordered vector^, . The skilled person will understand that the above weightings and ordered vectors are provided for example purposes only. More particularly, the skilled person will understand that the present embodiment can embrace different numbers of registered users and different weighting values and profiles.
A weighting is then determined 78 for the test metric from the weightings Ov and O/J+| of the registered user metrics whose values bracket the test metric. More particularly, referring to the example depicted in Figure 10 let the registered user metric vector be given by /, = [0.1, 0.4, 0.3, 0.6, 0.2]. Let /, be ranked in ascending order so that the ordered vector is given
by Y1 = [y,\ , Y,s , Y ,3 > Ya - Y1A 1- Let the ordered vector be accorded weightings O, = [2.5, 1.5, 0.5, 0.5, 1.5]. Further, let the test metric a, have a value of 0.25, so that it is effectively bracketed by registered user metrics I15 = 0.2 and /,3 = 0.3, which in turn, have weighting values of O12 = 1.5 and O13= 0.5 respectively. The weighting accorded to the test metric is the mean of the weighting values of the registered user metrics that bracket the test metric. Continuing with the present example, the weighting W1 accorded to a, is
The above process is repeated 80 for all of the test metrics and a total weighting (TW) value for the identity verification request is calculated 82
according to TW = ∑Wi . A threshold (Th) value is calculated 84 for
accepting the identity verification request as follows;- v(w + l) (a) if u is odd- valued, Th =
4
(b) if u is even-valued, Th =
The identity verification request is accepted and the identity of the access requester verified 86 as that of the registered user if τw/s ≤ Th .
To test the improved discriminator a study was performed in which thirty six login records were stored of thirty five registered users of the biometric security system. A false reject rate was calculated by testing an access request of a registered user against 35 of the login records for that registered user. The record used for the access request was the other (the 36th) record for that person. Furthermore, the false accept rate is calculated by testing each of the thirty six stored login records (i.e. thirty six access requests in total) from the thirty five other users against a random selection of 35 of the stored login records for each of those users. Therefore, there are 1260 genuine login attempts and 42,840 imposter login attempts.
Figure 11 shows the result of using the improved discriminator. It can be seen that there are values of the sensitivity parameter that produce both a zero false accept rate and a zero false reject rate, although in each case a penalty is paid in terms of the other rate being at a high value.
To provide a comparative assessment of the performance of the improved discriminator the above experiment was repeated with a . multivariate Gaussian matching algorithm. As before, a weighting is calculated for each test metric based on the registered user metrics.
However, in this case the weighting of each test metric is calculated using the Gaussian cumulative distribution function. In this case, weighting is the proportion of samples for the registered user metric that would be expected to be more outlying than the value contained in the test metric based on the best estimate of the parameters of the Gaussian processes that hypothetically produced the data. The product of these values was then taken for each variable in §Λ The product of the mean weighting expected for the variable was calculated asθ.5v . Figure 12 shows the results of the multivariate Gaussian matching algorithm. In this case the shape of the graph is very similar to that obtained with the ordinal discriminator, although there was no value of the sensitivity parameter which resulted in a false accept rate of zero. A more important difference is that in the central part of the graph, where both the false accept and false reject rates are low, these rates are not as low as with the ordinal discriminator. This suggests that the Gaussian process is not an accurate model for how the timing data was produced.
The equal error rate represents the value of the sensitivity parameter at which the false accept rate is equal to the false reject rate. It provides a convenient way of comparing the performance of different algorithms using a single statistic. Figure 13 compares the equal error rate with the improved discriminator, the multivariate Gaussian algorithm with no outlier corrections and two versions of the multivariate Gaussian algorithms in which outliers were respectively adjusted to be within three standard deviations and two standard deviations from the mean. Figure 13 shows that the ordinal matcher results in a reduction in error of 56% as compared to the basic multivariate Gaussian matcher, and a reduction in error of 43% as compared to best version of the Gaussian matcher in which the data had been pre-processed by correcting outliers.
6. Applications of the Biometric Security System and Method
It will be understood that the above-described biometric security system and method has a vast range of potential applications to any environment in which it is necessary or desirable to control access to a resource and prevent un-authorised access thereto. More particularly, but not exclusively, the biometric security system and method may be used in automated teller machines, door entry systems, wireless devices (e.g. mobile phones, PDAs etc.). Similarly, the biometric security system and method may be used in validating credit card numbers and bank account numbers (i.e. when used online or entered using a touch-tone phone).
Alterations and modifications may be made to the above without departing from the scope of the invention.

Claims

Claims
1. A biometric security method comprising the steps of: generating (26) a plurality of test keyboard metrics from a received identity verification request; comparing (28) a typing pattern expressed in the test keyboard metrics with those expressed in a one or more stored keyboard metrics from a plurality of registered users; refusing (31) access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of those expressed in the stored keyboard metrics; and, otherwise, determining a closest matching registered user whose typing pattern most closely matches that expressed in the test keyboard metrics; comparing (34) the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; and allowing (36) access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user.
2. The biometric security method as claimed in Claim 1 wherein the step of generating (26) a plurality of test keyboard metrics from a received identity verification request comprises the step of calculating at least one metric selected from the set comprising an inter-key latency time, a hold time and a typing error measurement.
3. The biometric security method as claimed in Claim 1 or Claim 2 wherein the step of comparing (28) a typing pattern expressed in the test keyboard metrics with those expressed in a one or more stored keyboard metrics, comprises the step of using a matching algorithm to generate a similarity measure between the test keyboard metrics and the stored keyboard metrics.
4. The biometric security method as claimed in any one of the preceding Claims wherein the step of comparing (34) the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user comprises the step of comparing (34) the test keyboard metrics with a one or more stressed keyboard metrics associated with a more highly stressed state of the closest matching registered user.
5. The biometric security method as claimed in any one of the preceding Claims wherein the method comprises the step of initiating (38) an investigation into the received identity verification request, in the event the typing pattern expressed in the test keyboard metrics most closely matches that associated with the more highly stressed state of the closest matching registered user.
6. The biometric security method as claimed in any one of the preceding Claims wherein the method comprises a plurality of preceding steps which precede the step of generating (26) a plurality of test keyboard metrics, and the preceding steps comprise: requiring (10) a prospective registered user to type a one or more textual elements; manipulating (14) an emotional state of the prospective registered user while the prospective registered user is typing; recording (12) a one or more keystrokes of the prospective registered user; calculating a plurality of test keyboard metrics from the recorded keystrokes; and storing the test keyboard metrics.
7. The biometric security method as claimed in Claim 6 wherein the step of recording (12) the or each keystroke of the prospective registered user comprises a step of measuring a force with which the prospective registered user depresses a one or more keys of a keyboard when typing the or each textual element.
8. The biometric security method as claimed in Claim 6 or Claim 7, wherein the step of manipulating (14) the emotional state of the prospective registered user comprises the step of manipulating (14) the emotional state of the prospective registered user before the prospective registered user starts typing.
9. The biometric security method as claimed in any one of Claims 6 to 8, wherein the step of manipulating (14) the emotional state of the prospective registered user comprises the step of inducing a normal stress state in the prospective registered user.
10. The biometric security method as claimed in Claim 9, wherein the step of manipulating (14) an emotional state of the prospective registered user comprises the step of inducing a more highly stressed state in the prospective registered user.
11. The biometric security method as claimed in any one of Claims 6 to 10, wherein the step of manipulating (14) an emotional state of the prospective registered user comprises the step of exposing the prospective registered user to a plurality of stimulating sounds.
12. The biometric security method as claimed in any one of Claims 6 to 10, wherein the step of manipulating (14) an emotional state of the prospective registered user comprises the step of exposing the prospective registered user to a plurality of non-arousing sounds.
13. The biometric security method as claimed in Claim 11 or Claim 12 wherein the step of exposing the prospective registered user to a plurality of stimulating sounds or non-arousing sounds comprises the step of exposing the prospective registered user to a plurality of sounds selected from an International Affective Digitized Sound (IADS) system.
14. The biometric security method as claimed in any one of Claims 7 to 13, wherein the step of recording (12) the or each keystroke of the prospective registered user comprises the step of measuring a galvanic skin response of a prospective registered user.
15. The biometric security method as claimed in any one of Claims 6 to 16, wherein the step of calculating a plurality of test keyboard metrics, comprises the step of calculating at least one metric selected from the set comprising an inter-key latency time, a hold time and a typing error measurement.
16. A biometric security system (40) comprising a keyboard metric calculator (56, 60) configured in use to generate a plurality of test keyboard metrics from a received identity verification request; an identity comparator (64) configured in use to determine whether a typing pattern expressed in the test keyboard metrics substantially matches a typing pattern expressed in a one or more stored keyboard metrics from a plurality of registered users; and in the event the typing pattern expressed in the test keyboard metrics substantially matches a plurality of the typing patterns expressed in the stored keyboard metrics, establish a closest matching registered user whose typing patterns, most closely match that of the test keyboard metrics; a stress state comparator (66) configured in use to compare the test keyboard metrics with a one or more stored keyboard metrics associated with a normally stressed state of the closest matching registered user; an access controller (68) configured in use to refuse access to a controlled resource in the event the typing pattern expressed in the test keyboard metrics does not substantially match any of the typing patterns expressed in the stored keyboard metrics; and in the event a match is found, to allow access to the controlled resource in the event the typing pattern expressed in the test keyboard metrics substantially matches that associated with a normally stressed state of the closest matching registered user.
17. A discriminating method for a biometric security system, the discriminating method comprising the steps of:-
(a) selecting (72, 80) a plurality of metrics from an identity verification request received by the biometric security system to generate a plurality of selected metrics;
(b) ordering (74) a plurality of values of each metric corresponding to each selected metric, to generate a plurality of ordered values the values being obtained from a plurality of records of a registered user of the biometric security system; (c) providing (76) a weighting to substantially each of the ordered values according to its distance from a centre of the ordered values of each metric corresponding to a selected metric;
(d) determining (78) a weighting for each selected metric according to the weighting provided to the or each ordered values whose value is closest to that of the selected metric;
(e) calculating (82) a value of a total weighting for the received identity verification request from a sum of the weightings of the selected metrics therein; (f) establishing (84) a threshold value for determining whether the identity verification request was received from the registered user; and
(g) verifying (86) that the identity verification request was received from a registered user in the event that the total weighting of the identity verification request is at most substantially equal to the threshold, and otherwise repeating steps (b) to (g) for the rest of the registered users of the biometric security system.
18. The discriminating method as claimed in Claim 17 wherein the step of establishing (84) a threshold value comprises the step of establishing
the threshold value (777) in accordance with the expression Th = — ,
In the event the number of ordered records is odd, wherein 'V is the number of selected metrics and 'u1 is the number of ordered values.
19. The discriminating method as claimed in Claim 17 or Claim 18, wherein the step of establishing (84) a threshold value comprises the step of establishing the threshold value (Th) in accordance with the expression
7T7 _ »(» + J jn tne event the number of ordered records is even, 4(w + l) wherein V is the number of selected metrics and 'u' is the number of ordered values.
20. The discriminating method as claimed in any one of Claims 17 to 19 wherein the step of verifying (86) that the identity verification request was received from a registered user of the biometric security system comprises the steps of: selecting a value of a sensitivity variable(s) for tuning the discriminating method; and - verifying (86) that the identity verification request was received from a registered user in the event the total weighting of the identity verification request divided by the sensitivity factor is less than or equal to the threshold value.
21. The discriminating method as claimed in any one of Claims 17 to 20 wherein the step of providing (76) a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase substantially monotonically in accordance with distance of an ordered value from the centre of each of the ordered values of each metric corresponding to the selected metric:
22. The discriminating method as claimed in Claim 21 wherein the step of providing (76) a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase linearly in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
23. The discriminating method as claimed in Claim 21 wherein the step of providing (76) a weighting to substantially each of the ordered values comprises the step of providing weightings whose values increase in a non- linear fashion in accordance with the distance of an ordered value from the centre of the ordered values of each metric corresponding to the selected metric.
24. A biometric security system (40) comprising means adapted to perform the discriminating method of any one of Claims 17 to 23.
25. A biometric security computer program, tangibly embodied on a computer readable medium, the computer program product including instructions for causing a computer to execute the biometric security method as claimed in any one of Claims 1 to 15, or the discriminating method of any one of Claims 17 to 23.
26. An automated teller machine comprising the biometric security system as claimed in Claim 16 or Claim 24.
27. A door entry system comprising the biometric security system as claimed in Claim 16 or Claim 24.
28. A portable wireless device comprising the biometric security system as claimed in Claim 16 or Claim 24.
EP10722395A 2009-05-27 2010-05-13 A biometric security method, system and computer program Withdrawn EP2435944A2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GB0909110A GB2470579A (en) 2009-05-27 2009-05-27 A behavioural biometric security system using keystroke metrics
GB0917761A GB0917761D0 (en) 2009-10-12 2009-10-12 A discriminator for a biometric security method, system and computer program
PCT/GB2010/050785 WO2010136786A2 (en) 2009-05-27 2010-05-13 A biometric security method, system and computer program

Publications (1)

Publication Number Publication Date
EP2435944A2 true EP2435944A2 (en) 2012-04-04

Family

ID=43223160

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10722395A Withdrawn EP2435944A2 (en) 2009-05-27 2010-05-13 A biometric security method, system and computer program

Country Status (2)

Country Link
EP (1) EP2435944A2 (en)
WO (1) WO2010136786A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102012214697A1 (en) 2012-08-01 2014-02-06 Soma Analytics Ug (Haftungsbeschränkt) Device, method and application for determining a current load level
KR20180044948A (en) * 2015-08-27 2018-05-03 쉬이 뤄 How to set the keyboard layout by iris and game system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4621334A (en) * 1983-08-26 1986-11-04 Electronic Signature Lock Corporation Personal identification apparatus
US4805222A (en) * 1985-12-23 1989-02-14 International Bioaccess Systems Corporation Method and apparatus for verifying an individual's identity
US6062474A (en) * 1997-10-02 2000-05-16 Kroll; Mark William ATM signature security system
US6442692B1 (en) * 1998-07-21 2002-08-27 Arkady G. Zilberman Security method and apparatus employing authentication by keystroke dynamics
US7249263B2 (en) * 2003-07-25 2007-07-24 International Business Machines Corporation Method and system for user authentication and identification using behavioral and emotional association consistency
US20090240949A9 (en) * 2004-04-23 2009-09-24 Kitchens Fred L Identity authentication based on keystroke latencies using a genetic adaptive neural network
IL165586A0 (en) * 2004-12-06 2006-01-15 Daphna Palti Wasserman Multivariate dynamic biometrics system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2010136786A2 *

Also Published As

Publication number Publication date
WO2010136786A2 (en) 2010-12-02
WO2010136786A3 (en) 2011-04-14

Similar Documents

Publication Publication Date Title
GB2470579A (en) A behavioural biometric security system using keystroke metrics
JP7365373B2 (en) Method and system for providing a brain-computer interface
US10061911B2 (en) Local user authentication with neuro and neuro-mechanical fingerprints
US9853976B2 (en) Data encryption/decryption using neurological fingerprints
Monrose et al. Keystroke dynamics as a biometric for authentication
US11617546B2 (en) Monitoring for health changes of a user based on neuro and neuro-mechanical motion
Gamboa et al. A behavioral biometric system based on human-computer interaction
Karnan et al. Biometric personal authentication using keystroke dynamics: A review
Zhong et al. A survey on keystroke dynamics biometrics: approaches, advances, and evaluations
Kobojek et al. Application of recurrent neural networks for user verification based on keystroke dynamics
US20130343616A1 (en) Biometrics based methods and systems for user authentication
Dahia et al. Continuous authentication using biometrics: An advanced review
US11494474B2 (en) Brain activity-based authentication
Zhu et al. Blinkey: A two-factor user authentication method for virtual reality devices
US20240086513A1 (en) Adjusting biometric detection thresholds based on recorded behavior
Panasiuk et al. A multimodal biometric user identification system based on keystroke dynamics and mouse movements
Casanova et al. User recognition based on periocular biometrics and touch dynamics
Cherifi et al. Performance evaluation of behavioral biometric systems
Li et al. Enhanced free-text keystroke continuous authentication based on dynamics of wrist motion
Haque et al. Authentication through keystrokes: What you type and how you type
US20070233667A1 (en) Method and apparatus for sample categorization
Banirostam et al. Functional control of users by biometric behavior features in cloud computing
EP2435944A2 (en) A biometric security method, system and computer program
Enamamu Bioelectrical user authentication
Alipio Development, evaluation, and analysis of biometric-based bank vault user authentication system through brainwaves

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20111116

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20151127