KR101860319B1 - Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof - Google Patents

Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof Download PDF

Info

Publication number
KR101860319B1
KR101860319B1 KR1020160145294A KR20160145294A KR101860319B1 KR 101860319 B1 KR101860319 B1 KR 101860319B1 KR 1020160145294 A KR1020160145294 A KR 1020160145294A KR 20160145294 A KR20160145294 A KR 20160145294A KR 101860319 B1 KR101860319 B1 KR 101860319B1
Authority
KR
South Korea
Prior art keywords
mouse
keyboard
input
user
authentication
Prior art date
Application number
KR1020160145294A
Other languages
Korean (ko)
Other versions
KR20180048121A (en
Inventor
원유재
오재근
이영경
손민석
신강식
Original Assignee
충남대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 충남대학교산학협력단 filed Critical 충남대학교산학협력단
Priority to KR1020160145294A priority Critical patent/KR101860319B1/en
Priority to PCT/KR2017/012024 priority patent/WO2018084503A1/en
Publication of KR20180048121A publication Critical patent/KR20180048121A/en
Application granted granted Critical
Publication of KR101860319B1 publication Critical patent/KR101860319B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The authentication method using the keyboard and mouse input behavior pattern of the present invention according to the present invention is a method for comparing the reference input action information with the authentication input action information to determine whether the user is the same or not, The distance between the time at which the button is pressed and the time at which the button is pressed, the position of the mouse point, and the moving speed of the mouse are compared to determine whether the user is the same.

Description

TECHNICAL FIELD [0001] The present invention relates to an authentication method using a keyboard and a mouse input behavior pattern of a user, and a recording medium on which a program implementing the method is recorded. [0002]

The present invention relates to an authentication method using a keyboard and a mouse input behavior pattern of a user and a recording medium on which a program implementing the method is recorded. More specifically, And a recording medium on which a program for implementing the method is recorded.

When a user logs in to a specific computer, various methods such as inputting a password, inputting a pattern, and inputting biometric information are used to authenticate the user.

Patent Document 1 discloses an invention for verifying whether a user is the same by using vein scanning information among biological signals, and Patent Document 2 discloses an invention for verifying whether a user is the same by using fingerprint information of biological signals , Patent Document 3 discloses an invention in which a user is identified by using keystroke dynamics when a user enters a password.

However, since the conventional password input method and pattern input method can be easily authenticated by a third party by imitating the input password, the security is weak. In addition, the security methods described in Patent Documents 1 to 2 have a problem that expensive hardware is required for confirming a living body signal. The security method of Patent Document 3 uses only a keyboard input, so the accuracy is not high.

1. KR 10-2016-01011249 A (Disclosure date: August 25, 2016) 2. KR 10-2015-0069086 A (Disclosure date: June 23, 2015) 3. KR 10-2014-0071590 A (Disclosure date: June 12, 2014)

A problem to be solved by the present invention is to provide a highly secure authentication method when a user logs in to a specific computer, while being simple and low in cost.

One example of an authentication method using a keyboard and a mouse input behavior pattern according to the present invention is an authentication method using a keyboard and a mouse input behavior pattern of a user in a terminal including a controller, a storage unit, a keyboard, and a mouse, A first step of storing input action information input by the user through the keyboard and the mouse as reference input action information in a storage unit by the control unit a predetermined number of times; A second step of, when the user wishes to authenticate, storing the input action information input by the user through the keyboard and mouse as authentication input action information in the storage unit; And a third step of the control unit comparing the reference input action information and the authentication input action information to determine whether the user is the same. When the reference input action information and the authentication input action information are stored in the storage unit, A time interval between a time at which the keyboard is pressed and a time at which the keyboard is pressed, a time at which the mouse button is pressed and a time at which the button is pressed, a position of the mouse point, and a moving speed of the mouse. The distance between the time of pressing the mouse button and the time of pressing, the position of the mouse point, and the moving speed of the mouse are compared with each other to determine whether the user is the same.

In the third step, when it is determined whether the user is the same by comparing the interval between the time of pressing the keyboard and the time of pressing, the interval between the time of pressing the mouse button and the time of pressing, the position of the mouse point, , An average value and a standard deviation of the interval between the keyboard pressing time and the pressing time of the reference input action inputted a predetermined number of times, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, It is possible to determine whether the user is the same using the average value and the standard deviation.

When the computer program according to the present invention is installed in a terminal including a control unit, a storage unit, a keyboard, and a mouse, the method may be implemented.

Another example of a user authentication method using a keyboard and a mouse input behavior pattern according to the present invention is a system including a terminal control unit, a keyboard, a terminal including a mouse, a server control unit, and an authentication server including a server storage unit, And a mouse input behavior pattern, the method comprising: a first step of transmitting, by the terminal control unit of the terminal, input activity information input by a user through a keyboard and a mouse to the authentication server a predetermined number of times; A second step in which the server control unit of the authentication server stores the received input action information as reference input action information in a server storage unit; A third step for the terminal control unit of the terminal to transmit the input action information input by the user through the keyboard and the mouse to the authentication server when the user desires authentication; A fourth step of the server control unit of the authentication server storing the received input action information as authentication input action information in the server storage unit; And a fifth step of comparing the reference pattern input and the authentication pattern input by the server control unit to determine whether the user is the same. When storing the reference input action information and the authentication input action information in the server storage unit, Wherein the controller stores the interval between the time and the pressing time, the interval between the time of pressing the mouse button and the time of pressing, the position of the mouse point, and the moving speed of the mouse, The distance between the pressing time and the pressing time of the mouse button, the position of the mouse point, and the moving speed of the mouse are compared to determine whether the user is the same.

In the fifth step, when it is determined whether the user is the same by comparing the interval between the pressing time of the keyboard and the pressing time, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, , An average value and a standard deviation of the interval between the keyboard pressing time and the pressing time of the reference input action inputted a predetermined number of times, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, It is possible to determine whether the user is the same using the average value and the standard deviation.

Another example of an authentication method using a keyboard and a mouse input behavior pattern according to the present invention is a authentication method using a keyboard and a mouse input behavior pattern of a user in a terminal including a controller, a storage unit, a keyboard, and a mouse, A first step of storing input action information input by a user through a keyboard and a mouse as reference input action information in a storage unit by a predetermined number of times; A second step of, when the user wishes to authenticate, storing the input action information input by the user through the keyboard and mouse as authentication input action information in the storage unit; A third step of comparing the reference input action information and the authentication input action information to determine whether the user is the same; Wherein the keyboard input information, the moving speed of the mouse pointer, the degree of directional change, and the curvature are stored when the reference input action information and the authentication input action information are stored in the storage unit, The moving speed of the mouse pointer, the degree of directional change, and the curvature are compared to determine whether the user is the same.

Another example of a user authentication method using a keyboard and a mouse input behavior pattern according to the present invention is a system including a terminal control unit, a keyboard, a terminal including a mouse, a server control unit, and an authentication server including a server storage unit, And a mouse input behavior pattern, the method comprising: a first step of transmitting, by the terminal control unit of the terminal, input activity information input by a user through a keyboard and a mouse to the authentication server a predetermined number of times; A second step in which the server control unit of the authentication server stores the received input action information as reference input action information in a server storage unit; A third step for the terminal control unit of the terminal to transmit the input action information input by the user through the keyboard and the mouse to the authentication server when the user desires authentication; A fourth step of the server control unit of the authentication server storing the received input action information as authentication input action information in the server storage unit; And a fifth step of comparing the reference pattern input with the authentication pattern input to determine whether the user is the same. When storing the reference input action information and the authentication input action information in the server storage unit, , The moving speed of the mouse pointer, the degree of directional change, and the curvature are stored. In the fifth step, the keyboard input information, the moving speed of the mouse pointer, the directional change degree, and the curvature are compared to determine whether the user is the same .

The present invention provides a highly secure authentication method when the user logs in to a specific computer, while being simple and low-cost.

1 shows an example of a screen for inputting a password using a mouse
2 shows an example of inputting a password by a mouse click
Fig. 3 is a diagram showing the configuration of the first embodiment according to the present invention
4 is a diagram showing the configuration of the second embodiment according to the present invention
5 shows an example of a screen for inputting a character password using a mouse

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise.

BRIEF DESCRIPTION OF THE DRAWINGS The invention will be described in more detail with reference to the accompanying drawings.

In a conventional terminal (terminal computer), when inputting an ID and a password for use authentication, there are cases where the input is performed only by the keyboard. However, in some cases, a password is input through a mouse in order to reduce the risk of hacking.

1 is an example of a screen for inputting a password with a mouse.

If one can select one of the nine numbers in the password input screen, the input screen can be divided into nine areas as shown in FIG. 1, and each area is divided into areas 1, 2 Region 3, region 4, region 5, region 6, region 7, region 8, and region 9.

2 shows an example of inputting a password by a mouse click.

In the conventional authentication method using a mouse input, as shown in FIG. 3, when the user inputs a mouse click, only the information that the user clicks the first area, second area, fifth area and eight area is stored, .

However, in the present invention, an accurate XY coordinate position of a mouse point when a mouse is clicked, an interval between a time of pressing the mouse button and a pressing time are stored together, and the user is authenticated using this information.

The exact XY coordinate position of the mouse point can vary depending on the resolution of the input screen. For example, if you have 200 horizontal and 70 vertical resolutions, the horizontal coordinate (X coordinate) can have a value between 1 and 200, and the vertical coordinate (Y coordinate) can have a value between 1 and 70. have.

Even if the user tries to click the area 1, the XY coordinates of the mouse pointer may be different for each user, and the XY coordinates of the mouse pointer may be different each time the user clicks the mouse.

At this time, the interval between the depression time of the mouse button and the depression time can be stored together. Examples of the value include 0.11 seconds for the mouse button 1, 0.09 seconds for the mouse button 2, 0.08 seconds for the mouse button 5, and 8 0.09 seconds, the time to release the mouse button in area 1 and press the mouse button in area 2 0.99 s, the time to release the mouse button in area 2 and press the mouse button in area 5 0.98 seconds , The time from when the mouse button of the area 5 is released to the time when the mouse button of the area 8 is pressed is 0.97 seconds.

When typing "1258" on the keyboard, you can store the interval between the time you press and the time you press the keyboard in the same way. Examples of these values are: 0.12 seconds for keyboard number 1, 0.08 seconds for keyboard number 2, 0.09 seconds for keyboard number 5, 0.09 seconds for keyboard number 8, and 1 for keyboard number 1 The time until the keyboard number 2 is pressed is 0.99 seconds, the time from when you release the keyboard number 2 to the time you press the keyboard number 5, 0.98 seconds, the time until you release the keyboard number 5 and press the keyboard number 8 Of 0.97 seconds.

The moving speed of the mouse can be known by dividing the moving distance of the mouse point by the moving time.

In the present invention, the same user is authenticated by using a value input by a keyboard and a value input by a mouse, together with a method of inputting an ID with a keyboard and a password with a mouse.

 The interval between the pressing time of the keyboard and the pressing time, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, and the moving speed of the mouse can be changed each time the user inputs. Therefore, it is desirable to input the reference input action information several times and to store the average value and the standard deviation of the reference input action information. It is preferable that the user inputs the reference input action information about 5 times since the accuracy is lowered when inputting only 1-2 times and the user is inconvenient when inputting 5 times or more.

According to the normal distribution table, the probability that the mean value will be more than 1 times the standard deviation becomes about 16.9%, and the probability that it will be more than twice the standard deviation becomes about 2.3%.

Therefore, if a predetermined multiple is previously set as the reference value and the value differs within the reference value when the user inputs the authentication input action information, the user can be authenticated as the same person. If the predetermined multiple is too large, the risk of authenticating the same person is greater than the same person, and if the predetermined multiple is too small, the risk of judging that the same person is not the same person is increased.

3 is a configuration diagram of the first embodiment according to the present invention.

3 is a configuration diagram of a terminal 100 (for example, a terminal computer such as a desktop PC) used by a user and includes a control unit 110, a storage unit 120, a keyboard 130, a mouse 140 ).

In the authentication method of the present invention, when the user inputs the reference input action information and stores the reference input action information as the reference input action information, the user does not input only once, but inputs a predetermined number of times a predetermined number of times. .

The controller 110 stores the input action information as the reference input action information in the storage unit 120 through the keyboard 130 and the mouse 140 a predetermined number of times.

At this time, the information stored in the storage unit 120 includes the interval between the pressing time and the pressing time of the keyboard, the interval between the pressing time and the pressing time of the mouse button, the position of the mouse point, and the moving speed of the mouse.

When the user desires authentication, the user inputs input action information through the keyboard 130 and the mouse 140. This input action information is referred to as authentication input action information, and the reference input action information and the authentication input action The information is compared to determine whether the user is the same and to authenticate.

When comparing the reference input action information and the authentication input action information, an interval between the time of pressing and pressing the keyboard, the interval between the time of pressing the mouse button and the time of pressing, the position of the mouse point, do.

The method of comparing the positions of the mouse points can be determined based on whether the X and Y coordinates of the mouse pointer of the authentication input action information are within a predetermined range.

For example, the difference between the X coordinate of the mouse pointer of the authentication input action information and the average value of the X coordinate of the mouse pointer of the reference input action information is obtained by multiplying the standard deviation of the X coordinate of the mouse pointer of the reference input action information by a predetermined reference value , It can be judged that it is not the same person.

If the difference between the Y coordinate of the mouse pointer of the authentication input action information and the average value of the Y coordinate of the mouse pointer of the reference input action information is larger than the value obtained by multiplying the standard deviation of the Y coordinate of the mouse pointer of the reference input action information by a predetermined reference value , It can be judged that it is not the same person.

The method of comparing the pressing time of the mouse button can be determined based on whether or not the time of depression of the mouse button of the authentication input action is within a predetermined range.

For example, when a password is set as shown in FIG. 2 and the user inputs a password with the mouse 5 times, the average value and standard deviation of the time of depression of the mouse button when the mouse pointer is in the area 1, Average value and standard deviation of the time of depression of the mouse button when the mouse pointer is in the number field, average and standard deviation of the time of depression of the mouse button when the mouse pointer is in the number 5 area, Can be obtained.

In this case, if the difference between the mouse button press time of the first area of the authentication input action information and the average value of the mouse button press time of the first area of the reference input action information is smaller than the standard deviation of the mouse button press time of the first area of the reference input action information If it is larger than the value obtained by multiplying the reference value, it can be judged that it is not the same person.

If the difference between the mouse button press time of the second area of the authentication input action information and the average value of the mouse button press time of the second area of the reference input action information is smaller than the standard deviation of the mouse button press time of the second area of the reference input action information If it is larger than the value obtained by multiplying the reference value, it can be judged that it is not the same person.

 The average value and the standard deviation can be obtained for the interval between the pressing time and the pressing time of the keyboard, the moving speed of the mouse, and the like.

Also, specific values may be weighted when comparing multiple values.

For example, if the standard deviation of a particular value is the smallest as a result of analysis of the reference input behavior information of a particular user, the user tends to input the input value constantly, . That is, it is possible to improve the accuracy of judgment by giving a high weight to a value having a small standard deviation among a plurality of values of the reference input action information to judge whether or not they are the same.

Therefore, the authentication method in the terminal having the configuration diagram of FIG. 3 may include the following steps.

(1) The first step: the control unit stores the input action information input by the user through the keyboard and the mouse as the reference input action information in the storage unit a predetermined number of times

(2) Step 2: when the user wants to authenticate, the control unit stores the input action information inputted by the user through the keyboard and the mouse in the storage unit as the authentication input action information

(3) third step: the control unit compares the reference input action information and the authentication input action information to determine whether the user is the same

When the reference pattern input and the authentication pattern input are stored in the storage unit, the interval between the time of pressing and pressing the keyboard, the interval between the time of pressing the mouse button and the time of pressing, the position of the mouse point, , It is possible to determine whether the user is the same by comparing the interval between the pressing time of the keyboard and the pressing time in the third step, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point and the moving speed of the mouse .

A distance between the pressing time of the keyboard and the pressing time, an interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, and the moving speed of the mouse are compared to determine whether the user is the same, An average value and a standard deviation of an interval between the keyboard pressing time and the pressing time of the reference inputting action, the interval between the time of pressing the mouse button and the pressing time, the position of the mouse point and the moving speed of the mouse, Can be used to determine whether the user is the same.

In order for the method to be implemented in a terminal (e.g., a terminal computer such as a desktop PC), a computer program implementing the method must be installed in the terminal.

In the configuration diagram of FIG. 3, the authentication process is performed in the terminal, but the authentication may not be performed in the terminal but may be performed in the server (authentication server).

4 is a configuration diagram of a second embodiment according to the present invention.

5, the terminal 200 includes a terminal control unit 210, a keyboard 220, a mouse 230, and a terminal communication unit 240. The authentication server 300 includes a server control unit 310, a server storage unit 320 And a server communication unit 330.

The terminal 200 and the authentication server 300 can exchange data using the terminal communication unit 240 and the server communication unit 330.

The terminal 200 transmits the input action information input by the user to the authentication server 300 to authenticate whether the user is the same or not. Therefore, the authentication method in the system having the configuration of Fig. 4 may include the following steps.

(1) The first step: the terminal control unit of the terminal transmits the input action information input by the user through the keyboard and the mouse to the authentication server a predetermined number of times

(2) the second step: the server control unit of the authentication server stores the received input action information as reference input action information in the server storage unit

(3) Step 3: When the user wants to authenticate, the terminal control unit of the terminal transmits to the authentication server the input action information inputted by the user through the keyboard and the mouse

(4) Step 4: The server control unit of the authentication server stores the received input action information as authentication input action information in the server storage unit

(5) Step 5: The server controller compares the reference pattern input with the authentication pattern input to determine whether the user is the same

When the reference input action information and the authentication input action information are stored in the server storage unit, an interval between the time of pressing the keyboard and the time of pressing the button, an interval between the time of pressing the mouse button and the time of pressing the mouse, In the fifth step, the interval between the pressing time and the pressing time of the keyboard, the interval between the pressing time of the mouse button and the pressing time, the position of the mouse point, and the moving speed of the mouse are compared, It can be judged.

The process of determining whether the mouse input password is identical before comparing the interval between the time of pressing the mouse button and the time of pressing, the position of the mouse point, and the moving speed of the mouse in the user authentication method may naturally be included. For example, when the mouse input password of FIG. 2 is 1258 and the mouse input of the authentication input action information is not 1258, the interval between the time of pressing the mouse button and the pressing time, the position of the mouse point, It is judged that it is not necessary and is not the same person.

In the above embodiment, in addition to comparing keyboard input information, numeric passwords (passwords) are input through a numeric screen as shown in FIG. 2 when comparing mouse input information, but a character password (password) may be input.

5 is an example of a screen for inputting a character password using a mouse.

Also, when comparing the mouse input information, it is possible to compare the moving speed of the mouse pointer, the directional change, the curvature, and the like to determine whether they are the same or not.

When storing the mouse input information, the information can be periodically collected and stored. For example, the position of the mouse pointer can be collected according to a designated frequency (for example, 20 Hz), and a window timer technique can be used in this process. At this time, the collected mouse point positions can be stored in the linked list {LinkedList (Queue)}. Then, the distance from the previous position can be calculated and stored together with the mouse point position at every collection period.

An example of collection storage and initialization is as follows.

(1) Mouse input detection uses hooking technology and window message function.

(2) Detect the click (WM_LBUTTONDOWN) of the mouse and pass the currently stored linked list (LinkedList) together with the click position to the pattern quantization function.

(3) Initialize the linked list (LinkedList).

An example of speed pattern quantification will be described as follows.

(1) LinkedList The average speed of the entire (one click) is obtained.

(2) Define a linked list (LinkedList) as a case.

(3) The time of one case is measured through LinkedList Size / Frequency {Hz} = Time {Time (s)}.

(4) The sum of distances stored in each node of the linked list is calculated.

(5) Calculate the average speed of the case by dividing the sum of the dists by the time.

(6) Using the above method, the standard deviation of maximum, minimum, and speed are used as data.

An example of directional change degree pattern quantification will be described as follows.

(1) Measures a directional change degree of adjacent nodes stored in a linked list.

(2) Directionality is defined as the direction vector of two consecutive nodes (Nodes).

(3) Directional gradient is measured based on the inner product of a defined direction vector.

(4) Using the new list (List) based on (2) and (3), the data of the highest, average, minimum and directional standard deviations are used as data.

An example of accuracy pattern quantification is as follows.

(1) Measure the distance between the center coordinates and the click coordinates of the key value range of the virtual keyboard inputted at the time of clicking (end of one case).

An example of the curvature digitization of the copper wire will be described as follows.

(1) Define the curvature of the copper wire as the distance between the entire copper wire and the first and last coordinates of the mouse.

(2) The sum of the dists (dist) of each node (Node) of the linked list (LinkedList) is calculated.

(3) Calculate the straight line distance between the mouse pointer position of the head node of the linked list and the mouse pointer position of the rear node.

(4) Utilizing the difference between the two calculated values as data.

An example of storing the digitized data will be described as follows.

(1) Digitization data stored at the time of account creation functions to collect and store digitized data.

(2) Each numerical data has an average, error range (positive direction, negative direction).

An example of the comparison of the digitized data will be described as follows.

(1) Digitized data The comparison time is performed in the login function, and the pattern data stored by ID is compared with the data collected in the login process.

(2) It is executed when the existing ID / PW authentication process has passed.

(3) Evaluate whether the collected data in the log-in process falls within the error range of the stored data or out of the error range.

(4) Each numerical data has a weight, which is defined as scoring.

(5) Scoring regards data with small authentication errors as important data, evaluates errors strictly, evaluates data with large authentication errors as less important data, and makes a loose evaluation of errors.

The authentication method of the present invention can be used not only when logging in from a terminal computer but also in various fields. For example, it can be used to enhance the authentication of users in various fields such as Internet banking transactions and PINTECH.

100: terminal
110:
120:
130: keyboard
140: Mouse
200: terminal
210:
220: Keyboard
230: Mouse
240:
300: authentication server
310:
320: server storage unit
330: server communication section

Claims (7)

An authentication method using a keyboard and a mouse input behavior pattern in a terminal including a control unit, a storage unit, a keyboard, and a mouse,
A first step of storing the input action information input by the user through the keyboard and the mouse as reference input action information in the storage unit by the control unit a predetermined number of times;
A second step of, when the user wishes to authenticate, storing the input action information input by the user through the keyboard and mouse as authentication input action information in the storage unit;
A third step of comparing the reference input action information and the authentication input action information to determine whether the user is the same;
Lt; / RTI >
In the first step, the number of times the user inputs the input action information through the keyboard and the mouse is five,
The keyboard input information, the moving speed of the mouse pointer, the degree of directional change, and the curvature when the reference input action information and the authentication input action information are stored in the storage unit, Speed, directional change degree, and curvature to determine whether the user is the same,
Wherein the keyboard input information includes an interval between a time of pressing the keyboard and a time,
The moving speed of the mouse pointer is a value obtained by dividing the moving distance by the moving time,
The directionality of the directional variability is a direction vector of consecutive nodes,
The curvature is defined as a straight line distance between the first and second coordinates of the entire mouse,
When the keyboard input information and the moving speed of the mouse pointer are compared with each other to determine whether the user is the same, the keyboard input information of the reference input action inputted a predetermined number of times, the average value and the standard deviation of the moving speed of the mouse pointer are obtained, And determining whether the user is the same using the standard deviation and the standard deviation.
delete A computer readable recording medium storing a computer program installed in a terminal including a control unit, a storage unit, a keyboard, and a mouse, the computer readable recording medium storing a computer program for causing the terminal to perform the method of claim 1 when installed in the terminal Possible recording medium.
A method of authenticating a user using a keyboard and mouse input behavior pattern in a system including a terminal control unit, a keyboard, a terminal including a mouse, a server control unit, and an authentication server including a server storage unit,
A first step in which a terminal control unit of the terminal transmits input activity information input by a user through a keyboard and a mouse to the authentication server a predetermined number of times;
A second step in which the server control unit of the authentication server stores the received input action information as reference input action information in a server storage unit;
A third step for the terminal control unit of the terminal to transmit the input action information input by the user through the keyboard and the mouse to the authentication server when the user desires authentication;
A fourth step of the server control unit of the authentication server storing the received input action information as authentication input action information in the server storage unit;
A fifth step of the server control unit comparing the reference pattern input and the authentication pattern input to determine whether the user is the same;
Lt; / RTI >
The keyboard input information, the moving speed of the mouse pointer, the directional change degree, and the curvature when storing the reference input action information and the authentication input action information in the server storage unit, The moving speed, the directional change degree, and the curvature are compared to judge whether the user is the same or not,
Wherein the keyboard input information includes an interval between a time of pressing the keyboard and a time,
The moving speed of the mouse pointer is a value obtained by dividing the moving distance by the moving time,
The directionality of the directional variability is a direction vector of consecutive nodes,
The curvature is defined as a straight line distance between the first and second coordinates of the entire mouse,
When the keyboard input information and the moving speed of the mouse pointer are compared with each other to determine whether the user is the same, the keyboard input information of the reference input action inputted a predetermined number of times, the average value and the standard deviation of the moving speed of the mouse pointer are obtained, And determining whether the user is the same using the standard deviation and the standard deviation. delete delete delete
KR1020160145294A 2016-11-02 2016-11-02 Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof KR101860319B1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR1020160145294A KR101860319B1 (en) 2016-11-02 2016-11-02 Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof
PCT/KR2017/012024 WO2018084503A1 (en) 2016-11-02 2017-10-27 Verification method using keyboard and mouse input behavior pattern of user, and recording medium recorded with program for implementing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160145294A KR101860319B1 (en) 2016-11-02 2016-11-02 Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof

Publications (2)

Publication Number Publication Date
KR20180048121A KR20180048121A (en) 2018-05-10
KR101860319B1 true KR101860319B1 (en) 2018-05-23

Family

ID=62076195

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160145294A KR101860319B1 (en) 2016-11-02 2016-11-02 Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof

Country Status (2)

Country Link
KR (1) KR101860319B1 (en)
WO (1) WO2018084503A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102561237B1 (en) * 2019-05-27 2023-07-28 이익준 System for account transfer authentication
CN111541695A (en) * 2020-04-24 2020-08-14 太仓红码软件技术有限公司 Firewall system based on operation authentication

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101403398B1 (en) * 2012-12-27 2014-06-03 한국과학기술원 User verification apparatus via document reading pattern and method thereof

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100923179B1 (en) * 2007-08-16 2009-10-22 재단법인서울대학교산학협력재단 Method and system for detecting account sharing based on behavior patterns
KR20110121251A (en) * 2010-04-30 2011-11-07 금오공과대학교 산학협력단 Method and device for authenticating user using user's gesture
KR101303843B1 (en) * 2011-07-06 2013-09-16 브랜든 와이. 김 Gesture Password System and Method thereof
KR20150130687A (en) * 2014-05-14 2015-11-24 주식회사 지니틱스 Method for recognizing user gesture using vector-based pattern matching

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101403398B1 (en) * 2012-12-27 2014-06-03 한국과학기술원 User verification apparatus via document reading pattern and method thereof

Also Published As

Publication number Publication date
KR20180048121A (en) 2018-05-10
WO2018084503A1 (en) 2018-05-11

Similar Documents

Publication Publication Date Title
Buschek et al. Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices
CN105980973B (en) User authentication gesture
US8161530B2 (en) Behaviormetrics application system for electronic transaction authorization
KR100923179B1 (en) Method and system for detecting account sharing based on behavior patterns
US8051468B2 (en) User authentication system
WO2016049983A1 (en) User keyboard key-pressing behavior mode modeling and analysis system, and identity recognition method thereof
Kim et al. Freely typed keystroke dynamics-based user authentication for mobile devices based on heterogeneous features
US20050008148A1 (en) Mouse performance identification
US20080235788A1 (en) Haptic-based graphical password
US20180046792A1 (en) Identifying one or more users based on typing pattern and/or behavior
US20130326604A1 (en) Rhythm-based authentication
US9348510B2 (en) Comparing users handwriting for detecting and remediating unauthorized shared access
CN104778387B (en) Cross-platform identity authorization system and method based on man-machine interaction behavior
CN106778151B (en) Handwriting-based user identity recognition method and device
Mahadi et al. A survey of machine learning techniques for behavioral-based biometric user authentication
KR101860319B1 (en) Authentication method using user's keyboard and mouse input behavior pattern and storing medium storing authentication program using the method thereof
US7706574B1 (en) Identifying and protecting composed and transmitted messages utilizing keystroke dynamics
Alariki et al. TOUCH GESTURE AUTHENTICATION FRAMEWORK FOR TOUCH SCREEN MOBILE DEVICES.
Lee et al. Vulnerability analysis challenges of the mouse data based on machine learning for image-based user authentication
EP2490149A1 (en) System for verifying user identity via mouse dynamics
JP6924770B2 (en) Dynamic movement tracking infrastructure for spatially divided segments Signature authentication system and method
Li et al. Wrist in motion: A seamless context-aware continuous authentication framework using your clickings and typings
Rahman et al. Movement pattern based authentication for smart mobile devices
JP6276890B1 (en) Signature verification system
Dafer et al. Evaluation of keystroke dynamics authentication systems: Analysis of physical and touch screen keyboards

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant