WO1997016799A2 - Continuous security system based on motion code - Google Patents

Continuous security system based on motion code Download PDF

Info

Publication number
WO1997016799A2
WO1997016799A2 PCT/IL1996/000133 IL9600133W WO9716799A2 WO 1997016799 A2 WO1997016799 A2 WO 1997016799A2 IL 9600133 W IL9600133 W IL 9600133W WO 9716799 A2 WO9716799 A2 WO 9716799A2
Authority
WO
WIPO (PCT)
Prior art keywords
pen
output
server
user
terminal
Prior art date
Application number
PCT/IL1996/000133
Other languages
French (fr)
Other versions
WO1997016799A3 (en
Inventor
Ehud Baron
Omry Genossar
Original Assignee
Baron Technologies Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baron Technologies Ltd. filed Critical Baron Technologies Ltd.
Priority to AU73305/96A priority Critical patent/AU7330596A/en
Publication of WO1997016799A2 publication Critical patent/WO1997016799A2/en
Publication of WO1997016799A3 publication Critical patent/WO1997016799A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1626Constructional details or arrangements for portable computers with a single-body enclosure integrating a flat display, e.g. Personal Digital Assistants [PDAs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/02Digital computers in general; Data processing equipment in general manually operated with input through keyboard and computation using a built-in program, e.g. pocket calculators
    • G06F15/0225User interface arrangements, e.g. keyboard, display; Interfaces to other computer systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/0227Cooperation and interconnection of the input arrangement with other functional units of a computer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0354Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
    • G06F3/03545Pens or stylus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/14Image acquisition
    • G06V30/142Image acquisition using hand-held instruments; Constructional details of the instruments
    • G06V30/1423Image acquisition using hand-held instruments; Constructional details of the instruments the instrument generating sequences of position coordinates corresponding to handwriting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/32Digital ink
    • G06V30/333Preprocessing; Feature extraction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2139Recurrent verification

Definitions

  • the present invention relates to secure comput ⁇ er systems in general.
  • Signature verification systems attempt to identify biometric characteristics of the writer and employ indications such as pressure and acceleration during writing.
  • the assumption is that the signature is a ballistic movement, that is, a movement without closed loop feedback, and therefore that there is little variance in the hand movement.
  • U.S. Patent , 3 ⁇ 5.239 employs pen acceleration for use in a signature verification system.
  • U.S. Patent 5,05 ⁇ ,088 employs both acceleration and pressure data characteristics of signature verification. As indicated by the above patents, pen acceleration is employed for signature verification because it is a personal feature, characteristic of each individual.
  • U.S. Patent 4, 817.03*1 describes a computerized handwriting duplication system employing a digitizer pad.
  • U.S. Patent 4,641,354 describes apparatus for recognizing and displaying handwritten characters and figures in which unrecognized stroke information remains on the display screen.
  • U.S. Patent 4,715.102 describes a process and apparatus involving pattern recognition.
  • U.S. Patent 4,727.588 describes a system for automatic adjustment and editing of a handwritten text image, which preserves format information in a handwritten text.
  • U.S. Patent 4,703.511 describes a writing input and dynamics regener ⁇ ation device wherein a time dependent code is embedded in a writing path.
  • U.S. Patent 5,054,088 describes a method of segmenting and compressing dynamic signature data for storage on a limited capacity device.
  • U.S. Patent 4,856,077 describes a method and device for signature verification using a pen having at its nib a light-emitting member and a light-sensitive member.
  • U.S. Patent 4,495,644 describes a method for real-time signature verification using a transducer pad and a stylus .
  • U.S. Patent 4,345.239 describes apparatus for determining pen acceleration for use in a signature verification system.
  • U.S. Patent 4,263,592 describes an input pen usable with either a CRT display or a tablet input de ⁇ vice .
  • U.S. Patent 4,122.435 describes a method for producing an electrical signal responsive to identifying characteristics of handwriting.
  • the electrical signal is produced responsive to variations in writing pressure between a writing instrument and a ridged writing sur ⁇ face .
  • U.S. Patent 4,751,741 describes pen-type char- acter recognition apparatus, using data representing a change in pressure applied to a tip element of a pen.
  • U.S. Patent 5.022,086 describes apparatus for collecting information on handwriting using a stylus with means for sensing force at a point on the surface, to ⁇ gether with a position sensing pad.
  • U.S. Patent 5.247.137 discloses a pen input device suitable for signature verification.
  • a piezoelectric sensor pen for obtaining pen point dynamics during writing is described in EerNisse et al . , "Piezoelectric Sensor Pen for Dynamic Signature Verification", Conference of the 1977 International Electron Devices Meeting, Washington, DC, December 1977. PP. 473-476.
  • the present invention seeks to provide an improved secure computer system.
  • the secure computer systems known in the art rely on identifying the user once or at specific times, and not continuously. Furthermore, existing secure systems need to take some action in order to achieve the identification of the user, for example, verifying a password, a fingerprint, etc. It is a particular object of the present invention to provide continuous security via continuous handwriting recognition without taking any specific action for identification.
  • Continuous security is believed to be important because of the increasingly widespread use of communica ⁇ tions networks, such as the Internet, in which secure communications are believed to be of great importance in preventing misuse.
  • Continuous security has the particu ⁇ lar advantage of protecting a communications session at all times, thus preventing unauthorized use of an al ⁇ ready-authorized session.
  • the present invention includes continuous security by means of input from a pen, the input including characteristics of handwriting of the user of the pen.
  • the continuous security of the present invention is thus based on a biometric characteristic and, unlike a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself.
  • the prior art does describe security based on identity verification by means of verifying the signature but does not describe continu ⁇ ous security based on handwriting recognition in general.
  • the present invention includes continuous security based on general handwriting recognition.
  • a secure computer system including at least one node connected to a communications network, and a pen input device provid ⁇ ing an output to the at least one node, the node includ ⁇ ing handwriting recognition apparatus operative to re ⁇ ceive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recog ⁇ nizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with refer ⁇ ence characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters.
  • a secure computer communications system including a commu ⁇ nications network, at least one terminal coupled to the communications network, at least one server coupled to the communications network, and a pen input device commu ⁇ nicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful commu ⁇ nication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
  • communication from the pen input device to the server is secure by virtue of the communication being unintelligible in the absence of the availability of the reference characteristics.
  • the server is located in a secure location.
  • the pen input device includes an accelerometer and provides accelerometer output signals to the terminal.
  • the at least one terminal includes a display and is operative to provide visible indication of recognized symbols in response to an input from the server.
  • the at least one terminal includes a keyboard for the input of function commands.
  • the characteristics of the handwriting of the user include a mapping of hand movements
  • the reference characteristics include a reference mapping of hand movements for the user.
  • the successful communica ⁇ tion is not conditional on any other user input in order to achieve security.
  • the successful commu ⁇ nication is not conditional on use of any additional system resources in order to achieve security.
  • a method for providing a secure computer system including providing at least one node connected to a communications network, and providing a pen input device providing an output to the at least one node, the node including handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with reference characteristics, whereby successful communica ⁇ tion is conditional on successful conversion of the output of the pen into writing characters.
  • a method for providing a secure computer communications system including providing a communications network, providing at least one terminal coupled to the communications network, providing at least one server coupled to the communications network, and providing a pen input device communicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful communication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
  • Fig. 1 is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention
  • Fig. 2 is a simplified block diagram illustra ⁇ tion of a preferred embodiment of a portion of the appa ⁇ ratus of Fig. 1 ;
  • Fig. 3 is a schematic diagram of a preferred embodiment of the apparatus of Fig. 2;
  • Fig. 4 is a simplified pictorial illustration of a preferred embodiment of the pen 2 of Fig. 1;
  • Figs. A and B a re a pictorial illustration of a preferred implementation of the switch 85 of Fig. 4;
  • Fig. 6 is a schematic diagram of a preferred implementation of the printed circuit board 105 of Fig. 4;
  • Fig. 7A is a simplified block diagram illustra ⁇ tion of a preferred implementation of the server 35 of Fig. 1;
  • Fig. 7B is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 240 of Fig. 7A;
  • Fig. 8 is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A.
  • Appendix A is a specification listing useful in understanding the apparatus of Fig. 4;
  • Appendix B is a netlist of the apparatus of Fig. 6;
  • Appendix C is a part list of the apparatus of Fig. 6.
  • Fig. 1 is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention.
  • the system of Fig. 1 comprises a terminal 10.
  • the terminal 10 preferably comprises a display screen 1 and a plural ⁇ ity of data input keys 20.
  • the terminal 10 is sufficiently small to be portable.
  • the terminal 10 is described in more detail below with reference to Fig. 2.
  • the terminal 10 is operatively attached to a movement-sensing pen 25. operative to write on any appro ⁇ priate surface such as a sheet of paper 27.
  • the pen 2 is described in more detail below with reference to Fig. 4.
  • the pen 25 and the terminal 10 are shown in Fig. 1 as being operatively attached via a cable, but it is appreciated that any appropriate method of attachment as, for example, wireless communication, may be used.
  • the terminal 10 comprises data communication apparatus (not shown in Fig. 1) which is operative to provide a data communication connection 30 to a server 35-
  • the data communication connec ⁇ tion 30 is a remote data communication connection and may be any appropriate remote data connection such as, for example, a modem connection over switched telephone line or a modem connection over a dedicated telephone line.
  • the data communication connection 30 may be a local connection and the server 35 may be located locally to the terminal 10.
  • the server 35 may be any appropriately pro ⁇ grammed computer.
  • the server 35 comprises a handwriting recogni ⁇ tion database 40.
  • the handwriting recognition database 40 comprises a per-person, per-symbol database identify ⁇ ing handwriting characteristics for each of a plurality of persons, and, for each person, for each of a plurality of symbols.
  • the per-person, per-symbol database is described in more detail below with reference to Fig. 8.
  • the server 35 is located in a secure location 42.
  • the secure location 42 restricts access to the server 35 and thus enhances security with the system of Fig. 1 by preventing tampering with the database 40 or with other aspects of the server 35-
  • the system of Fig. 1 also preferably comprises other nodes 44 which, together with the terminal 10 and the server 35. comprise nodes of a communications net ⁇ work.
  • a user establishes a connection with the server 35 through the terminal 10, using the data input keys 20 for data entry.
  • Establishing a connection includes providing the identity of the user, typically by entering a personal identification number (PIN) using the data input keys 20.
  • PIN personal identification number
  • any means of providing the identity of the user may be employed, such as, for example, the following means which are well-known in the art: signature recognition; electronic key or electronic card based recognition; fingerprint identifi ⁇ cation; retina identification; or any other means of identification.
  • the server 35 receives the connection request from the terminal 10, verifies the identity of the user, and, if the identity is verified successfully, establish ⁇ es a connection with the terminal 10. Typically, the server 35 displays a message on the screen 15 indicating that a connection has been established.
  • the user employs the terminal 10 and the pen 2 ⁇ for data entry, which data is transmitted to the server.
  • the terminal 10 and the pen 2 ⁇ for data entry, which data is transmitted to the server.
  • Typical ⁇ ly a combination of data entry via the data input keys 20 and via the pen 25 is employed, although it is possi ⁇ ble to employ the pen 25 alone.
  • the user employs the pen 25 to write on a surface such as the paper 27-
  • the pen 25 is operative to sense movement of the pen 25 and to transmit signals representing the movement to the terminal 10, which in turn transmits the signals via the data communication connection 30 to the server 3 -
  • the server 35 employs handwriting recognition techniques, as described below with reference to Fig. 8.
  • the handwriting recognition techniques employ the per- person, per-symbol database 40 to identify, for the person previously verified as the user, the most likely symbol written.
  • the handwriting recognition tech- niques also use a dictionary of words to provide word- level recognition, and linguistic analysis to recognize phrases and sentences .
  • the server 35 typically transmits the recognized symbols to the termi ⁇ nal 10 for display on the screen 15, to provide feedback to the user.
  • recognition is based on hand movements which are unique to a given individual.
  • the server 35 recognizes the symbols written based on the per-person, per-symbol characteris ⁇ tics stored in the database 40.
  • the server 35 will not correctly recognize the symbols since the unauthorized other person will employ different hand movements than the verified user.
  • the server 35 may make a determina ⁇ tion that the user is unauthorized, that is, is not the verified user, based on any appropriate criteria such as, for example: inability of the server 35 to recognize more than a minimum percentage of symbols input, which minimum percentage may vary from individual to individual and from application to application according to the security level required; significant misrecognition determined at the word level, based on more than a maximum percentage of words that are not in the dictionary being recognized; or any other appropriate criterion.
  • the system will ipso facto cease to operate in response to pen input by the user and thus no determi ⁇ nation by the server 35 i necessary.
  • the various functions assigned above to the server 35 may alternatively be performed within the terminal 10, in which case the various elements of the server 35 would be incorporated into the terminal 10. Further alternatively, it is appreciated that the pen 25 may be located locally to the server 35 and may be directly connected thereto without use of a terminal 20 or a communication link 30.
  • FIG. 2 is a simplified block diagram illustration of a preferred embodiment of a portion of the apparatus of Fig. 1.
  • the apparatus of Fig. 2 comprises the terminal 10 of Fig. 1.
  • the apparatus of Fig. 2 comprises the display 15. comprising a display subsystem such as, for example, a PC0024-A LCD module, commercially available from Power- tip Technology Corporation, N° 18 - 3 Nan 2 nd Rd. T.E.P.Z. , Tanzu, Taichung, Hsien, Taiwan, R.O.C. It is appreciated that another display subsystem, such as a subsystem with graphics capability, may also be used.
  • a display subsystem such as, for example, a PC0024-A LCD module, commercially available from Power- tip Technology Corporation, N° 18 - 3 Nan 2 nd Rd. T.E.P.Z. , Tanzu, Taichung, Hsien, Taiwan, R.O.C.
  • another display subsystem such as a subsystem with graphics capability, may also be used.
  • the apparatus of Fig. 2 also comprises the data input keys 20, comprising a keyboard module such as, for example, a 88BB2-072 keyboard 4 4 matrix module, com ⁇ surgeally available from Grayhill, Inc., 61 Hillgrove Ave., La Grange IL 60525-0373. USA.
  • a keyboard module such as, for example, a 88BB2-072 keyboard 4 4 matrix module, com ⁇ surgeally available from Grayhill, Inc., 61 Hillgrove Ave., La Grange IL 60525-0373. USA.
  • the apparatus of Fig. 2 also comprises a pen interface module 45. which is operative to provide an electronic data connection between the terminal 10 and the pen 25.
  • the pen interface module 45 may be any suitable interface as, for example, a commercially avail ⁇ able RS-232 interface with associated line driver.
  • the apparatus of Fig. 2 further comprises a microcontroller 0 which is operative to control opera ⁇ tions of the terminal 10 and to control two-way communi ⁇ cations with the server 35 «
  • the microcontroller may be any suitable microcontroller such as, for example, a PIC17C42 high-performance 8 bit EPR0M microcontroller, commercially available from Microchip Technology Inc., 2311 West Chandler Blvd. , Chandler, AZ 85224-6199. USA.
  • the apparatus of Fig. 2 further comprises a communication module 55. suitable to provide the data connection 30 over the medium being used for the data connection 30.
  • a suitable communication module 55 com ⁇ prises the AKl4-D007 ⁇ OOl , commercially available from Rockwell International, Digital Communication Division, 4311 Jamboree Road, P.O. Box C, Newport Beach, CA, 92658- 8902, USA.
  • the microcontroller 50 is preferably connected to the other elements of Fig. 2 as follows: to the display 15 via both data and control connections ; to the data input keys 20 via a data connec ⁇ tion ; to the pen interface module 45 via a data connection; and to the communication module 55 via both data and control connections.
  • the apparatus of Fig. 3 may also comprise a memory module (not shown) .
  • the terminal 10 may be operative to store signals received from the pen 2 and/or commands received from the data input keys 20, and transmit the same at a later time. It is appreciated that, in this case, the terminal 10 may be used for standalone input and may not actually be con ⁇ nected to the data communication connection 30 at the time of input.
  • FIG. 3. is a schematic diagram of a preferred embodiment of the appa ⁇ ratus of Fig. 2.
  • the diagram of Fig. 3 is self-explana ⁇ tory.
  • FIG. 4 is a simplified pictorial illustration of a preferred embodi ⁇ ment of the pen 25 Fig. 1.
  • the apparatus of Fig. 4 comprises a top case 60, a bottom case 65, and a supporting element 70 all preferably formed of plastic.
  • the apparatus of Fig. 4 also comprises a refill holder 75. preferably formed of plastic and shaped to hold a standard pen refill 80.
  • the apparatus of Fig. 4 further comprises a switch 8 .
  • the switch 85 is positioned relative to the refill holder 75 such that, when a user of the pen 10 presses the tip of the refill 80 against a surface, the refill holder 75 actuates the switch 85.
  • the switch 85 when actuated, sends a signal to a microcontroller 100.
  • the switch 85 is preferably formed of silicone rubber, with key travel of 0.2 mm, activation force 20 30 gram, activation time less than 1 millisecond, and maximum contact resistance 500 ohm.
  • FIGs. 5A and B are pictorial illustrations of a preferred implementation of the switch 85 of Fig. 4.
  • the apparatus of Figs. A and B comprises the switch 85, the refill holder 75. and the pen refill 80.
  • the switch 85 is depicted in a state where the pen refill 80 is not in contact with a surface.
  • Fig. ⁇ B the switch 85 is depicted in a state where the pen refill 80 is in contact with a surface, such that the refill holder 75 actuates the switch 85.
  • the apparatus of Fig. 4 also comprises a 3" dimensional accelerometer 90, which is operative to sense accelerations in three mutually orthogonal directions and to output a signal representing the sensed accelerations.
  • the accelerometer 90 is preferably located as close as possible to the tip end of the pen
  • the accelerometer 90 may, for example, be an ACH-04-08, commercially available from AMP Sensors, Inc. , P.O. Box 799. Valley Forge, PA 19482, USA, modified according to the specifications found in Appendix A. Such modified accelerometers are commercially available from BarOn Technologies Ltd. , Gutwirth Science Park, Technion City, Haifa 32000, Israel.
  • a single accelerometer or three accelerometers mounted mutually orthogonally to each other may be used.
  • the apparatus of Fig. 4 also includes an opera ⁇ tional amplifier 95.
  • an opera ⁇ tional amplifier 95 such as a LMC 6464, commercially available from National Semiconductor Corporation, 2900 Semiconductor Drive, Santa Clara, CA 95052-8090, USA.
  • the microcontroller 100 preferably includes an analog-to-digital converter.
  • An example of a suitable microcontroller is the PIC16C71. commercially available from Microchip Technology Inc., referred to above.
  • the apparatus of Fig. 4 also comprises a print ⁇ ed circuit board (PCB) 105.
  • the switch 85. the acceler ⁇ ometer 90, the operational amplifier 95. and the micro ⁇ controller 100 are all mounted on the printed circuit board 105-
  • Fig. 6 is a schematic diagram of a preferred implementa ⁇ tion of the printed circuit board 105-
  • Appendix B which is a netlist of the apparatus of Fig. 6, and to Appendix C, which is a part list of the apparatus of Fig. 6.
  • Fig. 6 is self- explanatory with regard to Appendices B and C.
  • the apparatus of Fig. 4 also comprises a cable 110, preferably having a strain relief apparatus 115. and terminating in a data connector 120.
  • the data connector 120 may be any appropriate data connector, and is typi ⁇ cally an RS-232 connector.
  • the accelerometer 90 measures movement of the pen 2 and sends signals representing the acceleration to the operational amplifier 95.
  • the opera ⁇ tional amplifier 95 amplifies the signals and sends them to the microcontroller 100.
  • the switch 85 sends signals indicating whether the refill 80 is in contact with a surface to the microcontroller 100.
  • the microcontroller 100 digitizes the received signals and sends digital signals through the cable 110 and connector 120.
  • the signals preferably comprise an indication of whether the refill 80 is in contact with a surface, as indicated by the position of the switch 85.
  • the signals also comprise movement data based on acceler ⁇ ations measured by the accelerometer 90.
  • the signals sent by the microcontroller 100 comprise approxi ⁇ mately 100 samples per second.
  • the pen 25 receives electrical power through the cable 110 from the data connector 120.
  • a particular advantage of the present invention is that continuous security by means of continuous handwriting recognition of the indi ⁇ vidual using the system may occur repeatedly or continu ⁇ ously during use of the system rather than occurring only at the beginning of a session. It is also appreciated that a particular advantage of the present invention is that the security criterion is based on a biometric characteristic and, unlike systems based on a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself.
  • Fig. 7A is a simplified block diagram illustration of a preferred implementation of the server 35 of Fig. 1.
  • the elements of Fig. 7 comprise functional components of the server 35. and are typically implemented in software, but may be implemented in a combination of software and hardware or in hardware.
  • the apparatus of Fig. 7A comprises a terminal communication module 200, which is operative to transmit data in both directions between the terminal 10 of Fig. 1 and the apparatus of Fig. 7A.
  • the data received from the terminal 10 may comprise signals representing movement or acceleration of the pen 25; the status of contact between the pen 25 and the surface 27; and commands representing entries made on the data input keys 20.
  • the terminal communication module receives data to be sent to the terminal 10 from a control module 240 described below, and supplies data received from the terminal 10 to the control module 240.
  • the terminal communication module 200 may utilize conventional methods which are well known in the art.
  • the apparatus of Fig. 7A also comprises a handwriting recognition module 210.
  • the handwriting recognition module 210 has a plurality modes of opera ⁇ tion, comprising training mode and recognition mode.
  • the operation of the hand ⁇ writing recognition module 210 is as follows.
  • the user writes symbols from a pre-arranged script known to the handwriting recognition module 210, and the associated symbols appear on the display 15 of Fig. 1 during the writing.
  • the pre-arranged script contains several repetitions of each symbol.
  • the symbols should occur in different parts of the word, such as beginning, mid ⁇ dle, and end, throughout the pre-arranged script.
  • the handwriting recognition module 210 is operative to pro ⁇ quiz the database 40 based on the movement data received during training mode.
  • the database 40 may be produced other than in training mode.
  • the database 40 may be externally loaded into the server 35 based on a similar process of training which occurred with other equipment.
  • the other equipment may be similar to the system of Fig. 1 or may omit the terminal 10 and comprise the pen 25 and the server 35-
  • the operation of the handwriting recognition module 210 is as follows.
  • the handwriting recognition module 210 receives a message from the control 240 indicating the identity of the user.
  • the handwriting recognition module 210 is then operative to receive signals representing movement of the pen 25 and pen-surface contact of the pen 25 with the surface 27, through the terminal 10, from the control 240.
  • the handwriting recognition module 210 is operative to produce text based on the received signals and to send the text to the control 240.
  • the handwriting recognition module 210 is also operative to determine an index of likelihood for the produced text, the index of likelihood representing the likelihood that the produced text is the correct interpretation of the movements of the pen 25 which produced the received signals.
  • the index of likelihood preferably includes an indication, such as a likelihood of 0, that handwriting can not be recognized at all, so that no meaningful text is pro ⁇ quizd.
  • the handwriting recognition module is also operative to send the index of likelihood to the control module 240. The operation of the handwriting recognition module 210 is described more fully below with reference to Fig. 8.
  • the apparatus of Fig. 7A also comprises one or more applications 230.
  • Each application 230 may be any appropriate computer application, capable of running on the server 35. and preferably having network communica ⁇ tion capabilities. Examples of suitable applications include the following: electronic mail applications; bi-directional paging and messaging applica ⁇ tions ; network services applications, such as Internet applications; and other applications.
  • Each application 230 is operative to receive text input from the control module 240, representing text produced by the handwriting recognition module 210. Each application 230 is also operative to send output to the control module 240, for forwarding through the terminal communication module 200 to the terminal 10.
  • the apparatus of Fig. 7A also comprises a control module 240.
  • the control module 240 is operative as described above to send and receive data to and from the terminal communication module 200, the handwriting recognition module 210, and the applications 230.
  • the control module 240 is operative, when receiving data, to determine the destination of the data and to forward the data to the appropriate destination. For example, when receiving data from the terminal commu ⁇ nication module 200 representing movement of the pen 25, the control module 240 is operative to send the data to the handwriting recognition module 210. When receiving data from the terminal communication module 200 repre ⁇ senting a press of one or more of the data input keys 20 indicating a command sequence, the control module 240 is operative to carry out the command received.
  • control module 240 is operative to determine whether data received from the terminal communication module 200 represents movement of the pen 25 or a press of one or more of the data input keys 20 by examining the data received.
  • data received from the terminal communication module 200 For example, a particular binary or hexadecimal sequence, for example hexadecimal FF, might be used to indicate a key press in the follow ⁇ ing one or more bytes of data, while all other values ranging from hexadecimal 00 to hexadecimal FE might be used to indicate pen movement data.
  • the control module 240 is also operative, based on the index of likelihood received from the handwriting recognition module 210, to determine whether the present user of the pen 25 is not the identified user.
  • control module 24 ⁇ is operative to make the determination that the present user is not the identified user based on a comparison of the likeli ⁇ hood received with a minimum likelihood criterion.
  • the minimum likelihood criterion comprises a minimum likelihood level and minimum duration of time below said minimum likelihood level, so that a determina ⁇ tion that the present user is not the identified user would typically be based on the likelihood level being below the minimum likelihood level for at least the minimum duration of time.
  • the minimum likelihood criterion may vary with respect to requirements of a particular application 230, described below, or may vary according to the identified user.
  • the variation according to the identified user is believed to increase the level of accuracy of security achieved because some users write in a more consistent way than other users, so that the more consistent users can be expected to produce a higher index of likelihood, and hence may be assigned a higher minimum likelihood criterion, than the less consistent users.
  • control module 240 Upon making a determination that the present user is not the identified user, the control module 240 is preferably operative to take some action to secure communications, typically to command the terminal commu ⁇ nication module 200 to end the communication session with the terminal 10.
  • Fig. B is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 24 ⁇ of Fig. 7A.
  • the method of Fig. 7B is a preferred method for determining whether the present user of the pen 25 is not the identified user.
  • the method of Fig. 7B is self-explanatory with respect to the above discussion of Fig. 7A.
  • control module 240 takes some action to secure communication, it is appreciated that, since the handwriting recognition module 210 will not correctly recognize the symbols written by the unauthorized person, the system will ipso facto cease to operate in response to pen input by the user, and no determination by the control module 240 is necessary.
  • Fig. 8 is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A.
  • the method of Fig. 8 preferably includes the following steps:
  • STEP 3 0 Receive accelerometer data. Accel ⁇ erometer data is received from the control module 240.
  • the accelerometer data comprises data points representing sampling of the acceleration measured by the pen 25- Preferably, the sampling rate is approximately l600 data points per second, averaged over 16 points, producing an output of approximately 100 data points per second.
  • STEP 315 Identify individual symbols and words.
  • the data from the previous step is divided into data representing individual symbols.
  • the status which comprises the status of "pen up” is termed herein "pen not down".
  • the number of consecutive data points with status of "pen not down”, which data points represent a particular duration of the status "pen not down” is taken to indicate the end of a symbol or of a word.
  • the duration of status "pen not down” within a range from 200 milliseconds to 400 milli ⁇ seconds is taken to indicate the end of a symbol.
  • Dura ⁇ tion of the status "pen not down” in the range from 800 milliseconds to 1200 milliseconds is typically taken to indicate the end of a word.
  • the end of a symbol or of a word may be indicated by data points which represent pen movements that are not part of a symbol, or by other means .
  • STEP 330 Filter accelerometer data.
  • the accelerometer data received from the previous step is filtered in order to remove noise.
  • the filtering may be accomplished by iterative smoothing of adjacent points until the total change in the signal due to a smoothing operation is less than the desired accuracy of the data, or by other suitable means.
  • STEP 400 For each prototype in the per-person per-symbol acceleration prototype database, build an index of comparison between the sample and the prototype.
  • STEP 410 Create a list of probable symbols sorted by likelihood. Based on the index of comparison generated in step 400, a single list of probable symbols sorted by likelihood is generated.
  • STEP 420 Choose the correct symbols and the correct word based on the list, the database of previous confusions, a dictionary, and linguistic rules. The symbols with greatest likelihood are the candidates from which the correct symbol is chosen.
  • the database of previous confusions provides information that allows the correction of the choice of the correct symbol based on previous incorrect identifi ⁇ cations .
  • An indication of the end of each word has been passed as output since step 315. described above. Based on the indication, the most likely word, comprising the most likely identifications for each symbol in the list, is identified.
  • step 315 may be optional .
  • the most likely word is checked against the dictionary.
  • the dictionary comprises both a general dictionary used for all users of the system and a personal dictionary for each user of the system. If an entry exists in the dictionary for the most likely word, the word is chosen as the correct identification.
  • STEP 440 Update database of previous confu ⁇ sions. Based on a manual correction entered by the user or an automatic correction based on the dictionary and/or on the application of linguistic rules, the database of previous confusions is updated. Based on a manual cor ⁇ rection, the personal dictionary is also updated if the corrected word is not found in the dictionary.
  • STEP 450 Update per-person per-symbol accel ⁇ eration prototype database. The new prototype from the previous step are stored in the per-person per-symbol acceleration prototype database.
  • Step 460 Output recognition information.
  • the sorted list of likely words output by the previous step is output to the control module 240.
  • the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form.
  • the software components may, generally, be implemented in hardware, if desired, using conventional techniques.
  • V os/orr Gate-Source Cutoff Voltage
  • Output impedance is user selected.
  • Nominal sensitivity will typically change ⁇ 5% over this range .

Abstract

This invention discloses a secure computer system including at least one node (44) connected to a communications network and a pen input device (25) providing an output to the at least one node (44), the node (44) including handwriting recognition apparatus (40) operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen (25) and comparing the characteristics with reference characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters.

Description

CONTINUOUS SECURITY SYSTEM BASED ON MOTION CODE
The present invention relates to secure comput¬ er systems in general.
There exists a significant amount of activity in the field of on-line handwriting analysis. The prior art current to 1 90 is reviewed in "The State of the Art in On-Line Handwriting Recognition" by Charles C. Tappert et al , IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. 12, No. 8, August, 1990.
Currently existing and proposed systems provid¬ ing handwriting analysis for alphanumeric input to a computer are generally geared towards recognition of how the generated trace looks. Accordingly, such systems employ digitizers or graphic tablets. The underlying assumption of such systems is that the variability of the trace is much lower than the variability of the hand movement which generated the trace.
Signature verification systems, on the other hand, attempt to identify biometric characteristics of the writer and employ indications such as pressure and acceleration during writing. The assumption is that the signature is a ballistic movement, that is, a movement without closed loop feedback, and therefore that there is little variance in the hand movement.
U.S. Patent , 3^5.239 employs pen acceleration for use in a signature verification system. U.S. Patent 5,05^,088 employs both acceleration and pressure data characteristics of signature verification. As indicated by the above patents, pen acceleration is employed for signature verification because it is a personal feature, characteristic of each individual.
U.S. Patent 4, 817.03*1 describes a computerized handwriting duplication system employing a digitizer pad. U.S. Patent 4,641,354 describes apparatus for recognizing and displaying handwritten characters and figures in which unrecognized stroke information remains on the display screen. U.S. Patent 4,715.102 describes a process and apparatus involving pattern recognition. U.S. Patent 4,727.588 describes a system for automatic adjustment and editing of a handwritten text image, which preserves format information in a handwritten text. U.S. Patent 4,703.511 describes a writing input and dynamics regener¬ ation device wherein a time dependent code is embedded in a writing path.
U.S. Patent 4,513.^37 describes a writing implement for use in a signature verification system.
U.S. Patent 5,054,088 describes a method of segmenting and compressing dynamic signature data for storage on a limited capacity device.
U.S. Patent 4,856,077 describes a method and device for signature verification using a pen having at its nib a light-emitting member and a light-sensitive member.
U.S. Patent 4,495,644 describes a method for real-time signature verification using a transducer pad and a stylus .
U.S. Patent 4,345.239 describes apparatus for determining pen acceleration for use in a signature verification system.
U.S. Patent 4,263,592 describes an input pen usable with either a CRT display or a tablet input de¬ vice .
U.S. Patent 4,122.435 describes a method for producing an electrical signal responsive to identifying characteristics of handwriting. The electrical signal is produced responsive to variations in writing pressure between a writing instrument and a ridged writing sur¬ face .
U.S. Patent 4,751,741 describes pen-type char- acter recognition apparatus, using data representing a change in pressure applied to a tip element of a pen.
U.S. Patent 5.022,086 describes apparatus for collecting information on handwriting using a stylus with means for sensing force at a point on the surface, to¬ gether with a position sensing pad.
U.S. Patent 5.247.137 discloses a pen input device suitable for signature verification.
A piezoelectric sensor pen for obtaining pen point dynamics during writing is described in EerNisse et al . , "Piezoelectric Sensor Pen for Dynamic Signature Verification", Conference of the 1977 International Electron Devices Meeting, Washington, DC, December 1977. PP. 473-476.
A related apparatus for reading handwriting is described in published PCT application PCT/US92/08703. Related apparatus and methods are also described in the following pending applications assigned to the applicant of the present application: Israel 104575; Israel 108566; United States 08/227,275; and United States 08/380,068.
The disclosures of the above publications and of the publications cited therein are hereby incorporated by reference. The disclosures of all publications men¬ tioned in this specification and of the publications cited therein are hereby incorporated by reference.
The present invention seeks to provide an improved secure computer system.
The secure computer systems known in the art rely on identifying the user once or at specific times, and not continuously. Furthermore, existing secure systems need to take some action in order to achieve the identification of the user, for example, verifying a password, a fingerprint, etc. It is a particular object of the present invention to provide continuous security via continuous handwriting recognition without taking any specific action for identification.
Continuous security is believed to be important because of the increasingly widespread use of communica¬ tions networks, such as the Internet, in which secure communications are believed to be of great importance in preventing misuse. Continuous security has the particu¬ lar advantage of protecting a communications session at all times, thus preventing unauthorized use of an al¬ ready-authorized session.
Furthermore, the present invention includes continuous security by means of input from a pen, the input including characteristics of handwriting of the user of the pen. The continuous security of the present invention is thus based on a biometric characteristic and, unlike a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself. The prior art, as discussed above, does describe security based on identity verification by means of verifying the signature but does not describe continu¬ ous security based on handwriting recognition in general. The present invention, by contrast, includes continuous security based on general handwriting recognition.
There is thus provided in accordance with a preferred embodiment of the present invention a secure computer system including at least one node connected to a communications network, and a pen input device provid¬ ing an output to the at least one node, the node includ¬ ing handwriting recognition apparatus operative to re¬ ceive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recog¬ nizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with refer¬ ence characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters. There is also provided in accordance with another preferred embodiment of the present invention a secure computer communications system including a commu¬ nications network, at least one terminal coupled to the communications network, at least one server coupled to the communications network, and a pen input device commu¬ nicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful commu¬ nication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
Further in accordance with a preferred embodi¬ ment of the present invention communication from the pen input device to the server is secure by virtue of the communication being unintelligible in the absence of the availability of the reference characteristics.
Still further in accordance with a preferred embodiment of the present invention the server is located in a secure location.
Additionally in accordance with a preferred embodiment of the present invention the pen input device includes an accelerometer and provides accelerometer output signals to the terminal.
Moreover in accordance with a preferred embodi¬ ment of the present invention the at least one terminal includes a display and is operative to provide visible indication of recognized symbols in response to an input from the server.
Further in accordance with a preferred embodi¬ ment of the present invention the at least one terminal includes a keyboard for the input of function commands.
Still further in accordance with a preferred embodiment of the present invention information input by the pen input device, when and only when successfully recognized, is communicated to a utilization device.
Additionally in accordance with a preferred embodiment of the present invention the characteristics of the handwriting of the user include a mapping of hand movements, and the reference characteristics include a reference mapping of hand movements for the user.
Moreover in accordance with a preferred embodi- ment of the present invention the reference mapping includes a mapping of hand movements to characters for the user
Further in accordance with a preferred embodi¬ ment of the present invention the successful communica¬ tion is not conditional on any other user input in order to achieve security.
Still further in accordance with a preferred embodiment of the present invention the successful commu¬ nication is not conditional on use of any additional system resources in order to achieve security.
There is also provided in accordance with another preferred embodiment of the present invention a method for providing a secure computer system, the method including providing at least one node connected to a communications network, and providing a pen input device providing an output to the at least one node, the node including handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with reference characteristics, whereby successful communica¬ tion is conditional on successful conversion of the output of the pen into writing characters.
There is also provided in accordance with another preferred embodiment of the present invention a method for providing a secure computer communications system, the method including providing a communications network, providing at least one terminal coupled to the communications network, providing at least one server coupled to the communications network, and providing a pen input device communicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful communication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
The present invention will be understood and appreciated from the following detailed description, taken in conjunction with the drawings in which:
Fig. 1 is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention ;
Fig. 2 is a simplified block diagram illustra¬ tion of a preferred embodiment of a portion of the appa¬ ratus of Fig. 1 ;
Fig. 3 is a schematic diagram of a preferred embodiment of the apparatus of Fig. 2;
Fig. 4 is a simplified pictorial illustration of a preferred embodiment of the pen 2 of Fig. 1;
Figs. A and B are a pictorial illustration of a preferred implementation of the switch 85 of Fig. 4;
Fig. 6 is a schematic diagram of a preferred implementation of the printed circuit board 105 of Fig. 4;
Fig. 7A is a simplified block diagram illustra¬ tion of a preferred implementation of the server 35 of Fig. 1;
Fig. 7B is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 240 of Fig. 7A; and
Fig. 8 is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A.
Attached to the end of the specification are the following appendices which aid in the understanding and appreciation of one preferred embodiment of the invention shown and described herein:
Appendix A is a specification listing useful in understanding the apparatus of Fig. 4;
Appendix B is a netlist of the apparatus of Fig. 6; and
Appendix C is a part list of the apparatus of Fig. 6.
Reference is now made to Fig. 1 which is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention. The system of Fig. 1 comprises a terminal 10. The terminal 10 preferably comprises a display screen 1 and a plural¬ ity of data input keys 20. Preferably, the terminal 10 is sufficiently small to be portable.
The terminal 10 is described in more detail below with reference to Fig. 2.
The terminal 10 is operatively attached to a movement-sensing pen 25. operative to write on any appro¬ priate surface such as a sheet of paper 27. The pen 2 is described in more detail below with reference to Fig. 4. The pen 25 and the terminal 10 are shown in Fig. 1 as being operatively attached via a cable, but it is appreciated that any appropriate method of attachment as, for example, wireless communication, may be used.
The terminal 10 comprises data communication apparatus (not shown in Fig. 1) which is operative to provide a data communication connection 30 to a server 35- As shown in Fig. 1, the data communication connec¬ tion 30 is a remote data communication connection and may be any appropriate remote data connection such as, for example, a modem connection over switched telephone line or a modem connection over a dedicated telephone line. Alternatively, the data communication connection 30 may be a local connection and the server 35 may be located locally to the terminal 10.
The server 35 may be any appropriately pro¬ grammed computer.
The server 35 comprises a handwriting recogni¬ tion database 40. The handwriting recognition database 40 comprises a per-person, per-symbol database identify¬ ing handwriting characteristics for each of a plurality of persons, and, for each person, for each of a plurality of symbols. The per-person, per-symbol database is described in more detail below with reference to Fig. 8.
In a preferred embodiment of the present inven¬ tion, the server 35 is located in a secure location 42. The secure location 42 restricts access to the server 35 and thus enhances security with the system of Fig. 1 by preventing tampering with the database 40 or with other aspects of the server 35-
The system of Fig. 1 also preferably comprises other nodes 44 which, together with the terminal 10 and the server 35. comprise nodes of a communications net¬ work.
The operation of the apparatus of Fig. 1 is now briefly described. A user establishes a connection with the server 35 through the terminal 10, using the data input keys 20 for data entry. Establishing a connection includes providing the identity of the user, typically by entering a personal identification number (PIN) using the data input keys 20. It is appreciated than any means of providing the identity of the user may be employed, such as, for example, the following means which are well-known in the art: signature recognition; electronic key or electronic card based recognition; fingerprint identifi¬ cation; retina identification; or any other means of identification.
The server 35 receives the connection request from the terminal 10, verifies the identity of the user, and, if the identity is verified successfully, establish¬ es a connection with the terminal 10. Typically, the server 35 displays a message on the screen 15 indicating that a connection has been established.
Once a connection has been established, the user employs the terminal 10 and the pen 2~ for data entry, which data is transmitted to the server. Typical¬ ly, a combination of data entry via the data input keys 20 and via the pen 25 is employed, although it is possi¬ ble to employ the pen 25 alone.
The user employs the pen 25 to write on a surface such as the paper 27- The pen 25 is operative to sense movement of the pen 25 and to transmit signals representing the movement to the terminal 10, which in turn transmits the signals via the data communication connection 30 to the server 3 -
The server 35 employs handwriting recognition techniques, as described below with reference to Fig. 8. The handwriting recognition techniques employ the per- person, per-symbol database 40 to identify, for the person previously verified as the user, the most likely symbol written.
Preferably, the handwriting recognition tech- niques also use a dictionary of words to provide word- level recognition, and linguistic analysis to recognize phrases and sentences . As the user employs the pen and as symbols are recognized by the server 35. the server 35 typically transmits the recognized symbols to the termi¬ nal 10 for display on the screen 15, to provide feedback to the user.
As described below with reference to Fig. 8, recognition is based on hand movements which are unique to a given individual. When the verified user writes with the pen 25, the server 35 recognizes the symbols written based on the per-person, per-symbol characteris¬ tics stored in the database 40.
If another person other than the verified user begins to write with the pen 25, the server 35 will not correctly recognize the symbols since the unauthorized other person will employ different hand movements than the verified user. The server 35 may make a determina¬ tion that the user is unauthorized, that is, is not the verified user, based on any appropriate criteria such as, for example: inability of the server 35 to recognize more than a minimum percentage of symbols input, which minimum percentage may vary from individual to individual and from application to application according to the security level required; significant misrecognition determined at the word level, based on more than a maximum percentage of words that are not in the dictionary being recognized; or any other appropriate criterion.
Alternatively, since the server 35 will not correctly recognize the symbols written by the unauthor¬ ized person, the system will ipso facto cease to operate in response to pen input by the user and thus no determi¬ nation by the server 35 i necessary.
It is appreciated that the various functions assigned above to the server 35 may alternatively be performed within the terminal 10, in which case the various elements of the server 35 would be incorporated into the terminal 10. Further alternatively, it is appreciated that the pen 25 may be located locally to the server 35 and may be directly connected thereto without use of a terminal 20 or a communication link 30.
Reference is now made to Fig. 2, which is a simplified block diagram illustration of a preferred embodiment of a portion of the apparatus of Fig. 1. The apparatus of Fig. 2 comprises the terminal 10 of Fig. 1.
The apparatus of Fig. 2 comprises the display 15. comprising a display subsystem such as, for example, a PC0024-A LCD module, commercially available from Power- tip Technology Corporation, N° 18 - 3 Nan 2nd Rd. T.E.P.Z. , Tanzu, Taichung, Hsien, Taiwan, R.O.C. It is appreciated that another display subsystem, such as a subsystem with graphics capability, may also be used.
The apparatus of Fig. 2 also comprises the data input keys 20, comprising a keyboard module such as, for example, a 88BB2-072 keyboard 4 4 matrix module, com¬ mercially available from Grayhill, Inc., 61 Hillgrove Ave., La Grange IL 60525-0373. USA.
The apparatus of Fig. 2 also comprises a pen interface module 45. which is operative to provide an electronic data connection between the terminal 10 and the pen 25. The pen interface module 45 may be any suitable interface as, for example, a commercially avail¬ able RS-232 interface with associated line driver.
The apparatus of Fig. 2 further comprises a microcontroller 0 which is operative to control opera¬ tions of the terminal 10 and to control two-way communi¬ cations with the server 35« The microcontroller may be any suitable microcontroller such as, for example, a PIC17C42 high-performance 8 bit EPR0M microcontroller, commercially available from Microchip Technology Inc., 2311 West Chandler Blvd. , Chandler, AZ 85224-6199. USA.
The apparatus of Fig. 2 further comprises a communication module 55. suitable to provide the data connection 30 over the medium being used for the data connection 30. In the case of a modem connection over a telephone line, a suitable communication module 55 com¬ prises the AKl4-D007~OOl , commercially available from Rockwell International, Digital Communication Division, 4311 Jamboree Road, P.O. Box C, Newport Beach, CA, 92658- 8902, USA.
The microcontroller 50 is preferably connected to the other elements of Fig. 2 as follows: to the display 15 via both data and control connections ; to the data input keys 20 via a data connec¬ tion ; to the pen interface module 45 via a data connection; and to the communication module 55 via both data and control connections.
Optionally, the apparatus of Fig. 3 may also comprise a memory module (not shown) . In this case, the terminal 10 may be operative to store signals received from the pen 2 and/or commands received from the data input keys 20, and transmit the same at a later time. It is appreciated that, in this case, the terminal 10 may be used for standalone input and may not actually be con¬ nected to the data communication connection 30 at the time of input.
Reference is now made to Fig. 3. which is a schematic diagram of a preferred embodiment of the appa¬ ratus of Fig. 2. The diagram of Fig. 3 is self-explana¬ tory.
Reference is now made to Fig. 4 which is a simplified pictorial illustration of a preferred embodi¬ ment of the pen 25 Fig. 1. The apparatus of Fig. 4 comprises a top case 60, a bottom case 65, and a supporting element 70 all preferably formed of plastic. The apparatus of Fig. 4 also comprises a refill holder 75. preferably formed of plastic and shaped to hold a standard pen refill 80.
The apparatus of Fig. 4 further comprises a switch 8 . The switch 85 is positioned relative to the refill holder 75 such that, when a user of the pen 10 presses the tip of the refill 80 against a surface, the refill holder 75 actuates the switch 85. The switch 85. when actuated, sends a signal to a microcontroller 100.
The switch 85 is preferably formed of silicone rubber, with key travel of 0.2 mm, activation force 20 30 gram, activation time less than 1 millisecond, and maximum contact resistance 500 ohm.
Reference is now additionally made to Figs. 5A and B . which are pictorial illustrations of a preferred implementation of the switch 85 of Fig. 4. The apparatus of Figs. A and B comprises the switch 85, the refill holder 75. and the pen refill 80. In Fig. 5A, the switch 85 is depicted in a state where the pen refill 80 is not in contact with a surface. In Fig. ~B , the switch 85 is depicted in a state where the pen refill 80 is in contact with a surface, such that the refill holder 75 actuates the switch 85.
The apparatus of Fig. 4 also comprises a 3" dimensional accelerometer 90, which is operative to sense accelerations in three mutually orthogonal directions and to output a signal representing the sensed accelerations. Taking into account optimum shaping of the pen 25 to fit the hand of a user, the accelerometer 90 is preferably located as close as possible to the tip end of the pen
25.
The accelerometer 90 may, for example, be an ACH-04-08, commercially available from AMP Sensors, Inc. , P.O. Box 799. Valley Forge, PA 19482, USA, modified according to the specifications found in Appendix A. Such modified accelerometers are commercially available from BarOn Technologies Ltd. , Gutwirth Science Park, Technion City, Haifa 32000, Israel.
Alternatively, a single accelerometer or three accelerometers mounted mutually orthogonally to each other may be used.
The apparatus of Fig. 4 also includes an opera¬ tional amplifier 95. such as a LMC 6464, commercially available from National Semiconductor Corporation, 2900 Semiconductor Drive, Santa Clara, CA 95052-8090, USA.
The microcontroller 100 preferably includes an analog-to-digital converter. An example of a suitable microcontroller is the PIC16C71. commercially available from Microchip Technology Inc., referred to above.
The apparatus of Fig. 4 also comprises a print¬ ed circuit board (PCB) 105. The switch 85. the acceler¬ ometer 90, the operational amplifier 95. and the micro¬ controller 100 are all mounted on the printed circuit board 105- Reference is now additionally made to Fig. 6, which is a schematic diagram of a preferred implementa¬ tion of the printed circuit board 105- Reference is now also additionally made to Appendix B, which is a netlist of the apparatus of Fig. 6, and to Appendix C, which is a part list of the apparatus of Fig. 6. Fig. 6 is self- explanatory with regard to Appendices B and C.
The apparatus of Fig. 4 also comprises a cable 110, preferably having a strain relief apparatus 115. and terminating in a data connector 120. The data connector 120 may be any appropriate data connector, and is typi¬ cally an RS-232 connector.
During operation, the accelerometer 90 measures movement of the pen 2 and sends signals representing the acceleration to the operational amplifier 95. The opera¬ tional amplifier 95 amplifies the signals and sends them to the microcontroller 100. At the same time, the switch 85 sends signals indicating whether the refill 80 is in contact with a surface to the microcontroller 100.
The microcontroller 100 digitizes the received signals and sends digital signals through the cable 110 and connector 120. The signals preferably comprise an indication of whether the refill 80 is in contact with a surface, as indicated by the position of the switch 85. The signals also comprise movement data based on acceler¬ ations measured by the accelerometer 90. Preferably, the signals sent by the microcontroller 100 comprise approxi¬ mately 100 samples per second.
Typically, the pen 25 receives electrical power through the cable 110 from the data connector 120.
It is appreciated that a particular advantage of the present invention is that continuous security by means of continuous handwriting recognition of the indi¬ vidual using the system may occur repeatedly or continu¬ ously during use of the system rather than occurring only at the beginning of a session. It is also appreciated that a particular advantage of the present invention is that the security criterion is based on a biometric characteristic and, unlike systems based on a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself.
Reference is now made to Fig. 7A, which is a simplified block diagram illustration of a preferred implementation of the server 35 of Fig. 1. The elements of Fig. 7 comprise functional components of the server 35. and are typically implemented in software, but may be implemented in a combination of software and hardware or in hardware.
The apparatus of Fig. 7A comprises a terminal communication module 200, which is operative to transmit data in both directions between the terminal 10 of Fig. 1 and the apparatus of Fig. 7A. The data received from the terminal 10 may comprise signals representing movement or acceleration of the pen 25; the status of contact between the pen 25 and the surface 27; and commands representing entries made on the data input keys 20.
The terminal communication module receives data to be sent to the terminal 10 from a control module 240 described below, and supplies data received from the terminal 10 to the control module 240. The terminal communication module 200 may utilize conventional methods which are well known in the art.
The apparatus of Fig. 7A also comprises a handwriting recognition module 210. The handwriting recognition module 210 has a plurality modes of opera¬ tion, comprising training mode and recognition mode.
In training mode, the operation of the hand¬ writing recognition module 210 is as follows. The user writes symbols from a pre-arranged script known to the handwriting recognition module 210, and the associated symbols appear on the display 15 of Fig. 1 during the writing. Preferably, the pre-arranged script contains several repetitions of each symbol. Preferably, based on the experience of the inventor, the symbols should occur in different parts of the word, such as beginning, mid¬ dle, and end, throughout the pre-arranged script. The handwriting recognition module 210 is operative to pro¬ duce the database 40 based on the movement data received during training mode.
It is appreciated that the database 40 may be produced other than in training mode. For example, the database 40 may be externally loaded into the server 35 based on a similar process of training which occurred with other equipment. The other equipment may be similar to the system of Fig. 1 or may omit the terminal 10 and comprise the pen 25 and the server 35-
In recognition mode, the operation of the handwriting recognition module 210 is as follows. The handwriting recognition module 210 receives a message from the control 240 indicating the identity of the user. The handwriting recognition module 210 is then operative to receive signals representing movement of the pen 25 and pen-surface contact of the pen 25 with the surface 27, through the terminal 10, from the control 240.
The handwriting recognition module 210 is operative to produce text based on the received signals and to send the text to the control 240. The handwriting recognition module 210 is also operative to determine an index of likelihood for the produced text, the index of likelihood representing the likelihood that the produced text is the correct interpretation of the movements of the pen 25 which produced the received signals. The index of likelihood preferably includes an indication, such as a likelihood of 0, that handwriting can not be recognized at all, so that no meaningful text is pro¬ duced. The handwriting recognition module is also operative to send the index of likelihood to the control module 240. The operation of the handwriting recognition module 210 is described more fully below with reference to Fig. 8.
As describe above with reference to Fig. 1 and below with reference to Fig. 8, it is appreciated that an attempt to use the pen 25 by a user other than the iden¬ tified user of the system will lead to a very low recog¬ nition rate.
The apparatus of Fig. 7A also comprises one or more applications 230. Each application 230 may be any appropriate computer application, capable of running on the server 35. and preferably having network communica¬ tion capabilities. Examples of suitable applications include the following: electronic mail applications; bi-directional paging and messaging applica¬ tions ; network services applications, such as Internet applications; and other applications.
Each application 230 is operative to receive text input from the control module 240, representing text produced by the handwriting recognition module 210. Each application 230 is also operative to send output to the control module 240, for forwarding through the terminal communication module 200 to the terminal 10.
The apparatus of Fig. 7A also comprises a control module 240. The control module 240 is operative as described above to send and receive data to and from the terminal communication module 200, the handwriting recognition module 210, and the applications 230.
The control module 240 is operative, when receiving data, to determine the destination of the data and to forward the data to the appropriate destination. For example, when receiving data from the terminal commu¬ nication module 200 representing movement of the pen 25, the control module 240 is operative to send the data to the handwriting recognition module 210. When receiving data from the terminal communication module 200 repre¬ senting a press of one or more of the data input keys 20 indicating a command sequence, the control module 240 is operative to carry out the command received.
Preferably, the control module 240 is operative to determine whether data received from the terminal communication module 200 represents movement of the pen 25 or a press of one or more of the data input keys 20 by examining the data received. For example, a particular binary or hexadecimal sequence, for example hexadecimal FF, might be used to indicate a key press in the follow¬ ing one or more bytes of data, while all other values ranging from hexadecimal 00 to hexadecimal FE might be used to indicate pen movement data.
The control module 240 is also operative, based on the index of likelihood received from the handwriting recognition module 210, to determine whether the present user of the pen 25 is not the identified user.
Typically, the control module 24θ is operative to make the determination that the present user is not the identified user based on a comparison of the likeli¬ hood received with a minimum likelihood criterion. Typically, the minimum likelihood criterion comprises a minimum likelihood level and minimum duration of time below said minimum likelihood level, so that a determina¬ tion that the present user is not the identified user would typically be based on the likelihood level being below the minimum likelihood level for at least the minimum duration of time.
The minimum likelihood criterion may vary with respect to requirements of a particular application 230, described below, or may vary according to the identified user. The variation according to the identified user is believed to increase the level of accuracy of security achieved because some users write in a more consistent way than other users, so that the more consistent users can be expected to produce a higher index of likelihood, and hence may be assigned a higher minimum likelihood criterion, than the less consistent users.
Upon making a determination that the present user is not the identified user, the control module 240 is preferably operative to take some action to secure communications, typically to command the terminal commu¬ nication module 200 to end the communication session with the terminal 10.
Reference is now made to Fig. B , which is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 24θ of Fig. 7A. The method of Fig. 7B is a preferred method for determining whether the present user of the pen 25 is not the identified user. The method of Fig. 7B is self-explanatory with respect to the above discussion of Fig. 7A.
Alternatively to the method described above wherein the control module 240 takes some action to secure communication, it is appreciated that, since the handwriting recognition module 210 will not correctly recognize the symbols written by the unauthorized person, the system will ipso facto cease to operate in response to pen input by the user, and no determination by the control module 240 is necessary.
Reference is now made to Fig. 8, which is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A. The method of Fig. 8 preferably includes the following steps:
STEP 3 0: Receive accelerometer data. Accel¬ erometer data is received from the control module 240. The accelerometer data comprises data points representing sampling of the acceleration measured by the pen 25- Preferably, the sampling rate is approximately l600 data points per second, averaged over 16 points, producing an output of approximately 100 data points per second.
STEP 315: Identify individual symbols and words. The data from the previous step is divided into data representing individual symbols. The status which comprises the status of "pen up" is termed herein "pen not down". Preferably, the number of consecutive data points with status of "pen not down", which data points represent a particular duration of the status "pen not down" , is taken to indicate the end of a symbol or of a word.
Typically, the duration of status "pen not down" within a range from 200 milliseconds to 400 milli¬ seconds is taken to indicate the end of a symbol. Dura¬ tion of the status "pen not down" in the range from 800 milliseconds to 1200 milliseconds is typically taken to indicate the end of a word.
Alternatively, the end of a symbol or of a word may be indicated by data points which represent pen movements that are not part of a symbol, or by other means .
Further alternatively, it is possible to dis¬ cern the end of a word or symbol via analysis based on a dictionary and/or on linguistic rules, similarly to the method described below with reference to step 420.
STEP 330: Filter accelerometer data. The accelerometer data received from the previous step is filtered in order to remove noise. The filtering may be accomplished by iterative smoothing of adjacent points until the total change in the signal due to a smoothing operation is less than the desired accuracy of the data, or by other suitable means.
STEP 400: For each prototype in the per-person per-symbol acceleration prototype database, build an index of comparison between the sample and the prototype.
STEP 410: Create a list of probable symbols sorted by likelihood. Based on the index of comparison generated in step 400, a single list of probable symbols sorted by likelihood is generated.
STEP 420: Choose the correct symbols and the correct word based on the list, the database of previous confusions, a dictionary, and linguistic rules. The symbols with greatest likelihood are the candidates from which the correct symbol is chosen.
The database of previous confusions provides information that allows the correction of the choice of the correct symbol based on previous incorrect identifi¬ cations .
An indication of the end of each word has been passed as output since step 315. described above. Based on the indication, the most likely word, comprising the most likely identifications for each symbol in the list, is identified.
Alternatively, an attempt may be made to find likely words, based on use of the dictionary and on applying linguistic rules as described below, without regard to data indicating the end of each word. It such a case, letters are accumulated and the accumulated letters are checked continuously in order to find the best option for a likely word. For example, if the word "slow" has already been identified in the accumulated letters, and the letters "ly" are next identified, an additional possibility is now noted that the identifica¬ tion of "slow" may be replaced with an identification of "slowly". If the next letter identified does not create a possible word beginning with "ly", the identification of "slowly" is preferred over the identification of "slow ly". In the case of this alternative, step 315 may be optional .
The most likely word is checked against the dictionary. Preferably, the dictionary comprises both a general dictionary used for all users of the system and a personal dictionary for each user of the system. If an entry exists in the dictionary for the most likely word, the word is chosen as the correct identification.
If the most likely word is not found in the dictionary, all possible word combinations in the list are formed and each is checked against the dictionary. Among all such words which are found in the dictionary, the word with the highest likelihood is then chosen as the correct identification.
If none of the words is found in the diction¬ ary, the most likely word is chosen as the correct iden¬ tification .
STEP 440: Update database of previous confu¬ sions. Based on a manual correction entered by the user or an automatic correction based on the dictionary and/or on the application of linguistic rules, the database of previous confusions is updated. Based on a manual cor¬ rection, the personal dictionary is also updated if the corrected word is not found in the dictionary.
STEP 450: Update per-person per-symbol accel¬ eration prototype database. The new prototype from the previous step are stored in the per-person per-symbol acceleration prototype database.
Step 460: Output recognition information. The sorted list of likely words output by the previous step is output to the control module 240.
It is appreciated that the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques.
It is appreciated that the particular embodi¬ ment described in the Appendices is intended only to provide an extremely detailed disclosure of the present invention and is not intended to be limiting.
It is appreciated that various features of the invention which are, for clarity, described in the con¬ texts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, de¬ scribed in the context of a single embodiment may also be provided separately or in any suitable subcombination .
It will be appreciated by persons skilled in the art that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention is defined only by the claims that follow. APPENDIX A gpggTl CATIO-T SHBgT
3-Axis (X.Y, i Z) Accelerometer with JFET Impedance Buffers
K n Type ____£ lln____a ppRPOR ANCE SPECIFICATIONS (T-2SC)*
Sensitivity '32 * X-Axiε Max Tolerance 2.25 3.00 3.75 mV/g
* Y-Axis Max Tolerance 2.25 3.00 3.75 mV/g
* 2-Axis Max Tolerance 1.50 2.00 2.30 mV/g
* within one Lot ±15% of Average Lot Value and within Max
Frequency Range
- 3dB
* 3 B Resonant Frequency
Resonant Q
Linearity
Dynamic Range
Noi se 1Hz
10Hz 1 . 000Hz
Transverse Sensitivity Temperature Transient Sensitivity Base Strain Sensitivity
Figure imgf000027_0001
f ECTRICAI- SPECIFICATIONS (T-25C)
Gate-Drain Voltage
Gate-Source Voltage
Gate Current
Power Dissipation
Power Derating
Gate-Source Cutoff Voltage (Vos/orr)
Saturation Drain Current (Iβ#»)**
CA Forward Tiaπsconductance (g„)**
Outpout Impedance' APPENDIX A CONTINUED
ENVIRONMENTAL SPECIFICATIONS Operating Temperature* OC to -.75C Storage Temperature -40C to +110C Operating Relative Humidity 95% Non-Condensing Operating Altitude -400 to 10,000 feet Storage Altitude 5,000 g's, any axis Weight 0.35 Grams Typical
NOTES :
1: Reference frequency is 335Hz unless otherwise noted,
2: Assumes constant current bias, guarded Drawn 6 Source.
3: Output impedance is user selected. Type values: lβOkC? for aplit & 20 kO for single supply.
4 : Nominal sensitivity will typically change ±5% over this range .
27 APPENDIX B
NET 'NOOOOl' U5-3 C250-2 R157-1
NET 'NOO002' R15-2 U3-4
NET 'NOOO03' R12-1 D1-CATH0DE
NET 'N00004' R12-2 Jl-3
NET 'N00005' U5-1 R159-2 C253-2 C256-1
NET 'N00006' C256-2 R22-1 TP_ICT1-1 U2-3
NET 'N00007' R155-2 Q3-BASE Q2-BASE Ql-BASE Q4-BASE
NET 'NO 0007' Q -COLLECTOR
NET 'N00008' U5-2 R158-2 R159-1 C253-1
NET 'N00009' U2-1 R19-2 C22-2 R17-1
NET 'N00010' R17-2 TP_ICT4-1 U3-1
NET 'N00011' Ul-2 Q3-COLLECTOR C250-1
NET 'N00012' U2-2 R20-2 R19-1 C22-1
NET 'N00013' R150-2 Ul-4 Ul-7 Ul-10 Ul-14
NET 'N00013' R151-1
NET 'N00014' Dl-ANODE Jl-2 Q7-C0LLECT0R
NET 'N00015' U3-18 TP_ICT6-1 R18-2
NET 'N00016' Q3-EMITTER R152-1
NET 'N00017' Rl-2 R22-2 R20-1 R160-2 R157-2
NET 'N00017' R158-1 R161-1 R7-1 U2-14 U2-13
NET 'N00017' R163-2 R164-1 R25-2 R23-1
NET 'N00018' U3-17 TP_ICT5-1 R8-2
NET 'N00019' U3-9 R13-1
NET 'N00020' R13-2 Q7-BASE
NET 'N00021' Q7-EMITTER Rll-1
NET 'N00022' Jl-4 D2-AN0DE
NET 'N00023' Jl-5 D3-AN0DE
NET 'N00024' R14-2 U3-6 SW1-N0
NET 'N00025' Ul-6 Q2-C0LLECTOR C251-1
NET 'N00026' U3-16 Yl-1 C20-1
NET 'N00027' U3-15 Yl-2 C19-1
NET 'N00028' C251-2 R160-1 U5-5
NET 'N00029' U5-7 R162-2 C254-2 C257-1
NET 'N00030' C257-2 Rl-1 TP_ICT2-1 U2-5
NET 'N00031' U5-6 R161-2 R162-1 C254-1
NET 'NOO032' U2-7 R6-2 Cll-2 R8-1
NET 'N00033' Ul-12 Ql-COLLECTOR C252-1
NET 'N00034' U2-6 R7-2 R6-1 Cll-1
NET 'N00035' Q2-EHITTER R153-1
NET 'N00036' D2-CATHODE U4-2 D3-CATH0DE C16-1
NET 'N00037' C252-2 R163-1 U5-10
NET 'N00038' R9-2 C21-1 U2-12 RlO-l
NET 'N00039' U5-8 R165-2 C255-2 C258-1
NET 'NOO040' C258-2 R25-1 TP_ICT3-1 U2-10
NET 'N00041' U5-9 R164-2 R165-1 C255-1
NET 'N00042' U2-8 R21-2 C23-2 R18-1
NET 'N0O043' U2-9 R23-2 R21-1 C23-1
NET 'N00044' Ql-EMITTER R154-1
NET 'N00045' Q -EMITTER R156-1
NET 'VCC U4-4 C17-PLUS R9-1 R14-1 Rll-2
NET 'VCC Ul-1 R150-1 Ul-5 Ul-11 R155-1
NET 'VCC U2-4 U5-4 R15-1 U3-14 C18-1
NET 'AGND' TP_K£C1-1 TP_MEC2-1 TP_ EC3-1 TP_MEC4-1 R156-2
NET 'AGND' U5-12 U5-13 C17-MINUS R154-2 C21-2
NET 'AGND' R10-2 C16-2 U4-3 U4-1 SW1 -COMMON
NET 'AGND' R153-2 Ul-3 Ul-8 Ul-9 Ul-13
NET 'AGND' R151-2 C19-2 C20-2 U3-2 U3-3
NET 'AGND' Jl-1 Jl-101 Jl-102 R152-2 U2-11
NET 'AGND' U5-11 C18-2 U3-5 No Description Reference
1 Connector DF13-5-P-1.25H(20) J1
2 Capacitor 470pF 50V Ceramic , 10% C11.C22.C23.C253.C254.C255
3 Capacitor 3 3uF 10V Tantalum 20% C17
4 Capacitor 22pF 50V Ceramic , 10% C20.C19
5 Capacitor 68nF 25V Ceramic , 10% C250.C251.C252.C256.C257.C258
6 Capacitor 220πF 25V Ceramic , 10% C16.C18.C21
7 Diode 1N4Hβ D1.D2.D3 β BarOn Motion Sensor, B3D - 1 U1 9 Op Am LMC6464AIM U2.U5
10 Micro controller PIC16C 2, 20 Mhz U3
11 Resistor 1.2 Koh , 1/16 , 5% R8.R17.R18
12 Resistor 100KOhm,1/16W R13,R14.R15,R15B.R161 ,R164 ro
13 Resistor 20KOhm.1/16W O-
R152.R153.R154.R156
14 Resistor 100Ohm,1/16W R11
15 Resistor 10MOhm,1/10W R1 ,R61R9.R10,R191R21 >R22,R25,R151.R157,R159.R160.R1821R1631R165
16 Resistor 6.2KOhm,1/16W R12
17 Resistor 4.7MOhm, 1/10W, R150
18 Resistor 1MOhm,1/16W R7.R20.R23
19 Resistor 390KOhm, 1/16W R155
20 Ultra Miniature Switch, DH-2C-C5-PA SW1
21 Transistor 2N3906-PNP Q7
22 Transistor MMBT5089-NPN Q1,Q2,Q3,Q4
23 Volt Ref 5V, MIC5200 U4
24 Crystal, β.144 MHz Y1
Figure imgf000030_0001

Claims

1. A secure computer system comprising:
at least one node connected to a communications network; and
a pen input device providing an output to said at least one node,
said node including handwriting recognition apparatus operative to receive the output of said pen and during substantially the entire duration of the data input from said pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of said pen and comparing said characteristics with reference characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters.
2. A secure computer communications system comprising:
a communications network;
at least one terminal coupled to said communications network;
at least one server coupled to said communications network; and
a pen input device communicating via said at least one terminal with said server, and wherein
said server includes handwriting recognition apparatus operative to receive the output of said pen and during substantially the entire duration of the data input from said pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of said pen and comparing them with reference characteristics, whereby successful communication of information via said server is conditional on successful conversion of the output of the pen into writing characters.
3. A secure computer communications system according to claim 2 and wherein communication from said pen input device to said server is secure by virtue of said communication being unintelligible in the absence of the availability of the reference characteristics.
4. A secure computer communications system according to claim 3 and wherein said server is located in a secure location.
5. A secure computer communications system according to claim 2 and wherein said pen input device comprises an accelerometer and provides accelerometer output signals to said terminal.
6. A secure computer communications system according to any of claims 2 - 5 and wherein said at least one terminal includes a display and is operative to provide visible indication of recognized symbols in response to an input from said server.
7. A secure computer communications system according to any of claims 2 - 6 and wherein said at least one terminal includes a keyboard for the input of function commands.
8. A system according to any of the preceding claims and wherein information input by the pen input device, when and only when successfully recognized, is communicated to a utilization device.
9. A system according to any of the preceding claims and wherein said characteristics of the handwriting of the user comprise a mapping of hand movements, and wherein said reference characteristics comprise a reference mapping of hand movements for said user.
10. A system according to claim 9 and wherein said reference mapping comprises a mapping of hand movements to characters for said user.
11. A system according to any of the preceding claims and wherein said successful communication is not conditional on any other user input in order to achieve security.
12. A system according to any of the preceding claims and wherein said successful communication is not conditional on use of any additional system resources in order to achieve security.
13. A method for providing a secure computer system, the method comprising:
providing at least one node connected to a communications network; and
providing a pen input device providing an output to said at least one node,
said node including handwriting recognition apparatus operative to receive the output of said pen and during substantially the entire duration of the data input from said pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of said pen and comparing said characteristics with reference characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters.
14. A method for providing a secure computer communications system, the method comprising: providing a communications network; providing at least one terminal coupled to said communications network;
providing at least one server coupled to said communications network; and
providing a pen input device communicating via said at least one terminal with said server, and wherein said server includes handwriting recognition apparatus operative to receive the output of said pen and during substantially the entire duration of the data input from said pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of said pen and comparing them with reference characteristics, whereby successful communication of information via said server is conditional on successful conversion of the output of the pen into writing characters.
PCT/IL1996/000133 1995-10-31 1996-10-28 Continuous security system based on motion code WO1997016799A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU73305/96A AU7330596A (en) 1995-10-31 1996-10-28 Continuous security system based on motion code

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL115836 1995-10-31
IL11583695A IL115836A0 (en) 1995-10-31 1995-10-31 Continuous security system based on motion code

Publications (2)

Publication Number Publication Date
WO1997016799A2 true WO1997016799A2 (en) 1997-05-09
WO1997016799A3 WO1997016799A3 (en) 2001-09-13

Family

ID=11068137

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL1996/000133 WO1997016799A2 (en) 1995-10-31 1996-10-28 Continuous security system based on motion code

Country Status (3)

Country Link
AU (1) AU7330596A (en)
IL (1) IL115836A0 (en)
WO (1) WO1997016799A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999046909A1 (en) * 1998-03-12 1999-09-16 Johan Ullman Device for entering signs into a cellular telephone
WO2000057349A1 (en) * 1999-03-24 2000-09-28 British Telecommunications Public Limited Company Handwriting recognition system
WO2001077796A2 (en) * 2000-04-10 2001-10-18 Digital Ink, Inc. Using handwritten information
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
EP1736908A2 (en) * 2005-06-20 2006-12-27 Samsung Electronics Co., Ltd. Method for authenticating user using camera module and mobile terminal therefor

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5544257A (en) * 1992-01-08 1996-08-06 International Business Machines Corporation Continuous parameter hidden Markov model approach to automatic handwriting recognition
US5561446A (en) * 1994-01-28 1996-10-01 Montlick; Terry F. Method and apparatus for wireless remote information retrieval and pen-based data entry
US5596698A (en) * 1992-12-22 1997-01-21 Morgan; Michael W. Method and apparatus for recognizing handwritten inputs in a computerized teaching system
US5615285A (en) * 1992-05-27 1997-03-25 Apple Computer, Inc. Method and apparatus for recognizing handwritten words
US5615277A (en) * 1994-11-28 1997-03-25 Hoffman; Ned Tokenless security system for authorizing access to a secured computer system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5544257A (en) * 1992-01-08 1996-08-06 International Business Machines Corporation Continuous parameter hidden Markov model approach to automatic handwriting recognition
US5615285A (en) * 1992-05-27 1997-03-25 Apple Computer, Inc. Method and apparatus for recognizing handwritten words
US5596698A (en) * 1992-12-22 1997-01-21 Morgan; Michael W. Method and apparatus for recognizing handwritten inputs in a computerized teaching system
US5561446A (en) * 1994-01-28 1996-10-01 Montlick; Terry F. Method and apparatus for wireless remote information retrieval and pen-based data entry
US5615277A (en) * 1994-11-28 1997-03-25 Hoffman; Ned Tokenless security system for authorizing access to a secured computer system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999046909A1 (en) * 1998-03-12 1999-09-16 Johan Ullman Device for entering signs into a cellular telephone
WO2000057349A1 (en) * 1999-03-24 2000-09-28 British Telecommunications Public Limited Company Handwriting recognition system
US7054510B1 (en) 1999-03-24 2006-05-30 British Telecommunications Public Limited Company Handwriting recognition system
WO2001077796A2 (en) * 2000-04-10 2001-10-18 Digital Ink, Inc. Using handwritten information
WO2001077796A3 (en) * 2000-04-10 2003-01-23 Digital Ink Inc Using handwritten information
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
GB2413425B (en) * 2004-04-23 2008-04-09 Hewlett Packard Development Co Biometric analysis system, methods, apparatus and software using biometric analysis
EP1736908A2 (en) * 2005-06-20 2006-12-27 Samsung Electronics Co., Ltd. Method for authenticating user using camera module and mobile terminal therefor
EP1736908A3 (en) * 2005-06-20 2008-05-28 Samsung Electronics Co., Ltd. Method for authenticating user using camera module and mobile terminal therefor

Also Published As

Publication number Publication date
WO1997016799A3 (en) 2001-09-13
IL115836A0 (en) 1996-01-19
AU7330596A (en) 1997-05-22

Similar Documents

Publication Publication Date Title
US6486875B1 (en) Wireless computer peripheral that functions as a mouse and pen with ink processor memory power display and speaker all in one
US6628847B1 (en) Method and apparatus for recognition of writing, for remote communication, and for user defined input templates
US8625900B2 (en) Video-based biometric signature data collection
US6633282B1 (en) Ballpoint pen type input device for computer
US6686910B2 (en) Combined writing instrument and digital documentor apparatus and method of use
KR101026630B1 (en) Universal computing device
JP3993706B2 (en) Facsimile transmitter
CN100422915C (en) Universal computing device
US6573887B1 (en) Combined writing instrument and digital documentor
US6195446B1 (en) Digitizer stylus with memory for storing handwriting data
US20110285634A1 (en) Portable data entry device
ATE409900T1 (en) COMPUTER SYSTEM CONTROL BY USER DATA USING THE INTERFACE
EP0108106A1 (en) Data entry device.
JPH08507886A (en) Handwriting reader
WO1997016799A2 (en) Continuous security system based on motion code
JP2004045844A (en) Kanji learning system, program of judgment of kanji stroke order, and kanji practice paper
WO2004102929A2 (en) Mobile electronic device with integrated stylus input device
JPH0594564A (en) Data processing system
CA2433151A1 (en) Stylus computer
CN108803902A (en) The method and device of handwritten content electronization
CN108664149A (en) A kind of information recording method, medium and information-recording apparatus
KR101179203B1 (en) Hand-writing message sending system using optical sensing pen and exclusive pocket book
Shewalkar et al. Handling PC through Speech Recognition and Air Gesture
JPH011061A (en) information retrieval device
KR20040001771A (en) The System and Method for Providing Information of Subscriber Using Map ID

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): KE LS MW SD SZ UG AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG