JP2021131746A - Authentication system, authentication program and authentication method - Google Patents

Abstract

To provide a highly-accurate authentication system.SOLUTION: An authentication system for performing authentication using user's movements, comprises a computation device for executing prescribed computation processing, a memory to which the computation device is accessible, and an input section for obtaining the user's movements, the authentication system including: a feature extraction section for, from the user's movements obtained by the input section, extracting touch stroke information including information at least for a starting point and an end point of a movement; a selector for, based on the extracted information for the starting point and the end point, splitting a direction of the movement into at least two predetermined directions; and a classifier which is provided by corresponding to the at least two directions, learns movements of a first operator and movements of other operators, and identifies whether the user relating to the movement is the first operator.SELECTED DRAWING: Figure 1

Description

The present invention relates to an authentication system, and more particularly to a personal authentication technique using strokes on an operation screen.

In recent years, the number of users using smartphones has increased explosively. According to the Ministry of Internal Affairs and Communications' Survey on Communication Usage Trends, the household ownership rate of smartphones in Japan in 2018 was 79.2%, which is 5.2 points higher than the household ownership rate of personal computers of 74.0% in the same year. doing. In addition, according to a survey report on personal Internet terminals, the usage rate of smartphones is 59.5%, which exceeds the usage rate of personal computers of 48.2%, and the current situation is that daily main devices are shifting from personal computers to smartphones. You can see.

While the use of smartphones is increasing due to their versatility and convenience, the number of situations where important information such as personal information and biological information of smartphone owners is handled on smartphones is increasing. For the purpose of protecting such personal information, smartphones are equipped with authentication functions such as "passcode", "fingerprint authentication", and "authentication by flick operation" as standard.

For example, in Patent Document 1 (Japanese Unexamined Patent Publication No. 2017-78937), a flick request screen requesting a flick operation is displayed on the touch screen when the lock applied to the smartphone is released, and the flick request screen is displayed on the flick request screen. , When the arrow displayed in the center is flicked, a feature amount representing the characteristics of the operator related to this flick operation is extracted, and the operator has a legitimate right to operate the smartphone using this feature amount as an authentication key. A smartphone that authenticates whether or not it is the right holder is listed.

Further, Non-Patent Document 1 describes a smartphone authentication technique using a touch stroke, in which a touch pressure directly acquired from a device having a built-in touch pressure sensor is used as an authentication feature.

JP-A-2017-78937

M. Kudo and H. Yamana, "Active Authentication on Smartphone using Touch Pressure," Proc. Of the 31st ACM Symposium on User Interface Software and Technology, UIST'18, pp.96-98, 2018

However, the authentication function based on personal memory and biometric information (fingerprint, vein pattern, etc.) may be broken by a third party by eavesdropping or synthesizing biometric information. In addition, personal information may be leaked due to the loss or theft of smartphones, and improving the security of smartphones is still an ongoing issue. Therefore, "passive authentication" that constantly monitors that the smartphone user is the legitimate owner (person) of the smartphone is important.

An object of the present invention is to provide a high-precision authentication system using a touch stroke, which is a main operation of a smartphone.

A typical example of the invention disclosed in the present application is as follows. That is, it is an authentication system that authenticates using the user's operation, and includes an arithmetic device that executes a predetermined arithmetic process, a memory that the arithmetic device can access, and an input unit that acquires the user's operation. A feature extraction unit that extracts touch stroke information including at least information on the start point and end point of the movement from the user's movement acquired by the input unit, and at least the direction of movement based on the extracted information on the start point and end point. A selector that divides into two predetermined directions and a selector that is provided corresponding to the at least two directions, learns the operation of the first operator and the operation of another operator, and the user who engages in the operation is the first. It is characterized by having a classifier for identifying whether or not the operator is an operator.

According to the present invention, the authentication accuracy of the authentication system can be improved.

It is a logical block diagram which shows the structure of the authentication system of Example 1. FIG. It is a block diagram which shows the hardware configuration of the terminal which performs the authentication of Example 1. FIG. It is a figure which shows the voting model in the authentication of Example 1. FIG. It is a figure which shows the example of the feature amount extracted from the stroke data of Example 1. It is a flowchart of the training process of Example 1. It is a flowchart of the authentication process of Example 1. It is a flowchart of the identity determination process by the classifier of Example 1. It is a flowchart of the majority vote processing of Example 1. It is a flowchart of the final voting process of Example 1. It is a block diagram which shows the structure of the authentication system of Example 2. It is a block diagram which shows the structure of the authentication system of Example 3. FIG.

<Example 1>
As an embodiment of the present invention, passive authentication in a smartphone will be described.

While smartphones are required to improve security, a balance between security and operability is indispensable because smartphones are used on a daily basis. As a method of achieving both security and operability, an authentication method that combines "active authentication" and "passive authentication" is attracting attention. Active authentication authenticates the person himself / herself by using a passcode set by the user and a feature amount of the living body. Passive authentication does not require special operations such as inputting characters or presenting a living body for authentication, and authenticates using normal user operations. An example of passive authentication is risk-based authentication. In risk-based authentication, authentication is performed based on the degree of agreement with normal user behavior patterns based on information such as past log data and IP addresses, and additional authentication is performed based on the risk of fraud. Risk-based authentication is also widely adopted in various smartphone applications, and there are applications that prompt "secret questions" when fraud is suspected. However, when a smartphone is simply operated to illegally refer to personal information, it is not always possible to capture it by conventional risk-based authentication.

Therefore, the present application realizes more general-purpose and highly accurate passive authentication by using the features of the basic operation itself such as flicking based on the touch stroke commonly used in smartphones.

From this point of view, in the authentication system of this embodiment, authentication is performed in the following three stages.
1. 1. Standard active authentication such as biometrics and passcodes 2. Passive authentication using user-operated strokes 3.2 Additional active authentication with standard authentication if fraud is suspected in the second stage

Hereinafter, in this embodiment, the second-stage passive authentication will be described, and the first-stage and third-stage authentication will use the authentication function that is standardly installed in a smartphone or the like.

Further, in the second stage passive authentication, the imitation resistance is improved, and a robust authentication system is realized when one's own touch stroke is imitated by a third party. This makes it possible to deal with peeping and unauthorized use by a third party.

Further, the authentication technique of the present invention relates to a method of authenticating an individual, and can be applied to the above-mentioned passive authentication. In particular, when the application is operated, the operator recognizes that the operator is not the person himself / herself, and the application (for example, a bank) , Securities and other financial applications) are suitable as a technology to stop the operation. The authentication technique of the present invention can also be applied to active authentication, for example, authentication for unlocking when an application is started, and authentication when starting a terminal from a locked state.

Further, it can be applied not only to the authentication in the smartphone described in the first embodiment but also to the device such as an automated teller machine (ATM), a personal computer, a tablet terminal, a digital signage device, etc., which requires authentication at the time of use and during use.

Hereinafter, an example of passive authentication performed on a smartphone will be described with respect to the authentication method of the present invention.

FIG. 1 is a logical block diagram showing the configuration of the authentication system of the first embodiment.

In the passive authentication of this embodiment, the classifier 182 learned by using the training stroke data 151 prepared in advance is generated. For the generation of the classifier 182, for example, the algorithm of AROW, which is an online learner, can be used. For AROW's algorithm, see "Adaptive Regularization of Weight Vectors," Proc. Of 23th Adv. Neural Inf. Process. Syst. 22, pp.414-422, 2009 by K. Crammer, A. Kulesza, and M. Dredze. Since it is detailed in the above, the description in this specification is omitted. The training data includes data of the "person" who is a legitimate user and "fake" data other than the person, and the "fake" includes stroke data operated by another person and the movement of the person by another person. It is advisable to include imitated stroke data. The stroke data of others added to the training data set may be pre-collected data or pseudo data. As in the second embodiment described later, the stroke data of another person may be acquired from the computer 30 that collects the stroke data from the plurality of terminals 10.

In this embodiment, in the generation of the classifier 182, the feature extraction unit 190 extracts the feature amount of the stroke data from the training stroke data 151, and generates the data of the “stroke direction” (direction) based on the classification standard. In the training unit 19, the direction selector 191 divides the training stroke data 151 according to this “stroke direction”, and a plurality of classifiers 182 are generated for each stroke direction. As the classification standard of the stroke direction, for example, it is preferable to divide into two, an upward direction in the range of ± 90 degrees from directly above and a downward direction in the range of ± 90 degrees from directly below. Further, it may be divided into two, a left direction in the range of ± 90 degrees from the horizontal left of the screen and a right direction in the range of ± 90 degrees from the horizontal right. Further, it may be divided into a predetermined angle range (for example, a range of six directions every 60 degrees) with reference to directly above.

The stroke angle is calculated by the following formula using trigonometric functions (see FIG. 4).
angleEE = tan (｜ stopY --startY ｜ ／ ｜ stopX --startX ｜)

Since the movement of the operator's finger differs depending on the direction, the false rejection rate (FRR), which is the probability of falsely rejecting the correct person by generating the classifier 182 for each stroke direction, and the person who is not the person are not. The false acceptance rate (FAR), which is the probability of falsely accepting (fake), can be reduced, and the false error rate (EER) can be reduced.

By such learning, a neural network is formed in the classifier 182 by inputting the feature amount of the stroke data and outputting the probability of being the person himself / herself.

After the classifier 182 is generated, the touch stroke during screen operation of the terminal 10 is monitored, and continuous authentication is performed for each stroke. In the authentication system of this embodiment, the feature extraction unit 180 extracts the feature amount of the stroke data from the authentication stroke data 152, and generates the "stroke direction" data based on the same classification criteria as the training unit 19. In the authentication unit 18, the direction selector 181 distributes the stroke data in the stroke direction to one of a plurality of classifiers 182 generated for each stroke direction and outputs the output, and one of the classifiers 182 that receives the output is the person himself / herself. Is determined. For example, a classifier trained in advance with the data of the stroke direction of "up" is applied to the stroke data of which the stroke direction is "up". The division in the stroke direction is the same as when the classifier 182 is generated. Further, the final authentication result is output by three judgments of the judgment by the classifier 182, the voting by the majority voting model 183, and the voting by the final voting model 184.

If the result of the final voting by the final voting model 184 is suspected to be used by someone other than the owner, the process shifts to the third "additional active authentication by standard authentication" and classification is performed using the third authentication result. Update vessel 182. At this time, in order to immediately reflect the update result of the classifier 182 in the authentication result, all strokes in the stroke buffer are re-determined after the update of the classifier 182.

FIG. 2 is a block diagram showing a hardware configuration of the terminal 10 on which the authentication of the first embodiment is executed.

The terminal 10 is a communication terminal such as a smartphone or tablet terminal having a processor (CPU) 11, a memory 12, a storage device 13, an input / output unit 14, and a communication unit 15.

The processor 11 is an arithmetic unit that executes a program (arithmetic processing) stored in the memory 12. When the processor 11 executes various programs, various functions of the terminal 10 are realized. A part of the processing performed by the processor 11 by executing the program may be executed by another arithmetic unit (for example, an arithmetic unit by hardware such as FPGA or ASIC).

In the processor 11, the operating system (OS) 16, the application program 17, the authentication unit 18, and the training unit 19 operate. These functions are realized by a program executed by the processor 11. The operating system 16 provides the basic functions of the terminal 10, such as file input / output. The application program 17 provides the user with specific functions such as a web browser and e-mail. Although not shown, the functions of the feature extraction unit 180 and the feature extraction unit 190 are similarly provided to perform necessary preprocessing. The authentication unit 18 acquires the stroke data input to the input / output unit 14, and performs the above-mentioned first-stage active authentication, third-stage active authentication, and passive authentication using the second-stage stroke data. The training unit 19 trains the classifier 182 for passive authentication by the authentication unit 18. The authentication unit 18 and the training unit 19 may be incorporated in the application program 17, but may be provided separately from the application program 17 or may be incorporated in the operating system 16.

The memory 12 includes a ROM which is a non-volatile storage element and a RAM which is a volatile storage element. The ROM stores an invariant program (for example, BIOS) and the like. The RAM is a high-speed and volatile storage element such as a DRAM (Dynamic Random Access Memory), and temporarily stores a program executed by the processor 11 and data used when the program is executed.

The storage device 13 is a large-capacity, non-volatile storage device such as a flash memory (SSD) or a magnetic storage device (HDD). Further, the storage device 13 stores data used by the processor 11 when executing the program and a program executed by the processor 11. That is, the program is read from the storage device 13, loaded into the memory 12, and executed by the processor 11 to realize the function of the terminal 10.

The input / output unit 14 is an interface composed of an input device such as a touch panel and an output device such as a liquid crystal display panel. The input device is a device that receives input from the user, and in this embodiment, stroke data due to the movement of the user's finger or hand is acquired. The acquired stroke data is represented by time series data of the coordinates of the operation surface. The input device may be a camera mounted on the terminal 10. For example, the movement of the user in front of the digital signage terminal, which is the terminal 10, may be photographed by a camera to acquire stroke data indicating the movement of a part of the hand or body. The output device is a display device, and outputs the execution result of the program in a format that can be visually recognized by the user.

The communication unit 15 is a network interface device that controls communication with other devices according to a predetermined protocol.

The program executed by the processor 11 is provided to the terminal 10 via a network or removable media (CD-ROM, flash memory, etc.), and is stored in the non-volatile storage device 13 which is a non-temporary storage medium. Therefore, the terminal 10 may have an interface for reading data from removable media.

FIG. 3 is a diagram showing a voting model in the authentication of the first embodiment.

As shown in FIG. 3, the voting model in the passive authentication of this embodiment determines the final authentication result by three judgments of the classification device 182, the majority voting model 183, and the final voting model 184. Output.

The classifier 182 calculates the probability that the stroke data belongs to the person himself / herself using the input vector generated by the feature extraction unit 180 from the stroke data generated by the user's operation, and sets the calculated probability at a predetermined threshold value. The judgment is made, and the binary judgment result of whether the person is the person or the fake is output. The input vector generated from the stroke data is a multidimensional vector whose elements are the features extracted from the stroke data, and is extracted from the stroke data. The features that are the elements of the input vector are illustrated in FIG. 4, but the following can be used, for example.
XY coordinates at the start of the stroke startX, startY
XY coordinates at the end of the stroke stopX, stopY
XY coordinates (x20, y20) (x50, y50) (x80, y80) at 20%, 50% and 80% of the stroke
Pressure at the start of the stroke startPressure
Pressure at the end of the stroke stopPressure
Pressure midPressure at the midpoint of the stroke
Maximum pressure during stroke maxPressure
Average Pressure during stroke averagePressure
Average velocity during stroke (pixels / sec) averageVelocity
Stroke speed (pixels / second) at 20%, 50%, and 80% of the stroke vel20, vel50, vel80
Stroke time (seconds) strokeDuration
Stroke interval time (seconds) interStrokeTime
Euclidean distance (pixels) lengthEE between the start and end points of the stroke
The angle (degrees) between the start and end points of the stroke angleEE
Stroke locus length (pixels) lengthTrj
Ratio of lengthEE and lengthTrj ratioTrj2EE = lengthTrj / lengthEE
Stroke direction (upward / downward binary) direction

The majority voting model 183 has a window 185 having an odd size, which is the number of determination results that can be included, and uses the determination result of the classifier 182 included in the window 185 to determine whether the person is a person or a fake. For example, in the window 185c shown in FIG. 3, three are the identity determination and two are the fake determination, and since the identity determination is the majority, the identity is determined by a majority vote. On the other hand, in the window 185d, two are the identity determination, three are the fake determination, and the fake determination is the majority, so it is determined to be a fake by the majority vote. The size of the window 185 may be 5 as shown in FIG. 3, but may be any other number as long as it is an odd number. The criterion for voting by the majority voting model 183 is not a majority, but a predetermined number (4 out of 5 or the like) may be used.

Since the judgment result input to the majority voting model 183 includes a time-series judgment result using strokes in a plurality of directions, the judgment by the majority voting model 183 is delayed even if the stroke operation in a specific direction continues. However, high versatility can be achieved. For example, the determination timing is not delayed even in applications having different tendencies such as continuous downward scrolling operations and operations that evenly transition the screen in the vertical direction.

In the majority voting model 183, every time a majority vote is made, the window 185 shifts to the judgment result based on the time after one, that is, the stroke after one, and the next majority vote is performed. That is, after the majority vote of window 185a, the oldest determination result of the classifier 182 is deleted from the window 185, and the next determination result of the classifier 182 is added to the window 185 to become the window 185b. As a result, when the determination is made in the windows 185b and 185c, three are the identity determination and two are the fake determination, and since the identity determination is the majority, the identity is maintained by the majority vote. After that, in the window 185d, two are the identity determination and three are the fake determination, and since the fake determination is the majority, it is determined to be a fake by the majority vote, and the determination result changes.

The final voting model 184 has a window 186 having an odd size, which is the number of voting results that can be included, and uses the voting results of the majority voting model 183 included in the window 186 to determine whether the person is a person or a fake. And output the final authentication result. For example, in the window 186a shown in FIG. 3, three are the identity determination, two are the fake determination, and the identity determination is the majority, so that the identity is determined by the final vote. The size of the window 186 may be 5 as shown in FIG. 3, but may be any other number as long as it is an odd number. The size of the window 186 of the final voting model 184 may be the same as, but may be different from, the size of the window 186 of the majority voting model 183.

In the final voting model 184, each time a final vote is made, the window 186 shifts to the voting result using the time after one, that is, the stroke after one, and the next final vote is performed. After the final vote of window 186a, the oldest voting result by the majority voting model 183 is deleted from window 186, and the next voting result by the majority voting model 183 is added to window 186 to become window 186b. As a result, when the determination is made in the window 186b, two are the identity determination and three are the fake determination, and since the fake determination is the majority, it is determined to be a fake in the final vote. After that, in window 186c, one is determined to be a person, four are determined to be fake, and in windows 186d to 186e, all are determined to be fake. Therefore, in any case, it is determined to be a fake in the final vote. The criterion for voting by the final voting model 184 is not a majority, but a predetermined number (4 out of 5 or the like) may be used.

In this embodiment, the person or the fake is determined by two votes of the majority voting model 183 and the final voting model 184, but the voting is not performed by the final voting model 184 and one vote by the majority voting model 183. You may decide whether you are the person or the fake.

The classifier 182, the majority voting model 183, and the final voting model 184 operate separately, and the judgment by the classifier 182, the voting in the majority voting model 183, and the voting in the final voting model 184 are executed at their respective timings. The judgment result by the classifier 182 and the voting result in the majority voting model 183 are stored in a buffer and used for the next judgment.

FIG. 5 is a flowchart of the training process of the first embodiment.

When the training process is started, the training unit 19 determines whether the classifier 182 is generated (100). If the classifier 182 has already been generated, it is not necessary to newly generate the classifier 182, so that the training process is terminated without executing the subsequent processing. On the other hand, if the classifier 182 is not generated, the process of newly generating the classifier 182 is started.

During training, a plurality of stroke data are acquired in chronological order and temporarily stored in the stroke buffer. The training unit 19 acquires one stroke data provided as training stroke data 151 from the stroke buffer (101), stores the acquired stroke data in the training data set (102), and elements of the training data set. It is determined whether the number is equal to or greater than a predetermined number (103). The threshold value for the number of training data may be determined for each direction described later. Further, assuming that the threshold value for each direction is the same, the training stroke data 151 for each direction may be the same amount.

If the number of elements in the training data set is smaller than the predetermined number, the process returns to step 101, further stroke data is acquired, and the number of training stroke data 151 is increased. On the other hand, if the number of elements in the training data set is a predetermined number or more, the stroke data for training is sufficiently collected, and the classifier 182 is generated for each stroke direction using the training data set (104). .. Specifically, the stroke data of another person is added to the training data set, the feature extraction unit 190 extracts the feature amount of the stroke data from the training stroke data 151 included in the training data set, and the direction selector 191 is for training. The stroke data included in the data set is divided into predetermined directions, training data for each direction is generated, and a classifier 182 for each direction is generated.

Next, the authentication process of the first embodiment will be described with reference to FIGS. 6 to 9.

After the generation of the classifier 182, passive authentication at the terminal 10 becomes available.

FIG. 6 is an overall flowchart of the authentication process of the first embodiment. When the authentication process is started, the authentication unit 18 requests the first-stage authentication by standard authentication such as biometric authentication (fingerprint authentication, face authentication, etc.), passcode authentication, etc., and determines whether or not the person is the person (110). When the person is determined to be the person by the standard authentication, the application program 17 is allowed to start, and the passive authentication process (second stage authentication) during the start of the application program 17 is started.

In the passive authentication process, the authentication unit 18 executes the identity determination process (111) by the classifier 182, the majority voting process (112) in the majority voting model 183, and the final voting process (113) in the final voting model 184. Details of each process will be described later with reference to FIGS. 7 to 9.

After the final voting process (113), the authentication unit 18 determines whether the result of the final voting is the person (114). When the result of the final vote is the person himself / herself, the authentication unit 18 deletes the stroke data stored at the head of the stroke buffer (120) and determines whether the application program 17 is operating (121). If the application program 17 is operating, the process returns to step 111, and the authentication process is continued. On the other hand, if the application program 17 is not in operation, this authentication process ends.

If the result of the final vote in step 114 is not the person himself / herself, the authentication unit 18 requests additional authentication (third stage authentication) by standard authentication such as biometric authentication (fingerprint authentication, face authentication, etc.) and passcode authentication. , Determine if he / she is the person (115).

When it is determined that the person is not the person by the additional authentication (NO in step 116), the authentication unit 18 stops the operation of the application program 17 because it is highly possible that the current operator of the terminal 10 is not the person, and this authentication is performed. End the process.

On the other hand, when it is determined that the person is the person by the additional authentication (YES in step 116), the authentication unit 18 relearns the classifier 182 with all the stroke data in the stroke buffer as the person's data (117). Then, the re-learned classifier 182 re-determines all the stroke data of the stroke buffer, performs a majority vote and a final vote using the result of the re-judgment, and updates the result of the final vote (118). .. After that, the authentication unit 18 deletes the stroke data stored at the beginning of the stroke buffer (119). After that, the process returns to the identity determination process (111), and the passive authentication process is continuously performed.

FIG. 7 is a flowchart of the identity determination process (111) by the classifier 182 of the first embodiment. In the identity determination process, the authentication unit 18 acquires one of the latest stroke data to be used as the authentication stroke data 152 (130), and stores the acquired stroke data in the stroke buffer (131). The stroke data to be acquired may be limited to a specific operation on the screen (for example, when scrolling up and down).

After that, the feature extraction unit 180 extracts the feature amount of the stroke data from the authentication stroke data 152 stored in the stroke buffer. Then, the direction selector 181 extracts the stroke direction of the touch stroke, and inputs the feature amount of the stroke data to the classifier 182 corresponding to the stroke direction (132).

The classifier 182 corresponding to the stroke direction determines whether the stroke is the stroke of the person himself / herself using the feature amount of the stroke (133), and outputs the determination result (134).

FIG. 8 is a flowchart of the majority voting process (112) in the majority voting model 183 of the first embodiment. The majority voting model 183 stores the determination result of the classifier 182 at the end of the majority voting queue (140), and determines whether the number of determination results stored in the majority voting queue is equal to or larger than the size of the window 185 (141). .. As a result of the determination, if the number of the determination results stored in the majority decision queue is smaller than the size of the window 185, it is difficult to make an accurate determination by the majority vote. Therefore, the process returns to step 140, and the determination result of the classifier 181 is further acquired. On the other hand, if the number of determination results stored in the majority voting queue is equal to or greater than the size of window 185, the majority voting model 183 votes by majority voting based on the determination results included in the majority voting queue (142).

Next, the majority voting model 183 deletes the determination result of the classifier 182 stored at the head of the majority voting queue from the window 185, and adds the next determination result of the classifier 182 to the window 185 (143). That is, every time a majority vote is held, the window 185 shifts to the time after one (that is, the judgment result after one) and performs the next majority vote. After that, the majority voting model 183 outputs the result of the majority voting (144).

FIG. 9 is a flowchart of the final voting process (113) in the final voting model 184 of the first embodiment. The final voting model 184 stores the voting results of the majority vote at the end of the final voting queue (150) and determines whether the number of voting results stored in the final voting queue is greater than or equal to the size of window 186. (151). As a result of the judgment, if the number of voting results stored in the final voting queue is smaller than the size of window 186, it is impossible to judge by the final vote, so return to step 150 and obtain the majority vote by the majority voting model 183. do. On the other hand, if the number of voting results stored in the final voting queue is greater than or equal to the size of window 186, the final voting model 184 votes the voting results included in the final voting queue by majority vote (152). ). For example, in the window 186a shown in FIG. 3, the identity determination is 3, the fake determination is 2, and the identity determination is the majority, so that the identity is determined by the final vote.

Next, the final voting model 184 deletes the voting result in the majority voting model 183 stored at the head of the final voting queue from the window 186, and adds the next voting result in the majority voting model 183 to the window 186. (153). That is, every time a final vote is held, the window 186 shifts to the next time (that is, the result of the majority vote after one) and performs the next final vote. After that, the final voting model 184 outputs the final voting result (154).

The size of the window 185 used in the majority voting model 183 and the final voting model 184 of this embodiment is preferably 13 or more.

In the majority voting model 183 and the final voting model 184 of this embodiment, an example in which the "majority" is used as the judgment threshold is shown, but depending on the identification rate for each individual stroke, the size of the buffer, etc. It may be configured to "identify the person when the number is more than the number". For example, when the window size is 13, the certainty of the identity determination can be improved by setting the voting determination threshold value to 8, which is more than the majority of 7.

As described above, according to the authentication system of the embodiment of the present invention, the authentication accuracy can be improved by providing the classifier 182 for each stroke direction and identifying each stroke direction. In addition, it is difficult to imitate the stroke of the person himself / herself, and it is possible to construct an authentication system that can cope with peeping and unauthorized use by a third party. Furthermore, it is possible to construct a robust authentication system that can detect touch strokes that imitate the operation of the person by a third party. Further, the accuracy can be further improved by determining whether or not the person is the person by a majority vote using the determination results for each of a predetermined number of consecutive strokes. Further, since this predetermined number is counted regardless of the direction, there is no delay in the determination regardless of the tendency in the application such as when the stroke operation in a specific direction continues, and high versatility can be realized. For example, it has versatility that the determination timing is not delayed even in applications having different tendencies such as continuous downward scrolling operations and operations that evenly transition the screen in the vertical direction. In addition, the accuracy can be further improved by adopting stroke data that imitates the stroke of the person himself / herself as the training data.

Further, according to the experiment conducted by the inventor of the present application, when the stroke direction is divided into two directions, upper and lower, the EER is improved from 0.54 to 0.03 in Experiment 1, and the EER is changed from 0.32 to 0 in Experiment 2. It improved to 00 (undetectable). The conditions for each experiment are as follows.
・ Experiment 1
Number of training data (person): 8000
Number of training data (others): 8000
Number of test data (person): 800
Number of test data (others): 800
・ Experiment 2
Number of training data (person): 8000
Number of training data (others): 4000 (operations by others) + 4000 (operations that imitate the person)
Number of test data (person): 800
Number of test data (others): 800

<Example 2>
Next, the authentication system of the second embodiment of the present invention will be described. In the authentication system of the second embodiment, the computer 30 collects the stroke data acquired by the terminal 10 and distributes it to the terminal 10 as fake data. In the second embodiment, the same configurations and functions as those in the first embodiment are designated by the same reference numerals, and the description thereof will be omitted.

FIG. 10 is a block diagram showing the configuration of the authentication system of the second embodiment.

The authentication system of the second embodiment is composed of a terminal 10 and a computer 30, and the terminal 10 and the computer 30 are connected by a network 50. The configuration of the terminal 10 is the same as that of the first embodiment described above, but a function of transmitting the collected stroke data to the computer 30 is added.

The computer 30 is a computer such as a server or a personal computer having a processor (CPU) 31, a memory 32, a storage device 33, an input / output unit 34, and a communication unit 35.

The processor 31 is an arithmetic unit that executes a program (arithmetic processing) stored in the memory 12. When the processor 31 executes various programs, various functions of the computer 30 are realized. A part of the processing performed by the processor 31 by executing the program may be executed by another arithmetic unit (for example, an arithmetic unit by hardware such as FPGA or ASIC).

In the processor 31, the operating system (OS) 36 and the data collection unit 40 operate. These functions are realized by a program executed by the processor 31. The operating system 36 provides basic functions of the computer 30 such as file input / output. The data collection unit 40 collects the stroke data input to the terminal 10 and generates fake data for training. The training fake data collected by the data collection unit 40 is provided to the terminal 10 and used to generate the classifier 182.

The memory 32 includes a ROM which is a non-volatile storage element and a RAM which is a volatile storage element. The ROM stores an invariant program (for example, BIOS) and the like. The RAM is a high-speed and volatile storage element such as a DRAM (Dynamic Random Access Memory), and temporarily stores a program executed by the processor 11 and data used when the program is executed.

The storage device 33 is, for example, a large-capacity and non-volatile storage device such as a magnetic storage device (HDD) or a flash memory (SSD). Further, the storage device 33 stores the data used by the processor 31 when executing the program and the program executed by the processor 31. That is, the program is read from the storage device 33, loaded into the memory 32, and executed by the processor 31 to realize the function of the computer 30.

The input / output unit 34 includes an input device such as a keyboard and a mouse that receives input from the user, and an output device such as a display device and a printer that outputs the execution result of the program in a format that can be visually recognized by the user. A terminal connected to the computer 30 via the network 50 may provide the input / output unit 34.

The communication unit 35 is a network interface device that controls communication with other devices according to a predetermined protocol.

The program executed by the processor 31 is provided to the computer 30 via a removable medium (CD-ROM, flash memory, etc.) or a network, and is stored in a non-volatile storage device 33 which is a non-temporary storage medium. Therefore, the computer 30 may have an interface for reading data from removable media.

The computer 30 is a computer system composed of a plurality of computers physically configured on one computer or logically or physically configured, and is a virtual computer constructed on a plurality of physical computer resources. It may work on.

The network 50 may be either a wired network or a wireless network, and may be composed of both a wired network and a wireless network.

In the authentication system of the second embodiment, since the computer 30 uses the stroke data collected from the plurality of terminals 10 as fake data for training, the false rejection rate and the false acceptance rate can be further reduced, and the equivalent error rate can be further reduced. ..

<Example 3>
Next, the authentication system according to the third embodiment of the present invention will be described. In the authentication system of the first embodiment, the terminal 10 operates independently, but in the authentication system of the third embodiment, the computer 30 executes the authentication process using the stroke data acquired by the terminal 10. In the third embodiment, the same configurations and functions as those in the first or second embodiment are designated by the same reference numerals, and the description thereof will be omitted.

FIG. 11 is a block diagram showing the configuration of the authentication system of the third embodiment.

The authentication system of the third embodiment is composed of a terminal 10 and a computer 30, and the terminal 10 and the computer 30 are connected by a network 50.

The terminal 10 is a communication terminal such as a smartphone or tablet terminal having a processor (CPU) 11, a memory 12, a storage device 13, an input / output unit 14, and a communication unit 15. The functions of the processor 11, the memory 12, the storage device 13, the input / output unit 14, and the communication unit 15 are the same as those in the first embodiment described above.

In the processor 11, the operating system (OS) 16, the application program 17, and the stroke acquisition unit 20 operate. These functions are realized by a program executed by the processor 11. The stroke acquisition unit 20 acquires the stroke data input to the input / output unit 14 and transmits it to the computer 30. The stroke data transmitted to the computer 30 may be the stroke data as it is input to the input / output unit 14, or the feature amount data extracted from the stroke data. By transmitting the feature amount data extracted from the stroke data to the computer 30, the amount of data transmitted from the terminal 10 to the computer 30 can be reduced, and the authentication response can be speeded up. The stroke acquisition unit 20 may be built in the application program 17, but may be provided separately from the application program 17 or may be built in the operating system 16.

The computer 30 is a computer such as a server or a personal computer having a processor (CPU) 31, a memory 32, a storage device 33, an input / output unit 34, and a communication unit 35. The functions of the processor 31, the memory 32, the storage device 33, the input / output unit 34, and the communication unit 35 are the same as those in the second embodiment described above.

In the processor 31, the operating system (OS) 36, the authentication unit 38, the training unit 39, and the data collection unit 40 operate. These functions are realized by a program executed by the processor 31. The operating system 36 provides basic functions of the computer 30 such as file input / output. The authentication unit 38 performs the above-mentioned first-stage active authentication, third-stage active authentication, and passive authentication using the second-stage stroke data. Specifically, the stroke data or the feature amount data of the stroke transmitted from the terminal 10 (stroke acquisition unit 20) is input to the classifier 182, and it is determined whether the stroke is caused by the operation of the person himself / herself, and the determination result is obtained. Is transmitted to the terminal 10. The data collection unit 40 collects the stroke data input to the terminal 10 and generates fake data for training. The training unit 39 trains the classifier 182 for passive authentication by the authentication unit 38 using the training data collected by the data collection unit 40.

In the authentication system of the third embodiment, since the authentication process is not performed on the terminal 10, the authentication process of the present invention can be performed even on the terminal 10 having a low processing capacity. The program of the stroke acquisition unit 20 described in detail in this embodiment is also implemented in Examples 1 and 2 (terminals 10 shown in FIGS. 2 and 10) described above (not shown).

The present invention is not limited to the above-described embodiment, and includes various modifications and equivalent configurations within the scope of the appended claims. For example, the above-described examples have been described in detail in order to explain the present invention in an easy-to-understand manner, and the present invention is not necessarily limited to those having all the described configurations. Further, a part of the configuration of one embodiment may be replaced with the configuration of another embodiment. Further, the configuration of another embodiment may be added to the configuration of one embodiment. In addition, other configurations may be added / deleted / replaced with respect to a part of the configurations of each embodiment.

10 Terminal 11, 31 Processor 12, 32 Memory 13, 33 Storage device 14, 34 Input / output unit 15, 35 Communication unit 16, 36 Operating system 17 Application program 18, 38 Authentication unit 19, 39 Training unit 20 Stroke acquisition unit 30 Computer 40 Data collection unit 50 Network 151 Training stroke data 152 Authentication stroke data 180, 190 Feature extraction unit 181, 191 Direction selector 182 Classifier 183 Majority voting model 184 Final voting model 185, 186 Window

Claims (6)

It is an authentication system that authenticates using the user's actions.
It includes an arithmetic unit that executes a predetermined arithmetic processing, a memory that can be accessed by the arithmetic unit, and an input unit that acquires a user's operation.
A feature extraction unit that extracts touch stroke information including at least information on the start point and end point of the movement from the user's movement acquired by the input unit, and a feature extraction unit.
A selector that divides the direction of movement into at least two predetermined directions based on the extracted start point and end point information.
It is provided corresponding to the at least two directions, learns the operation of the first operator and the operation of another operator, and identifies whether the user related to the acquired operation is the first operator. An authentication system characterized by having a classifier. The authentication system according to claim 1.
The classifier is an authentication system characterized in that another operator has learned from training data including an operation that imitates the operation of the first operator. The authentication system according to claim 1.
It has a majority decision unit that judges the success or failure of authentication using the identification result of the classifier.
The majority vote
It has a first window buffer that stores a plurality of identification results of the classifier in chronological order.
An authentication system characterized in that a voting result of successful authentication is output when a predetermined number or more of the determination results stored in the first window buffer are the first operators. The authentication system according to claim 3.
It has a final voting department that judges the success or failure of certification using the voting results of the majority voting department.
The final voting department
It has a second window buffer that stores a plurality of voting results of the majority voting section in chronological order.
An authentication system characterized in that when a predetermined number or more of the voting results stored in the second window buffer are the first operators, the voting results of successful authentication are output. It is an authentication program for the authentication system to perform authentication using the user's actions.
The authentication system includes an arithmetic unit that executes a predetermined arithmetic processing, a memory that the arithmetic unit can access, and an input unit that acquires a user's operation.
A feature extraction procedure for extracting touch stroke information including at least information on the start point and end point of the movement from the movement of the user acquired by the input unit, and
Based on the extracted start point and end point information, a selection procedure for dividing the direction of movement into at least two predetermined directions, and
It is provided corresponding to the at least two directions, learns the operation of the first operator and the operation of another operator, and identifies whether the user related to the acquired operation is the first operator. An authentication program for causing the arithmetic unit to execute the classification procedure. It is an authentication method in which the authentication system authenticates using the user's actions.
It is an authentication system that authenticates using the user's actions.
The authentication system includes an arithmetic unit that executes a predetermined arithmetic processing, a memory that the arithmetic unit can access, and an input unit that acquires a user's operation.
The authentication method is
A feature extraction procedure for extracting touch stroke information including at least information on the start point and end point of the movement from the movement of the user acquired by the input unit, and
Based on the extracted start point and end point information, a selection procedure for dividing the direction of movement into at least two predetermined directions, and
It is provided corresponding to the at least two directions, learns the operation of the first operator and the operation of another operator, and identifies whether the user related to the acquired operation is the first operator. An authentication method characterized by including a classification procedure.

Images