201022982 九、發明說明: 【發明所屬之技術領域】 本發明疋一種電子認證技術,特別是指一種節奏點擊 認證方法及其系統,其認證的應用領域廣泛,不受限於電 子輸入設備的種類及語言,且難以猜測出認證節奏,確保 認證之安全性。 【先前技術】 現今電腦系統在我們的社會中日益普遍,諸如個人數 位助理與蜂巢式電話等小型手持電子裝置,或機頂盒等其 他特疋用途電子產品,到中型行動與桌上系統和大型工作 站與伺服器。隨著電腦成為隨處可見的產品,電腦認證防 護問題也日益重要。嚇阻電腦偷竊的方法日漸發展以應付 許多電腦8¾證問題造成的挑戰。現今已經有許多種使用者 涊證方法以提供防護並嚇阻偷竊。這些方法中最為常見的 是使用密碼鎖定或認證。 在某些電腦系統中,當電腦開機或軟體使用認證時, 電腦會要求使用者藉由密碼來確認身分。一旦使用者輸入 密碼,該密碼即傳送給電腦系統的硬碟,之後即被用來解 鎖硬碟或執行預設的軟鱧 '一旦被解鎖,儲存在硬碟内的 作業系統(Operating System)即被載入至電腦系統的記憶 體内,並且進行啟動程序或執行預設的軟體。任何人得到 使用者的密碼或破解密碼,就可以去假冒受害者並截取系 統内的重要訊息。此外,網路上的商業交易正廣大的被運 201022982 用,而確認傳達情報之使用者是否為本人及確認資料正確 性的技術’更是受到廣泛的重視;有關於確認是否有假冒 認證的第二者,大多是利用密碼和數位簽署之方式。然而 常見的破解手法疋利用程式不斷去猜密碼,利用數字加上 文字的邏輯搭配來猜測正確密碼,由於自然語言密碼是來 自於一個相當有限機率集合’且因报容易受密碼猜測攻 擊,一般技術者也很容易就可以破解加密程式;任何人得 到受害者的密碼就可以去假冒受害者並截取系統内的資 料。故在電腦速度及網路速度愈來愈快的今天,單純使用 密碼認證是很容易被破解的技術。 因此’許多的生物特徵也用來加強或取代傳統的身分 認證機制。其中像是擊鍵(keystroke )的生物特徵認證, 其不會增加使用者太大的負擔,而且只須要一般的鍵盤配 置。但由於鍵盤的樣式與結構不同,或者一些電子輸入設 備在設計上並沒有實體的鍵盤,其會導致擊鍵的生物特徵 認證無法實施或準確度下降β 針對前述的習用認證問題’本發明人在持續的研發改 良之後,終於開發出一種節奏點擊認證方法及其系統,其 認證的應用領域廣泛’不受限於電子輸入設備的種類及語 言,且難以猜測出認證節奏,確保認證之安全性。 【發明内容】 本發明的目的就是在提供一種節奏點擊認證方法,其 認證步驟的應用領域廣泛,不受限於電子輸入設備的種類 6 201022982 及語言,且難以猜測出認證節奏,有效增強認證之安全性。 本發明的另一目的是在提供一種節奏點擊認證系 統,其認證系統的軟硬體應用領域廣泛,不受限於電子輸 入設備的種類及語言,且難以猜測出認證節奏,有效增強 認證之安全性。 根據本發明之上述目的,提出一種節奏點擊認證方 法,其包含以下步驟: 1. 藉由電子輸入設備任一輸入元點擊; 2. 依使用者定義之節奏點擊; 3. 運算處理器進行節奏分析辨識; 4. 以節奏作為身分辨識認證。 藉前述步驟,本發明能有效發揮認證,且前述步驟適 用各種電子設備之輸入裝置,不受限於輸入鍵盤配置或輸 入元的設計;故本發明方法具有廣泛的應用領域,又不會 受限於電子輸入設備的種類及語言,不僅每個人相同節奏 點擊具有可供分析辨識的個別差異,且使用者之外的人根 本難以猜測出認證節奏,有效增強認證之安全性。 本發明之系統包含一電子輸入設備、一運算處理器、 一節奏比對模組,該電子輸入設備將使用者之輸入節奏訊 號傳遞至該節奏比對模組,在該節奏比對模組與該運算處 理器的搭配之下進行節奏分析辨識。 前述電子輸入設備可以是數位板、鍵盤、觸控螢幕、 滑鼠或紅外線感應器。 前述節奏比對模組可以承載於一可讀取載體上,該可 201022982 讀取載體可以是光碟、磁片、硬碟或隨身碟。另前述節奏 比對模組之分析比對條件可以是點擊速度、點擊停頓時間 等。 本發明之系統以運算處理器進行節奏分析後,由於不 同使用者節奏點擊具有個別差異,且使用者之外的人根本 難以猜測出認證節奏。故此系統作為身分辨識認證時,能 有效發揮認證系統的廣泛應用領域,並且不會受限於電子 輸入設備的種類及語言,有效增強認證之安全性。 【實施方式】 請參照第1、2圖,第1圖繪示本發明方法之步驟, 第2圖繪示本發明其一實施態樣,本發明方法的較佳實施 例說明於下,其包含: 1. 藉由電子輸入設備任一輸入元點擊100,使用者 在預設之電子輸入設備200之一輸入元201點擊,使用手 指300按動該輸入元201。 2. 依使用者定義之節奏點擊101,使用者以預設之 節奏進行電子輸入設備200之點擊,利用手指300依照節 奏之節拍、時序按動該輸入元201。 3. 運算處理器進行節奏分析辨識102,該電子輸入 設備200運用傳輸元件203將點擊訊號傳遞至一電腦 400,該電腦400内具備運算處理器及節奏比對模組;該 電腦400利用内部之運算處理器及節奏比對模組分析比對 前述點擊節奏,其分析技術可以採用誤差平均數(標準差) 201022982 來判別,或是採用類神經技術進行運算比對。 4.以節奏作為身分辨識認證103,利用運算處理器分 析節奏的結果認證辨識使用者身分。 本發明之系統架構運作圖請參閱第5圖,較佳實施例 請參閱第2圖,本發明之系統包含: 一電子輸入設備200,係為綾盤型式設計,具有可供 使用者點擊之輸入元201。 一電腦400,係利用一傳輸元件203與前述電子輸入 設備200訊號通連。該電腦400内含一運算處理器401及 一節奏比對模組402,且節奏比對模組402承載於一可讀 取載體上,該可讀取載體可以是光碟、磁片、硬碟或隨身 碟。 該電子輸入設備200將使用者手指300點擊輸入的節 奏訊號傳遞至該運算處理器401及節奏比對模組402,在 該節奏比對模組402與該運算處理器401的搭配之下進行 節奏分析辨識。 另請參照第3圖及第4圖,其繪示依照本發明系統另 外二種較佳實施例的示意圖。 本發明系統可以是第3圖中的實施態樣,包含有:一 電子輸入設備210,係為無線滑鼠型式設計,其前端具有 可供使用者點擊之輸入元211。一電腦410,係利用無線傳 輸技術與前述電子輸入設備210訊號通連。 本發明系統可以是第4圖中的實施態樣,包含有:一 電子輸入設備220,係為手持觸控螢幕型式設計,其表面 201022982 為可供使用者點擊之觸控螢幕。一手持式電腦420,係利 用與前述電子輸入設備220結合且相通連。 值得一提的是,本發明實驗運算之後可以得到二種數 據,足以證明本發明方法及系統相較現今技術具有之優 勢。前述數據分述於下: 錯誤接受率(False Acceptance Rate, FAR) ’係指本發 明系統實驗讓假冒者登入成功之比例。 錯誤拒絕率(False Rejection Rate, FRR),係指本發 明系統實驗讓合法使用者登入失敗之比例。 本發明實驗以25位使用者參與實驗,前述使用者皆 熟悉電腦功能,同時也知悉實驗之意圖及程序。本實驗分 別進行以下二種評估: 1. 模仿分析辨識:讓假冒者傾聽真正使用者如何點擊 及其節奏後,再請每位假冒者模仿相同節奏點擊測試。 2. 非模仿分析辨識:讓所有實驗者皆自行用習慣的節 奏來定義一組認證節奏,並且再請每位實驗者用相同節奏 點擊測試認證。 每位實驗者被要求提供60次的目標節奏樣本;前面 的30次是模仿分析辨識,後面的30次是非模仿分析辨 識。錯誤接受率(FAR)是計算假冒者成功攻擊合法使用 者的比例。每位使用者將依序輪流為合法的使用者,而其 他的使用者則為攻擊合法使用者的假冒者。假如系統接受 201022982 假冒者一次’則錯誤的接受數目將以丨累計。最後,總錯 誤接受數目除於總攻擊數目。錯誤拒絕率(FRR)則將3〇 個樣本區分成兩個群組。一組為丨〇個’另一組為2〇個。 1〇個樣本組將用於登記註冊階段,2〇個樣本組將用於分 析辨識認證階段。此時所有的使用者皆為合法使用者,假 如系統拒絕合法使用者一次,則錯誤的拒絕數目將以1累 計。最後,總錯誤的拒絕數目除於總合法使用者嘗試數 目。第6圖顯示本發明在不同門檻值下之far與FRR變 數的ROC曲線,並顯示其局部放大圖。 最佳的平均錯誤率(average faiSe rate)為〇〇6365 (FAR=〇.〇473 且 FRR=〇.〇8〇〇,其門檻為 0 03 )。 雖然本發明已以一較佳實施例揭露如上,然其並非用 以限定本發明,任何熟習此技藝者,在不脫離本發明之精 神和範圍内,當可作各種之更動與潤飾,因此本發明之保 護範圍當視其後附之申請專利範圍所界定者為準。 【圖式簡單說明】 為讓本發明之上述和其他目的、特徵、優點與實施例 能更明顯易懂,所附圖式之詳細說明如下: 第1圖續示本發明方法之步驟。 201022982 第2圖繪示本發明一實施態樣。 第3圖繪示本發明另一實施態樣。 第4圖繪示本發明再一實施態樣。 . 第5圖繪示本發明之系統架構運作圖。 第6圖繪示本發明在不同門檻值下之FAR與FRR變 數的ROC曲線。201022982 IX. Description of the Invention: [Technical Field] The present invention relates to an electronic authentication technology, and more particularly to a rhythm click authentication method and a system thereof, which have wide application fields of authentication, and are not limited to the types of electronic input devices and Language, and it is difficult to guess the pace of certification to ensure the security of certification. [Prior Art] Today's computer systems are becoming more and more popular in our society, such as small handheld electronic devices such as personal digital assistants and cellular phones, or other special-purpose electronic products such as set-top boxes, to medium-sized mobile and desktop systems and large workstations. server. As computers become ubiquitous products, computer certification and protection issues are becoming increasingly important. The method of deterring computer theft is growing to cope with the challenges posed by many computer problems. There are many types of user authentication methods available today to provide protection and to deter theft. The most common of these methods is the use of password locking or authentication. In some computer systems, when the computer is turned on or the software is used for authentication, the computer asks the user to confirm the identity by password. Once the user enters the password, the password is transmitted to the hard disk of the computer system, and then used to unlock the hard disk or perform the preset soft software. Once unlocked, the operating system stored in the hard disk is the operating system. It is loaded into the memory of the computer system and is used to start the program or execute the preset software. Anyone who gets the user's password or cracks the password can go to the impersonation victim and intercept important messages in the system. In addition, the commercial transactions on the Internet are being used by the majority of 201022982, and the technology to confirm whether the users of the information are themselves and to confirm the correctness of the data is more widely regarded; there is a second to confirm whether there is a counterfeit certification. Most of them use passwords and digital signing methods. However, common cracking techniques use programs to guess passwords, using numbers and logical matching of words to guess the correct password. Since natural language passwords come from a fairly limited probability set, and because of the vulnerability to password guessing, general techniques It is also very easy to crack the encryption program; anyone who gets the victim's password can go to the fake victim and intercept the data in the system. Therefore, in today's faster computer speeds and network speeds, simply using password authentication is a technology that can be easily cracked. Therefore, many biometrics are also used to strengthen or replace traditional identity authentication mechanisms. Among them, biometric authentication like keystroke does not increase the burden on the user, and only requires a general keyboard configuration. However, due to the different style and structure of the keyboard, or some electronic input devices are not designed with a physical keyboard, it will lead to the failure of the biometric authentication of the keystrokes or the accuracy of the degradation. β For the aforementioned conventional authentication problem, the inventor After continuous research and development and improvement, a rhythm click authentication method and its system have finally been developed, and its application fields of certification are widely limited to the types and languages of electronic input devices, and it is difficult to guess the authentication rhythm and ensure the security of authentication. SUMMARY OF THE INVENTION The object of the present invention is to provide a rhythm click authentication method, which has a wide application field of the authentication step, and is not limited to the type 6 201022982 and language of the electronic input device, and it is difficult to guess the authentication rhythm and effectively enhance the authentication. safety. Another object of the present invention is to provide a rhythm click authentication system, which has a wide range of software and hardware applications, is not limited to the type and language of electronic input devices, and is difficult to guess the authentication rhythm, thereby effectively enhancing the security of authentication. Sex. According to the above object of the present invention, a rhythm click authentication method is provided, which comprises the following steps: 1. clicking through any input element of an electronic input device; 2. clicking according to a user-defined rhythm; 3. calculating an algorithm for rhythm analysis Identification; 4. Identification of the identity with rhythm. By the foregoing steps, the present invention can effectively perform authentication, and the foregoing steps are applicable to input devices of various electronic devices, and are not limited to the design of the input keyboard configuration or the input element; therefore, the method of the present invention has a wide application field and is not limited. In the type and language of the electronic input device, not only the same rhythm click of each person has individual differences for analysis and identification, but it is difficult for people other than the user to guess the authentication rhythm and effectively enhance the security of the authentication. The system of the present invention comprises an electronic input device, an arithmetic processor, and a rhythm comparison module, wherein the electronic input device transmits the input rhythm signal of the user to the rhythm comparison module, and the rhythm comparison module and the The rhythm analysis and identification are performed under the cooperation of the arithmetic processor. The aforementioned electronic input device may be a tablet, a keyboard, a touch screen, a mouse or an infrared sensor. The aforementioned rhythm comparison module can be carried on a readable carrier, and the 201022982 read carrier can be a compact disc, a magnetic disc, a hard disc or a flash drive. In addition, the analysis of the rhythm comparison module may be a click speed, a click pause time, and the like. After the system of the present invention performs rhythm analysis with an arithmetic processor, there are individual differences due to different user rhythm clicks, and it is difficult for people other than the user to guess the authentication rhythm. Therefore, when the system is used as an identity identification authentication, it can effectively utilize the wide application fields of the authentication system, and is not limited by the type and language of the electronic input device, thereby effectively enhancing the security of the authentication. [Embodiment] Please refer to Figures 1 and 2, Figure 1 shows the steps of the method of the present invention, and Figure 2 shows an embodiment of the present invention. The preferred embodiment of the method of the present invention is described below. 1. By clicking 100 on any input element of the electronic input device, the user clicks on one of the input elements 201 of the preset electronic input device 200, and presses the input element 201 with the finger 300. 2. Click 101 according to the user-defined rhythm, and the user clicks on the electronic input device 200 at a preset rhythm, and presses the input element 201 with the finger 300 according to the rhythm of the rhythm. 3. The arithmetic processor performs rhythm analysis identification 102, and the electronic input device 200 transmits the click signal to a computer 400 by using the transmission component 203. The computer 400 has an arithmetic processor and a rhythm comparison module; the computer 400 utilizes an internal The arithmetic processor and the rhythm comparison module analyze the click rhythm, and the analysis technique can be determined by using the error mean (standard deviation) 201022982, or using the neural-like technique to perform the operation comparison. 4. Using the rhythm as the identity identification authentication 103, the user is identified by the result of the analysis of the rhythm by the arithmetic processor. For a system architecture operation diagram of the present invention, please refer to FIG. 5. For a preferred embodiment, refer to FIG. 2. The system of the present invention comprises: an electronic input device 200, which is a disk type design and has a user-clickable input. Yuan 201. A computer 400 is coupled to the electronic input device 200 by a transmission component 203. The computer 400 includes an arithmetic processor 401 and a rhythm comparison module 402, and the rhythm comparison module 402 is carried on a readable carrier, which may be a disc, a magnetic disc, a hard disc or A pen drive. The electronic input device 200 transmits the rhythm signal input by the user's finger 300 to the operation processor 401 and the rhythm comparison module 402, and performs rhythm under the matching of the rhythm comparison module 402 and the operation processor 401. Analytical identification. Referring to Figures 3 and 4, there are shown schematic views of two other preferred embodiments of the system in accordance with the present invention. The system of the present invention may be implemented in the third embodiment, comprising: an electronic input device 210, which is a wireless mouse type design, and has a front end having an input element 211 for the user to click. A computer 410 communicates with the aforementioned electronic input device 210 using wireless transmission technology. The system of the present invention can be implemented in the fourth embodiment, and includes: an electronic input device 220, which is a hand-held touch screen type design, and the surface 201022982 is a touch screen for the user to click. A hand-held computer 420 is used in conjunction with and in communication with the aforementioned electronic input device 220. It is worth mentioning that two kinds of data can be obtained after the experimental operation of the present invention, which is sufficient to prove that the method and system of the present invention have advantages over the prior art. The foregoing data is described below: False Acceptance Rate (FAR) refers to the proportion of the system experiments in this invention that allow counterfeiters to log in successfully. False Rejection Rate (FRR) is the percentage of the system experiments that failed to log in to legitimate users. In the experiment of the present invention, 25 users participated in the experiment, and the aforementioned users were all familiar with the computer function, and also knew the intention and procedure of the experiment. The following two assessments are performed in this experiment: 1. Imitation analysis identification: Let the counterfeiters listen to the real user how to click and their rhythm, and then ask each counterfeiter to imitate the same rhythm click test. 2. Non-imitation analysis identification: Let all experimenters use a customary rhythm to define a set of certification rhythms, and then ask each experimenter to click the test certification with the same rhythm. Each experimenter was asked to provide 60 target rhythm samples; the first 30 were simulated analysis and the next 30 were non-imitation analysis. False Acceptance Rate (FAR) is the ratio of calculating the number of successful counterfeiters who attack legitimate users. Each user will be a legitimate user in turn, while other users are counterfeiters who attack legitimate users. If the system accepts 201022982 impersonators once, then the number of wrong acceptances will be accumulated in 丨. Finally, the total number of errors accepted is divided by the total number of attacks. The false rejection rate (FRR) divides 3 samples into two groups. One group is one and the other group is two. One sample group will be used for the registration phase, and two sample groups will be used for the analysis and identification phase. At this point, all users are legitimate users. If the system rejects the legitimate user once, the number of erroneous rejections will be 1 cumulative. Finally, the total number of rejected errors is divided by the total number of legitimate user attempts. Figure 6 shows the ROC curve of the far and FRR variables of the present invention at different threshold values and shows a partial enlarged view thereof. The best average error rate (average faiSe rate) is 〇〇6365 (FAR=〇.〇473 and FRR=〇.〇8〇〇, with a threshold of 0 03 ). Although the present invention has been described above in terms of a preferred embodiment, it is not intended to limit the invention, and it is obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit and scope of the invention. The scope of the invention is defined by the scope of the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, advantages and embodiments of the present invention will become more <RTIgt; 201022982 FIG. 2 illustrates an embodiment of the present invention. Fig. 3 is a view showing another embodiment of the present invention. Fig. 4 is a view showing still another embodiment of the present invention. Figure 5 is a diagram showing the operation of the system architecture of the present invention. Figure 6 is a graph showing the ROC curves of the FAR and FRR variables of the present invention at different threshold values.
【主要元件符號說明】 100:藉由電子輸入設備任一輸入元點擊 101 ··依使用者定義之節奏點擊 102 :運算處理器進行節奏分析辨識 103:以節奏作為身分辨識認證 200 :電子輸入設備 201 :輸入元 210 :電子輸入設備 220 :電子輸入設備 400 :電腦 402 :節奏比對模組 203 :傳輸元件 211 :輸入元 參 300 :手指 401 :運算處理器 410 :電腦 420 :電腦 12[Main component symbol description] 100: Click on any input element of the electronic input device. ··· Click on the user-defined rhythm. 102: The arithmetic processor performs rhythm analysis and identification 103: uses the rhythm as the identity identification authentication 200: electronic input device 201: input element 210: electronic input device 220: electronic input device 400: computer 402: rhythm comparison module 203: transmission element 211: input meta-parameter 300: finger 401: operation processor 410: computer 420: computer 12