WO2023016628A1 - Ré-authentification d'utilisateur basée sur la continuité des tremblements - Google Patents

Ré-authentification d'utilisateur basée sur la continuité des tremblements Download PDF

Info

Publication number
WO2023016628A1
WO2023016628A1 PCT/EP2021/072217 EP2021072217W WO2023016628A1 WO 2023016628 A1 WO2023016628 A1 WO 2023016628A1 EP 2021072217 W EP2021072217 W EP 2021072217W WO 2023016628 A1 WO2023016628 A1 WO 2023016628A1
Authority
WO
WIPO (PCT)
Prior art keywords
tremor
user
values
continuity
authentication
Prior art date
Application number
PCT/EP2021/072217
Other languages
English (en)
Inventor
Oleg Pogorelik
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2021/072217 priority Critical patent/WO2023016628A1/fr
Publication of WO2023016628A1 publication Critical patent/WO2023016628A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • G06N20/20Ensemble learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound

Definitions

  • Some embodiments described in the present disclosure relate to user authentication and, more specifically, but not exclusively, to biometric verification of a user session continuity.
  • Tremor is tiny vibrations in hands and fingers caused by the involuntary muscles contractions, being dependent on tens of fluctuations associated with appropriate muscles, nerves and bones, tremor patterns are considered a person specific and unique.
  • Tremor fluctuations may be successfully captured using the gyro and accelerometer of the mobile and wearable devices. And methods of defining tremor parameters, retrieval and classification thereof exist.
  • Mobile devices may be locked to prevent unauthorized access, particularly when sensitive applications such as payment, investment management, application having access to sensitive personal such as pictures, letters, and chat, or business information, account details and/or the like are installed thereon.
  • sensitive applications such as payment, investment management, application having access to sensitive personal such as pictures, letters, and chat, or business information, account details and/or the like are installed thereon.
  • Current usage models and practices are built with assumption that device is used by the owner only.
  • a device supporting continuity verification for user authentication comprising: a motion sensor sensing user’ s tremor, and a processing circuitry configured to: identify an authentication status issued by an execution of an authentication process by the processing circuitry; upon identification, receive a first output of the motion sensor recorded during a first time event; extract a reference value of at least one property from the first output; following the first time, continuously analyze a second output of the motion sensor to extract a series of values of the at least one property; when one or more values of the series of values together represent a deviation from a threshold set based on the reference value, instruct a re-execution of the authentication process by the processing circuitry.
  • a method for continuity verification for user authentication of a mobile device comprising: identifying an authentication status issued by an execution of an authentication process by the processing circuitry; upon identification, receiving a first output of the motion sensor recorded during a first time event; extracting a reference value of at least one property from the first output; following the first time, continuously analyzing a second output of the motion sensor to extract a series of values of the at least one property; when one or more values of the series of values together represent a deviation from a threshold set based on the reference value, instructing a re-execution of the authentication process by the processing circuitry.
  • the processing circuitry is further configured to: update the reference value, based on the series of values; and apply a decrement to the threshold based on a confidence criterion of the series of values.
  • the processing circuitry is further comprising a non-volatile memory and the processing circuitry is further configured to combine a strong factor wherein the authentication process comprising comparing a factor to an instance stored on the non-volatile memory, with the continuity verification.
  • the processing circuitry is further configured to detect at least one glitch interval, caused by a gesture performed by the user, and wherein the deviation timing is separate from the at least one glitch interval.
  • the at least one glitch interval is characterized by a minimum length ranging from ten to fifty milliseconds, and a maximum length from one tenth of second to a second.
  • the threshold is applied on a continuity score evaluator, describing estimated likelihood that the currently captured value from the series of values belong to the sequence of the preceding values from the series of values and generated by the same users’ tremor.
  • the device is handheld.
  • the motion sensor measures the user’s hand or wrist tremor, and using a plurality of gyro accelerometers, and the at least one property is derived from the plurality of gyro accelerometers.
  • FIG. 1 is a schematic illustration of an exemplary device supporting tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 2 is a schematic flowchart of an exemplary process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 3 is a schematic illustration of dataflow in an exemplary process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 4A depicts two exemplary usage flows of a sensitive application of two devices, one supporting timeout based user re-authentication, and one does not, according to some embodiments of the present disclosure
  • FIG. 4B is an exemplary data processing diagram of an exemplary device supporting tremor continuity based user authentication
  • FIG. 5 is a table of exemplary features extracted for tremor continuity based user reauthentication, according to some embodiments of the present disclosure
  • FIG. 6 is an illustration of biometric authentication and verification of a user session according to some embodiments of prior art
  • FIG. 7A depicts an exemplary behavior of a sensitive application during a hand over according to tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 7B depicts several features of an exemplary device supporting tremor continuity based user re-authentication, according to some embodiments of the disclosure present disclosure
  • FIG. 8 depicts several tremor characteristics observed by an exemplary device supporting tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 9 depicts an exemplary usage of a sequence of the preceding values by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 10 depicts three exemplary tremor patterns which may be considered as a glitch by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 11A depicts two exemplary tremor patterns which may be considered as a recoverable and an unrecoverable glitch by a process for tremor continuity based user reauthentication, according to some embodiments of the present disclosure
  • FIG. 1 IB depicts an exemplary tremor pattern comprising a glitch by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • FIG. 12A is an exemplary schematic graph of the false reject rate by the maximal glitch length, according to some embodiments of the present disclosure.
  • FIG. 12B is a system architecture diagram, according to some embodiments of the present disclosure.
  • FIG. 13 is a sequence diagram of an exemplary process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • Some embodiments described in the present disclosure relate to user authentication and, more specifically, but not exclusively, to biometric verification of a user session continuity.
  • Tremor is an example of a biometric factor, which may be used to verify a person’s identity in high confidence.
  • Tremor refers to tiny vibrations in body muscles, particularly, but not limited to hands and fingers, caused by the involuntary muscles contractions.
  • tremor patterns are considered specific and unique to a person, and tremor parameters, retrieval and classification techniques have been defined.
  • Tremor fluctuations may be successfully traced using sensors such as gyro and accelerometer, which are often featured on devices, particularly mobile, handled and wearable devices.
  • the term handheld refers to devices held, worn, or otherwise sensing the user’s tremor such as joysticks, capacitive or magnetic sensors such as those used in touch screens, including smart watches, helmets, and the like.
  • Tremor pattern of the same may significantly vary per usage and conditions. There are several independent variables affecting tremor pattern, such as time during the day, caffeine consumption, and mood.
  • the present disclosure aims at supporting little training and maintain higher level of user privacy.
  • the present disclosure implements transparent, continuous re-authentication of the previously authenticated user, based on tremor continuity verification. Following an authentication, for example using finger scan unlock, facial recognition, or a password, the device stores characteristics of the recent user’s tremor pattern, which may be periodically verified. The characteristics stored may be considered as a signature. Minor, gradual tremor changes will be considered as normal variations and as a result, the current user may be “re- authenticated” automatically, and the user may not be required to go through logins to get access to the sensitive applications and content as it may be today.
  • Implementations of the present disclosure system may check if consequently captured tremor characteristics or signatures are produced by the same person, who was formerly identified and authenticated, as for the same user in proximal time signatures are expected to be closely correlated. Implementations of the present disclosure may function without using stored tremor characteristics to identify a user, and without training the system or the device in advance.
  • the present disclosure comprises a method of combining of the biometric factors, including one or more strong factors such as facial recognition, finger scan, or non-biometric such as typing a password, for authentication, and combining the factor with tremor patterns comparison used for authentication continuity verification.
  • biometric factors including one or more strong factors such as facial recognition, finger scan, or non-biometric such as typing a password
  • the present disclosure may function without training the system to recognize a given user, as re-authentication is based on just in time user’s parameters.
  • the user experience may be transparent, when using operational flow of conditional re-authentication suppression on mobile devices and wearables, saving annoying background re-authentication operations and need for training.
  • notifications of handovers detected may be issued.
  • the present disclosure comprises system, device, apparatus and operational flows which enable supporting the tremor based functionality of continuous user verification.
  • the embodiments not needing training, or personal biometric factors stored on the device, may save user attentive time, and also contribute to privacy protecting.
  • the method may be applied on a variety of existing mobile devices with no hardware changes.
  • Embodiments may be a system, a method, and/or a computer program product.
  • the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the embodiments.
  • the computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device.
  • the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • a non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, and any suitable combination of the foregoing.
  • RAM random access memory
  • ROM read-only memory
  • EPROM or Flash memory erasable programmable read-only memory
  • SRAM static random access memory
  • CD-ROM compact disc read-only memory
  • DVD digital versatile disk
  • memory stick a floppy disk, and any suitable combination of the foregoing.
  • a computer readable storage medium is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
  • Computer readable program instructions described herein can be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
  • the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
  • Computer readable program instructions for carrying out operations of embodiments may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the "C" programming language or similar programming languages.
  • the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, in order to perform aspects of embodiments.
  • These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/ acts specified in the flowchart and/or block diagram block or blocks.
  • These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the fimctions/acts specified in the flowchart and/or block diagram block or blocks.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures.
  • two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • FIG. l is a schematic illustration of an exemplary device supporting verification of a user session continuity, according to some embodiments of the present invention.
  • An exemplary device supporting verification of a user session continuity 100 executes processes such as 200 for verification of a user session continuity. Further details about these exemplary processes follow as FIG. 2 is described.
  • the device 110 comprises an input interface 112, an output interface 115, one or more processors 111, processing circuitry used for executing processes such as 200, and storage 116 for storing code (program code storage 114) and/or data.
  • the device may be a mobile device; however, parts of the system may be implemented on an additional device as distributed system, virtually on a cloud service, on machines also used for other functions, and/or by several options.
  • the storage 116 may comprise a local cache on the device, and some of the less frequently used data and code parts may be stored remotely.
  • the input interface 112, and the output interface 115 may comprise one or more wired and/or wireless network interfaces for connecting to one or more networks, for example, a local area network (LAN), a wide area network (WAN), a cellular network, the internet and/or the like.
  • the input interface 112, and the output interface 115 may further include one or more wired and/or wireless interconnection interfaces, for example, a universal serial bus (USB) interface, a serial port.
  • the output interface 115 may include one or more wireless interfaces, and the input interface 112, may include one or more wireless interfaces for receiving information from one or more devices.
  • the input interface 112 may include specific means for communication with one or more sensor devices 122 such as a motion sensor 130 for sensing the device location and user voluntary and involuntary movement, a camera 131 which may be used for example for facial recognition, a touch screen 132 for user interface, a microphone 133, a biometric sensor such as a finger scanner, medical sensor, weather sensor and/or the like.
  • the output interface 115 may include specific means for communication with one or more display devices 125 such as a loudspeaker, display and/or the like.
  • the one or more processors 111 may include one or more processing nodes arranged for parallel processing, as clusters and/or as one or more multi core one or more processors.
  • the storage 116 may include one or more non-transitory persistent storage devices, for example, a hard drive, a Flash array and/or the like.
  • the storage 116 may also include one or more volatile devices, for example, a random access memory (RAM) component and/or the like.
  • the storage 116 may further include one or more network storage resources, for example, a storage server, a network attached storage (NAS), a network drive, and/or the like accessible via one or more networks through the input interface 112, and the output interface 115.
  • network storage resources for example, a storage server, a network attached storage (NAS), a network drive, and/or the like accessible via one or more networks through the input interface 112, and the output interface 115.
  • the one or more processors 111 may execute one or more software modules such as, for example, a process, a script, an application, an agent, a utility, a tool, an operating system (OS) and/or the like each comprising a plurality of program instructions stored in a non- transitory medium within the program code 114, which may reside on the storage medium 116.
  • the one or more processors 111 may execute a process, comprising inference for verification of a user session continuity such as 200 and/or the like, to validate that the device is handled by the same user who passed the authentication.
  • FIG. 2 is a schematic flowchart of an exemplary process for verification of a user session continuity, according to some embodiments of the present disclosure.
  • the processor 111 may execute the exemplary process 200 for a variety of sensitive applications such as payment, sensitive information access control, vehicle control, and/or the like.
  • the process 200 or parts thereof may be executing using a remote system, an auxiliary system, and/or the like.
  • the exemplary process 200 starts, as shown in 201, with identifying an authentication status issued by an execution of an authentication process by a mobile device having a motion sensor which may measures the user’s hand or wrist tremor, for example by using a gyro accelerometer.
  • the device may imitate the process, by sending a message, enabling identifying an authentication status issued by an execution of an authentication process.
  • the authentication status is positive, the assumption that the user is allowed to access the sensitive data and application may hold, and the continuity verification for user, or user continuity verification may start.
  • Devices may have installed authentication applications and/or devices such as a fingerprint scanner, a facial recognition, or entry of one or more password, gesture sequences, and/or the like.
  • the application associated with the installed authentication may send a message through the device operating system to a user continuity verification application, after the user got a successful authentication.
  • One or more if these applications may be implemented in hardware, firmware, or as a part of the operating system, and other messaging or signaling methods may be used.
  • the exemplary process 200 continues, as shown in 202, with receiving a first output of the motion sensor recorded during a first time event.
  • the motion sensor may be an accelerometer, gyroscope, also known as gyro, or both, however other methods such as optical, electromagnetic, or sonar signaling may be used alternatively.
  • the output from the motion sensor may be stored in memory, preferably volatile memory, by the user continuity verification application, for example within a buffer maintained by a frame sequence manager, by the operating system, or by another application keeping the information available thereto as the base for the following continuity verification.
  • the user continuity verification application for example within a buffer maintained by a frame sequence manager, by the operating system, or by another application keeping the information available thereto as the base for the following continuity verification.
  • no adequate history buffer is available for continuity evaluation, and the trust results from the recent authentication.
  • the terms during and upon, for example with reference to the first time event may refer to a time during the authentication process, an event associated therewith, or to a time immediately following, for example within two seconds or less.
  • the first output may be taken whenever the device is touched, even before the authentication process starts.
  • the exemplary process 200 continues, as shown in 203, with extracting a reference value of the properties from the first output.
  • the reference value may be calculated using time series analysis methods, and used to characterize the tremor of the user.
  • the analysis may comprise filtering using known techniques, such as Finite Impulse Response (FIR) filter, and feature retrieval from domains such as time, frequency and spectral power density, giving rise to one or more captured feature vectors or tremor signatures.
  • FIR Finite Impulse Response
  • Gyro and Accelerometer x, y, z may be recorded 100 times per second, however other frequencies such as 60, 333.3 or 1000 times per second may be used.
  • Finite Impulse Response Filter may retrieve 4-12 Hz frequencies from the raw record, however the ranges may vary, for example 2.5-100Hz or 6-10Hz. Representative features in time, frequency and spectrum domains may be created from raw data using a variety of techniques and shaping signatures.
  • Some implementations may classify the signals using one of the known classifiers such as support vector machine, or XGBoost Random Forest.
  • the disclosure may use maximum likelihood estimation, or similar methods.
  • the exemplary process 200 continues, as shown in 204, with following first time event, continuously analyzing a second output of the motion sensor to extract a series of values of the at least one property.
  • the continuously analyzing refers to continuous verification may be performed on two or more substantially consecutive signatures.
  • a continuity verification function (CVF), f cs ((vi,s n ) ⁇ R[0, l ] may be applied on the values in the series representing the characteristics and properties, and on the history Vi, which stores the characteristics s n -H to s n -i, H is the depth used.
  • the continuity score CS (0..1) may be calculated thereby.
  • Examples of methods to calculate the CS comprise enhanced Minkowski Distance, restricted or normalized Tremor features weighted, and using importance metrics learnt from test Random Forest Classifier, statistical time-series classifier, and ML classifiers, such as Temporal Convolutional Network (TCN), GRU, LSTM or RNN.
  • TCN Temporal Convolutional Network
  • the continuity score may actually be a discontinuity score, wherein 0 indicates certain continuity and 1 indicates certain discontinuity, however and functionally equivalently, the continuity score evaluator may produce score describing an estimated likelihood that the currently captured value from the series of values belong to the sequence of the preceding values from the series of values and generated by the same user’s tremor.
  • the representative features may be extracted from the raw data similarly to the methods described in 203.
  • substantially refers to as stated, approximately as stated, or functionally equivalent to as stated.
  • substantially consecutive may refer to having a gap of two or three samples, or a larger number if oversampling is applied.
  • the exemplary process 200 may optionally continue, as shown in 220, with detecting glitch intervals, caused by a movement exceeding tremor magnitude.
  • a glitch may result, for example a gesture performed by the user, and detected for example by the accelerometer magnitude exceeding a threshold.
  • the process may indicate continuity during glitches, by applying suppression, or by strobing the deviation detection during the glitch interval.
  • Tremor continuity during the regular usage could be disrupted by intensive operations, also referred to as glitches.
  • Gestures applied on an interface of the mobile device, for example on the touchscreen such as tap or swipe are example of causes for glitches.
  • FRR glitch related false reject rate
  • the system may detect and suppress glitch related exceptions, for example by filtering them out.
  • Such methods may also be referred to as shock elimination technique for glitches removal, so that when discontinuity is detected, the deviation timing indicating that discontinuity is separate from the at least one glitch interval. Further details about filtering glitch related exceptions follow for example in FIG. 10.
  • the processor or system executing the process 200 may, as shown in 205, instruct a re-execution of the authentication process.
  • the continuity score CS may be used to determine when one or more values of the series of values represent a deviation from a threshold CT, set based on the reference, i.e. a prediction based at least partially on one or more previous values.
  • the calculation may be continuous, however alternatively, factors may be verified individually to
  • the instructing may be done by sending a notification to sensitive applications to close, or require re-authentication, for example using the device operating system.
  • the exemplary process 200 may optionally continue, as shown in 211, with updating the reference value, based on the series of values.
  • the updating of the reference value may be done as n in the history formula increases, by maintaining additional values.
  • the values before s n -H may be omitted if H, the number of times from which history reference values are used may be fixed, however some optional implementations may increase H as n increases.
  • the process 200 may optionally continue by applying a decrement on the threshold, based on a confidence criterion of the series of values.
  • H greater than n may not be reliably used, when former tremor characteristics of the user are not stored, and/or not trusted.
  • CVFs may be applied based on H. For example, a Minkowski distance based may be used for the first two seconds, and followingly, a more sophisticated, and more precise, RNN based method. When the length, and thus the confidence criterion of the series of values rises, the RNN based method may start, and a decrement on the threshold may be applied. Alternatively, more than two different levels of H and associated thresholds and methods may be applied.
  • FIG. 3 is a schematic illustration of dataflow in an exemplary process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • a sensor output St for a time t may comprise a plurality of indications.
  • Each sensor output is characterized by three axes, namely X, Y, and Z, as shown in 311, for example north-south, east-west, and up-down.
  • a mobile device may have more than one motion sensors, for example some mobile devices have two motion sensors, as shown in 312 and 314.
  • Features extracted from a plurality of sensors, such as the two different sensors have many dependences, as for example, the distance therebetween may be fixed, however may differ, for example due to rotation.
  • the feature extraction as shown in 320 may extract several types of features.
  • a known taxonomy considers three types of features that may be extracted. First, time domain features such as mean or maximal gap may be extracted. Second, a transform such as fast Fourier transform (FFT) may be used to extract frequency domain features such as spectral centroid and spectral irregularities. Third, power spectral density features such as periodogram based features. Alternatively, methods such as wavelets, neural networks, and the like may also be used to extract features.
  • FFT fast Fourier transform
  • a continuity score may be calculated, based on a measure of the changes in the features. The more gradual and cyclic these changes are, the higher or lower the continuity score may be, based on its direction choice.
  • a filtration of continuity verification due to deliberate user movement during the regular usage may be filtered to reduce the FRR.
  • Gestures on the touchscreen, as well as walking, may cause glitches.
  • the continuity verification may be strobed.
  • One aspect of the strobing is the glitch amplitude as deliberate movements may exceed tremor magnitude by far.
  • Another aspect is the glitch timing, as an overly long movement may not be characteristic to normal use of the device, and may indicate a handover, or a spoofing attack.
  • a swipe movement, or example is expected to be comparatively short, for example in the range of 80ms to 200ms, or from 150ms to 600ms . The range may be specified by experiment, or customized for the specific user characteristics.
  • the glitch strobing may be indicated for example by strobing the data stream of the sensor output features, or by sending a binary signal to the continuity score evaluator shown in 340.
  • the continuity score may be verified to fall within a threshold.
  • the glitch suppression is off, either due to no glitch detection or due to exceeding the maximal glitch length, and the continuity score does not meet the threshold, a handover event may be detected, and a re-execution of the authentication process may be instructed.
  • FIG. 4A depicts two exemplary usage flows of a sensitive application of two devices, one supporting timeout based user re-authentication, and one does not, according to some embodiments of the present disclosure.
  • the top flow represents a typical possible usage of a mobile device such a smartphone.
  • the user unlocks the device.
  • the user opens a sensitive application, for example a payment application.
  • the user may open a less sensitive application, for example to watch video-clips or play a sport, however the sensitive application may be still active in the background, and stay so until it’s closed explicitly.
  • the user may forget using the sensitive application, and hand the device to another person, giving rise to a vulnerability.
  • the bottom flow represents a usage of a mobile device, using timeout to secure sensitive applications.
  • the user unlocks the device and logs in to a sensitive application.
  • the user may open a less sensitive application, and forget to attend to the device. If an unauthorized user tries to access the sensitive application after the timeout, a repeated login may be required, but not if the user manages to try accessing the application before the timeout takes place.
  • FIG. 4B is an exemplary data processing diagram of an exemplary device supporting tremor continuity based user authentication.
  • an exemplary motion sensor is shown, followed by profiteering.
  • the frequency range shown is 7-12Hz, however other ranges from DC to frequencies such as 20Hz may be used. Processing much higher frequencies, for example IKHz is possible, however not expected to contribute to the performance proportionally to the processing resources.
  • features may be extracted. Preferred implementations may use 50 to 200 features, however it is possible to use different number of features.
  • An exemplary implementation may use 32 features from each of the two motion sensor on the device, or 64 features.
  • a classification which may be based on a trained model such as random forest or a neural network may classify the user ID based on tremor. It should be noted this method requires training, and storing user characteristics on the device, giving rise to privacy issues.
  • FIG. 5 is a table of exemplary features extracted for tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • the tables is based on a taxonomy, dividing features to time domain, frequency domain, and power spectral density categories, however other features and taxonomies may be used.
  • Time domain features may include mean, standard deviation, average deviation, RMS amplitude, and maximal or minimal values.
  • Frequency domain features may include feature such as spectral standard deviation, spectral crest, irregularities, and the like.
  • Power spectral density features such as periodogram frequencies may also be used.
  • FIG. 6 is an illustration of biometric authentication and verification of a user session according to some embodiments of prior art.
  • a number of data samples often in the range of thousands or more, may be required to train a model such as a random forest.
  • a majority voting or averaging may be applied on each of the decision trees of the random forest.
  • An exemplary weakness of the method is the possibility to use oracle attacks to recover features of the authorized users’ properties.
  • FIG. 7A depicts an exemplary behavior of a sensitive application during a hand over according to tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • the user is authenticated using existing strong and trusted factors such as face or fingerprint recognition. These methods may require the processing circuitry to comprise a nonvolatile memory, and the authentication may comprise comparing a biometric factor or a password to an instance stored on the non-volatile memory, to combine with the disclosed tremor based continuity verification.
  • the user’s tremor signature may be captured immediately and used as the base for the following continuity verification, checking if following captured signatures are closely correlated and therefore produced by the same person in high confidence. Significant changes may be considered as “hands-over” or “left unattended” event.
  • the flow represents a usage of a mobile device, using tremor continuity to secure sensitive applications.
  • the user unlocks the device and opens a sensitive application.
  • the user may open a less sensitive application, and hand the device to someone else, or leave the device unlocked.
  • the tremor continuity verification detects the tremor discontinuity and closes the sensitive or the critical application and a user trying to access the sensitive application after the tremor discontinuity was detected will have to pass reauthentication.
  • the application may receive a message to require the reauthentication without closing, and other alternative implementations apparent to a person skilled in the art, are also within the scope of the claims.
  • FIG. 7B depicts several features of an exemplary device supporting tremor continuity based user re-authentication, according to some embodiments of the disclosure present disclosure.
  • the Tremor Features Retriever receives samples from the motion sensor, for example the gyro and the accelerometer.
  • the sampling frequency may be 100Hz, however the actual frequencies processed may be lower.
  • the Capture Recent Tremor Template captures the initial template of the tremor, and the Tremor Continuity Verifier applies the Continuity Score Evaluator on the current sample versus a plurality, for example of four, of the recent samples.
  • FIG. 8 depicts several tremor characteristics observed by an exemplary device supporting tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • An exemplary time series is shown on the top left.
  • the filled squares show the actual series, the triangles show forecast predicted behavior of the time series.
  • the circles show a former prediction which may be verified by comparison to the actual values.
  • Trends may be removed by Autoregressive Integrated Moving Average (ARIMA). Seasonality, predictable cyclic behavior, may be filtered, as well as irregularities.
  • the cyclicity of the characteristic tremor frequency range, for example 7-12Hz is sought by the model.
  • FIG. 9 depicts an exemplary usage of a sequence of the preceding values by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • CVF continuity verification function
  • the first phase trust initiation, the user was just authenticated using strong factor such as face recognition.
  • the first signature also referred to as first output or root, is captured during or immediately, within pre-defined trust period, after login so it is considered trusted.
  • history accumulation system may apply basic CVF implementing for example enhanced Minkowski distance using normalized tremor features or Hidden Markov Models (HMM) which may work even using a single history point.
  • Basic CVF may have higher FRR, however it is desirable that the FAR is kept low.
  • CVF Scal continuity verification based optimal CVF using history
  • CVF may implement sophisticated algorithms such Statistical time-series classifier, or be based one of ML classifiers, such as Temporal Convolutional Network (TCN) or RNN.
  • TCN Temporal Convolutional Network
  • FIG. 10 depicts three exemplary tremor patterns which may be considered as a glitch by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure.
  • Tremor continuity during the regular usage could be disrupted by intensive operations, for example deliberate gestures of the user, or movement. These disruptions may be referred to as Glitches.
  • the glitch related FRR may be minimized by the system detection and suppression, for example by filtering out glitch related exceptions.
  • Some exemplary methods to suppress the glitches may be referred to as shock elimination technique for removal of glitches.
  • Glitch fragments may be dropped by the pre-filtering blocks before running frequency filters and feature extraction. Signature calculations may be corrected appropriately.
  • the top example shows an orthostatic tremor phase, followed by a glitch caused by tapping, and followingly the tremor pattern returns characteristics similar to the orthostatic tremor phase.
  • the middle example shows an orthostatic tremor phase, followed by a glitch caused by a vertical swipe gesture, and followingly the tremor pattern returns characteristics similar to the orthostatic tremor phase.
  • the bottom example shows a shorter orthostatic tremor phase, followed by a glitch caused by a tap swipe pattern, used for message bar opening. This pattern is also followed by a tremor pattern similar to the orthostatic tremor phase. Note that these gestures and patterns are examples for illustration purpose, and actual appearance in implementations may vary.
  • FIG. 11 A depicts two exemplary tremor patterns which may be considered as a recoverable and an unrecoverable glitch by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • glitches latency may be limited to a maximum in a range from half a second to one or several seconds.
  • the maximal glitch duration may be specified in system settings.
  • the pre-filtering block may optionally include subsystems responsible for glitch classification and filter adjustment per user. Applying dynamic filter adjustments may bring minor accuracy improvements of the shock elimination techniques.
  • the glitch meets the maximum duration and the pre-filtering may suppress it.
  • the glitch exceeds the maximum duration, and the re-execution of the authentication process by the processing circuitry may be instructed.
  • FIG. 11B depicts an exemplary tremor pattern comprising a glitch by a process for tremor continuity based user re-authentication, according to some embodiments of the present disclosure
  • Glitch detection and correction may be based on detection of the Glitch Magnitude Threshold (GT) throughout the recorded signals.
  • Filter size FS of about 150ms may be preferred, following experimental usage. Other values of FS such as 50ms or 300ms may be used. Touch recognition combined with selective with dynamic glitch filter size configuration may improve the FAR and FRR.
  • the graph shown shows how averaging influences the graph of the magnitude by time, comprising an exemplary glitch magnified and a magnified area showing the smoothing effect.
  • FIG. 12A is an exemplary schematic graph of the false reject rate by the maximal glitch length, according to some embodiments of the present disclosure.
  • the graph shows that tap related FRR becomes stable for FS of 100ms or more, scroll related FRR keeps falling with increasing FS FRR, however the increment from 50ms to 100ms has little effect thereon, and the swipe related FRR keeps falling for all FS increments.
  • Long FS, or example over 300ms may have significant influence on FAR. It should be noted that the figure is an experiment result based graph and may vary between implementations.
  • FIG. 12B is a system architecture diagram, according to some embodiments of the present disclosure.
  • the exemplary system architecture comprises the following elements: Raw Data Capturer, which comprises the Shock Eliminator and Frame sequence manager, Continuity monitor. Comprising the Continuity Checker and the (Embedded) Signatures Buffer, and System (exposes control interface toward application), comprising access controller and tasks manager.
  • the Raw Data Capturer may be a module responsible for detecting glitches in recorded raw data.
  • the Shock Eliminator finds glitches through excessive Magnitudes mapping.
  • this block may include optional glitch pattern classifier helping to dynamically adjust cut area size.
  • the Frame sequence manager is responsible for glitch removal and raw data concatenation, so that after moving through glitch remover Tremor Signature Retriever may be fed with glitch free raw data through the tremor signature sampler. This will ensure usage transparent tremor continuity verification.
  • the frame sequencer counts number of glitches in a row. In case when number of glitches exceeds a predefined threshold it may notify the application about abnormal operation stop, which may be handled similarly to breakage of continuity.
  • the Continuity monitor implements the CVF.
  • the continuity monitor may check the most recently reported signature and notify application about continuity state, whether it is OK or Broken. The comparison is done by the Continuity checker. It may also move states between initial, rough and accurate verification.
  • the Embedded Signatures Buffer may keep a number, corresponding to the history size, of the most recent tremor signatures as specified in system configuration to support proper CVF functioning.
  • the System exposes control interface toward application, may be referred to as the System.
  • applications may receive instructions, start and/or stop in accordance to continuity verification.
  • FIG. 13 is a sequence diagram of an exemplary for tremor continuity based user re-authentication, according to some embodiments of the present invention.
  • the exemplary sequence diagram 400 exemplifies a sequence of inferences associated with a process such as 200 (shown in FIG. 2).
  • a process for tremor continuity based user re-authentication interfacing a sensitive application shown in 1310 running on the device or interfacing therewith, connected to the system exposes control interface toward application, or the System shown in 1311, using a Gyro- Accelerometer as shown in 1312 interfacing a data capturer shown in 1313.
  • the data capturer feeds the tremor sampler 1314, which further feeds the signature to the continuity manager shown in 1315.
  • Continuity monitoring is first initiated by the success of the user authentication.
  • Raw data is captured by the data capturer shown in 1313, periodically from the motion sensor, which is shown as the Gyro- Accelerometer as in 1312, at a rate preferably ranging from 30 to 200 times a second, processed by the tremor sampler shown in 1314 and forwarded to the Continuity manager shown in 1315.
  • the tremor sampler shown in 1314 When a sufficient number of the continuous data records, not including glitches, is collected, enough history may be present for the CVF calculation.
  • tolerance threshold exception a discontinuation will be reported and process will terminate, instructing a re-execution of the authentication process by the processing circuitry.
  • the Tremor Sampler shown in 1314 is initiated by the Data capturer shown in 1313. It may create Tremor Signature and forward the feature vector to the Continuity manager shown in 1315 for further processing.
  • the Data capturer shown in 1313 may comprise a Frame manager for maintaining a buffer, storing the most recent frames to support CVF requirements for history.
  • the continuity manager shown in 1315 may notify sensitive application shown in 1310 about continuity validity, when the continuity score CS meets the threshold CT (below in this example) re-authentication is valid, or discontinued and broken.
  • a compound or “at least one compound” may include a plurality of compounds, including mixtures thereof.
  • range format is merely for convenience and brevity and should not be construed as an inflexible limitation on the scope of embodiments. Accordingly, the description of a range should be considered to have specifically disclosed all the possible subranges as well as individual numerical values within that range. For example, description of a range such as from 1 to 6 should be considered to have specifically disclosed subranges such as from 1 to 3, from 1 to 4, from 1 to 5, from 2 to 4, from 2 to 6, from 3 to 6 etc., as well as individual numbers within that range, for example, 1, 2, 3, 4, 5, and 6. This applies regardless of the breadth of the range.
  • a numerical range is indicated herein, it is meant to include any cited numeral (fractional or integral) within the indicated range.
  • the phrases “ranging/ranges between” a first indicate number and a second indicate number and “ranging/ranges from” a first indicate number “to” a second indicate number are used herein interchangeably and are meant to include the first and second indicated numbers and all the fractional and integral numerals therebetween.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

La divulgation concerne une caractéristique de dispositif et un procédé de vérification, c'est-à-dire de réauthentification continue d'un utilisateur d'un dispositif mobile qui peut être manuel ou porté. Un dispositif manuel typique tel qu'un téléphone intelligent, une tablette, etc., comprend un capteur de mouvement, qui peut être basé sur un gyroscope, ou d'autres moyens permettant de détecter des vibrations et des mouvements faibles et fréquents, connus sous le nom de tremblement. Le tremblement varie entre différents individus, et peut être soumis à des changements lents au fil du temps en raison de divers facteurs. Le procédé proposé commence par enregistrer le tremblement lorsque l'utilisateur est authentifié positivement par un procédé tel que l'entrée d'un code, une reconnaissance faciale, une empreinte digitale et/ou similaire. Le procédé selon la divulgation enregistre une série chronologique à partir du capteur de mouvement, extrait des caractéristiques caractérisant le tremblement, et vérifie que le dispositif manuel est actionné par le même utilisateur authentifié à l'aide de la continuité de ces caractéristiques de série temporelle. Le procédé selon la divulgation peut ne pas stocker ces caractéristiques entre différentes sessions. Le procédé selon la divulgation considère également des anomalies, un mouvement délibéré modifiant la caractéristique de tremblement et pouvant maintenir la vérification pendant de telles périodes. Lorsqu'un changement dans les caractéristiques de série chronologique est suffisamment significatif pour indiquer que le dispositif a été laissé sans surveillance ou transféré à un utilisateur différent, le procédé selon la divulgation peut comprendre la fermeture, ou l'envoi d'un signal, indiquant qu'une nouvelle authentification est requise, pour des applications sensibles, telles qu'un paiement, un affichage de document confidentiel, une communication vidéo et/ou similaire.
PCT/EP2021/072217 2021-08-10 2021-08-10 Ré-authentification d'utilisateur basée sur la continuité des tremblements WO2023016628A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/072217 WO2023016628A1 (fr) 2021-08-10 2021-08-10 Ré-authentification d'utilisateur basée sur la continuité des tremblements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2021/072217 WO2023016628A1 (fr) 2021-08-10 2021-08-10 Ré-authentification d'utilisateur basée sur la continuité des tremblements

Publications (1)

Publication Number Publication Date
WO2023016628A1 true WO2023016628A1 (fr) 2023-02-16

Family

ID=77398577

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/072217 WO2023016628A1 (fr) 2021-08-10 2021-08-10 Ré-authentification d'utilisateur basée sur la continuité des tremblements

Country Status (1)

Country Link
WO (1) WO2023016628A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289833A1 (en) * 2013-03-22 2014-09-25 Marc Briceno Advanced authentication techniques and applications
US20170161478A1 (en) * 2015-08-12 2017-06-08 Kryptowire LLC Active Authentication of Users
US20170286658A1 (en) * 2016-03-31 2017-10-05 Fotonation Limited Biometric recognition system
US20200302039A1 (en) * 2019-03-21 2020-09-24 Alibaba Group Holding Limited Authentication verification using soft biometric traits

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140289833A1 (en) * 2013-03-22 2014-09-25 Marc Briceno Advanced authentication techniques and applications
US20170161478A1 (en) * 2015-08-12 2017-06-08 Kryptowire LLC Active Authentication of Users
US20170286658A1 (en) * 2016-03-31 2017-10-05 Fotonation Limited Biometric recognition system
US20200302039A1 (en) * 2019-03-21 2020-09-24 Alibaba Group Holding Limited Authentication verification using soft biometric traits

Similar Documents

Publication Publication Date Title
US20200178077A1 (en) System and method for implicit authentication
US10395018B2 (en) System, method, and device of detecting identity of a user and authenticating a user
US10083304B2 (en) Technologies for enhanced user authentication using advanced sensor monitoring
US20220027447A1 (en) User identity using a multitude of human activities
Lee et al. Implicit smartphone user authentication with sensors and contextual machine learning
US20220030022A1 (en) Device behavior analytics
US9871779B2 (en) Continuous authentication confidence module
US20220045841A1 (en) Homomorphic technology
US20220197985A1 (en) User identification based on a shake challenge
CN106068512B (zh) 用于在移动装置上验证用户的方法和设备
US20220092161A1 (en) Document signing and digital signatures with human as the password
US20220092162A1 (en) User identity based on human breath analytics
US20220092164A1 (en) Machine learning lite
CN108537014B (zh) 一种基于移动设备的用户身份认证方法及系统
WO2016157075A1 (fr) Authentification continue d'utilisateur
US20160350761A1 (en) Method and Apparatus for Managing Reference Templates for User Authentication Using Behaviometrics
EP3991379A1 (fr) Systèmes et procédés de détection en temps réel d'identifiants d'authentification compromis
US10984087B2 (en) Dynamic grip signature for personal authentication
US11250115B2 (en) Spoof detection using vibration response
Mahadi et al. A survey of machine learning techniques for behavioral-based biometric user authentication
Wang et al. Transforming animals in a cyber-behavioral biometric menagerie with frog-boiling attacks
Lee et al. Sensor-based implicit authentication of smartphone users
WO2013006071A1 (fr) Système et procédé de détection d'intrusions par l'intermédiaire de la dynamique de frappe au clavier
Cao et al. Evidence in hand: Passive vibration response-based continuous user authentication
WO2018022606A1 (fr) Authentification d'utilisateur en temps réel utilisant un capteur biométrique intégré

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21756000

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21756000

Country of ref document: EP

Kind code of ref document: A1