WO2017193165A1 - Authenticating a user - Google Patents

Authenticating a user Download PDF

Info

Publication number
WO2017193165A1
WO2017193165A1 PCT/AU2017/050426 AU2017050426W WO2017193165A1 WO 2017193165 A1 WO2017193165 A1 WO 2017193165A1 AU 2017050426 W AU2017050426 W AU 2017050426W WO 2017193165 A1 WO2017193165 A1 WO 2017193165A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
biometric feature
challenge
cognitive
information elements
Prior art date
Application number
PCT/AU2017/050426
Other languages
French (fr)
Inventor
Dali KAAFAR
Hassan ASGHAR
Jagmohan CHAUHAN
Jonathan Chan
Original Assignee
National Ict Australia Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2016901727A external-priority patent/AU2016901727A0/en
Application filed by National Ict Australia Limited filed Critical National Ict Australia Limited
Priority to EP17795186.0A priority Critical patent/EP3455766A4/en
Priority to US16/099,801 priority patent/US10965671B2/en
Priority to AU2017261844A priority patent/AU2017261844A1/en
Publication of WO2017193165A1 publication Critical patent/WO2017193165A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required

Definitions

  • the present disclosure includes computer-implemented methods, software, and computer systems for authenticating a user.
  • authentication plays an increasingly important role in a digital era since more and more transactions are being and will be conducted online without physical presence of a user at a transaction location.
  • authentication refers to a technical mechanism that uses a technical means to allow a legitimate user to access and prevents an illegitimate user from accessing a service that should only be accessed by the legitimate user.
  • the technical means used in the authentication may take different forms.
  • a user may create an account in a database operated by the bank, and associate a password with the account.
  • the account is typically identified by an account name.
  • the user invokes a password check process using network and digital technologies adopted by the bank.
  • the password check process Once the user is authenticated by the password check process, the user is able to transact using the account, for example, making a payment, transferring money to another account held by another user, etc.
  • user authentication may be required in document access services. For example, if a user attempts to access a document stored at a secure document server.
  • the secure document server or a third-party security service provider may need to check if the user has the right to access the document. If the user has the right to access the document, the user is authenticated to access the document. Otherwise, the secure document server rejects the user by not allowing the access to the document.
  • a cognitive challenge mechanism has to be repeated many times with different cognitive challenges when a user logs in the account. This makes the cognitive challenge mechanism inefficient and not user-friendly.
  • the biometric feature mechanism takes advantage of unique biometric features (for example, unique handwriting habits, gestures, etc.) of a user to reduce the number of repetitions, however, this mechanism is vulnerable to noise and imitations due to lack of randomness. This makes the biometric feature mechanism less reliable, particularly, due to the high Equal Error Rate (EER).
  • EER Equal Error Rate
  • a computer implemented method for authenticating a user comprising: presenting on a first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution, wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receiving from a second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extracting the biometric feature of the user from the response received from the second user interface; and authenticating the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
  • the method disclosed in the present disclosure extracts the biometric feature of the user from the response made by the user to the cognitive challenge, and authenticates the user if the biometric feature extracted from the response matches the reference biometric feature.
  • this method takes advantage of both cognitive capacities of the user used to determine the reference solution to the cognitive challenge and the biometric feature of the user contained in the response to the cognitive challenge. This method effectively reduces the number of repetitions required in conventional cognitive authentication methods to achieve a desired level of security and improves accuracy of conventional biometric feature authentication methods.
  • the reference solution may comprise a result of an operation based on the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements.
  • the reference solution may be based on an arrangement of the challenge set of cognitive information elements.
  • the reference solution may be a first reference solution and the response may be a first response
  • the method further comprising: presenting a second cognitive challenge that has a second reference solution, receiving a second response, extracting the biometric feature from the second response and authenticating the user if the biometric feature extracted from the first response and the second response match the reference biometric feature associated with the first reference solution and second reference solution.
  • the first user interface may be a screen.
  • Presenting on the first user interface the challenge set of cognitive information elements may comprise presenting on the screen a set of images and presenting a set of numbers associated with the set of images.
  • the set of images may comprise a first subset that represents the intersection that includes zero, one or more images of the secret set of cognitive information elements; and a second subset including one or more images that are all not in the secret set of cognitive information elements.
  • the first subset may include one or more images of the secret set of cognitive information elements. It should be noted that it is possible that the first subset may include none of the images that have been designated by the user as the secret set of cognitive information elements during the registration process.
  • Authenticating the user may further comprise: determining one or more numbers in the set of numbers associated with the first subset; determining an operation to be performed on the one or more numbers; performing the operation on the one or more numbers to determine the reference solution to the cognitive challenge; and determining the reference biometric feature based on the reference solution.
  • Authenticating the user may further comprise: determining a further reference biometric feature based on the biometric feature and a criterion; determining a further reference solution to the cognitive challenge, the further reference solution being associated with the further reference biometric feature; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the further reference solution is equal to the reference solution.
  • the method may further comprise: determining, based on the criterion, a distance between the biometric feature extracted from the response and the reference biometric feature associated with the reference solution; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the distance meets a threshold.
  • the response may comprise a set of data indicative of the user interacting with the second user interface.
  • Extracting the biometric feature may comprise extracting the biometric feature from the set of data.
  • the second user interface may be the screen and the screen may include a touch- sensitive surface.
  • the set of data may comprise one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
  • the second user interface may comprise one or more of an accelerometer, a gyroscope, and a gesture- sensitive device.
  • the set of data may comprise one or more readings from the second user interface.
  • a computer implemented method for registering a user to authenticate the user comprising: receiving from a third user interface a selection of cognitive information elements designated by the user as a secret set of cognitive information elements; determining reference biometric feature of the user based on the interaction of the user with the third user interface; and storing in a storage device the biometric feature.
  • the third user interface may be a screen, and presenting on the third user interface the set of cognitive information elements may comprise presenting on the screen a set of images.
  • the third user interface may be the screen, and the screen may include a touch- sensitive surface.
  • the interaction with the third user interface may comprise one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
  • the third user interface may comprise one or more of an accelerometer, a gyroscope, and a gesture sensitive device.
  • the method may further comprise presenting on the third user interface a further indication to the user indicative of an operation that is used in the cognitive challenge.
  • a computing device for authenticating a user, the computer system comprising: a first user interface; a second user interface; and a processor that is connected to the first user interface and the second interface, the processor being configured to present on the first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution , wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receive from the second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extract the biometric feature of the user from the response received from the second user interface; and authenticate the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
  • Fig. 1 illustrates an online transaction system in which methods disclosed in the present disclosure are applied
  • Fig. 2 illustrates an example service access device in accordance with the present disclosure
  • Fig. 3 illustrates an example method for authenticating a user in accordance with the present disclosure
  • FIGs. 4(a) to 4(c) illustrate screenshots of an example authentication process in accordance with the present disclosure
  • Figs 4(d) and 4(e) illustrates screenshots of an alternative example authentication process in accordance with the present disclosure.
  • Fig. 5 illustrates an example table used in the present disclosure to authenticate a user
  • Fig. 6 illustrates an example method for authenticating a user in accordance with the present disclosure
  • FIGs. 7(a) to 7(c) illustrate screenshots of a registration process in accordance with the present disclosure
  • FIGs. 8(a) to 8(c) illustrate screenshots of an example registration process in accordance with the present disclosure
  • Figs. 8(d) to 8(e) illustrate screenshots of alternative example registration process in accordance with the present disclosure
  • Fig. 9 illustrates a mapping of a submitted timeseries to an optimal template in accordance with the present disclosure. Description of Embodiments
  • FIG. 1 illustrates an online transaction system 100 in which methods disclosed in the present disclosure are applied.
  • the online transaction system 100 as shown in Fig. 1 includes a communication network 101, one or more service access devices 103, a service point 105, and a storage device 107.
  • the communication network 101 may be any suitable networks, such as a wireline network, a cellular network, a wireless local area network (WLAN), an optical network, etc.
  • the communication network 101 may also be a combination of the suitable networks.
  • the communication network 101 communicates data between network elements in the online transaction system 100.
  • the data communicated over the communication network 101 includes images, numbers, video, voice, text, animation, icons, avatar, electronic form data, or other computer data. Further, the data may also include signalling data that controls operation of the network elements in the online transaction system 100.
  • the service point 105 is a computing device that provides services to an
  • the service point 105 is a server operated by a service provider (e.g., a bank) to provide banking services (for example, online fund transfer) to a customer of the bank once the customer is authenticated by a service access device 103.
  • a service provider e.g., a bank
  • banking services for example, online fund transfer
  • the storage device 107 and the service point 105 are shown as separate elements in Fig. 1, the storage device 107 may be part of the service point 105 in other examples.
  • the service access device 103 is a computing device that is operated by the service provider (for example, a bank) or a third-party authentication network to authenticate a user when the user attempts to conduct a transaction with the service point 105.
  • the transaction may include accessing services provided by the service point 105, accessing documents stored at the service point 105, etc.
  • the service access device 103 is a computing device with one or more user interfaces as described in the present disclosure with reference to Fig. 2.
  • One of the methods described in the present disclosure can be implemented as a computer program product in the computing device, and the computing device performs the one or more methods.
  • the service access device 103 can be implemented as part of other devices operated by the service provider.
  • the service access device 103 can be part of an Automated Teller Machine (ATM) operated by a bank.
  • ATM Automated Teller Machine
  • Fig. 2 illustrates an example service access device 103 in accordance with the present disclosure.
  • the service access device 103 is a computing device used to authenticate a user when the user accesses the services provided by the service point 105.
  • the service access device 103 shown in Fig. 2 includes a processor 210, a memory device 220, a first user interface 230, a second user interface 240, a communication interface 250 and a bus 260.
  • the processor 210, the memory device 220, the first user interface 230, the second user interface 240, and the communication interface 250 are connected via the bus 260 to communicate with each other.
  • the communication interface 250 of the service access device 103 is used to connect the service access device 103 to the communication network 101 and further to the service point 105, as shown in Fig. 1.
  • the communication interface 250 may be an Internet interface, a WLAN interface, a cellular telephone network interface, a Public Switch Telephone Network (PSTN) interface, and an optical communication network interface, or any other suitable communication interface.
  • PSTN Public Switch Telephone Network
  • the communication interface 250 may not be included in the service access device 103.
  • the first user interface 230 and the second user interface 240 of the service access device 103 can be a same user interface or different user interfaces.
  • the first user interface 230 is a screen
  • the processor 210 presents visual information (for example, images, numbers, text, animations, video, etc.) on the screen to the user.
  • the screen includes a touch-sensitive surface
  • the second user interface 240 can also be the screen.
  • the processor 210 receives from the screen a set of data.
  • the set of data may represent a response to a cognitive challenge indicative of the user interacting with the second user interface 240, specifically, the touch-sensitive surface. Therefore, the set of data is indicative of biometric features of the user.
  • the set of data comprises a graphical symbol drawn by the user using a tool on the touch-sensitive surface, the graphical symbol including a plurality of points.
  • the user can use a finger or a stylus pen to draw the graphical symbol on the screen.
  • the set of data may also comprise: a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
  • the first user interface 230 is a screen to present visual information to the user
  • the second user interface 240 is a gesture- sensitive device.
  • the gesture- sensitive device may include one or more sensors, for example, a accelerometer and a gyroscope.
  • the processor 210 receives from the gesture-sensitive device a set of data (i.e., a gesture indication) indicative of a gesture of the user sensed by the gesture- sensitive device.
  • the set of data comprises one or more readings from the accelerometer or the gyroscope of the gesture-sensitive device.
  • the processor 210 is configured to perform machine executable instructions stored in the memory device 220 to implement one or more methods described in the present disclosure with reference to the accompanied drawings.
  • the machine executable instructions are included in a computer software program.
  • the computer software program resides in the memory device 220 in this example. In other examples, the computer software program is stored in a computer readable medium that is not part of the service access device 103, and is read into the memory device 220 from the computer readable medium.
  • the authentication methods described in the present disclosure include an authentication process and a registration process, the processor 210 of the service access device 103 is configured to perform both the authentication process and the registration process.
  • the authentication process is performed when a user logs in the online transaction system 100 using the service access device 103 to access services provided by the service point 105.
  • the registration process is performed when the user registers with the online transaction system 100 using the service access device 103.
  • the processor 210 is configured to perform the method steps in relation to the authentication process, shown in Fig. 3 and discussed in further detail below: present on the first user interface 230 a set of cognitive information elements to the user, the set of cognitive information elements being at least part of a cognitive challenge that has a reference solution; receive from the second user interface 240 a response to the cognitive challenge, the response containing a biometric feature of the user; extract the biometric feature of the user from the response received from the second user interface 240; and authenticate the user if the biometric feature extracted from the response matches the a reference biometric feature associated with the reference solution.
  • the processor 210 is also configured to perform the method steps in relation to the registration process, shown in Fig. 6 and discussed in further detail below: present on the first user interface 230 a set of cognitive information elements to the user, the set of cognitive information elements being at least part of a cognitive challenge that has a solution; receive from the second user interface 240 a set of indications indicative of a first subset of the set of cognitive information elements that is designated by the user; receive from the second user interface 240 an indication indicative of the solution to the cognitive challenge, the indication containing a biometric feature of the user; extract the biometric feature of the user from the indication indicative of the solution to the cognitive challenge; and cause the biometric feature to be stored in a storage device 107 in association with the solution to the cognitive challenge.
  • the processor 210 is also configured to perform the other methods described in the present disclosure.
  • Fig. 3 illustrates an example method 300 for authenticating a user in accordance with the present disclosure, particularly, when the user logs in the online transaction system 100 at the service access devices 103 to access services provided by the service point 105.
  • method 300 in this example is implemented at the service access device 103, method 300 can also be implemented at the service point 105 if the service access device 103 is part of the service point 105 or the service point 105 also performs user authentication functions in addition to providing services to the user.
  • method 300 is implemented at a separate authentication server (not shown in Fig. 1) to reduce the computing burden of the service access point 103.
  • Method 300 may also include one or more other steps that are not shown in Fig. 3.
  • the service access device 103 includes a screen with a touch-sensitive surface.
  • the screen is used to present visual information to the user, and on the other hand, to receive a response from the user via the touch-sensitive surface. Therefore, both references to the first user interface 230 or and references to the second user interface 250 in this example refer to the one screen with the touch-sensitive surface.
  • FIGs. 4(a) and 4(b) illustrate screenshots 400 of the authentication process in accordance with the present disclosure.
  • the user is prompted to provide a user name.
  • the user touches the "Enter Username” text box on the screen, and a virtual keyboard is further presented on the screen.
  • the user enters a username "John Smith” using the virtual keyboard.
  • the user name has been registered by the user with the online transaction system 100 during a registration process described in the present disclosure.
  • method 300 Upon receipt of the username "John Smith" from the screen, method 300 presents 310 on the screen a set of cognitive information elements to the user, as shown in Fig. 4(b).
  • the set of cognitive information elements is at least part of a cognitive challenge that has a reference solution.
  • method 300 renders a set of images and a set of numbers (or weights) associated with the set of images, for example, the numbers below the images.
  • the set of images comprises a first subset including one or more images that have been designated by the user during the registration process; and a second subset including one or more images that have not been designated by the user during the registration process. It should be noted that it is possible that the first subset may include none of the images that have been designated by the user during the registration process.
  • a cognitive challenge is a form of challenge-response authentication.
  • challenge- response authentication the system presents a challenge that invites a user to participate in a test that if the user passes proves the user is in fact the person that the user is claiming to be.
  • the challenge may be a question where the user must provide a validanswer.
  • a challenge-response requires the existence of a shared secret which is known to both the user and the system.
  • the secret may be the user's favourite number which can be acquired and stored during the registration process.
  • the system may challenge the user to respond with the user's favourite number and the system can receive the user's answer to authenticate the user. In this case, authentication would occur if the system determines that the answer is the same as a previously stored favourite number.
  • a cognitive challenge is a challenge that is presented in a way such that the reference solution conceals the secret.
  • the present disclosure uses the term conceal to mean that the reference solution hides or obfuscates the secret such that the secret is not observable
  • the secrets in the present disclosure are described in terms of cognitive information elements.
  • the cognitive information elements are used by the system to construct and present a cognitive challenge in such a way that the secret is concealed.
  • Examples of cognitive information elements may be sets of images but there could be others such as sets of words, colours, numbers or any other object that a user may be able to recognise and designate.
  • the presents disclosure refers to a challenge set of cognitive information elements which are those elements that are displayed or communicated to a user when attempting an authentication process.
  • the challenge set of cognitive information elements are typically a set of images or icons which the user is able to recognise and identify quickly and easily.
  • This set of challenge cognitive information elements includes elements of the secret set of cognitive information elements, which are those elements the user has selected during the registration process to be secret and the knowledge of which is the criteria for future authentication.
  • cognitive challenges There are many forms of cognitive challenges, and the challenge does not need to be a literal question and may be any form of challenge that requires a user to respond.
  • One form of cognitive challenge may be a recognition type challenge where, for example, the user is challenged to identify images that belong to a user designated set of images out of a larger set of images that are displayed.
  • the secret for the purpose of authentication in this case may be the full set of user designated images.
  • the secret set of images could be easily identified by an attacker. This in itself would not be observation resistant because the attacker could simply view the user selecting each of the individual images.
  • the reference solution is based on an intersection of the secret set of cognitive information elements and the challenge set of cognitive information elements.
  • the reference solution may be simply the sum of the numbers associated with the cognitive information elements in the intersection.
  • the reference solution may be just a number in itself. For example, if "fried chips" was the only cognitive information element that is presented in the challenge set of cognitive information elements, then the reference solution may just be "3.” This may provide some level of security because there may be multiple ways in the challenge set by which the answer could be "3.”
  • the user observes a challenge set of cognitive information elements (in this case a set of images) presented on the screen, and recognises the one or more images that have been designated by the user during the registration process (the secret set of cognitive information elements) using his or her cognitive capabilities, for example, images ("fried chips”, “optical disk”, and “horse") in the dashed boxes in Fig. 4(b). That is, the images ("fried chips”, “optical disk” and “horse") are the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements as they are the only elements that are common to both sets. It should be noted that the dashed boxes are shown in Fig.
  • the recognition of cognitive information elements may form the cognitive challenge itself or it may form part of the cognitive challenge.
  • the challenge set of cognitive information elements can be divided into four quadrants (410, 420, 430 and 440). There can be more or less divisions, and four is just used for illustrative purposes here.
  • the challenge set of cognitive information elements may contain some of the secret set of cognitive information elements which the present disclosure refers to as an intersection. If the secret set of cognitive information elements were as follows: “cyclist”, “flag”, “optical disk”, “fried chips”, “flower”, and “horse”, then the cognitive challenge may be to identify the number of secret cognitive information elements in each of the four quadrants. In this case, there would be three in the quadrant 410, two in quadrant 420, zero in quadrant 430 and one in quadrant 440.
  • One form of reference solution for the cognitive challenge could be based on identifying the quadrant with the highest or lowest number of secret images ("top left” and "bottom left” respectively).
  • a more complex challenge could be to require the user to write the number of images in order from top left to bottom right (in this case, 3201) but this may reveal some information about the secret images.
  • the reference solution could be to order the quadrants by the number of secret images in that quadrant. In this example, where the number 1 to 4 each corresponds to the quadrant from top left 410 to bottom right 440, the order of the quadrants could be written "3421" if sorted from the lowest number of secret images (bottom left 430) to highest number of images (top left 410).
  • the quadrants do not have to be numbers, for if the quadrants were correspondingly labelled A to D, the order of the quadrants would be written "CDBA" in this example.
  • the secret set of images are concealed because the reference solution "CDBA” does not observably contain the secret set of images. While some information may be inferred from an observer who observes the user, this would typically only be useful after multiple responses. A robust system would require an attacker to observe so many responses that it would be infeasible to do so to gain access.
  • the cognitive challenge may require the user to perform an operation on the numbers associated with each image such that the secret itself (that is in this case the secret set of user designated images) would not be observable.
  • the cognitive challenge not only requires recognition of user designated secret set of images, but also requires the user to perform an operation (such as a sum) on the numbers associated with the images. If there were, say, ten images that were designated during the registration process, then each challenge may only present ,as part of the challenge set of images, a subset of images (say three images) along with other images that may not be elements of the user designated secret set of images. This means that the user has to identify the elements that are elements of their secret set of images in order to be authenticated by the system but the reference solution is based on an operation performed on the numbers associated with the secret set of images so as to conceal the secret set of images itself.
  • one approach to conceal the secret so that an attacker would not be able to observe the secret is to determine the numbers associated with the images in the challenge set such that reference solution could be obtained from the operation on the numbers associated with the images in multiple ways.
  • the cognitive challenge in this example is "what is the result of the operation (sum of the numbers associated with the designated images) modulo 5?".
  • the operation may be displayed to the user as part of the cognitive challenge, or it may not, but in this case, this operation is known to the user before logging in the online transaction system 100.
  • the user performs an modulo 5 operation on the sum of the numbers (i.e., "3", “0” and “1"), particularly, (3+0+1) mod 5.
  • the result of this operation is number "4".
  • security could be enhanced by providing a sufficiently large number of combinations of images such that the reference solution is not simply guessable by chance.
  • the use of a cognitive challenge makes it difficult or computationally infeasible to determine the secret as the response from the user reveals little about the secret. Even though an attacker might be able to observe the answer "4" the attacker would not have sufficient information to determine what the images are that resulted in the answer "4.” Hence the secret (in this case the images) remains concealed by the reference solution and the response from the user.
  • the user draws a graphical symbol as a response to the cognitive challenge.
  • a tool e.g., a finger or a stylus pen
  • Method 300 receives 320 the response to the cognitive challenge, particularly, the graphical symbol, from the screen via the touch- sensitive surface and extracts 330 the biometric feature of the user form the response received. Method 300 further authenticates 340 the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
  • the reference biometric feature is a feature extracted from one or more training responses (for example, images) that were drawn by the user during the registration process.
  • the one or more training images represent the English word "four".
  • method 300 denies the access to the services provided by the service point 105 by for example presenting an error message on the screen, or sending a reject message via email or Short Message Service (SMS) to the user.
  • SMS Short Message Service
  • the reference solution to the cognitive challenge is number "4".
  • the user is not only required to determine the reference numerical solution "4" using his or her cognitive capacities, but also required to draw the graphical symbol containing the biometrical feature that matches the reference biometric feature.
  • Alternative cognitive challenges may utilise different reference biometric features to those described above in relation to the user drawing the word "four".
  • the reference solution to the cognitive challenge is the arrangement of the quadrants 410, 420, 430 and 440 into ascending order.
  • Fig 4(E) represents the quadrants when arranged in ascending order where the order is determined by counting the number of secret cognitive information elements in each quadrant.
  • the user has placed the quadrants from front to back in the following order: 430, 440, 420, 410.
  • the system may accept different forms of input from the user so as to allow a response from the user to perform this arrangement.
  • the system may utilise a swipe type interaction from the user on the screen with a touch sensitive interface.
  • the user may drag the quadrants using their finger or stylus to place them in their appropriate position.
  • the reference biometric features therefore can be based on the swipe that the user performs while ordering the quadrants.
  • the system may require the user to swipe to perform one or more training arrangements so that biometric features of the swipe can be extracted.
  • the method 340 will authenticate the user.
  • a different cognitive challenge may be presented to the user on the screen each time the user logs in the online transaction system 100.
  • the reference solution to the cognitive challenge may be different, and the reference biometric feature used to match the biometric feature extracted from the response may also be different accordingly. Therefore, in order for the service access device 103 to authenticate user, the reference biometric feature needs to be determined.
  • a different cognitive challenge may be presented to the user on the screen that requires a second response from the user.
  • the second reference solution to the second cognitive challenge may be different to the first reference solution to the first cognitive challenge and therefore the additional response may be different from the response provided by the user in the first cognitive challenge. Therefore it would be more difficult for an attacker to guess. This second response may be required where the system is insufficiently certain about the authentication of the user after the first response.
  • method 300 determines the first subset including the one or more images ("fried chips”, “optical disk”, and “horse") that have been designated by the user. That is, the first subset of images are elements of the secret set of images that the user designated during registration. There are also one or more numbers (for example, "3", "0” and “1") associated with the first subset of images. Therefore, the one or more numbers (for example, "3", "0” and “1") associated with the first subset of images are known to method 300 in determining the reference biometric feature.
  • Method 300 further determines an operation to be performed on the one or more numbers according to the cognitive challenge, i.e., (sum of the numbers associated with the designated images) modulo 5.
  • the operation is stored in association with the user in the storage device 107 (for example, the operation is stored in associated with the user in a table stored in the storage device 107, as described in detail with reference to Fig. 5). Therefore, method 300 determines the operation by accessing the storage device 107.
  • Method 300 performs the operation on the one or more numbers (particularly, (3+0+1) mod 5 in this example) to determine the reference solution (i.e., the numerical reference solution "4") to the cognitive challenge.
  • Method 300 further determines the reference biometric feature based on the reference solution.
  • Fig. 5 is an example table 500 used in the present disclosure to authenticate the user.
  • the table 500 is stored in the storage device 107 and is used in both the authentication process and the registration process.
  • the table 500 include a "user name” field 512, a challenge information element ("CIE") field 514, an "operation” field 516, a “reference solution” field 518, and a "reference feature” field 520.
  • Each entry of the table 500 associates the user name of a user with the challenge information elements used to construct the cognitive challenge, the operation used to solve the cognitive challenge, possible reference solutions to the cognitive challenge, and corresponding reference biometric features.
  • the table 500 may take a different form in other examples without departing from the scope of the present disclosure.
  • the "user name" field 512 contains an identification of the user, which can simply be the name of the user, for example, "John Smith”.
  • method 300 locates the entry that is identified by "John Smith”, i.e., the first entry of the table 500. Method 300 then retrieves challenge information elements (CIE) from the "CIE" field 514 of the first entry of the table 500.
  • CIE challenge information elements
  • the "CIE" field 514 contains challenge information elements (for example, images, or identifiers of the cognitive information elements) that are used to construct the cognitive challenge.
  • the challenge information elements include a first set of challenge information elements that have been designated by the user during the registration process and a second set of challenge information elements that have not been designated during the registration process.
  • the "CIE" field 514 may also contain a set of numbers (or weights) associated with challenge information elements.
  • the set of numbers can be pre-determined. However, the set of numbers may also be determined in a random manner or based on a certain function when the cognitive challenge is presented to the use on the screen.
  • method 300 selects one or more of designated challenge information elements and one or more of the undesignated challenge information elements from the challenge information elements contained in the "CIE" field 514, determines the numbers (weights) associated with the selected challenge information elements to construct the cognitive challenge.
  • the selected challenge information elements that have been designated by the user during the registration process include images "fried chips”, “optical disk”, and “horse”, and the numbers (or weights) associated with these designated challenge information elements are numbers “3", "0", and "1", respectively.
  • the "operation” field 516 contains the operation used to solve the cognitive challenge. As indicated in the "operation” field 516 of the first entry of the table 500, method 300 determines that the operation "Add and Mod 5" is used to solve the cognitive challenge presented to the user identified by "John Smith". The operation "Add and Mod 5" is known to the user before the user logs in the online transaction system 100. In other example, method 300 transmit the operation to the user via an email message or a SMS message to remind the user of the operation to solve the cognitive challenge. Method 300 may also present the operation to the user as a text message on the screen. [0079] The "reference solution” field 518 contains possible numerical solutions to the cognitive challenge.
  • the possible numerical solutions to the cognitive challenge include numbers “0”, “1", “2”, “3”, and “4".
  • Method 300 performs the operation “Add and Mod 5" on the numbers “3", “0”, and “1”, particularly (3+0+1) mod 5, to determine the reference numerical solution "4" to the cognitive challenge shown in Fig. 4(b).
  • the "reference feature” field 520 contains the biometric features associated with the possible reference solutions contained in the "reference solution” field 518.
  • a reference feature contained in the “reference feature” field 520 is a vector characterising an expected response received from the second user interface 240 of the service access device 103.
  • the vector can be a combination of different types of biometric features.
  • the reference numerical solution "0" is associated with the reference biometric feature identified by "JohnO”
  • the reference numerical solution "1" is associated with the reference biometric feature identified by "Johnl”, and so on.
  • the reference biometric features are extracted from one or more training responses (for example, one or more images) that are received from the user during the registration process.
  • the reference biometric feature identified by "JohnO” that is associated with the reference numerical solution "0" is extracted from one or more English words “zero” written by the user on the touch-sensitive screen using a finger or a stylus pen.
  • method 300 determines the reference biometric feature identified by "John4" is the reference biometric feature associated with the number "4", as shown in the first entry of the table 500.
  • the user determines a solution to the cognitive challenge shown in Fig. 4(b) using his or her cognitive capacities.
  • the solution determined by the user is the number "4".
  • the user then draws a graphic symbol, particularly an English word "four", on the touch-sensitive screen as a response to the cognitive challenge.
  • the service access point 103 receives the response from the touch- sensitive screen.
  • method 300 extracts the biometric feature of the user from the English word "four" received from the touch- sensitive screen, which is drawn by the user. If the biometric feature extracted from the English word "four” matches the reference biometric feature identified by "John4", as determined above, method 300 authenticate the user to access services provided by the service point 105.
  • biometric features that can be used to authenticate the user are described below. It should be noted that other biometric features may also be used without departing from the scope of the present disclosure. It should also be noted that the biometric feature used in authenticating a user in the present disclosure can be a combination of different types of biometric features.
  • the second user interface 240 of the the service access device 103 is a gesture or gait sensitive device that includes one or more sensors, for example, an accelerometer and a gyroscope.
  • the biometirc feature is extracted 330 from the response provided by the user in response to the cognitive challenge.
  • the biometric feature is extracted as the reference biometric feature from one or more training reponses provided by the user.
  • the biometric feature is extracted from raw outputs from the touch- sensitive surface of the service access device 103 or other sensors available from the service access device 103. The raw outputs are essentially a set of data indicative of the user interacting with the second user interface 240 of the service access device 103.
  • the raw outputs are categrised into touch outputs from the touch- sensitive screen and sensor outputs from other sensors of the serivce access device 103.
  • Values of touch outputs are extracted from the set of data provided by the touch- sensitive screen when the user touches the touch- sensitive screen using a touch tool, for example, a finger or stylus pen.
  • the touch outputs include one or more of the following parameters:
  • Action type indicating if the touch tool is making contact with the screen, moving continuously on the screen or if the tool is being lifted from the screen; type e ⁇ up, move, down ⁇
  • postion x the x coordinate of the touch tool on the screen
  • Y postion y the y coordinate of the touch tool on the screen
  • Pressure p a force from the touch tool being exerted on the screen
  • Size s the footprint area of the touch tool on the screen
  • Tilt in X ⁇ x the angle the touch tool makes with the screen with the x axis
  • Tilt in Y ⁇ y the angle the touch tool makes with the screen with the y axis
  • Values of sensor outputs are extracted from the set of data provided by the one or more sensors of the second user interface 240, for example, one or more readings from the one or more sensors.
  • the sensor outputs includes one or more of the following parameters:
  • Rotation Vector indicating the rotational position of the the second user interface 240 in space, further including:
  • Gyroscope vector a rate of rotation of the second user interface 240 around further including:
  • Accelerometer an acceleration force along an axis due to both the motion and gravity of the second user interface 240, further including:
  • Gravity an acceleration force along an axis due solely to gravity, further including: Gravity along Gravity along y: g y Gravity along z: g z ;
  • Linear Accelerometer an acceleration force along an axis due solely to the second user interface's 240 motion, further including:
  • method 300 extracts from raw outputs the biometric features.
  • the three categories of biometric features are described in detail below.
  • the rate of the rate in change of size applied to the screen of the current data-point from the previous point a raw measure of the angle the touch tool makes with the screen in the y axis.
  • Force F the force exerted on the screen by the touch tool. It is proportional to:
  • Sequence of Strokes - Extension the previous two Sequence of Strokes features carry time data, in the form of timestamps. This timing aspect can be extrapolated into a vector of equal length as SS with durations of each stroke into Stroke Time ( ST[m] ).
  • the stylometric features can be captured and calculated in realtime. This allows us to utilise how the stylometric features change in time to identify a user.
  • the top of the screen is defined as positive y , and the right as positive x .
  • the stylometric features including one or more of the following features:
  • TMP the upper most point of the current drawn figure
  • BMP the bottom most point of the current drawn figure
  • Width the width of the space occupied by the current drawn figure
  • Width-to-Height Ratio the width-to-height ratio of the space currently occupied by the current drawn figure
  • Curvature the amount of curvature at point n as calculated by
  • the authentication method can be categorized as a symmetric key challenge-response scheme.
  • challenge-response means that the authentication process of the authencation method involves challenges from S which U has to respond to.
  • the authentication method in the present disclosure involves cognitive authentication and biometric feature authentication
  • the cognitive authentication and the biometirc feature authentication are described first separately.
  • the cognitive authentication method consists of a secret (password) space S , a challenge space C and a solution space R .
  • the solution space R is finite and we let I R I denote its cardinality.
  • a cognitive function or an operation / maps a challenge c e C and a password s G S to a solution The function
  • the password space S consists of a set N of n objects (e.g., images). An individual password is assumed to be a k -element subset of N . Each element of s is referred to as a pass-object.
  • the challenge space C consists of / -element subsets of N , each element having a weight from the set of integers ⁇ 0, 1, ... , d - 1 ⁇ ⁇ ⁇ 0,1, ... , d - 1 ⁇ is denoted by More precisely, let c e C be a challenge.
  • each element of c is the pair is an object (e.g., an image)
  • Biometric feature Authentication In a biometric feature-based authentication method, a registration process is performed to extract the reference biometric features of a user. The registrateion process is also referred to a training process. During the registration process a template of a particular behaviour of the user, e.g., handwriting, gesture, or gait, is stored. The template can be either the set of all feature vectors extracted from the samples provided by the user, or one ore more optimal feature vectors (in the case of SVM), or global statistics such as mean and variance.
  • the authentication process also known as a testing process in the authentication method consists of 8 challenging the user U to reproduce the biometric feature that matches the template.
  • biometric features used in the present disclosure are extracted from a set of graphical symbols from ⁇ sketched by U , where Examples of the graphical symbols
  • the classifier also outputs the user sketch does not match the template of any symbol.
  • the authentication method provided in the present disclosure also includes a Global Setup process executed by (i.e., the service access point
  • a pseudo-code representation of the global setup process is as follows:
  • n 200
  • k 10
  • / 30
  • d 5
  • 4. 5 sets a one-to-one map which maps each solution r e fi to a unique
  • S sets the (untrained) classifier b .
  • S sets the number ⁇ , i.e., the number of sketches for each symbol needed to train the classifier b .
  • is the training size.
  • S randomly selects / elements from N . For each element, S generates a weight from 3 ⁇ 4 randomly or in a certain function associated with each element from N.
  • S sends the / -element cognitive challenge c to U whose elements are ordered pairs of objects from N and their weights.
  • U determines using its cognitive capabilities if any object from s is in c . If yes, U sums their weights and performs a mod d operation using its cognitive capacities to determine r as a solution to the cognitive challenge. If no object from s is in c , U determines a random integer r e Z d as the solution.
  • S sends a reject message to U .
  • both the set of / images and their corresponding weights may be generated uniformly at random.
  • the user then sums up the weights (numbers "3", “0", "1") corresponding to the user's secret images (i.e., designated images “fried chips”, “optical disk”, and “horse") in the cognitive challenge, performs the operation (the sum modulo 5) to deterimine the solution (number "4") to the cognitive solution.
  • the user draws a graphical symbol, particularly, the English word "four" on the second user interface 240 (i.e., the touch- sensitive screen as shown in Fig.
  • the user may simply determine a random integer from 3 ⁇ 4 as the solution to the cognitive challenge and draw the corresponding English word as the response on the the touch- sensitive screen of the service access device 103.
  • method 300 Upon receipt of the response (for example, the English word "four" drawn by the user) provided by the user via the second user interface 240 of the service access device 103, method 300 extracts the biometric feature of the user from response. Method 300 further determines a further reference biometric feature based on the biometric feature extracted from the response and a criterion, for example, a Dynamic Time Wrapping (DTW) distance.
  • DTW Dynamic Time Wrapping
  • method 300 compares the biometric feature with each of the reference biometric features identified by "JohnO” , "Johnl”, “John2”, “John3”, and “John4" stored in the "reference feature” field 520 of the first entry of the table 500. Since the biometric feature extracted from the response is not necessarily exactly the same as one of the reference biometric features stored in the table 500, method 300 determines one of the reference biometric features that is closest, in terms of DTW distance, to the biometric feature extracted from the response as the further reference biometric feature. In this example, if the user draws the English word "four" properly, the further reference biometric is the reference biometric feature identified by "John4".
  • Method 300 determines a further reference solution to the cognitive challenge.
  • the further reference solution is one of the reference solutions that is associated with the further reference biometric feature.
  • the further reference solution is the number "4" that is associated with the further reference biometric feature identified by "John4", as shown in the first entry of the table 500.
  • Method 300 compares the reference solution that is already determined with the further reference solution, and determines the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the further reference solution is equal to the reference solution.
  • the reference solution i.e., the number "4"
  • the biometric feature extracted from the response i.e., the English word "four
  • the reference biometric feature i.e., the reference biometric feature identified by "John4"
  • the method determines, based on the criterion, a distance (for example, a DTW distance) between the biometric feature extracted from the response and the reference biometric feature associated with the reference solution. If the distance meets a threshold, method 300 determines the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution.
  • a distance for example, a DTW distance
  • method 300 uses Optical Character Recognition (OCR) technologies to recognise the English word “four” directly from the image "four”, and compares the reference biometric feature associated with the English word "four” with the biometric feature extract from the image "four” before authenticating the user to access the service.
  • OCR Optical Character Recognition
  • the system may register a user to authenticate the user by receiving from a third user interface a selection of cognitive information elements designated by the user as a secret set of cognitive information elements, determining the reference biometric feature of the user based on the interaction of the user with the third user interface and storing in a storage device the biometric feature.
  • This registration process allows for the system to acquire and store a biometric feature of the user that can be used to authenticate the user during the authentication process.
  • This registration process is presented on a third user interface, which may or may not be the same as the first user interface or the second user interface.
  • the user may authenticate on a device with the first user interface or second user interface, having already registered on a device with the third user interface.
  • the user may register and authenticate on the same device with the same user interface.
  • the third user interface is referred to as the first user interface and second interface.
  • Fig. 6 illustrates an example method 600 for registering a user with the online transaction system 100 to authenticate the user in accordance with the present disclosure, particularly, when the user registers at service access devices 103.
  • method 600 in this example is implemented at the service access device 103
  • method 600 can also be implemented at the service point 105 if the service access device 103 is part of the service point 105 or the service point 105 also performs user registration functions in addition to providing services to the user.
  • method 600 is implemented at a separate registration server (not shown in Fig. 1) to reduce the computing burden of the service access point 103.
  • Method 600 may also include method steps that are not shown in Fig. 6.
  • method 600 asks the user to provide a user name.
  • the user is prompted to enter a user name on the first user interface 230 (i.e., the touch-sensitive screen) of the service access device 103.
  • the user enters, for example, "John Smith", as its user name and submits the user name to the service access device 103 by touching the "submit” button.
  • the service access device 103 Upon receipt of the user name at the service access device 103, the service access device 103 generates an entry of the table 500 as shown in Fig. 5 with the "user name” field 512 of the entry containing the user name "John Smith" to identify the user.
  • Method 600 presents 610 on the first user interface 230 of the service access device 103 a set of cognitive information elements to the user.
  • the set of cognitive information elements are at least part of a cognitive challenge that has a solution.
  • the set of cognitive information elements in this example are a set of images rendered on the touch- sensitive screen.
  • the images for the user to review and designate may be presented on multiple pages on the touch-sensitive screen.
  • Method 600 receives 620 from the touch- sensitive screen a set of indications indicative of a first subset of the set of cognitive information elements that is designated by the user as a secret set of cognitive information elements.
  • Method 600 stores the first subset of the set of cognitive information elements as designated CIEs in the "CIE" field 514 of the entry identified by the user name "John Smith", i.e., the first entry of the table 500.
  • method 600 can also store a second subset of the set of cognitive information elements as undesignated CIEs in the "CIE" field 514 of the entry identified by the user name "John Smith”.
  • Method 600 presents on the touch- sensitive screen an indication to the user indicative of an operation (particularly, "Add and Mod 5" in the first entry of the table 500) that is used to solve the cognitive challenge.
  • the indication indicative of the operation may also be sent to the user via an electronic message, e.g., an e-mail or SMS message.
  • the designated challenge elements and the undesignated challenge elements are used to construct a cognitive challenge that has a solution when the user logs in the online transaction system 100.
  • Method 600 is prompted to provide one or more training responses (for example, images) via the touch-sensitive screen to represent the solution.
  • the user is prompted to draw a English word "four" twice.
  • the English word "four” is associated with a numerical solution "4". Therefore, method 600 receives 630 from the touch-sensitive screen an indication indicative of the solution to the cognitive challenge.
  • the indication comprises a set of data indicative of the user interacting with the touch- sensitive screen, and contains a biometric feature of the user that is associated with the English word "four".
  • Figs. 8(a) to (c) the user is prompted to draw a English word "four" twice.
  • the English word "four” is associated with a numerical solution "4". Therefore, method 600 receives 630 from the touch-sensitive screen an indication indicative of the solution to the cognitive challenge.
  • the indication comprises a set of data indicative of the user interacting with the touch- sensitive screen, and contains a biometric feature of the user that is associated with the English word "four".
  • the method 600 receives from the touch- sensitive screen a set of data indicative of the user interacting with the touch- sensitive screen and contains a biometric feature of the user that is associated with the users swipe gesture.
  • Method 600 extracts 640 the biometric feature of the user from the indication indicative of the solution to the cognitive challenge, particularly, the set of data received from the touch-sensitive screen.
  • the second user interface 240 of the service access device 103 is the touch-sensitive screen and the touch- sensitive screen includes a touch- sensitive surface.
  • the set of data indicative of the biometric features of the user comprises one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
  • the second user interface 240 of the service access device 103 comprises one or more sensors, for example, an accelerometer, a gyroscope, a gesture sensitive device.
  • the set of data comprises one or more readings from the second user interface 240.
  • the biometric feature is extracted from the set of data.
  • preprocessing steps may also be performed, for example, offset correction, linear detrending, and smoothing.
  • the biometric feature extracted from the training responses i.e., the English words "four” drawn by user
  • the biometric feature extracted from the training responses is a biometeric feature identified by "John4".
  • Method 600 further stores 650 in a storage device the biometric feature in association with the solution to the cognitive challenge.
  • the biometric feature "John4" representing the English word "four” is stored in the table 500, which is in turn stored in the storage device 107, as a reference biometric feature in association with the numerical solution "4".
  • the reference biometric feature is also referred to as a template in the present disclosure.
  • the user' s biometric template may be changed after registration in order to reflect possible changes in the way the user performs a gesture such as a swipe or the user draws a symbol. For example, if a biometric feature extracted from a response provided by the user results in a successful authentication, the stored template may be replaced with the biometric feature in order to capture the recent gesturing or handwriting habits of the user.
  • the above registration process repeats for each of the possible numerical solutions "0" to "4" to the cognitive challenge and for each user.
  • the table 500 is formed as a result of users registering with the online transaction system 100.
  • a MYSQL database may be used to store the table 500, and SQL queries are used to store and retrieve data as needed.
  • a pseudo-code representation of the registration process is as follows:
  • U designates a set s of k objects from N as its password and shares it with S . 2. For each symbol
  • S uses the set of template T oi all symbol templates o T , to train the classifier b to output _L .
  • S stores the set of template T .
  • the secret consists of s and T .
  • the setN consists of n images.
  • the user needs to designate k images to make up their secret.
  • the n images can be shuffled randomly and a subset (say / ) of the n images are shown at a time during registration.
  • the user can designate an image by touching it on the second user interface 240 (e.g. the touch-sensitive screen) of the service access device 103.
  • the user can swipe right to view the next page containing the next / images.
  • the process concludes once the user has chosen k images.
  • GUIal symbols As described above, graphical symbols are used as responses to the cognitive challenge when the user logs in the online transaction sytem 100 or as the training responses when the user registers with the online transaction system 100.
  • the graphical symbols need to exhibit the following properties: the biomeric features of the graphical symbols should be able to distinguish different graphical symbols; the biometric features of the graphical symbols should be able to distinguish different users; and the graphical symbols should be able to be reproduced between attempts.
  • English words “zero”, “one”, “two”, “three” and “four” are used as the graphical symbols to represent numerical solutions “0", "1", “2", “3” and "4" to the cognitive challenge.
  • other graphical symbols can also be used without departing from the scope of the present disclosure.
  • Biometric Features An example set of biomentric features that is used to compare the biometric feature extracted from the response to the cognitive challenge with the reference biometric features is described below. Please note that these biometric features exist in a time-series format with data-points at the fastest rate of record by the hardware device: ⁇ : the change in pressure applied to the screen of the current data-point from the previous point; ⁇ : the change in x position of the current data-point from the previous point; 5y: the change in y position of the current data-point from the previous point; v x : the velocity in x direction of the current data-point from the previous point; v y : the velocity in y direction of the current data-point from the previous point; a x : the acceleration in x direction of the current data-point from the previous point; a y : the acceleration in y direction of the current data-point from the previous point; Area: the rectangular area currently occupied from the start to the current point being drawn; Curvature: the amount of cur
  • Feature comparison With a common set of features the similarity between two biometric features can be determined by comparing the two biometric features. Further, a threshold is used to determine if two biometric feature belong to the same user or differ too greatly for the authentication process.
  • DTW Dynamic Time Warping
  • SVM Support Vector Machine
  • DTW is an algorithm for mapping one time-series indicative of a biometric feature to another time-series indicative of another biometric feature. DTW determines the shortest path in order to map one time- series to another, where the shortest path is defined as the minimum distance between the two time-series. DTW also maps one time-point to another and calculates the difference in their values. This difference contributes to the distance between the time-series.
  • Fig. 9 illustrates a mapping 900 of a submitted timeseries to an optimal template in accordance with the present disclosure.
  • the submitted time-series indicates the biometric feature exracted from a response provided by the user when the user attempts to log in the online transaction system 100.
  • the submitted time- series is compared against the optimal template that indicates one of the reference biometirc features.
  • Fig. 9 illustrates a single dimension mapping
  • DTW algorithm can use multiple features each considered as its own dimension. While the FastDTW al orithm provided by the Java Machine Learning library is capable of
  • the biometric feature can also be split into independent data groups.
  • the groups are defined as to which sensor the biometric features have primarily been derived from, e.g. displacement, velocity are derived from touch locations, whilst pressure would be from the pressure detection within the screen, and movement data from the accelerometer would be in its own groupings.
  • the distance outputs from each of the individual DTW processes are summed up to produce a single value of similarity between the two time-series. This value is compared to a threshold as described below:
  • Group Threshold the threshold of a user is determined by how distant a user's writing samples are from everyone else in the collective group. The algorithm is as follows: the optimal template will be run against every other handwriting sample in the database from other users, and an array of distances created. The lowest distance to another sample that does not belong to a user is then set as the threshold. Whilst this approach is suitable for limited samples set of small number of participants, for an online transaction system that has potentially thousands of users, the group threshold calculated would be too sensitive to all accurate authentication;
  • the idea behind personal threshold is a threshold is assigned to the user itself based on how consistent or inconsistent a user is based on the training samples that were acquired during the registration process. Initially the personal threshold was calculated by finding the mean of the distances between the user's own samples, and adding a parameter which is a multiple of the standard deviation to the mean as the threshold
  • a global threshold is a singular value chosen by the system administrators, depending on the level of security demanded by the system. This level is recommended based on a base number as seen by group thresholds, and an adjustment factor for the usability-security compromise. The higher the threshold, the more usable and tolerant it will be to user deviations;
  • optimal templates are used in order to reduce the number of comparisons required during the login attempt. So with a regular login attempt, the submitted timeseries will only need to be compared with a single optimal template as opposed to all the samples.
  • each sample has its DTW distance computed against the other samples in the user's set, and summed together.
  • the sample with the lowest collective distances to the other samples is designated as the optimal template, the reasoning behind this is that the sample is the closest to each and every other sample of the user, being the middle sample median.
  • Mehtod 300 retrieves five optimal templates or reference biometric features for five symbols (e.g., English words “zero”, “one”, “two”, “three”, “four”);
  • Method 300 compares the biometric feature extracted from the response to each of the 5 optimal templates in terms of distance computed through DTW;
  • Method 300 determines an optimal template out of the five optimal templates with the lowest DTW distance to the extracted biomeric feature. This optimal template is considered to be the one the user intended to provide in response to the cognitive challenge;
  • Method 300 determines a numerical solution associated with the optimal template
  • method 300 rejects the user
  • method 300 rejects the user
  • method 300 presents how many login rounds have been passed, and issues a new challenge or a token to indicate authentication to the user.
  • noise is introduced to an attackers data by letting the user respond with a graphical symble associated with a random solution from
  • 1.5 secret images is expected to be present in each challenge.
  • the probability that no secret image is present in the challenge is
  • Suitable computer readable media may include volatile (e.g. RAM) and/or non-volatile (e.g. ROM, disk) memory, carrier waves and transmission media.
  • Exemplary carrier waves may take the form of electrical, electromagnetic or optical signals conveying digital data steams along a local network or a publically accessible network such as internet.
  • generating refers to the action and processes of a computer system, or similar electronic computing device, that processes and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • User Interface Of Digital Computer (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Computer-implement methods, software, and computer systems for authenticating a user. Authentication includes presenting on a first user interface a challenge set of cognitive information elements (400) to the user that comprises a cognitive challenge that has a reference solution based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements. Biometric features of the user can be extracted from a response made by the user to the cognitive challenge on a second user interface, and the user can be authenticated if the biometric feature extracted from the response matches a reference biometric feature.

Description

"Authenticating a user"
Cross-Reference to Related Applications
[0001] The present application claims priority from Australian Provisional Patent
Application No 2016901727 filed on 10 May 2016, the content of which is incorporated herein by reference.
Technical Field
[0002] The present disclosure includes computer-implemented methods, software, and computer systems for authenticating a user.
Background
[0003] User authentication plays an increasingly important role in a digital era since more and more transactions are being and will be conducted online without physical presence of a user at a transaction location. It should be noted that the term "authentication" in the present disclosure refers to a technical mechanism that uses a technical means to allow a legitimate user to access and prevents an illegitimate user from accessing a service that should only be accessed by the legitimate user. The technical means used in the authentication may take different forms.
[0004] For example, instead of walking into a branch of a bank in person, a user may create an account in a database operated by the bank, and associate a password with the account. The account is typically identified by an account name. By providing the account name and the password via a computer at home, the user invokes a password check process using network and digital technologies adopted by the bank. Once the user is authenticated by the password check process, the user is able to transact using the account, for example, making a payment, transferring money to another account held by another user, etc. In addition to banking services, user authentication may be required in document access services. For example, if a user attempts to access a document stored at a secure document server. The secure document server or a third-party security service provider may need to check if the user has the right to access the document. If the user has the right to access the document, the user is authenticated to access the document. Otherwise, the secure document server rejects the user by not allowing the access to the document.
[0005] The convenience makes our life easier, however, on the other hand, also increases risk. Particularly, an attacker or a hacker may be able to use hacking technologies to track the account name and the password set by the user when the user is typing the account name and the password on a computer at home. The attacker can even obtain the account name and the password by simply observing the user if the user is logging into the account using a computer installed at a public place.
[0006] Different authentication mechanisms have been developed to enhance online security, for example, a cognitive challenge mechanism and a biometric feature mechanism. However, in order to achieve a robust security level, the cognitive challenge mechanism has to be repeated many times with different cognitive challenges when a user logs in the account. This makes the cognitive challenge mechanism inefficient and not user-friendly. On the other hand, the biometric feature mechanism takes advantage of unique biometric features (for example, unique handwriting habits, gestures, etc.) of a user to reduce the number of repetitions, however, this mechanism is vulnerable to noise and imitations due to lack of randomness. This makes the biometric feature mechanism less reliable, particularly, due to the high Equal Error Rate (EER).
[0007] Throughout this specification the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated element, integer or step, or group of elements, integers or steps, but not the exclusion of any other element, integer or step, or group of elements, integers or steps.
[0008] Any discussion of documents, acts, materials, devices, articles or the like which has been included in the present disclosure is not to be taken as an admission that any or all of these matters form part of the prior art base or were common general knowledge in the field relevant to the present disclosure as it existed before the priority date of each claim of this application. Summary
[0009] There is provided a computer implemented method for authenticating a user, the method comprising: presenting on a first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution, wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receiving from a second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extracting the biometric feature of the user from the response received from the second user interface; and authenticating the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
[0010] As can be seen from the above, the method disclosed in the present disclosure extracts the biometric feature of the user from the response made by the user to the cognitive challenge, and authenticates the user if the biometric feature extracted from the response matches the reference biometric feature. Advantageously, in authenticating the user, this method takes advantage of both cognitive capacities of the user used to determine the reference solution to the cognitive challenge and the biometric feature of the user contained in the response to the cognitive challenge. This method effectively reduces the number of repetitions required in conventional cognitive authentication methods to achieve a desired level of security and improves accuracy of conventional biometric feature authentication methods.
[0011] The reference solution may comprise a result of an operation based on the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements. [0012] The reference solution may be based on an arrangement of the challenge set of cognitive information elements.
[0013] The reference solution may be a first reference solution and the response may be a first response, the method further comprising: presenting a second cognitive challenge that has a second reference solution, receiving a second response, extracting the biometric feature from the second response and authenticating the user if the biometric feature extracted from the first response and the second response match the reference biometric feature associated with the first reference solution and second reference solution.
[0014] The first user interface may be a screen. Presenting on the first user interface the challenge set of cognitive information elements may comprise presenting on the screen a set of images and presenting a set of numbers associated with the set of images.
[0015] The set of images may comprise a first subset that represents the intersection that includes zero, one or more images of the secret set of cognitive information elements; and a second subset including one or more images that are all not in the secret set of cognitive information elements.
[0016] The first subset may include one or more images of the secret set of cognitive information elements. It should be noted that it is possible that the first subset may include none of the images that have been designated by the user as the secret set of cognitive information elements during the registration process. Authenticating the user may further comprise: determining one or more numbers in the set of numbers associated with the first subset; determining an operation to be performed on the one or more numbers; performing the operation on the one or more numbers to determine the reference solution to the cognitive challenge; and determining the reference biometric feature based on the reference solution. [0017] Authenticating the user may further comprise: determining a further reference biometric feature based on the biometric feature and a criterion; determining a further reference solution to the cognitive challenge, the further reference solution being associated with the further reference biometric feature; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the further reference solution is equal to the reference solution.
[0018] The method may further comprise: determining, based on the criterion, a distance between the biometric feature extracted from the response and the reference biometric feature associated with the reference solution; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the distance meets a threshold.
[0019] The response may comprise a set of data indicative of the user interacting with the second user interface.
[0020] Extracting the biometric feature may comprise extracting the biometric feature from the set of data.
[0021] The second user interface may be the screen and the screen may include a touch- sensitive surface. The set of data may comprise one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
[0022] The second user interface may comprise one or more of an accelerometer, a gyroscope, and a gesture- sensitive device. The set of data may comprise one or more readings from the second user interface.
[0023] There is provided a computer implemented method for registering a user to authenticate the user, the method comprising: receiving from a third user interface a selection of cognitive information elements designated by the user as a secret set of cognitive information elements; determining reference biometric feature of the user based on the interaction of the user with the third user interface; and storing in a storage device the biometric feature. [0024] The third user interface may be a screen, and presenting on the third user interface the set of cognitive information elements may comprise presenting on the screen a set of images.
[0025] The third user interface may be the screen, and the screen may include a touch- sensitive surface. The interaction with the third user interface may comprise one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
[0026] The third user interface may comprise one or more of an accelerometer, a gyroscope, and a gesture sensitive device. [0027] The method may further comprise presenting on the third user interface a further indication to the user indicative of an operation that is used in the cognitive challenge.
[0028] There is provided a computer software program, including machine -readable instructions, when executed by a processor, causes the processor to perform one or more of the methods as described above.
[0029] There is provided a computing device for authenticating a user, the computer system comprising: a first user interface; a second user interface; and a processor that is connected to the first user interface and the second interface, the processor being configured to present on the first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution , wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receive from the second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extract the biometric feature of the user from the response received from the second user interface; and authenticate the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution. Brief Description of Drawings
[0030] Features of the present disclosure are illustrated by way of non-limiting examples, and like numerals indicate like elements, in which:
Fig. 1 illustrates an online transaction system in which methods disclosed in the present disclosure are applied;
Fig. 2 illustrates an example service access device in accordance with the present disclosure;
Fig. 3 illustrates an example method for authenticating a user in accordance with the present disclosure;
Figs. 4(a) to 4(c) illustrate screenshots of an example authentication process in accordance with the present disclosure; Figs 4(d) and 4(e) illustrates screenshots of an alternative example authentication process in accordance with the present disclosure.
Fig. 5 illustrates an example table used in the present disclosure to authenticate a user;
Fig. 6 illustrates an example method for authenticating a user in accordance with the present disclosure;
Figs. 7(a) to 7(c) illustrate screenshots of a registration process in accordance with the present disclosure;
Figs. 8(a) to 8(c) illustrate screenshots of an example registration process in accordance with the present disclosure; Figs. 8(d) to 8(e) illustrate screenshots of alternative example registration process in accordance with the present disclosure; and
Fig. 9 illustrates a mapping of a submitted timeseries to an optimal template in accordance with the present disclosure. Description of Embodiments
[0031] Fig. 1 illustrates an online transaction system 100 in which methods disclosed in the present disclosure are applied.
[0032] The online transaction system 100 as shown in Fig. 1 includes a communication network 101, one or more service access devices 103, a service point 105, and a storage device 107. The communication network 101 may be any suitable networks, such as a wireline network, a cellular network, a wireless local area network (WLAN), an optical network, etc. The communication network 101 may also be a combination of the suitable networks.
[0033] The communication network 101 communicates data between network elements in the online transaction system 100. The data communicated over the communication network 101 includes images, numbers, video, voice, text, animation, icons, avatar, electronic form data, or other computer data. Further, the data may also include signalling data that controls operation of the network elements in the online transaction system 100.
[0034] The service point 105 is a computing device that provides services to an
authenticated user. For example, the service point 105 is a server operated by a service provider (e.g., a bank) to provide banking services (for example, online fund transfer) to a customer of the bank once the customer is authenticated by a service access device 103. Although the storage device 107 and the service point 105 are shown as separate elements in Fig. 1, the storage device 107 may be part of the service point 105 in other examples.
[0035] The service access device 103 is a computing device that is operated by the service provider (for example, a bank) or a third-party authentication network to authenticate a user when the user attempts to conduct a transaction with the service point 105. The transaction may include accessing services provided by the service point 105, accessing documents stored at the service point 105, etc. For example, the service access device 103 is a computing device with one or more user interfaces as described in the present disclosure with reference to Fig. 2. One of the methods described in the present disclosure can be implemented as a computer program product in the computing device, and the computing device performs the one or more methods. Further, the service access device 103 can be implemented as part of other devices operated by the service provider. For example, the service access device 103 can be part of an Automated Teller Machine (ATM) operated by a bank.
[0036] Fig. 2 illustrates an example service access device 103 in accordance with the present disclosure. As described above, the service access device 103 is a computing device used to authenticate a user when the user accesses the services provided by the service point 105.
[0037] The service access device 103 shown in Fig. 2 includes a processor 210, a memory device 220, a first user interface 230, a second user interface 240, a communication interface 250 and a bus 260. The processor 210, the memory device 220, the first user interface 230, the second user interface 240, and the communication interface 250 are connected via the bus 260 to communicate with each other. The communication interface 250 of the service access device 103 is used to connect the service access device 103 to the communication network 101 and further to the service point 105, as shown in Fig. 1. The communication interface 250 may be an Internet interface, a WLAN interface, a cellular telephone network interface, a Public Switch Telephone Network (PSTN) interface, and an optical communication network interface, or any other suitable communication interface. In other examples, if the service access device 103 is part of the service point 105, the communication interface 250 may not be included in the service access device 103.
[0038] The first user interface 230 and the second user interface 240 of the service access device 103 can be a same user interface or different user interfaces. In an example, the first user interface 230 is a screen, and the processor 210 presents visual information (for example, images, numbers, text, animations, video, etc.) on the screen to the user. If the screen includes a touch-sensitive surface, the second user interface 240 can also be the screen. In this case, the processor 210 receives from the screen a set of data. For example, the set of data may represent a response to a cognitive challenge indicative of the user interacting with the second user interface 240, specifically, the touch-sensitive surface. Therefore, the set of data is indicative of biometric features of the user. The set of data comprises a graphical symbol drawn by the user using a tool on the touch-sensitive surface, the graphical symbol including a plurality of points. Particularly, the user can use a finger or a stylus pen to draw the graphical symbol on the screen. The set of data may also comprise: a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
[0039] In another example, the first user interface 230 is a screen to present visual information to the user, while the second user interface 240 is a gesture- sensitive device. The gesture- sensitive device may include one or more sensors, for example, a accelerometer and a gyroscope. In this case, the processor 210 receives from the gesture-sensitive device a set of data (i.e., a gesture indication) indicative of a gesture of the user sensed by the gesture- sensitive device. In this case, the set of data comprises one or more readings from the accelerometer or the gyroscope of the gesture-sensitive device.
[0040] The processor 210 is configured to perform machine executable instructions stored in the memory device 220 to implement one or more methods described in the present disclosure with reference to the accompanied drawings. The machine executable instructions are included in a computer software program. The computer software program resides in the memory device 220 in this example. In other examples, the computer software program is stored in a computer readable medium that is not part of the service access device 103, and is read into the memory device 220 from the computer readable medium. [0041] The authentication methods described in the present disclosure include an authentication process and a registration process, the processor 210 of the service access device 103 is configured to perform both the authentication process and the registration process. The authentication process is performed when a user logs in the online transaction system 100 using the service access device 103 to access services provided by the service point 105. The registration process is performed when the user registers with the online transaction system 100 using the service access device 103.
[0042] Specifically, the processor 210 is configured to perform the method steps in relation to the authentication process, shown in Fig. 3 and discussed in further detail below: present on the first user interface 230 a set of cognitive information elements to the user, the set of cognitive information elements being at least part of a cognitive challenge that has a reference solution; receive from the second user interface 240 a response to the cognitive challenge, the response containing a biometric feature of the user; extract the biometric feature of the user from the response received from the second user interface 240; and authenticate the user if the biometric feature extracted from the response matches the a reference biometric feature associated with the reference solution.
[0043] The processor 210 is also configured to perform the method steps in relation to the registration process, shown in Fig. 6 and discussed in further detail below: present on the first user interface 230 a set of cognitive information elements to the user, the set of cognitive information elements being at least part of a cognitive challenge that has a solution; receive from the second user interface 240 a set of indications indicative of a first subset of the set of cognitive information elements that is designated by the user; receive from the second user interface 240 an indication indicative of the solution to the cognitive challenge, the indication containing a biometric feature of the user; extract the biometric feature of the user from the indication indicative of the solution to the cognitive challenge; and cause the biometric feature to be stored in a storage device 107 in association with the solution to the cognitive challenge.
[0044] The processor 210 is also configured to perform the other methods described in the present disclosure.
[0045] Authentication process
[0046] Fig. 3 illustrates an example method 300 for authenticating a user in accordance with the present disclosure, particularly, when the user logs in the online transaction system 100 at the service access devices 103 to access services provided by the service point 105. Although method 300 in this example is implemented at the service access device 103, method 300 can also be implemented at the service point 105 if the service access device 103 is part of the service point 105 or the service point 105 also performs user authentication functions in addition to providing services to the user. As another example, method 300 is implemented at a separate authentication server (not shown in Fig. 1) to reduce the computing burden of the service access point 103. Method 300 may also include one or more other steps that are not shown in Fig. 3.
[0047] In this example, the service access device 103 includes a screen with a touch- sensitive surface. The screen is used to present visual information to the user, and on the other hand, to receive a response from the user via the touch-sensitive surface. Therefore, both references to the first user interface 230 or and references to the second user interface 250 in this example refer to the one screen with the touch-sensitive surface.
[0048] Figs. 4(a) and 4(b) illustrate screenshots 400 of the authentication process in accordance with the present disclosure. [0049] As show in Fig. 4(a), the user is prompted to provide a user name. The user touches the "Enter Username" text box on the screen, and a virtual keyboard is further presented on the screen. The user enters a username "John Smith" using the virtual keyboard. The user name has been registered by the user with the online transaction system 100 during a registration process described in the present disclosure.
[0050] Upon receipt of the username "John Smith" from the screen, method 300 presents 310 on the screen a set of cognitive information elements to the user, as shown in Fig. 4(b). The set of cognitive information elements is at least part of a cognitive challenge that has a reference solution. Particularly, method 300 renders a set of images and a set of numbers (or weights) associated with the set of images, for example, the numbers below the images. The set of images comprises a first subset including one or more images that have been designated by the user during the registration process; and a second subset including one or more images that have not been designated by the user during the registration process. It should be noted that it is possible that the first subset may include none of the images that have been designated by the user during the registration process.
[0051] A cognitive challenge is a form of challenge-response authentication. In challenge- response authentication, the system presents a challenge that invites a user to participate in a test that if the user passes proves the user is in fact the person that the user is claiming to be. The challenge may be a question where the user must provide a validanswer. Typically a challenge-response requires the existence of a shared secret which is known to both the user and the system. As an example of a very basic challenge -response, the secret may be the user's favourite number which can be acquired and stored during the registration process. During authentication, the system may challenge the user to respond with the user's favourite number and the system can receive the user's answer to authenticate the user. In this case, authentication would occur if the system determines that the answer is the same as a previously stored favourite number.
[0052] In a normal challenge- response authentication system, the user's answer (such as, say 6) is actually the secret and this would be observable to an over- the- shoulder type of attack or even a Man-In-The-Middle type attack. That is, an attacker may either visibly see the answer to the challenge and hence be able to replicate the secret, or the attacker could intercept the answer containing the favourite number (the secret) and use it to pretend to be the user. [0053] A cognitive challenge is a challenge that is presented in a way such that the reference solution conceals the secret. The present disclosure uses the term conceal to mean that the reference solution hides or obfuscates the secret such that the secret is not observable
(generally such observations would be performed by an attacker in order to to gain access to the system) or such that the secret is difficult to discern from the observable input from the user (where the information about the secret that can be ascertained from the input of a user is limited). This means that the secret itself is not input by the user but there is some form of transformation that is derived from the secret. Typically the challenge will be presented such that it would be difficult or computationally infeasible to observe the secret or ascertain sufficient information about the secret so as to gain access to the system without proper authentication.
[0054] The secrets in the present disclosure are described in terms of cognitive information elements. The cognitive information elements are used by the system to construct and present a cognitive challenge in such a way that the secret is concealed. Examples of cognitive information elements may be sets of images but there could be others such as sets of words, colours, numbers or any other object that a user may be able to recognise and designate.
[0055] The presents disclosure refers to a challenge set of cognitive information elements which are those elements that are displayed or communicated to a user when attempting an authentication process. As above, the challenge set of cognitive information elements are typically a set of images or icons which the user is able to recognise and identify quickly and easily. This set of challenge cognitive information elements includes elements of the secret set of cognitive information elements, which are those elements the user has selected during the registration process to be secret and the knowledge of which is the criteria for future authentication.
[0056] There are many forms of cognitive challenges, and the challenge does not need to be a literal question and may be any form of challenge that requires a user to respond. One form of cognitive challenge may be a recognition type challenge where, for example, the user is challenged to identify images that belong to a user designated set of images out of a larger set of images that are displayed. The secret for the purpose of authentication in this case may be the full set of user designated images. Of course, if the system merely asked the user to select the images by interacting with the touch screen, then the secret set of images could be easily identified by an attacker. This in itself would not be observation resistant because the attacker could simply view the user selecting each of the individual images.
[0057] The reference solution is based on an intersection of the secret set of cognitive information elements and the challenge set of cognitive information elements. The reference solution may be simply the sum of the numbers associated with the cognitive information elements in the intersection. The reference solution may be just a number in itself. For example, if "fried chips" was the only cognitive information element that is presented in the challenge set of cognitive information elements, then the reference solution may just be "3." This may provide some level of security because there may be multiple ways in the challenge set by which the answer could be "3."
[0058] There is also the possibility that the intersection of the secret set of cognitive information elements and the challenge set of cognitive information elements is empty. That is, there are no elements of the secret set of cognitive information elements presented as part of the challenge set. There are numerous ways in which this scenario could be handled, but one way is for the system to accept any answer from the user. This adds a degree of unpredictability to any observer because the response is not based on any of the images presented in the challenge set. This therefore makes it more difficult for an attacker who is observing a user's authentication over multiple attempts.
[0059] In order to authenticate the user as part of the authentication process in the above example, the user observes a challenge set of cognitive information elements (in this case a set of images) presented on the screen, and recognises the one or more images that have been designated by the user during the registration process (the secret set of cognitive information elements) using his or her cognitive capabilities, for example, images ("fried chips", "optical disk", and "horse") in the dashed boxes in Fig. 4(b). That is, the images ("fried chips", "optical disk" and "horse") are the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements as they are the only elements that are common to both sets. It should be noted that the dashed boxes are shown in Fig. 4(b) for description purpose only, and these dashed boxes are actually not presented on the screen. Further, the user reads, using his or her cognitive capacities, the numbers (as groupings or weights) associated with the designated images, for example, numbers below these designated images (i.e., number "3" below "fried chips", number "0" below "optical disk" and number "1" below "horse").
[0060] The recognition of cognitive information elements may form the cognitive challenge itself or it may form part of the cognitive challenge. For example, in the example shown in Fig. 4(D) the challenge set of cognitive information elements can be divided into four quadrants (410, 420, 430 and 440). There can be more or less divisions, and four is just used for illustrative purposes here. The challenge set of cognitive information elements may contain some of the secret set of cognitive information elements which the present disclosure refers to as an intersection. If the secret set of cognitive information elements were as follows: "cyclist", "flag", "optical disk", "fried chips", "flower", and "horse", then the cognitive challenge may be to identify the number of secret cognitive information elements in each of the four quadrants. In this case, there would be three in the quadrant 410, two in quadrant 420, zero in quadrant 430 and one in quadrant 440.
[0061] One form of reference solution for the cognitive challenge could be based on identifying the quadrant with the highest or lowest number of secret images ("top left" and "bottom left" respectively). A more complex challenge could be to require the user to write the number of images in order from top left to bottom right (in this case, 3201) but this may reveal some information about the secret images. Alternatively the reference solution could be to order the quadrants by the number of secret images in that quadrant. In this example, where the number 1 to 4 each corresponds to the quadrant from top left 410 to bottom right 440, the order of the quadrants could be written "3421" if sorted from the lowest number of secret images (bottom left 430) to highest number of images (top left 410). The quadrants do not have to be numbers, for if the quadrants were correspondingly labelled A to D, the order of the quadrants would be written "CDBA" in this example. As a result, the secret set of images are concealed because the reference solution "CDBA" does not observably contain the secret set of images. While some information may be inferred from an observer who observes the user, this would typically only be useful after multiple responses. A robust system would require an attacker to observe so many responses that it would be infeasible to do so to gain access.
[0062] The cognitive challenge may require the user to perform an operation on the numbers associated with each image such that the secret itself (that is in this case the secret set of user designated images) would not be observable. As with the example described above, the cognitive challenge not only requires recognition of user designated secret set of images, but also requires the user to perform an operation (such as a sum) on the numbers associated with the images. If there were, say, ten images that were designated during the registration process, then each challenge may only present ,as part of the challenge set of images, a subset of images (say three images) along with other images that may not be elements of the user designated secret set of images. This means that the user has to identify the elements that are elements of their secret set of images in order to be authenticated by the system but the reference solution is based on an operation performed on the numbers associated with the secret set of images so as to conceal the secret set of images itself.
[0063] A person skilled in the art would appreciate there are many different ways in which a cognitive challenge can be framed such that the reference solution conceals the secret set of cognitive information elements. lit would be understood that given the reference solution conceals the secret, the secret (the secret set of cognitive information elements) is not observable from the response that is required from the user for authentication. Further, the reference solution conceals the secret due to the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements. That is a user would not be able be authenticated unless the user has knowledge of the secret set of cognitive information elements and is therefore able to distinguish between the cognitive information elements that are part of the intersection and those cognitive information elements that are not part of the intersection.
[0064] In this case, one approach to conceal the secret so that an attacker would not be able to observe the secret (in this example the user designated secret set of images) and secure the system is to determine the numbers associated with the images in the challenge set such that reference solution could be obtained from the operation on the numbers associated with the images in multiple ways. To explain this in more detail, the cognitive challenge in this example is "what is the result of the operation (sum of the numbers associated with the designated images) modulo 5?". The operation may be displayed to the user as part of the cognitive challenge, or it may not, but in this case, this operation is known to the user before logging in the online transaction system 100. Subsequently, the user performs an modulo 5 operation on the sum of the numbers (i.e., "3", "0" and "1"), particularly, (3+0+1) mod 5. The result of this operation is number "4". Typically, in a robust presentation of a cognitive challenge, there should be multiple different combinations of images that could have resulted in the number "4" and therefore the operation on the numbers associated with the challenge set of images has multiple solutions. At the same time, security could be enhanced by providing a sufficiently large number of combinations of images such that the reference solution is not simply guessable by chance. This way the use of a cognitive challenge makes it difficult or computationally infeasible to determine the secret as the response from the user reveals little about the secret. Even though an attacker might be able to observe the answer "4" the attacker would not have sufficient information to determine what the images are that resulted in the answer "4." Hence the secret (in this case the images) remains concealed by the reference solution and the response from the user.
[0065] Once the cognitive challenge has been presented, the user draws a graphical symbol as a response to the cognitive challenge. In the example relating to Fig 4(C), the user, using a tool (e.g., a finger or a stylus pen), writes down an English word "four" on the touch-sensitive surface of the screen. Since the graphical symbol "four" is drawn by the user, the graphical symbol "four" contains a biometric feature of the user.
[0066] Method 300 receives 320 the response to the cognitive challenge, particularly, the graphical symbol, from the screen via the touch- sensitive surface and extracts 330 the biometric feature of the user form the response received. Method 300 further authenticates 340 the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
[0067] The reference biometric feature is a feature extracted from one or more training responses (for example, images) that were drawn by the user during the registration process. In this example, the one or more training images represent the English word "four". On the other hand, if the biometric feature extracted from the response does not match the reference biometric feature, method 300 denies the access to the services provided by the service point 105 by for example presenting an error message on the screen, or sending a reject message via email or Short Message Service (SMS) to the user.
[0068] In this example, clearly, the reference solution to the cognitive challenge is number "4". To access the services provided by the service point 105, the user is not only required to determine the reference numerical solution "4" using his or her cognitive capacities, but also required to draw the graphical symbol containing the biometrical feature that matches the reference biometric feature.
[0069] Alternative cognitive challenges may utilise different reference biometric features to those described above in relation to the user drawing the word "four". In the example referring to Fig 4(D), the reference solution to the cognitive challenge is the arrangement of the quadrants 410, 420, 430 and 440 into ascending order. Fig 4(E) represents the quadrants when arranged in ascending order where the order is determined by counting the number of secret cognitive information elements in each quadrant. In this example the user has placed the quadrants from front to back in the following order: 430, 440, 420, 410.
[0070] The system may accept different forms of input from the user so as to allow a response from the user to perform this arrangement. For example, the system may utilise a swipe type interaction from the user on the screen with a touch sensitive interface. In this case, the user may drag the quadrants using their finger or stylus to place them in their appropriate position. The reference biometric features therefore can be based on the swipe that the user performs while ordering the quadrants. During the training responses, the system may require the user to swipe to perform one or more training arrangements so that biometric features of the swipe can be extracted. Similarly, if the biometric feature extracted from the response (in this case the arrangement of the quadrants) matches a reference biometric feature associated with the reference solution, then the method 340 will authenticate the user.
[0071] To enhance security, a different cognitive challenge may be presented to the user on the screen each time the user logs in the online transaction system 100. As a result, the reference solution to the cognitive challenge may be different, and the reference biometric feature used to match the biometric feature extracted from the response may also be different accordingly. Therefore, in order for the service access device 103 to authenticate user, the reference biometric feature needs to be determined. In order to further enhance security, a different cognitive challenge may be presented to the user on the screen that requires a second response from the user. As a result, the second reference solution to the second cognitive challenge may be different to the first reference solution to the first cognitive challenge and therefore the additional response may be different from the response provided by the user in the first cognitive challenge. Therefore it would be more difficult for an attacker to guess. This second response may be required where the system is insufficiently certain about the authentication of the user after the first response.
[0072] In one embodiment, when constructing the cognitive challenge to be presented on the screen, method 300 determines the first subset including the one or more images ("fried chips", "optical disk", and "horse") that have been designated by the user. That is, the first subset of images are elements of the secret set of images that the user designated during registration. There are also one or more numbers (for example, "3", "0" and "1") associated with the first subset of images. Therefore, the one or more numbers (for example, "3", "0" and "1") associated with the first subset of images are known to method 300 in determining the reference biometric feature. Method 300 further determines an operation to be performed on the one or more numbers according to the cognitive challenge, i.e., (sum of the numbers associated with the designated images) modulo 5. The operation is stored in association with the user in the storage device 107 (for example, the operation is stored in associated with the user in a table stored in the storage device 107, as described in detail with reference to Fig. 5). Therefore, method 300 determines the operation by accessing the storage device 107. Method 300 performs the operation on the one or more numbers (particularly, (3+0+1) mod 5 in this example) to determine the reference solution (i.e., the numerical reference solution "4") to the cognitive challenge. Method 300 further determines the reference biometric feature based on the reference solution.
[0073] Fig. 5 is an example table 500 used in the present disclosure to authenticate the user. The table 500 is stored in the storage device 107 and is used in both the authentication process and the registration process.
[0074] The table 500 include a "user name" field 512, a challenge information element ("CIE") field 514, an "operation" field 516, a "reference solution" field 518, and a "reference feature" field 520. Each entry of the table 500 associates the user name of a user with the challenge information elements used to construct the cognitive challenge, the operation used to solve the cognitive challenge, possible reference solutions to the cognitive challenge, and corresponding reference biometric features. The table 500 may take a different form in other examples without departing from the scope of the present disclosure. [0075] Take the first entry of the table 500 as an example, the "user name" field 512 contains an identification of the user, which can simply be the name of the user, for example, "John Smith". When the user logs in the online transaction system 100 by providing the use name "John Smith", method 300 locates the entry that is identified by "John Smith", i.e., the first entry of the table 500. Method 300 then retrieves challenge information elements (CIE) from the "CIE" field 514 of the first entry of the table 500.
[0076] The "CIE" field 514 contains challenge information elements (for example, images, or identifiers of the cognitive information elements) that are used to construct the cognitive challenge. The challenge information elements include a first set of challenge information elements that have been designated by the user during the registration process and a second set of challenge information elements that have not been designated during the registration process. The "CIE" field 514 may also contain a set of numbers (or weights) associated with challenge information elements. The set of numbers can be pre-determined. However, the set of numbers may also be determined in a random manner or based on a certain function when the cognitive challenge is presented to the use on the screen.
[0077] In this example, method 300 selects one or more of designated challenge information elements and one or more of the undesignated challenge information elements from the challenge information elements contained in the "CIE" field 514, determines the numbers (weights) associated with the selected challenge information elements to construct the cognitive challenge. As shown in Fig. 4(b), the selected challenge information elements that have been designated by the user during the registration process include images "fried chips", "optical disk", and "horse", and the numbers (or weights) associated with these designated challenge information elements are numbers "3", "0", and "1", respectively.
[0078] The "operation" field 516 contains the operation used to solve the cognitive challenge. As indicated in the "operation" field 516 of the first entry of the table 500, method 300 determines that the operation "Add and Mod 5" is used to solve the cognitive challenge presented to the user identified by "John Smith". The operation "Add and Mod 5" is known to the user before the user logs in the online transaction system 100. In other example, method 300 transmit the operation to the user via an email message or a SMS message to remind the user of the operation to solve the cognitive challenge. Method 300 may also present the operation to the user as a text message on the screen. [0079] The "reference solution" field 518 contains possible numerical solutions to the cognitive challenge. As indicated by the "reference solution" field 518 of the first entry of the table 500, the possible numerical solutions to the cognitive challenge include numbers "0", "1", "2", "3", and "4". Method 300 performs the operation "Add and Mod 5" on the numbers "3", "0", and "1", particularly (3+0+1) mod 5, to determine the reference numerical solution "4" to the cognitive challenge shown in Fig. 4(b).
[0080] The "reference feature" field 520 contains the biometric features associated with the possible reference solutions contained in the "reference solution" field 518. A reference feature contained in the "reference feature" field 520 is a vector characterising an expected response received from the second user interface 240 of the service access device 103. The vector can be a combination of different types of biometric features. In the table 500, the reference numerical solution "0" is associated with the reference biometric feature identified by "JohnO", and the reference numerical solution "1" is associated with the reference biometric feature identified by "Johnl", and so on. The reference biometric features are extracted from one or more training responses (for example, one or more images) that are received from the user during the registration process. For example, the reference biometric feature identified by "JohnO" that is associated with the reference numerical solution "0" is extracted from one or more English words "zero" written by the user on the touch-sensitive screen using a finger or a stylus pen. For the example shown in Fig. 4(b), since the reference numerical solution is "4", method 300 determines the reference biometric feature identified by "John4" is the reference biometric feature associated with the number "4", as shown in the first entry of the table 500.
[0081] As shown in Fig. 4(c), the user determines a solution to the cognitive challenge shown in Fig. 4(b) using his or her cognitive capacities. In this example, the solution determined by the user is the number "4". The user then draws a graphic symbol, particularly an English word "four", on the touch-sensitive screen as a response to the cognitive challenge. The service access point 103 receives the response from the touch- sensitive screen. Upon receipt of the response, method 300 extracts the biometric feature of the user from the English word "four" received from the touch- sensitive screen, which is drawn by the user. If the biometric feature extracted from the English word "four" matches the reference biometric feature identified by "John4", as determined above, method 300 authenticate the user to access services provided by the service point 105. [0082] Biometric features
[0083] To better understand the process of authenticating the user based on the matching between the biometric feature extracted from response and the reference biometric feature, the biometric features that can be used to authenticate the user are described below. It should be noted that other biometric features may also be used without departing from the scope of the present disclosure. It should also be noted that the biometric feature used in authenticating a user in the present disclosure can be a combination of different types of biometric features.
[0084] 1. Touch Features. These features originate from the touch tool, e.g., user's finger(s) or a stylus pen, interacting with the service access device's 103 touch-sensitive screen.
[0085] 2. Stylometric Features. These features originate from the way a user draws a symbol, e.g., a word or a sketch, on the service access device's 103 touch- sensitive screen.
[0086] 3. Device-interaction Features. These features originate from the way the user interacts with the service access device 103 through a medium other than a touch- sensitive surface, e.g., features used for gesture or gait recognition in smart wristbands or recognizing winks in smart glasses. In this case, the second user interface 240 of the the service access device 103 is a gesture or gait sensitive device that includes one or more sensors, for example, an accelerometer and a gyroscope.
[0087] In the authentication process, the biometirc feature is extracted 330 from the response provided by the user in response to the cognitive challenge. On the other hand, in the registration process, the biometric feature is extracted as the reference biometric feature from one or more training reponses provided by the user. In either case, the biometric feature is extracted from raw outputs from the touch- sensitive surface of the service access device 103 or other sensors available from the service access device 103. The raw outputs are essentially a set of data indicative of the user interacting with the second user interface 240 of the service access device 103.
[0088] The raw outputs are categrised into touch outputs from the touch- sensitive screen and sensor outputs from other sensors of the serivce access device 103. [0089] Values of touch outputs are extracted from the set of data provided by the touch- sensitive screen when the user touches the touch- sensitive screen using a touch tool, for example, a finger or stylus pen.
[0090] The touch outputs include one or more of the following parameters:
Action type: indicating if the touch tool is making contact with the screen, moving continuously on the screen or if the tool is being lifted from the screen; type e {up, move, down }
[0091] postion x: the x coordinate of the touch tool on the screen; Y postion y the y coordinate of the touch tool on the screen; Pressure p: a force from the touch tool being exerted on the screen; Size s: the footprint area of the touch tool on the screen;
Tilt in X τx : the angle the touch tool makes with the screen with the x axis; and
Tilt in Y τy : the angle the touch tool makes with the screen with the y axis;
[0092] Values of sensor outputs are extracted from the set of data provided by the one or more sensors of the second user interface 240, for example, one or more readings from the one or more sensors.
[0093] The sensor outputs includes one or more of the following parameters:
Rotation Vector: indicating the rotational position of the the second user interface 240 in space, further including:
Rotation Vector
Figure imgf000027_0001
Rotation Vector y:
Figure imgf000028_0002
Rotation Vector z:
Figure imgf000028_0003
Scalar of Rotation Vector:
Figure imgf000028_0001
Estimated Heading of Rotation
Figure imgf000028_0007
Gyroscope vector: a rate of rotation of the second user interface 240 around further including:
Rotation Vector
Rotation Vector
Rotation Vector
Figure imgf000028_0004
Accelerometer: an acceleration force along an axis due to both the motion and gravity of the second user interface 240, further including:
Rate of rotation around
Rate of rotation around
Rate of rotation around
Figure imgf000028_0005
Gravity: an acceleration force along an axis due solely to gravity, further including: Gravity along
Figure imgf000028_0006
Gravity along y: gy Gravity along z: gz ;
Linear Accelerometer: an acceleration force along an axis due solely to the second user interface's 240 motion, further including:
Linear acceleration along
Figure imgf000029_0002
Linear acceleration along y
Figure imgf000029_0003
Linear acceleration along
Figure imgf000029_0004
[0094] As described above, method 300 extracts from raw outputs the biometric features. The three categories of biometric features are described in detail below.
[0095] Touch Features. For discription purposes, a symbol n denotes sample number, and x[n] denotes the value of x in the n th sample. For undefined data points, e.g., for n = 0 in x[n - 1] , the value is assumed to be equal to 0, i.e., x[-l] = 0 . The symbol δ signifies the change of a value. Touch features include one or more of the following features: the change in x position of the current data-point from the previous point,
Figure imgf000029_0006
Figure imgf000029_0005
the velocity in x direction of the current data-point from the previous point,
Figure imgf000029_0007
Figure imgf000029_0001
the acceleration in x direction of the current data-point from the previous point,
Figure imgf000029_0008
Figure imgf000030_0001
the change in y position of the current data-point from the previous point,
Figure imgf000030_0004
Figure imgf000030_0003
the velocity in y direction of the current data-point from the previous point,
Figure imgf000030_0006
Figure imgf000030_0005
the acceleration in y direction of the current data-point from the previous point.
Figure imgf000030_0008
Figure imgf000030_0007
the change in pressure applied to the screen of the current data-point from the
Figure imgf000030_0009
previous point,
Figure imgf000030_0002
the rate in change in pressure applied to the screen of the current data-point from
Figure imgf000030_0010
the previous point,
Figure imgf000030_0011
the rate of the rate in change of pressure applied to the screen of the current data-
Figure imgf000031_0004
point from the previous point,
Figure imgf000031_0001
the change in the size of the touch tool making contact with the screen,
Figure imgf000031_0005
Figure imgf000031_0007
the rate in change in size applied to the screen of the current data-point from the previous point,
Figure imgf000031_0002
the rate of the rate in change of size applied to the screen of the current data-point from the previous point,
Figure imgf000031_0003
a raw measure of the angle the touch tool makes with the screen in the x axis. Also known
Figure imgf000031_0008
the rate in change in the angle of the touch tool to the screen of the current data-
Figure imgf000031_0006
point from the previous point,
Figure imgf000032_0002
Figure imgf000032_0003
the rate of the rate in change of size applied to the screen of the current data-point from the previous point,
Figure imgf000032_0004
a raw measure of the angle the touch tool makes with the screen in the y axis.
Figure imgf000032_0005
Otherwise known as ti
Figure imgf000032_0006
the rate in change in the angle of the touch tool to the screen of the current data-
Figure imgf000032_0007
point from the previous point,
Figure imgf000032_0001
the rate of the rate in change of size applied to the screen of the current data-point
Figure imgf000032_0008
from the previous point,
Figure imgf000032_0009
Force F : the force exerted on the screen by the touch tool. It is proportional to:
Figure imgf000032_0010
Sequence of On Strokes SSon : this is a vector containing the directions of continuous strokes when the touch tool is making contact with the screen. It is derived from the and
Figure imgf000032_0012
δ y positional change of an action of down type until the next action of up type ,
Figure imgf000032_0011
Sequence of Off Strokes SSoff : this is a vector containing the directions of continuous strokes when the touch tool is not making contact with the screen. It is derived from the positional change of an action of up type until the next action of down
Figure imgf000033_0002
type ,
Figure imgf000033_0003
Sequence of Strokes - Extension: the previous two Sequence of Strokes features carry time data, in the form of timestamps. This timing aspect can be extrapolated into a vector of equal length as SS with durations of each stroke into Stroke Time ( ST[m] ).
Additionally the possible values of SS can be increased to include more granularity in the directions,
Figure imgf000033_0004
[0096] Stylometric Features. Unlike static stylometrics, the stylometric features can be captured and calculated in realtime. This allows us to utilise how the stylometric features change in time to identify a user. In the present disclosure, the top of the screen is defined as positive y , and the right as positive x . The stylometric features including one or more of the following features:
TMP: the upper most point of the current drawn figure,
Figure imgf000033_0005
BMP: the bottom most point of the current drawn figure,
Figure imgf000033_0006
LMP: the left most point of the current drawn figure,
Figure imgf000033_0001
RMP: the right most point of the current drawn figure,
Figure imgf000034_0003
Margin Extremities Extension: for each of the extreme points, there are also various touch and sensor features parameters at those points in time,
{Velocity,Acceleration,Pressure,Tilt,SensorData} ;
Width: the width of the space occupied by the current drawn figure,
Figure imgf000034_0004
Height: the height of the space occupied by the current drawn figure,
Figure imgf000034_0005
Area: the rectangular area currently occupied by the current drawn figure,
Figure imgf000034_0006
Width-to-Height Ratio: the width-to-height ratio of the space currently occupied by the current drawn figure,
Figure imgf000034_0002
Width, Height - Extension: both these fundamental parameters can be extended to their rate of change and rate in rate of change,
Figure imgf000034_0001
Figure imgf000035_0004
Curvature: the amount of curvature at point n as calculated by
Figure imgf000035_0001
the tangential angle of the current heading between the previous data-point and
Figure imgf000035_0005
the current point.
Figure imgf000035_0003
the angle created by the previous, current and next points, computed with the
Figure imgf000035_0006
cosine rule.
Figure imgf000035_0002
[0097] Device-Interaction Features. The features in this category are the same as the raw sensor outputs except that they are collated into time series. [0098] Some terms are defined here to describe the authentication method in detail. As described above, the authencation method in the present includes two processes,
authentication and registration processes between two parties, the prover and the verifier (see reference [1]). The prover is the user U and the verifier is the authentication service 8 or the service access point 103. The authentication method can be categorized as a symmetric key challenge-response scheme. The term challenge-response means that the authentication process of the authencation method involves challenges from S which U has to respond to.
[0099] Since the authentication method in the present disclosure involves cognitive authentication and biometric feature authentication, the cognitive authentication and the biometirc feature authentication are described first separately.
[0100] Cognitive Authentication. The cognitive authentication method consists of a secret (password) space S , a challenge space C and a solution space R . The solution space R is finite and we let I R I denote its cardinality. A cognitive function or an operation / maps a challenge c e C and a password s G S to a solution The function
Figure imgf000036_0007
or operation / is meant to be computed by U using cognitve capacities of U .
[0101] S , C , R and / are defined as follows. The password space S consists of a set N of n objects (e.g., images). An individual password
Figure imgf000036_0006
is assumed to be a k -element subset of N . Each element of s is referred to as a pass-object. The challenge space C consists of / -element subsets of N , each element having a weight from the set of integers {0, 1, ... , d - 1 } · {0,1, ... , d - 1 } is denoted by
Figure imgf000036_0005
More precisely, let c e C be a challenge.
Therefore, each element of c is the pair is an object (e.g., an image)
Figure imgf000036_0004
from N and is the weight associated with i . Since an element of a c , i.e., an
Figure imgf000036_0002
ordered pair, is uniquely determined by the object it represents, we shall refer to it as such. Given
Figure imgf000036_0003
if there is no element in c in common with s . The function / is then defined as
Figure imgf000036_0001
that is to sum up all the weights of the pass-objects in c and return the result of (the sum mod d). If no pass-object is present then return an element from ¾ . It follows that the solution space R - TLd and I R 1= d . It should be noted that the above definition of function / is provided here for description purposes, function / can be different in other examples.
[0102] Biometric feature Authentication. In a biometric feature-based authentication method, a registration process is performed to extract the reference biometric features of a user. The registrateion process is also referred to a training process. During the registration process a template of a particular behaviour of the user, e.g., handwriting, gesture, or gait, is stored. The template can be either the set of all feature vectors extracted from the samples provided by the user, or one ore more optimal feature vectors (in the case of SVM), or global statistics such as mean and variance. The authentication process (also known as a testing process) in the authentication method consists of 8 challenging the user U to reproduce the biometric feature that matches the template.
[0103] The biometric features used in the present disclosure are extracted from a set of graphical symbols from Ω sketched by U , where Examples of the graphical symbols
Figure imgf000037_0012
are words from a language (for example, English words "zero", "one", "two", "three", "four", etc.) or a drawing of real- world objects. During the registration process,
Figure imgf000037_0011
t sketch each symbol ω e Ω . From these sketches, 8 determines a template
Figure imgf000037_0001
stores the template Collectively the templates of all graphical symbols are denoted by T .
Figure imgf000037_0013
In the authentication process, 8 asks U to sketch a symbol
Figure imgf000037_0003
provides
8 runs a classifier which classifies the user
Figure imgf000037_0004
Figure imgf000037_0002
sketch
Figure imgf000037_0005
to a symbol
Figure imgf000037_0014
based on the template T . The classifier also outputs
Figure imgf000037_0008
the user sketch does not match the template of any symbol The symbol
Figure imgf000037_0007
Figure imgf000037_0006
Figure imgf000037_0009
therefore represents "no match found."
[0104] Hybrid Authentication. The authentication method provided in the present disclosure also includes a Global Setup process executed by (i.e., the service access point
Figure imgf000037_0010
103) to set the parameters and classifier used in the authentication method. Once parameters and classifier are set, the registration and authentication processes between U can be executed. [0105] A pseudo-code representation of the global setup process is as follows:
1. s sets parameters n , k , / and d . For instance, n = 200 , k = 10 , / = 30 , and d = 5
2. S sets the n objects of the set N .
3. S sets d symbols
Figure imgf000038_0001
4. 5 sets a one-to-one map which maps each solution r e fi to a unique
Figure imgf000038_0002
symbol
Figure imgf000038_0003
Note that I R 1= d .
5. S sets the (untrained) classifier b .
6. S sets the number τ , i.e., the number of sketches for each symbol
Figure imgf000038_0006
needed to train the classifier b . In other words, τ is the training size. For instance,
Figure imgf000038_0007
[0106] A pseudo-code representation of the authentication process is as follows.
1. S randomly selects / elements from N . For each element, S generates a weight from ¾ randomly or in a certain function associated with each element from N.
2. S sends the / -element cognitive challenge c to U whose elements are ordered pairs of objects from N and their weights.
3. U determines using its cognitive capabilities if any object from s is in c . If yes, U sums their weights and performs a mod d operation using its cognitive capacities to determine r as a solution to the cognitive challenge. If no object from s is in c , U determines a random integer r e Zd as the solution.
4. U uses the map
Figure imgf000038_0004
to know which symbol ω U has to draw.
5. U sends
Figure imgf000038_0005
6. S computes
Figure imgf000039_0001
( )
7. if the output is then
Figure imgf000039_0002
8. S sends a reject message to U .
9. else
10. Let
Figure imgf000039_0003
corresponding to ω through the inverse
11. if S finds that c contains at least one object from s then
12. S computes f(c, s) to obtain r .
13.
Figure imgf000039_0004
14. S sends a reject message to U .
15.
Figure imgf000039_0005
16. 8 sends an accept message to U .
17. else if S finds that c does not contain any object from s then
18. S sends an accept message to U .
[0107] During the above authentication process, the user logs in the online transaction system 100 using their username (for example, "John Smith", which has been registered during the registration process). The user is then presented with a screen of / images each having a corresponding weight below the image, as shown in Fig. 4(b). In Fig.
Figure imgf000039_0006
4(b), / = 30 and d = 5 . Both the set of / images and their corresponding weights may be generated uniformly at random. [0108] As described above, the user then sums up the weights (numbers "3", "0", "1") corresponding to the user's secret images (i.e., designated images "fried chips", "optical disk", and "horse") in the cognitive challenge, performs the operation (the sum modulo 5) to deterimine the solution (number "4") to the cognitive solution. The user draws a graphical symbol, particularly, the English word "four" on the second user interface 240 (i.e., the touch- sensitive screen as shown in Fig. 4(c)) of the service access device 103 as a response to the cognitive challenge. In case none of the secret images (i.e, designated images) are present, the user may simply determine a random integer from ¾ as the solution to the cognitive challenge and draw the corresponding English word as the response on the the touch- sensitive screen of the service access device 103.
[0109] Upon receipt of the response (for example, the English word "four" drawn by the user) provided by the user via the second user interface 240 of the service access device 103, method 300 extracts the biometric feature of the user from response. Method 300 further determines a further reference biometric feature based on the biometric feature extracted from the response and a criterion, for example, a Dynamic Time Wrapping (DTW) distance.
Specifically, method 300 compares the biometric feature with each of the reference biometric features identified by "JohnO" , "Johnl", "John2", "John3", and "John4" stored in the "reference feature" field 520 of the first entry of the table 500. Since the biometric feature extracted from the response is not necessarily exactly the same as one of the reference biometric features stored in the table 500, method 300 determines one of the reference biometric features that is closest, in terms of DTW distance, to the biometric feature extracted from the response as the further reference biometric feature. In this example, if the user draws the English word "four" properly, the further reference biometric is the reference biometric feature identified by "John4".
[0110] Method 300 then determines a further reference solution to the cognitive challenge. The further reference solution is one of the reference solutions that is associated with the further reference biometric feature. In this example, the further reference solution is the number "4" that is associated with the further reference biometric feature identified by "John4", as shown in the first entry of the table 500.
[0111] Method 300 compares the reference solution that is already determined with the further reference solution, and determines the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the further reference solution is equal to the reference solution. In this example, since the reference solution (i.e., the number "4") determined by method 300 from the cognitive challenge is equal to the further reference solution (i.e., the number "4") determined from the response provided by the user, the biometric feature extracted from the response (i.e., the English word "four") is considered to match the reference biometric feature (i.e., the reference biometric feature identified by "John4") associated with the reference solution (i.e., the number "4).
[0112] To further enhance security, the method determines, based on the criterion, a distance (for example, a DTW distance) between the biometric feature extracted from the response and the reference biometric feature associated with the reference solution. If the distance meets a threshold, method 300 determines the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution.
[0113] It should be noted that other feature matching methods can also be used to match the biometric feature extract from the response and the reference biometric feature without departing from the scope of the present disclosure. For example, method 300 uses Optical Character Recognition (OCR) technologies to recognise the English word "four" directly from the image "four", and compares the reference biometric feature associated with the English word "four" with the biometric feature extract from the image "four" before authenticating the user to access the service. In this case, the structure of the table 500 may be different accordingly.
[0114] Registration process
[0115] The system may register a user to authenticate the user by receiving from a third user interface a selection of cognitive information elements designated by the user as a secret set of cognitive information elements, determining the reference biometric feature of the user based on the interaction of the user with the third user interface and storing in a storage device the biometric feature. This registration process allows for the system to acquire and store a biometric feature of the user that can be used to authenticate the user during the authentication process. [0116] This registration process is presented on a third user interface, which may or may not be the same as the first user interface or the second user interface. For example the user may authenticate on a device with the first user interface or second user interface, having already registered on a device with the third user interface. Alternatively, the user may register and authenticate on the same device with the same user interface. In the example below the third user interface is referred to as the first user interface and second interface.
[0117] Fig. 6 illustrates an example method 600 for registering a user with the online transaction system 100 to authenticate the user in accordance with the present disclosure, particularly, when the user registers at service access devices 103. Although method 600 in this example is implemented at the service access device 103, method 600 can also be implemented at the service point 105 if the service access device 103 is part of the service point 105 or the service point 105 also performs user registration functions in addition to providing services to the user. As another example, method 600 is implemented at a separate registration server (not shown in Fig. 1) to reduce the computing burden of the service access point 103. Method 600 may also include method steps that are not shown in Fig. 6.
[0118] When the user registers with the online transaction system 100, method 600 asks the user to provide a user name. As shown in Fig. 7(a), the user is prompted to enter a user name on the first user interface 230 (i.e., the touch-sensitive screen) of the service access device 103. The user enters, for example, "John Smith", as its user name and submits the user name to the service access device 103 by touching the "submit" button. Upon receipt of the user name at the service access device 103, the service access device 103 generates an entry of the table 500 as shown in Fig. 5 with the "user name" field 512 of the entry containing the user name "John Smith" to identify the user.
[0119] Method 600 presents 610 on the first user interface 230 of the service access device 103 a set of cognitive information elements to the user. The set of cognitive information elements are at least part of a cognitive challenge that has a solution. As shown in Fig. 7(b), the set of cognitive information elements in this example are a set of images rendered on the touch- sensitive screen.
[0120] The user reviews these images and designates one or more of these images as secret images. For example, the user touches on the second user interface 240 (i.e., the same touch- sensitive screen in this example) of the service access device 103 the one or more of these images that he or she wants to designate as secret images. As shown in Fig. 7(c), the user has designated ten images as the secret images. The images for the user to review and designate may be presented on multiple pages on the touch-sensitive screen.
[0121] If user is satisfied with the images designated, the user touches the "Confirm" button on the touch- sensitive screen, as shown in Fig 7(c). Method 600 receives 620 from the touch- sensitive screen a set of indications indicative of a first subset of the set of cognitive information elements that is designated by the user as a secret set of cognitive information elements. Method 600 stores the first subset of the set of cognitive information elements as designated CIEs in the "CIE" field 514 of the entry identified by the user name "John Smith", i.e., the first entry of the table 500. For cognitive information elements that are not designated, method 600 can also store a second subset of the set of cognitive information elements as undesignated CIEs in the "CIE" field 514 of the entry identified by the user name "John Smith".
[0122] Method 600 presents on the touch- sensitive screen an indication to the user indicative of an operation (particularly, "Add and Mod 5" in the first entry of the table 500) that is used to solve the cognitive challenge. The indication indicative of the operation may also be sent to the user via an electronic message, e.g., an e-mail or SMS message.
[0123] As described above, the designated challenge elements and the undesignated challenge elements are used to construct a cognitive challenge that has a solution when the user logs in the online transaction system 100.
[0124] To associate each of the possible solutions to the cognitive challenge with a reference biometric feature that represents the solution. Method 600 is prompted to provide one or more training responses (for example, images) via the touch-sensitive screen to represent the solution. As shown in Figs. 8(a) to (c), the user is prompted to draw a English word "four" twice. The English word "four" is associated with a numerical solution "4". Therefore, method 600 receives 630 from the touch-sensitive screen an indication indicative of the solution to the cognitive challenge. The indication comprises a set of data indicative of the user interacting with the touch- sensitive screen, and contains a biometric feature of the user that is associated with the English word "four". As shown in Figs. 8(d) and 8(e) the user is prompted to swipe the touch- sensitive screen five times. The method 600 receives from the touch- sensitive screen a set of data indicative of the user interacting with the touch- sensitive screen and contains a biometric feature of the user that is associated with the users swipe gesture.
[0125] Method 600 extracts 640 the biometric feature of the user from the indication indicative of the solution to the cognitive challenge, particularly, the set of data received from the touch-sensitive screen. In the example shown in Figs. 8(a) to 8(e), the second user interface 240 of the service access device 103 is the touch-sensitive screen and the touch- sensitive screen includes a touch- sensitive surface. The set of data indicative of the biometric features of the user comprises one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
[0126] As another example, the second user interface 240 of the service access device 103 comprises one or more sensors, for example, an accelerometer, a gyroscope, a gesture sensitive device. In this case, the set of data comprises one or more readings from the second user interface 240.
[0127] Upon receipt of the the set of data at the processor 210 from the second user interface 240, the biometric feature is extracted from the set of data. As part of feature extraction, preprocessing steps may also be performed, for example, offset correction, linear detrending, and smoothing. In the example shown in Figs.8(a) to 8(c), the biometric feature extracted from the training responses (i.e., the English words "four" drawn by user) is a biometeric feature identified by "John4".
[0128] Method 600 further stores 650 in a storage device the biometric feature in association with the solution to the cognitive challenge. As shown in Fig. 5, the biometric feature "John4" representing the English word "four" is stored in the table 500, which is in turn stored in the storage device 107, as a reference biometric feature in association with the numerical solution "4". The reference biometric feature is also referred to as a template in the present disclosure. The user' s biometric template may be changed after registration in order to reflect possible changes in the way the user performs a gesture such as a swipe or the user draws a symbol. For example, if a biometric feature extracted from a response provided by the user results in a successful authentication, the stored template may be replaced with the biometric feature in order to capture the recent gesturing or handwriting habits of the user.
[0129] The above registration process repeats for each of the possible numerical solutions "0" to "4" to the cognitive challenge and for each user. The table 500 is formed as a result of users registering with the online transaction system 100. A MYSQL database may be used to store the table 500, and SQL queries are used to store and retrieve data as needed.
[0130] A pseudo-code representation of the registration process is as follows:
1. U designates a set s of k objects from N as its password and shares it with S . 2. For each symbol
Figure imgf000046_0001
3. For each
Figure imgf000046_0002
from the corresponding set of τ user sketches, S trains the classifier b to obtain template
Figure imgf000046_0003
4. S uses the set of template T oi all symbol templates oT , to train the classifier b to output _L .
5. S stores the set of template T .
6. The secret consists of s and T .
[0131] In the above registration process, the setN consists of n images. The user needs to designate k images to make up their secret. To ensure that the user designation is random, the n images can be shuffled randomly and a subset (say / ) of the n images are shown at a time during registration. The user can designate an image by touching it on the second user interface 240 (e.g. the touch-sensitive screen) of the service access device 103. The user can swipe right to view the next page containing the next / images. The process concludes once the user has chosen k images.
[0132] Feature comparison
[0133] Graphical symbols. As described above, graphical symbols are used as responses to the cognitive challenge when the user logs in the online transaction sytem 100 or as the training responses when the user registers with the online transaction system 100. The graphical symbols need to exhibit the following properties: the biomeric features of the graphical symbols should be able to distinguish different graphical symbols; the biometric features of the graphical symbols should be able to distinguish different users; and the graphical symbols should be able to be reproduced between attempts. [0134] In the present disclosure, English words "zero", "one", "two", "three" and "four" are used as the graphical symbols to represent numerical solutions "0", "1", "2", "3" and "4" to the cognitive challenge. As another example, other graphical symbols can also be used without departing from the scope of the present disclosure.
[0135] Biometric Features. An example set of biomentric features that is used to compare the biometric feature extracted from the response to the cognitive challenge with the reference biometric features is described below. Please note that these biometric features exist in a time-series format with data-points at the fastest rate of record by the hardware device: δρ: the change in pressure applied to the screen of the current data-point from the previous point; δχ: the change in x position of the current data-point from the previous point; 5y: the change in y position of the current data-point from the previous point; vx: the velocity in x direction of the current data-point from the previous point; vy: the velocity in y direction of the current data-point from the previous point; ax: the acceleration in x direction of the current data-point from the previous point; ay: the acceleration in y direction of the current data-point from the previous point; Area: the rectangular area currently occupied from the start to the current point being drawn; Curvature: the amount of curvature at the point as calculated by
Figure imgf000047_0001
Θ slope gential angle of the current heading between the previous data-point and the current point
Figure imgf000048_0001
[0136] Feature comparison. With a common set of features the similarity between two biometric features can be determined by comparing the two biometric features. Further, a threshold is used to determine if two biometric feature belong to the same user or differ too greatly for the authentication process.
[0137] Since the biometirc features used in the present disclosure are time-series based features, Dynamic Time Warping (DTW) can be used to classify these features. It should be noted that other classification algorithms can also be used to classify these features without departing from the scope of the present disclosure, for example, Support Vector Machine (SVM). DTW is an algorithm for mapping one time-series indicative of a biometric feature to another time-series indicative of another biometric feature. DTW determines the shortest path in order to map one time- series to another, where the shortest path is defined as the minimum distance between the two time-series. DTW also maps one time-point to another and calculates the difference in their values. This difference contributes to the distance between the time-series.
[0138] Fig. 9 illustrates a mapping 900 of a submitted timeseries to an optimal template in accordance with the present disclosure. [0139] The submitted time-series indicates the biometric feature exracted from a response provided by the user when the user attempts to log in the online transaction system 100. The submitted time- series is compared against the optimal template that indicates one of the reference biometirc features.
[0140] Although Fig. 9 illustrates a single dimension mapping, DTW algorithm can use multiple features each considered as its own dimension. While the FastDTW al orithm provided by the Java Machine Learning library is capable of
Figure imgf000049_0002
handling higher-dimensional time-series, the biometric feature can also be split into independent data groups. The groups are defined as to which sensor the biometric features have primarily been derived from, e.g. displacement, velocity are derived from touch locations, whilst pressure would be from the pressure detection within the screen, and movement data from the accelerometer would be in its own groupings. The distance outputs from each of the individual DTW processes are summed up to produce a single value of similarity between the two time-series. This value is compared to a threshold as described below:
Group Threshold. In the group threshold, the threshold of a user is determined by how distant a user's writing samples are from everyone else in the collective group. The algorithm is as follows: the optimal template will be run against every other handwriting sample in the database from other users, and an array of distances created. The lowest distance to another sample that does not belong to a user is then set as the threshold. Whilst this approach is suitable for limited samples set of small number of participants, for an online transaction system that has potentially thousands of users, the group threshold calculated would be too sensitive to all accurate authentication;
Personal Threshold. The idea behind personal threshold is a threshold is assigned to the user itself based on how consistent or inconsistent a user is based on the training samples that were acquired during the registration process. Initially the personal threshold was calculated by finding the mean of the distances between the user's own samples, and adding a parameter which is a multiple of the standard deviation to the mean as the threshold
Figure imgf000049_0001
foreseeable problems with this approach include users with higher than normal inconsistencies within their writing samples, and raises the question of when to limit the threshold before security of the biometrics is compromised;
Global Threshold. A global threshold is a singular value chosen by the system administrators, depending on the level of security demanded by the system. This level is recommended based on a base number as seen by group thresholds, and an adjustment factor for the usability-security compromise. The higher the threshold, the more usable and tolerant it will be to user deviations;
System Demand. From a resource consumption standpoint from the lowest to greatest consumption: Global, Personal, Group. For Personal and Group thresholds the threshold needs to be calculated for each user upon registration, however group needs to retroactively recalculate each other user's threshold as well, with the addition of new data into the collective pool, causing a spike in data movement and computational power required. And becomes unviable for a larger userbase unless random subsets of users are taken for threshold recalculation.
[0141] As described above, optimal templates are used in order to reduce the number of comparisons required during the login attempt. So with a regular login attempt, the submitted timeseries will only need to be compared with a single optimal template as opposed to all the samples.
[0142] The way this optimal template is determined is each sample has its DTW distance computed against the other samples in the user's set, and summed together. The sample with the lowest collective distances to the other samples is designated as the optimal template, the reasoning behind this is that the sample is the closest to each and every other sample of the user, being the middle sample median.
[0143] A detailed process of comparing the biometric feature extracted from the response with the reference biometric features (i.e., optiaml templates) using DTW distance is as follows: Mehtod 300 retrieves five optimal templates or reference biometric features for five symbols (e.g., English words "zero", "one", "two", "three", "four");
Method 300 compares the biometric feature extracted from the response to each of the 5 optimal templates in terms of distance computed through DTW;
Method 300 determines an optimal template out of the five optimal templates with the lowest DTW distance to the extracted biomeric feature. This optimal template is considered to be the one the user intended to provide in response to the cognitive challenge;
Method 300 determines a numerical solution associated with the optimal template;
If the numerical solution with the optimal template is not equal to the numercial solution to the congnitive challenge, method 300 rejects the user;
If the DTW distance of the biometric feature extracted from the response to the correct optimal template is above the threshold, method 300 rejects the user;
If the user is successful, method 300 presents how many login rounds have been passed, and issues a new challenge or a token to indicate authentication to the user.
[0144] Performance analysis
[0145] Unique Challenges. As the login screen contains / = 30 images from a pool of n = 200 , and each image has a weight from the total number of possible challenges is
Figure imgf000051_0003
Figure imgf000051_0001
[0146] Denote the above by I C I . The probability that in a set of m random challenges, at least 2 challenges are the same can be estimated by the probability of "birthday collisions" (see reference [2]) as
Figure imgf000051_0002
[0147] Re-arranging the above, we get
Figure imgf000052_0001
[0148] Letting Thus, this same challenge does not occur
Figure imgf000052_0002
frequently.
[0149] Zero Case. Since the login screen may be random there is a possibility that none of the secret images appears. To handle this case, the user is allowed to submit any of the d responses. Note that the user can also be prompted to draw the English word "zero" as the response. However, sending the English word "zero" allows the attacker to reduce the problem of finding the secret as finding a solution to system of linear equations. The attacker can then find the secret after observing only about authentication rounds. To
Figure imgf000052_0006
increase security, noise is introduced to an attackers data by letting the user respond with a graphical symble associated with a random solution from
Figure imgf000052_0005
[0150] The probability that i secret images are present in a challenge of / images is given by the probability mass function of the hypergeometric distribution:
Figure imgf000052_0003
[0151] The expected value is
Figure imgf000052_0004
which with / = 30 , k = 10 and n = 200 is 1.5. Thus, 1.5 secret images is expected to be present in each challenge. The probability that no secret image is present in the challenge is
Figure imgf000053_0001
[0152] With the above parameter values, the above probability is
Figure imgf000053_0003
[0153] Challenge rounds. The probability that someone who is not the user can successfully login is dependent on whether the current cognitive challenge contains any secret image or not. In state-of-the-art cognitive authentication methods, this probability is precisely
Figure imgf000053_0002
which means that approximately 1 in 3 attempts could defeat the cognitive challenge. To combat this, multiple challenge rounds need to be issued during one authentication session. With just 3 challenge rounds the probability is reduced to 0.030. However, to achieve a further level of security the number of rounds needs to increased further, which in turn increases cognitive load on the user, and hence authentication time.
[0154] The above is an inherent problem with state-of-the-art cognitive authentication methods. To mitigate that, biometrics features are introduced in the pressent discolsure, such that the responses from the cognitive challenges are mapped to the biometric features.
Relying on high accuracy of the biometric features, the probability of a random (or informed) guess attack is reduced without increasing the number of challenge rounds.
[0155] It should be understood that the example methods of the present disclosure might be implemented using a variety of technologies. For example, the methods described herein may be implemented by a series of machine executable instructions residing on a suitable computer readable medium. Suitable computer readable media may include volatile (e.g. RAM) and/or non-volatile (e.g. ROM, disk) memory, carrier waves and transmission media. Exemplary carrier waves may take the form of electrical, electromagnetic or optical signals conveying digital data steams along a local network or a publically accessible network such as internet.
[0156] It should also be understood that, unless specifically stated otherwise as apparent from the following discussion, it is appreciated that throughout the description, discussions utilizing terms such as "determining", "obtaining", or "receiving" or "sending" or
"generating" or the like, refer to the action and processes of a computer system, or similar electronic computing device, that processes and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
[0157] It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the above-described embodiments, without departing from the broad general scope of the present disclosure. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.
References
[1] Berry Schoenmakers. Lecture Notes Cryptographic Protocols. Version 1.2, http:
//www. win.tue.nl/~berry/2WC 13/LectureNotes.pdf, 2016.
[2] M. Sayrafiezadeh. The Birthday Problem Revisited. Mathematics Magazine, 67(3):220- 223, 1994.

Claims

CLAIMS:
1. A computer implemented method for authenticating a user, the method comprises: presenting on a first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receiving from a second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extracting the biometric feature of the user from the response received from the second user interface; and authenticating the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
2. The computer implemented method according to claim 1, wherein the reference solution comprises a result of an operation based on the intersection of the challenge set of cognitive information elements and the secret set of cognitive information elements.
3. The computer implemented method according to claim 1, wherein the reference solution is based on an arrangement of the challenge set of cognitive information elements.
4. The computer implemented method according to claims 1, 2 or 3, wherein the reference solution is a first reference solution and the response is a first response, the method further comprising: presenting a second cognitive challenge that has a second reference solution; receiving a second response; extracting the biometric feature from the second response; and authenticating the user if the biometric feature extracted from the first response and the second response match the reference biometric feature associated with the first reference solution and second reference solution.
5. The computer implemented method according to any of the preceding claims, wherein the first user interface is a screen, and presenting on the first user interface the challenge set of cognitive information elements comprises presenting on the screen a set of images and presenting a set of numbers associated with the set of images.
6. The computer implemented method according to claim 5, wherein the set of images comprises: a first subset that represents the intersection that includes zero, one or more images of the secret set of cognitive information elements; and a second subset including one or more images that are all not in the secret set of cognitive information elements.
7. The computer implemented method according to claim 6, wherein the first subset includes one or more images of the secret set of cognitive information elements, and authenticating the user further comprises: determining one or more numbers in the set of numbers associated with the first subset; determining an operation to be performed on the one or more numbers; performing the operation on the one or more numbers to determine the reference solution to the cognitive challenge; and determining the reference biometric feature based on the reference solution.
8. The computer implemented method according to claim 7, wherein authenticating the user further comprises: determining a further reference biometric feature based on the biometric feature and a criterion; determining a further reference solution to the cognitive challenge, the further reference solution being associated with the further reference biometric feature; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the further reference solution is equal to the reference solution.
9. The computer implemented method according to claim 8, further comprising: determining, based on the criterion, a distance between the biometric feature extracted from the response and the reference biometric feature associated with the reference solution; and determining the biometric feature extracted from the response matches the reference biometric feature associated with the reference solution if the distance meets a threshold.
10. The computer implemented method according to any one of claims 2 to 9, wherein the response comprises a set of data indicative of the user interacting with the second user interface.
11. The computer implemented method according to claim 10, wherein extracting the biometric feature comprises extracting the biometric feature from the set of data.
12. The computer implemented method according to claim 10 or 11, wherein the second user interface is the screen and the screen includes a touch-sensitive surface, and the set of data comprises one or more of the following: a graphical symbol drawn by the user using a tool on the touch- sensitive surface, the graphical symbol including a plurality of points; a spatial relationship between the plurality of points of the graphical symbol; a temporal relationship between the plurality of points of the graphical symbol; a pressure the user imposed on the touch- sensitive surface through the tool; a position of the tool; a movement direction of the tool; a velocity of the tool; an acceleration of the tool; a boundary of the graphical symbol; a width of the graphical symbol; a height of the graphical symbol; and an area of the graphical symbol.
13. The computer implemented method according to any one of claims 10, 11 or 12, wherein the second user interface comprises one or more of an accelerometer, a gyroscope, and a gesture-sensitive device, and the set of data comprises one or more readings from the second user interface.
14. A computer implemented method for registering a user to authenticate the user according to any one of claims 1 to 13, the method further comprising: receiving from a third user interface a selection of cognitive information elements designated by the user as a secret set of cognitive information elements; determining the reference biometric feature of the user based on the interaction of the user with the third user interface; and storing in a storage device the biometric feature.
15. The computer implemented method according to claim 14, further comprises presenting on the third user interface a further indication to the user indicative of an operation that is used in the cognitive challenge.
16. A computer software program, including machine-readable instructions, when executed by a processor, causes the processor to perform the method of any one of the preceding claims.
17. A computing device for authenticating a user, the computer system comprising: a first user interface; a second user interface; and a processor that is connected to the first user interface and the second interface, the processor being configured to present on the first user interface a challenge set of cognitive information elements to the user, the challenge set of cognitive information elements being at least part of a cognitive challenge that has a reference solution, wherein the reference solution is based on an intersection of the challenge set of cognitive information elements and a secret set of cognitive information elements; receive from the second user interface a response to the cognitive challenge, the response containing a biometric feature of the user; extract the biometric feature of the user from the response received from the second user interface; and authenticate the user if the biometric feature extracted from the response matches a reference biometric feature associated with the reference solution.
PCT/AU2017/050426 2016-05-10 2017-05-10 Authenticating a user WO2017193165A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP17795186.0A EP3455766A4 (en) 2016-05-10 2017-05-10 Authenticating a user
US16/099,801 US10965671B2 (en) 2016-05-10 2017-05-10 Authenticating a user
AU2017261844A AU2017261844A1 (en) 2016-05-10 2017-05-10 Authenticating a user

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2016901727A AU2016901727A0 (en) 2016-05-10 Authenticating a user
AU2016901727 2016-05-10

Publications (1)

Publication Number Publication Date
WO2017193165A1 true WO2017193165A1 (en) 2017-11-16

Family

ID=60266011

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2017/050426 WO2017193165A1 (en) 2016-05-10 2017-05-10 Authenticating a user

Country Status (4)

Country Link
US (1) US10965671B2 (en)
EP (1) EP3455766A4 (en)
AU (1) AU2017261844A1 (en)
WO (1) WO2017193165A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019102120A1 (en) * 2017-11-24 2019-05-31 Hiasecure Methods and devices for enrolling and authenticating a user with a service
US10965671B2 (en) 2016-05-10 2021-03-30 National Ict Australia Limited Authenticating a user

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108280332B (en) * 2017-12-15 2021-08-03 创新先进技术有限公司 Biological characteristic authentication, identification and detection method, device and equipment of mobile terminal
US10728443B1 (en) 2019-03-27 2020-07-28 On Time Staffing Inc. Automatic camera angle switching to create combined audiovisual file
US10963841B2 (en) 2019-03-27 2021-03-30 On Time Staffing Inc. Employment candidate empathy scoring system
US11127232B2 (en) 2019-11-26 2021-09-21 On Time Staffing Inc. Multi-camera, multi-sensor panel data extraction system and method
US11023735B1 (en) 2020-04-02 2021-06-01 On Time Staffing, Inc. Automatic versioning of video presentations
US11144882B1 (en) 2020-09-18 2021-10-12 On Time Staffing Inc. Systems and methods for evaluating actions over a computer network and establishing live network connections
US11727040B2 (en) 2021-08-06 2023-08-15 On Time Staffing, Inc. Monitoring third-party forum contributions to improve searching through time-to-live data assignments
US11423071B1 (en) 2021-08-31 2022-08-23 On Time Staffing, Inc. Candidate data ranking method using previously selected candidate data
US11907652B2 (en) 2022-06-02 2024-02-20 On Time Staffing, Inc. User interface and systems for document creation
US20240022562A1 (en) * 2022-07-15 2024-01-18 Mastercard International Incorporated Systems, methods, and non-transitory computer-readable media for biometrically confirming trusted engagement

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080235788A1 (en) * 2007-03-23 2008-09-25 University Of Ottawa Haptic-based graphical password
US8453207B1 (en) 2012-07-11 2013-05-28 Daon Holdings Limited Methods and systems for improving the security of secret authentication data during authentication transactions
US20130212674A1 (en) 2010-06-25 2013-08-15 Passtouch, Llc System and method for signature pathway authentication and identification
WO2014140426A1 (en) * 2013-03-13 2014-09-18 Bookit Oy Ajanvarauspalvelu Multi-factor authentication techniques
US20160148012A1 (en) * 2014-11-19 2016-05-26 Speechpro, Inc. System, method and apparatus for voice biometric and interactive authentication

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230843A1 (en) 2003-08-20 2004-11-18 Wayne Jansen System and method for authenticating users using image selection
US20070261109A1 (en) 2006-05-04 2007-11-08 Martin Renaud Authentication system, such as an authentication system for children and teenagers
US20070271466A1 (en) 2006-05-18 2007-11-22 Genevieve Mak Security or authentication system and method using manual input measurements, such as via user manipulation of a computer mouse
US9972047B1 (en) * 2008-04-18 2018-05-15 Capital One Services, Llc Systems and methods for performing a purchase transaction using rewards points
FR2950984B1 (en) * 2009-10-05 2012-02-03 Interactif Visuel Systeme Ivs METHOD AND EQUIPMENT OF MEASUREMENTS FOR CUSTOMIZATION AND MOUNTING OF CORRECTIVE OPHTHALMIC LENSES
US9672335B2 (en) 2009-12-17 2017-06-06 Laird H Shuart Cognitive-based logon process for computing device
US10476873B2 (en) 2010-11-29 2019-11-12 Biocatch Ltd. Device, system, and method of password-less user authentication and password-less detection of user identity
US8752146B1 (en) 2012-03-29 2014-06-10 Emc Corporation Providing authentication codes which include token codes and biometric factors
US20140020089A1 (en) 2012-07-13 2014-01-16 II Remo Peter Perini Access Control System using Stimulus Evoked Cognitive Response
US20150067786A1 (en) * 2013-09-04 2015-03-05 Michael Stephen Fiske Visual image authentication and transaction authorization using non-determinism
WO2014137913A1 (en) 2013-03-04 2014-09-12 Hello Inc. Wearable device that communicated with a telemetry system
US9367676B2 (en) 2013-03-22 2016-06-14 Nok Nok Labs, Inc. System and method for confirming location using supplemental sensor and/or location data
WO2014182787A2 (en) 2013-05-08 2014-11-13 Jpmorgan Chase Bank, N.A. Systems and methods for high fidelity multi-modal out-of-band biometric authentication
US9928355B2 (en) * 2013-09-09 2018-03-27 Apple Inc. Background enrollment and authentication of a user
US9223955B2 (en) 2014-01-30 2015-12-29 Microsoft Corporation User-authentication gestures
EP3140613B1 (en) * 2014-05-05 2024-04-03 Hexagon Technology Center GmbH Surveying system
US10620700B2 (en) 2014-05-09 2020-04-14 Google Llc Systems and methods for biomechanically-based eye signals for interacting with real and virtual objects
WO2017193165A1 (en) 2016-05-10 2017-11-16 National Ict Australia Limited Authenticating a user

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080235788A1 (en) * 2007-03-23 2008-09-25 University Of Ottawa Haptic-based graphical password
US20130212674A1 (en) 2010-06-25 2013-08-15 Passtouch, Llc System and method for signature pathway authentication and identification
US8453207B1 (en) 2012-07-11 2013-05-28 Daon Holdings Limited Methods and systems for improving the security of secret authentication data during authentication transactions
WO2014140426A1 (en) * 2013-03-13 2014-09-18 Bookit Oy Ajanvarauspalvelu Multi-factor authentication techniques
US20160148012A1 (en) * 2014-11-19 2016-05-26 Speechpro, Inc. System, method and apparatus for voice biometric and interactive authentication

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BERRY SCHOENMAKERS, LECTURE NOTES CRYPTOGRAPHIC PROTOCOLS, 2016, Retrieved from the Internet <URL:http://www.win.tue.nl/~berry/2WC13/LectureNotes.pdf>
M. SAYRAFIEZADEH: "The Birthday Problem Revisited", MATHEMATICS MAGAZINE, vol. 67, no. 3, 1994, pages 220 - 223
See also references of EP3455766A4

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10965671B2 (en) 2016-05-10 2021-03-30 National Ict Australia Limited Authenticating a user
WO2019102120A1 (en) * 2017-11-24 2019-05-31 Hiasecure Methods and devices for enrolling and authenticating a user with a service
FR3074321A1 (en) * 2017-11-24 2019-05-31 Hiasecure METHODS AND DEVICES FOR ENROLLING AND AUTHENTICATING A USER WITH A SERVICE
US11483166B2 (en) 2017-11-24 2022-10-25 Hiasecure Methods and devices for enrolling and authenticating a user with a service

Also Published As

Publication number Publication date
EP3455766A1 (en) 2019-03-20
US20190141033A1 (en) 2019-05-09
EP3455766A4 (en) 2019-11-27
US10965671B2 (en) 2021-03-30
AU2017261844A1 (en) 2018-11-22

Similar Documents

Publication Publication Date Title
US10965671B2 (en) Authenticating a user
US10489577B2 (en) Identifying one or more users based on typing pattern and/or behavior
CN104408341B (en) Smart phone user identity identifying method based on gyroscope behavioural characteristic
US10169558B2 (en) Enhancing biometric security of a system
Lee et al. Understanding keystroke dynamics for smartphone users authentication and keystroke dynamics on smartphones built‐in motion sensors
Impedovo et al. Automatic signature verification in the mobile cloud scenario: survey and way ahead
US9202035B1 (en) User authentication based on biometric handwriting aspects of a handwritten code
US20080235788A1 (en) Haptic-based graphical password
US10169565B2 (en) Method of dynamically adapting a secure graphical password sequence
Tolosana et al. BioTouchPass: Handwritten passwords for touchscreen biometrics
US20110302649A1 (en) System for and method of providing secure sign-in on a touch screen device
US9348510B2 (en) Comparing users handwriting for detecting and remediating unauthorized shared access
Koong et al. A user authentication scheme using physiological and behavioral biometrics for multitouch devices
Antal et al. Online Signature Verification on MOBISIG Finger‐Drawn Signature Corpus
CN105212942A (en) Utilize the Verification System of Biont information
JPWO2020261545A1 (en) Authentication system, authentication device, authentication method, and program
Yang et al. Online handwritten signature verification based on the most stable feature and partition
WO2010028517A1 (en) System and method for generating/ identifying cipher code via artificial neural network
Saleem et al. Systematic evaluation of pre-processing approaches in online signature verification
KR102194366B1 (en) Electronic device for generating verification model used to verify a user&#39;s signature
Gao et al. Usability and security of the recall-based graphical password schemes
Ho et al. Sequence alignment of dynamic intervals for keystroke dynamics based user authentication
CN111353139A (en) Continuous authentication method and device, electronic equipment and storage medium
Gupta A new approach of authentication in graphical systems using ASCII submission of values
Suruthi et al. Efficient handwritten passwords to overcome spyware attacks

Legal Events

Date Code Title Description
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2017261844

Country of ref document: AU

Date of ref document: 20170510

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17795186

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017795186

Country of ref document: EP

Effective date: 20181210