WO2018011437A1 - Authentification et identification automatisées d'un utilisateur d'une installation de traitement de données à l'aide de caractéristiques de reconnaissance dynamiques et biométriques de frappe - Google Patents

Authentification et identification automatisées d'un utilisateur d'une installation de traitement de données à l'aide de caractéristiques de reconnaissance dynamiques et biométriques de frappe Download PDF

Info

Publication number
WO2018011437A1
WO2018011437A1 PCT/EP2017/068059 EP2017068059W WO2018011437A1 WO 2018011437 A1 WO2018011437 A1 WO 2018011437A1 EP 2017068059 W EP2017068059 W EP 2017068059W WO 2018011437 A1 WO2018011437 A1 WO 2018011437A1
Authority
WO
WIPO (PCT)
Prior art keywords
text
analysis
processing system
data processing
person
Prior art date
Application number
PCT/EP2017/068059
Other languages
German (de)
English (en)
Inventor
Dieter Bartmann
Original Assignee
Professor Bartmann Information Systems Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Professor Bartmann Information Systems Gmbh filed Critical Professor Bartmann Information Systems Gmbh
Publication of WO2018011437A1 publication Critical patent/WO2018011437A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Definitions

  • the present invention relates to a method for automated authentication and / or identification of a person by a data processing system and a corresponding data processing system.
  • Modern information technology allows people to interact with a variety of machines, equipment and data processing equipment to share information.
  • machines and devices are equipped with data processing units to control the machines and devices as well as the exchange of information with the users.
  • human interaction with the machine or the data processing system should only be enabled if the corresponding user is authorized, eg at ATMs, online banking or when purchasing goods on the Internet.
  • the typing or general input behavior is an individual property that can be used for authentication or identification. This can always generate new data or text that must be typed for authentication by the user in a data acquisition unit, such as a keyboard or a touch-sensitive screen, with the individually specific typing behavior when entering the newly generated data or texts regardless of the content of the data or text, allowing an attacker to commit an unauthorized attack Access to a protected area, even if the theft of a typing sample, that is, a data sequence entered by a user, is not granted access, because he does not have the new data to enter with the typical typing behavior of the user and the provision of a stolen typing sample can be noticed by the difference in the entered data or texts.
  • a data acquisition unit such as a keyboard or a touch-sensitive screen
  • the method should be easy to use, in particular for the user, but at the same time offer a high degree of security of the correct authentication.
  • the method should be easy to implement in data processing systems.
  • a data processing system here means any device or device in which data is processed automatically, such as, for example, controls of machines and devices, computers, mobile telephones, PDAs, networks of such devices, and the like. What is needed is a data collection unit that allows a user to enter data in the form of alphanumeric characters, such as a keyboard.
  • a keyboard Under a keyboard is any technical realization of an input option of alphanumeric characters, ie numbers, letters and special characters to understand, so for example, classic keyboards with individual, the characters associated keys, but also virtual keyboards or input fields via software on touch-sensitive displays or The like can be represented.
  • a so-called tip sample is created with which the biometric input behavior of the user is determined.
  • a tip sample is understood to be an alphanumeric string, that is to say a number of letters, numbers or special characters, which have been entered in a characteristic manner and thus contain the individual typing behavior.
  • the typing behavior is characterized by features or input behavior parameters, such as the time between the input of individual characters, the times between the input of certain consecutive characters, the error rate when entering certain characters, the printing time when entering the characters or certain characters and the like Parameters that can be detected when entering alphanumeric characters and are already known in the art from the prior art.
  • the typing samples can contain further typical typing behavior characteristics that can be recorded when entering touch screens, such as the size of the touch area, the shape of the touch area, the precision with which certain touch screen fields are hit, the dynamic change of the corresponding parameters, wiping effects, and the like.
  • the biometric system specifies an input text (Challenge) that the user has to type (Response).
  • static biometrics such as e.g. facial recognition or fingerprint biometrics.
  • the data to be entered which is entered as an alphanumeric string or tip sample, can be distinguished according to the type of data or texts, where text comprises any type of alphanumeric string.
  • the fixed text is a sentence that applies equally to all users. With this sentence, the user trains the biometric system and also uses it for authentication.
  • the individual text is also a fixed sentence, but each user can individually choose himself, e.g. a passphrase.
  • Free text is any text that may be different from time to time.
  • a hybrid text is also defined, which is likewise an arbitrarily selectable text which can be different each time, but which contains recurring text components over a frequent use, ie is a variable combination of several freely selectable known or predetermined components .
  • the predetermined components may be selected from a group of individually predetermined components for each user, thus representing a kind of dictionary having a certain, limited number of words or phrases that can be arbitrarily combined into a hybrid text.
  • the known or predetermined components or text parts can thus of the Art a fixed text or an individual text. The more pronounced the text repetitions are, the closer the hybrid text is to the fixed text or to the individual text.
  • the various input behavior parameters are thus detected in the determination of input behavior parameters during the delivery of a tip sample or the input of data, so that an image of the biometric input behavior of the person to be authenticated results.
  • data is first input from the person to be authenticated via the data acquisition unit, and the data processing system or a determination unit of the data processing system determines the biometric input behavior of the data to be authenticated Person according to the input behavior parameters. Subsequently, in an analysis unit of the data processing system, it is analyzed whether the particular input behavior enables the authentication of a person, that is to say a match with a user profile stored in the data processing system is possible.
  • the person to be authenticated is requested to enter at least one hybrid text, which is characterized in that it is variably composed of several fixed predetermined constituents, whereby both the selection of the constituents from a group of constituents (dictionary) and their arrangement is freely selectable.
  • each time different components of the given group can form the hybrid text, or their order may be different from time to time.
  • different properties of different types of data or texts to be entered in the hybrid text can be combined for the authentication, namely properties of a fixed text, which is achieved by the predefined components, while at the same time realizing the advantages of a text as variable different texts can be generated.
  • variable-input texts are generated, however, consist of known components such as the numerals 0 to 9 and the other components such as and, -zig, hundred, thousand, etc.
  • an analysis unit is provided which has at least two analysis cores for carrying out two different analysis methods.
  • a fixed-text analysis and a free-text analysis are applied, which are specifically geared to the analysis of fixed text or free text.
  • the hybrid text specified in the acquisition step is then analyzed both by the fixed-text analysis and by the free-text analysis, so that a high authentification certainty can be achieved with a low text length or a small amount of data to be entered.
  • the text to be entered can contain, in addition to the hybrid text, various other text types in any combination, ie free text, fixed text and / or individual text, wherein these text types can be arranged before, after and / or between hybrid texts.
  • the data processing system can issue a plurality of prompts for inputting data in the acquisition step, wherein the data requested for one or more prompts can each represent at least one free text and / or fixed text and / or hybrid text and / or individual text.
  • the different analysis cores can be used to analyze the different types of data to increase authentication security.
  • the results of the different analysis cores or analysis methods can be combined into a final result, whereby different rules for the combination of the results can be provided. If, for example, the free text analysis finds a high level of agreement with a user profile, but the fixed text analysis shows only a small match, the authentication can still be used take place when is deposited as a rule in the data processing system or in the program for performing the method that in such a case, the authentication is given.
  • the analysis of the different data types or text types ie the fixed texts, the free texts, the individual texts and the hybrid texts is carried out by appropriate analyzes or analysis cores, which are tailored to the respective text or data types.
  • an individual text kernel can also be used for individual text analysis.
  • the additional information that all taps samples of all users refer to the same text can be used for the analysis of the tip sample.
  • both the typing samples of the respective user as well as the typing samples of other persons can be used, in order thereby to set the position of the own profile in relation to the position of an adjacent profile and sharpen the own profile with this information. This increases the selectivity of the process.
  • the analysis or the analysis kernels can also be designed in such a way that the generated typing profile with the typing marks or input behavior parameters is exactly related to the selected text. As a result, when updating the user profile, the typing profile can be sharpened more quickly and the selectivity to other users is increased.
  • pattern recognition based on a support vector machine can be used for the fixed / individual text analysis, while the analysis based on artificial neural networks can be carried out for the free text analysis.
  • analysis methods for the analysis of free text and fixed text are described in the dissertation by S. Erdenreich, Negative Identification based on typing behavior using fixed and free text components, Springer Vieweg, 2012.
  • An overview of different methods for analyzing the typing behavior that can be used for the free text analysis, the fixed text analysis, the individual text analysis and the hybrid analysis can be found in M. Karnan, M. Akila and N. Krishnaraj, Biometrics: Personal authentication using keystroke dynamics: A review: Applied Soft Computing, 1 1 (2), 1565 - 1573, March 201 1.
  • the present invention can be used, for example, for a so-called BioLogin with the dynamic feature of BioPIN for access to certain information, databases or services.
  • the input mask and the associated input looks like this, for example:
  • “Bad23G00” is an individual text. "Twenty-four” is a hybrid text. "Rosen” is a free text that serves as additional security against long-term spying attacks, and if the text is only hybrid, the attacker could catch so many over time by tapping a variety of typing samples catching up with recurring parts of the text that he would be able to build the momentarily demanded dynamic feature from already existing parts of the text.
  • the fixed text kernel receives the fixed text "My vorit: "and the Hybhdtext .vierundzwanzig”.
  • the individual text kernel receives the input text "bad23GOO” and "My favorite:*******”.
  • the free text kernel gets once the free text "roses” and once the entire text "bad23600 twenty four roses My favorite:****** ".
  • Each core provides a special recognition level. All individual recognition levels are combined to form a total recognition level.
  • the hidden name of the favorite acts like a password.
  • the login works with two security features, typing and knowledge feature, so that a 2-factor authentication is given.
  • the described invention can also be used in online banking and in Internet payment.
  • a dynamic TAN is usually used. It is either generated on the bank computer and transmitted to the customer via a second channel, eg via a smartphone (so-called SmartTAN), or else the customer generates the TAN on a special hardware device which he holds in his hands (DeviceTAN).
  • SmartTAN a smartphone
  • DeviceTAN a special hardware device which he holds in his hands
  • the TAN is uniquely linked to the transfer text so that you can instantly recognize manipulated transfers because the associated TAN is no longer correct.
  • the tip biometry can also create a dynamic feature that works like a TAN in the above sense (the so-called BioTAN).
  • BioTAN BioPIN Challenge
  • the previously mentioned BioPIN Challenge must not be generated randomly by the bank computer, but derived from the transfer text like a dynamic TAN.
  • the BioTAN still has the advantage of a biometric feature.
  • the BioTAN provides direct evidence of the biometric trait proving that it is really the user who initiates the payment process and not another person.
  • SmartTAN and DevicTAN provide this proof only indirectly via the ownership feature mobile phone or hardware device. Who holds it in hands, is probably the user.
  • SmartTAN, DeviceTAN and iTAN can be hardened by additionally entering the last few digits of the TANs determined with the common tools in words, ie as BioTAN.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un procédé d'authentification et identification automatisées d'une personne par une installation de traitement de données ou par une installation de traitement de données correspondante. Ledit procédé comprend : une étape de détection au cours de laquelle l'installation de traitement de données détecte, avec une unité de détection de données, la saisie de données effectuée par la personne à authentifier; une étape de détermination au cours de laquelle est déterminé un comportement de saisie biométrique de la personne à authentifier lors de la saisie de données à l'aide des données saisies conformément à des paramètres de comportement de saisie; et une étape d'analyse au cours de laquelle l'installation de traitement de données analyse si le comportement de saisie déterminé au cours de l'étape de détermination permet l'authentification d'une personne. Au cours de l'étape de détection, l'installation de traitement de données demande à la personne à authentifier de saisir au moins un texte hybride qui est composé de manière variable de plusieurs parties prédéfinies de manière fixe tandis qu'au cours de l'étape d'analyse, l'installation de traitement de données emploie au moins deux procédés d'analyse différents pour associer le comportement de saisie d'une personne, déterminé au cours de l'étape de détermination, à une certaine personne et les deux procédés d'analyse différents ou plus sont formés par une analyse de texte fixe et une analyse de texte libre, le texte hybride étant analysé aussi bien par l'analyse de texte fixe que par l'analyse de texte libre.
PCT/EP2017/068059 2016-07-15 2017-07-17 Authentification et identification automatisées d'un utilisateur d'une installation de traitement de données à l'aide de caractéristiques de reconnaissance dynamiques et biométriques de frappe WO2018011437A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102016113148.2 2016-07-15
DE102016113148.2A DE102016113148A1 (de) 2016-07-15 2016-07-15 Automatisierte Authentifizierung und Identifizierung eines Benutzers einer Datenverarbeitungsanlage mit Hilfe dynamischer tippbiometrischer Erkennungsmerkmale

Publications (1)

Publication Number Publication Date
WO2018011437A1 true WO2018011437A1 (fr) 2018-01-18

Family

ID=59363154

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/068059 WO2018011437A1 (fr) 2016-07-15 2017-07-17 Authentification et identification automatisées d'un utilisateur d'une installation de traitement de données à l'aide de caractéristiques de reconnaissance dynamiques et biométriques de frappe

Country Status (2)

Country Link
DE (1) DE102016113148A1 (fr)
WO (1) WO2018011437A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10970573B2 (en) 2018-04-27 2021-04-06 ID R&D, Inc. Method and system for free text keystroke biometric authentication

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130055381A1 (en) * 2011-08-31 2013-02-28 International Business Machines Corporation Creation of rhythmic password and authentication based on rhythmic password
EP2947618A1 (fr) * 2014-05-21 2015-11-25 CBT Cloud Biometrics Technology GmbH Système et procédé de déroulement sûr d'opérations bancaires en ligne

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8583574B2 (en) * 2008-08-06 2013-11-12 Delfigo Corporation Method of and apparatus for combining artificial intelligence (AI) concepts with event-driven security architectures and ideas

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130055381A1 (en) * 2011-08-31 2013-02-28 International Business Machines Corporation Creation of rhythmic password and authentication based on rhythmic password
EP2947618A1 (fr) * 2014-05-21 2015-11-25 CBT Cloud Biometrics Technology GmbH Système et procédé de déroulement sûr d'opérations bancaires en ligne

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
M. KARNAN; M. AKILA; N. KRISHNARAJ: "Biometrie personal authentication using keystroke dynamics", A REVIEW: APPLIED SOFT COMPUTING, vol. 11, no. 2, March 2011 (2011-03-01), pages 1565 - 1573
PIN SHEN TEH ET AL: "A Survey of Keystroke Dynamics Biometrics", THE SCIENTIFIC WORLD JOURNAL, vol. 2013, 29 August 2013 (2013-08-29), pages 1 - 24, XP055398338, DOI: 10.1155/2013/408280 *
VISHNU PRIYA NALLAGATLA: "Sequential decision fusion of multibiometrics applied to text-dependent speaker verification for controlled errors", 1 May 2012 (2012-05-01), BRISBANE, QUEENSLAND, XP055188829, Retrieved from the Internet <URL:http://eprints.qut.edu.au/63348/> [retrieved on 20150512] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10970573B2 (en) 2018-04-27 2021-04-06 ID R&D, Inc. Method and system for free text keystroke biometric authentication

Also Published As

Publication number Publication date
DE102016113148A1 (de) 2018-01-18

Similar Documents

Publication Publication Date Title
DE602004003478T2 (de) Virtuelle tastatur
DE10249801B3 (de) Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers
DE102007033812A1 (de) Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes
DE102007014885A1 (de) Verfahren und Vorrichtung zur Steuerung eines Nutzerzugriffs auf einen in einem Datennetz bereitgestellten Dienst
CH705781A1 (de) Benutzerrechteverwaltung und Zugangskontrollsystem mit Zeitbeschränkung.
EP1733293A1 (fr) Procede d&#39;une demande de connexion sure a un systeme technique
EP1697820B1 (fr) Procede pour activer un acces a un systeme informatique ou a un programme
DE60207980T2 (de) System und Verfahren zur Benutzerauthentifizierung in einem digitalen Kommunikationssystem
DE102013203436A1 (de) Generieren eines Schlüssels zum Bereitstellen von Berechtigungsinformationen
WO2018011437A1 (fr) Authentification et identification automatisées d&#39;un utilisateur d&#39;une installation de traitement de données à l&#39;aide de caractéristiques de reconnaissance dynamiques et biométriques de frappe
EP2300955A1 (fr) Procédé et dispositif d&#39;amélioration de systèmes d&#39;identification biométrique
WO2009121437A1 (fr) Procédé d&#39;authentification dynamique
EP2947618A1 (fr) Système et procédé de déroulement sûr d&#39;opérations bancaires en ligne
DE102013102092B4 (de) Verfahren und Vorrichtung zum Authentifizieren von Personen
EP2230648A1 (fr) Masque de mot de passe à usage unique destiné à dévier un mot de passe à usage unique
DE102009044173A1 (de) Kreuzweiser Abgleich von Tippverhaltensdaten zur Authentifizierung und/oder Identifizierung einer Person
DE102021125572B9 (de) Verfahren zur Durchführung eines Authentisierungsprozesses durch einen individuellen Systembenutzer
EP3306516A1 (fr) Dispositif d&#39;entrée et procédé d&#39;entrée
DE102009014919A1 (de) Verfahren und Vorrichtung zum Authentifizieren eines Benutzers
DE102005053848A1 (de) Verfahren zur bildbasierten Authentifizierung von Online-Transaktionen
DE102014116145A1 (de) System und Verfahren zur Benutzerauthentifizierung mittels Transformation digitalisierter biometrischer Merkmale
WO2005101159A1 (fr) Procede d&#39;ouverture de session securisee aupres d&#39;un systeme technique
EP2194499A1 (fr) Procédé de sécurisation des transactions
DE102017111482A1 (de) Vorrichtung und verfahren zum verifizieren einer identität einer person
EP2645670A1 (fr) Mise à disposition d&#39;attributs d&#39;identité d&#39;un utilisateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17740384

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17740384

Country of ref document: EP

Kind code of ref document: A1