WO1997023816A1 - User identification system for data processing equipment with keyboard - Google Patents

User identification system for data processing equipment with keyboard Download PDF

Info

Publication number
WO1997023816A1
WO1997023816A1 PCT/IB1996/001253 IB9601253W WO9723816A1 WO 1997023816 A1 WO1997023816 A1 WO 1997023816A1 IB 9601253 W IB9601253 W IB 9601253W WO 9723816 A1 WO9723816 A1 WO 9723816A1
Authority
WO
WIPO (PCT)
Prior art keywords
keystrokes
timings
keystroke
stored
entered
Prior art date
Application number
PCT/IB1996/001253
Other languages
French (fr)
Inventor
Michael P. Whelan
Hsiang-Lung Wu
Original Assignee
Philips Electronics N.V.
Philips Norden Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Philips Electronics N.V., Philips Norden Ab filed Critical Philips Electronics N.V.
Publication of WO1997023816A1 publication Critical patent/WO1997023816A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/023Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

User keystrokes and keystroke timings are continually captured during computer use. The captured keystrokes and timings are compared with a user profile of keystrokes and timings. A statistical analysis determines what should be in the profile and how the captured keystrokes and timings match up with the stored ones. An error action is initiated if the statistical analysis indicates that the user is not the one who is supposed to be using the computer.

Description

User identification system for data processing equipment with keyboard.
BACKGROUND OF THE INVENTION
The invention relates to the field of computer security and in particular to user identification.
In the past, a number of techniques have been proposed to improve computer security. For instance, passwords have been used to identify users as they sign on to computer systems.
Password techniques have the limitation that once a user signs on, there is no further checking as to the identity of the user. If the user leaves the computer without signing off, another user can come by and use the computer for nefarious purposes. To obviate this problem, some systems have screen saver software which puts a system into screen saver mode when a user has not been active on the computer and then require the user to enter a password to get out of the screen saver. However, since the screen saver takes some time to kick in, a crafty miscreant can still dart into a departed user's place and do his dastardly deeds. Another problem with password based systems, is that would-be intruders into the computer system may learn a password and enter that password in the genuine user's stead. Proposed solutions to this problem appear in R. J. Spillane, "Keyboard Apparatus for Personal Identification", IBM Tech. Disci. Bull. , vol. 17, No. 11 , April 1975 and GB 2,247,964A. Both of these systems propose looking at time intervals between key depressions during entry of a standard code or a password. These systems give some additional assurance that the password is being entered by the correct person, however, they still have the problem that, once a user is signed on, there is no additional verification.
SUMMARY OF THE INVENTION The object of the invention is improved user identification for computer security in keyboard based systems. The object is achieved in that keystrokes are continually analyzed to determine if they match stored sequences and to determine whether their timings match stored timings for the stored sequences. BRIEF DESCRIPTION OF THE DRAWING
The invention will now be described by way of non-limitative example with reference to the following drawings.
Fig. 1 is a computer system equipped with the invention. Fig. 2 is a flowchart of an initialization routine for the invention.
Fig. 3 is a flowchart of a first embodiment of the invention.
Fig. 4 is a flowchart of a second embodiment of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Fig. 1 shows a computer system on which the invention can run. The system includes equipment 101 to be guarded, which takes data from a keyboard 104. A user identification unit 105 processes data received from the equipment 101. The user identification unit 105 has a database 102 of security information. When data received from the equipment to be guarded 101 does not correlate with data in the database 102, the user identification unit 105 executes an error action 106. That action might be to lock the equipment 101 or to send an error message to another machine, for instance where a system administrator is sitting. The method can be run on a system where the user identification unit is incorporated within the equipment to be guarded. However, sometimes better security is achieved if the user identification unit is separate from the equipment to be guarded. Fig. 2 shows a flow chart of an initiation phase of the invention. During this phase, a database is created for a particular user. The user is asked to type a set of words or keystrokes. The words in the set should contain three letter sequences which are expected to be entered frequently by the user under actual operating conditions. The three letter sequences or triplets have been found to work well experimentally. However, sequences of other lengths could also be used.
The set could contain commonly used English words, or the list could contain commonly used computer commands or codes. For users of a UNIX based system, the set should preferably include commonly used UNIX operating system commands. Preferably the set should contain repetitions of the three letter sequences which are thought to be most useful, so that the user is given several opportunities to enter relevant triplets. In general the set should contain triplets which are "statistically repetitive". The term "statistically repetitive" will be defined below.
Block 200 starts the operation. So long as there are more words to type (201Y), the system analyzes input at 202. At 206, the computer orders the user to enter a word. The loop 207/208 comprises the key-wise analyzing of the word, and the detecting whether the word has terminated effectively. The analyzing data include keystroke identifications and timings for each keystroke. Words are delimited by finding a sequence of keystrokes ending with a carriage return, a space, or a long time interval without keystrokes. The system then breaks the entered keystrokes for each word into triplets at
203. Each word can be represented by a set, (C(i) | 1 < i < the length of the word}, where C(i) is the i* character of this word. The keystroke timings for this word are represented by a set, {T(i) | 1 < i < length of the word}, where T(i) is the time lapsed between either entry of a previous keystroke or issuance of a system prompt, and - entry of the current keystroke.
A six letter word, for instance, will contain four triplets, {C(1),C(2),C(3)} , {C(2),C(3),C(4)}, {C(3),C(4),C(5)J , and (C(4),C(5),C(6)}. Each triplet is represented in the same form as the word, but the keystroke timings are converted into values relative to the time when the first character of this triplet is typed. Any words less than 3 characters is ignored by the system.
At 204, relevant timings are entered into the user's profile. The user profile should contain records of statistically repetitive triplets for that user.
When the list of words is complete, the system goes to block 209. Therein, for each statistically repetitive triplet (see 209), three mean values are stored 210 which represent means of the timings of the keystrokes for each character of that triplet. Also, for each statistically repetitive triplet, a variance value is stored 210 which represents a variance of the timings of all of the recorded keystrokes for that triplet. When all processing has finished, at 205, initialization ends.
Fig. 3 shows a flow chart of the operation of the invention after initialization. After start block 300, this flow chart is triggered by entry of a keystroke at 301. If a keystroke is detected, its identity and timing are captured at 302. Keystrokes are captured in sequence until a word is identified (see 303). The word is then broken into triplets, cf analogous operation at box 203 at Fig. 2. If, at 304, any of the triplets matches 310 a stored triplet developed in Fig. 2, the timings matched triplets are correlated with the timings of the stored triplets at 305. If no stored triplets are matched at 310, control returns to 301. Given two sets of keystroke timings (T,(i) | 1 < i < 3} and (T2(i) | 1 < i < 3} of the same triplet, the function E(x) denoting the mean of a variable x, and the function σ(x) denoting the variance of a variable x, the correlation of the two sets of timings is given by
Figure imgf000006_0001
, and calculated in block 305.
Two keystroke timings are similar if the correlation between them is larger than a value close to 1 (e.g. 0.99). A triplet is "statistically repetitive" if the mean of the correlations of various versions of it is close to 1 (one) and the variance of correlations is small.
If the correlation exceeds a threshold at 306, control returns to 301. If the correlation does not exceed the threshold an error action can be commenced at 307 (cf box 106 of Fig. 1). Alternatively, the system could wait until the threshold has not been met several times before triggering an error action.
A statistically more reliable alternative is to trigger the error action after a series of correlation values fail to meet the threshold. In such an alternative, a number of yes or no votes is to be recorded with a list of most recently used words. If the ratio of yes to no votes is too small after a given number of matches, the error action would be triggered. Fig. 4 illustrates this alternative. If this is the first run since initialization per Fig. 2 after start block 400, at 401 a most recently used list must be initialized. The most recently used list should be initialized to some or all of the triplets in the personal profile, along with yes votes. During the running of the identity checker of the invention, the most recently used list will be updated. The most recently used list will be retained from session to session. After 401 , the steps of boxes 301 , 302, and 303, from Fig. 3 are executed. At
403 a retrieved word is broken into triplets and stored in the list. At 404, the system checks whether there are more triplets to check in the list. If no, control returns to 402. If yes, at 405, the system tests whether the current triplet is in the user's personal profile. If so, the most recently used list is updated at 406. The method of updating the most recently used list will be explained below. Then at 407, the correlation of the current triplet is calculated as per the above equation. Then, as a result of the correlation calculation, "yes" and "no" votes are updated at 408. Updating of "yes" and "no" votes will be explained below together with the explanation for the updating of the most recently used list.
At 409, the system calculates whether a ratio of "yes" to "no" votes exceeds a threshold. If not, the error action 307 is triggered. If so, the current triplet is deleted from 410 and control is returned to 404. The threshold can be any ratio which works in practice. A ratio of 80% was found to work in one experiment.
Updating of the most recently used list and the "yes/no" votes will now be explained. The idea is to keep a running count of whether the user is typing as expected. Therefore several values must be compared. Below, the variable T represents a current time and the variable N represents the length of the list of most recently used triplets. The variable N can take on any value which works in practice. In one experiment, a value of 20 for N was found to give reasonable results. At time T, the N most recently used triplets list might look like the following.
Triplet Time for the most recent "yes" or "no" appearance
triplet j T-100 sec yes
triplet2 T-95 sec yes
triplet3 T-92 sec no
• • •
tripletN T- 10 sec yes
When tripletN+ j is entered, the system has to check whether the new triplet is in the most recently used list. If not, the update will take the following form.
Triplet Time for the most recent "yes" or "no" appearance
triplet2 T-95 sec yes
triplet3 T-92 sec no • • •
tripletN T-10 sec yes
tripletN+ 1 T sec no
In other words, the oldest triplet is removed from the list, and the most recent one is added. The second column of this table is updated at 406, while the third column is updated at 408. If, on the other hand, the newest triplet already appears in the list, a different type of updating is undertaken. If for instance the tripletN= ] =triplet3, the list will look as follows:
Triplet Time "yes" or "no"
triplet! T-100 sec yes
triplet2 T-95 sec yes
triplet4 T-85 sec yes
• • •
tripletN T-10 sec yes
tripletN=
Figure imgf000008_0001
T sec no
In this way, there are always N triplets in the most recently used list, and there are no duplicate triplets in the list. Yet another alternative would be to establish multiple yes/no ratio thresholds. In such a case, the error action would be initiated either if a small number of correlations gave highly aberrant values; or a larger number of correlations gave slightly aberrant values. Sometimes user patterns of typing vary over time. For instance, as a user becomes more experienced, the timings will decrease. If a user acquires new software, the sequences of keystrokes that are statistically repetitive may change. Therefore, it may be desirable to allow the system to update user profiles over time.

Claims

CLAIMS:
1. A computer method for identifying a computer user, the method comprising the following steps receiving user data at a keyboard; continually seeking to match entered sequences of keystrokes with stored predetermined sequences of keystrokes; continually capturing entered keystroke timings; comparing particular entered keystroke timings, in a sequence of entered keystrokes that matches one stored predetermined sequence of keystrokes; and - stored keystroke timings that correspond to the one stored predetermined sequence of keystrokes; and executing an error action when the particular entered keystroke timings fail to compare properly with the stored keystroke timings.
2. The method of claim 1 wherein comparing comprises using a statistical formula to analyze a statistical likelihood that the particular entered keystroke timings were entered by a same use as the stored keystroke timings corresponding to the one stored predetermined sequence of keystrokes.
3. The method of claim 1 wherein the statistical formula is
Figure imgf000010_0001
where - i is an index running from one to three;
Tj(i) is the x^1 particular entered keystroke timing;
T2(i) is an average value of timings of the ith keystroke taken during an initialization phase and corresponding to the one stored predetermined sequence of keystrokes; - E(Tj) is the mean of the Tι(i) values;
E(T2) is the mean of the T2(i) values; σ(T]) is the variance of the T,(i) values; <x(T2) is the variance of the T2(i) values.
4. The method of claim 3 wherein the particular entered keystroke timings are considered to match when correlation(Tj ,T2) exceeds a predetermined threshold.
5. The method of claim 4 wherein the threshold is E-0.5σ, where E is the mean of the keystroke timings for the one stored predetermined sequence of keystrokes and σ is the variance of the keystroke timings for the one stored predetermined sequence of keystrokes.
6. The method as claimed in any of claims 1 to 5, wherein the error action is triggered after several failures of entered keystroke timings to compare properly with stored keystroke timings.
7. The method as claimed in any of claims 1 to 6 further comprising the step of maintaining a list of recently used sequences of keystrokes; and wherein executing the error action comprises only executing the error action when a number of sequences of keystrokes in the list, which compared properly with the stored keystroke timings, fails to meet a predetermined threshold.
8. A computer system comprising a processor; a keyboard; - means for, in response to data entered by a user on the keyboard, continually seeking to match entered sequences of keystrokes with stored predetermined sequences of keystrokes; and continually capturing entered keystroke timings; means for comparing - particular entered keystroke timings, in a sequence of entered keystrokes that matches one stored predetermined sequence of keystrokes; and stored keystroke timings that correspond to the one stored predetermined sequence of keystrokes; and code means for executing an error action when the particular entered keystroke timings fail to compare properly with the stored keystroke timings.
9. The system of claim 8 wherein the comparing means comprises statistical formula means for analyzing a statistical likelihood that the particular entered keystroke timings were entered by a same user as the stored keystroke timings corresponding to the one stored predetermined sequence of keystrokes.
10. The system of claim 9 wherein the statistical likelihood is analyzed according to the following formula
Figure imgf000012_0001
where i is an index running from one to three; - Tj(i) is the ith particular entered keystroke timing;
T2(i) is an average value of timings of the iΛ keystroke taken during an initialization phase and corresponding to the one stored predetermined sequence of keystrokes;
E(T]) is the mean of the T, (i) values; - E(T2) is the mean of the T2(i) values; σ(T,) is the variance of the T,(i) values; σ(T2) is the variance of the T2(i) values.
11. The system of claim 10 wherein the particular entered keystroke timings are considered to match when correlation(Tι ,T2) exceeds a predetermined threshold.
12. The system of claim 10 wherein the threshold is E-0.5σ, where E is the mean of the keystroke timings for the one stored predetermined sequence of keystrokes and σ is the variance of the keystroke timings for the one stored predetermined sequence of keystrokes.
13. The system as claimed in any of claims 8 to 12 wherein the error action is triggered after several failures of entered keystroke timings to compare properly to stored keystroke timings.
14. The system as claimed in any of claims 8 to 13 further comprising means for maintaining a list of recently used sequences of keystrokes; and wherein the means for executing the error action only executes the error action when a number of sequences of keystrokes in the list, which compared properly with the stored keystroke timings, fails to meet a predetermined threshold.
PCT/IB1996/001253 1995-12-21 1996-11-19 User identification system for data processing equipment with keyboard WO1997023816A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57610595A 1995-12-21 1995-12-21
US08/576,105 1995-12-21

Publications (1)

Publication Number Publication Date
WO1997023816A1 true WO1997023816A1 (en) 1997-07-03

Family

ID=24303012

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1996/001253 WO1997023816A1 (en) 1995-12-21 1996-11-19 User identification system for data processing equipment with keyboard

Country Status (1)

Country Link
WO (1) WO1997023816A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1470549A1 (en) * 2001-12-12 2004-10-27 International Business Machines Corporation Method and system for non-intrusive speaker verification using behavior models
EP1512113A2 (en) * 2002-05-15 2005-03-09 Biocom, LLC Identity verification system
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
DE102004049428A1 (en) * 2004-10-08 2006-04-20 Claudia Von Heesen Automatic identification and verification of user data to provide access by a user to electronic equipment
FR2878344A1 (en) * 2004-11-22 2006-05-26 Sionnest Laurent Guyot DATA CONTROLLER AND INPUT DEVICE
FR2878343A1 (en) * 2004-11-22 2006-05-26 Tiki Systems Soc Par Actions S Data input and control device e.g. combinatorial keyboard, for e.g. computer system, has three main detection zones associated to respective index, middle and ring fingers of hand, where each zone has front and rear logical sensitive zones
EP2069993A2 (en) * 2006-10-04 2009-06-17 Behaviometrics AB Security system and method for detecting intrusion in a computerized system
US7689418B2 (en) 2000-03-01 2010-03-30 Nuance Communications, Inc. Method and system for non-intrusive speaker verification using behavior models
US10489772B2 (en) 2013-11-27 2019-11-26 At&T Intellectual Property I, L.P. Out-of-band device verification of transactions
US11238456B2 (en) * 2003-07-01 2022-02-01 The 41St Parameter, Inc. Keystroke analysis
WO2022067436A1 (en) * 2020-09-30 2022-04-07 Mastercard Technologies Canada ULC User identification with input profile record
US11410179B2 (en) 2012-11-14 2022-08-09 The 41St Parameter, Inc. Systems and methods of global identification
US11657299B1 (en) 2013-08-30 2023-05-23 The 41St Parameter, Inc. System and method for device identification and uniqueness
US11683306B2 (en) 2012-03-22 2023-06-20 The 41St Parameter, Inc. Methods and systems for persistent cross-application mobile device identification
US11683326B2 (en) 2004-03-02 2023-06-20 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
US11727471B2 (en) 2006-03-31 2023-08-15 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
US11750584B2 (en) 2009-03-25 2023-09-05 The 41St Parameter, Inc. Systems and methods of sharing information through a tag-based consortium
US11886575B1 (en) 2012-03-01 2024-01-30 The 41St Parameter, Inc. Methods and systems for fraud containment
US11895204B1 (en) 2014-10-14 2024-02-06 The 41St Parameter, Inc. Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups
US11907350B2 (en) 2020-09-30 2024-02-20 Mastercard Technologies Canada ULC User identification with blended response from dual-layer identification service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4621334A (en) * 1983-08-26 1986-11-04 Electronic Signature Lock Corporation Personal identification apparatus
US4805222A (en) * 1985-12-23 1989-02-14 International Bioaccess Systems Corporation Method and apparatus for verifying an individual's identity
GB2247964A (en) * 1990-09-13 1992-03-18 John Robert Devany Controlling access to a keyboard-operated computer system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4621334A (en) * 1983-08-26 1986-11-04 Electronic Signature Lock Corporation Personal identification apparatus
US4805222A (en) * 1985-12-23 1989-02-14 International Bioaccess Systems Corporation Method and apparatus for verifying an individual's identity
GB2247964A (en) * 1990-09-13 1992-03-18 John Robert Devany Controlling access to a keyboard-operated computer system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
IBM TECHNICAL DISCLOSURE BULLETIN, Volume 17, No. 11, April 1975, R.J. SPILLANE, "Keyboard Apparatus For Personal Identification". *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7689418B2 (en) 2000-03-01 2010-03-30 Nuance Communications, Inc. Method and system for non-intrusive speaker verification using behavior models
EP1470549A1 (en) * 2001-12-12 2004-10-27 International Business Machines Corporation Method and system for non-intrusive speaker verification using behavior models
EP1470549A4 (en) * 2001-12-12 2007-08-08 Ibm Method and system for non-intrusive speaker verification using behavior models
EP1512113A4 (en) * 2002-05-15 2008-10-29 Biocom Llc Identity verification system
EP1512113A2 (en) * 2002-05-15 2005-03-09 Biocom, LLC Identity verification system
US11238456B2 (en) * 2003-07-01 2022-02-01 The 41St Parameter, Inc. Keystroke analysis
US11683326B2 (en) 2004-03-02 2023-06-20 The 41St Parameter, Inc. Method and system for identifying users and detecting fraud by use of the internet
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
GB2413425B (en) * 2004-04-23 2008-04-09 Hewlett Packard Development Co Biometric analysis system, methods, apparatus and software using biometric analysis
DE102004049428A1 (en) * 2004-10-08 2006-04-20 Claudia Von Heesen Automatic identification and verification of user data to provide access by a user to electronic equipment
WO2006053991A1 (en) * 2004-11-22 2006-05-26 Laurent Guyot-Sionnest Method and device for controlling and inputting data
FR2878343A1 (en) * 2004-11-22 2006-05-26 Tiki Systems Soc Par Actions S Data input and control device e.g. combinatorial keyboard, for e.g. computer system, has three main detection zones associated to respective index, middle and ring fingers of hand, where each zone has front and rear logical sensitive zones
US8125440B2 (en) 2004-11-22 2012-02-28 Tiki'labs Method and device for controlling and inputting data
FR2878344A1 (en) * 2004-11-22 2006-05-26 Sionnest Laurent Guyot DATA CONTROLLER AND INPUT DEVICE
US11727471B2 (en) 2006-03-31 2023-08-15 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
US8443443B2 (en) 2006-10-04 2013-05-14 Behaviometrics Ab Security system and method for detecting intrusion in a computerized system
EP2069993A4 (en) * 2006-10-04 2011-05-18 Behaviometrics Ab Security system and method for detecting intrusion in a computerized system
EP2069993A2 (en) * 2006-10-04 2009-06-17 Behaviometrics AB Security system and method for detecting intrusion in a computerized system
US11750584B2 (en) 2009-03-25 2023-09-05 The 41St Parameter, Inc. Systems and methods of sharing information through a tag-based consortium
US11886575B1 (en) 2012-03-01 2024-01-30 The 41St Parameter, Inc. Methods and systems for fraud containment
US11683306B2 (en) 2012-03-22 2023-06-20 The 41St Parameter, Inc. Methods and systems for persistent cross-application mobile device identification
US11410179B2 (en) 2012-11-14 2022-08-09 The 41St Parameter, Inc. Systems and methods of global identification
US11922423B2 (en) 2012-11-14 2024-03-05 The 41St Parameter, Inc. Systems and methods of global identification
US11657299B1 (en) 2013-08-30 2023-05-23 The 41St Parameter, Inc. System and method for device identification and uniqueness
US11423388B2 (en) 2013-11-27 2022-08-23 At&T Intellectual Property I, L.P. Out-of-band device verification of transactions
US10489772B2 (en) 2013-11-27 2019-11-26 At&T Intellectual Property I, L.P. Out-of-band device verification of transactions
US11895204B1 (en) 2014-10-14 2024-02-06 The 41St Parameter, Inc. Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups
WO2022067436A1 (en) * 2020-09-30 2022-04-07 Mastercard Technologies Canada ULC User identification with input profile record
US11907350B2 (en) 2020-09-30 2024-02-20 Mastercard Technologies Canada ULC User identification with blended response from dual-layer identification service

Similar Documents

Publication Publication Date Title
WO1997023816A1 (en) User identification system for data processing equipment with keyboard
US7802103B2 (en) Key sequence rhythm recognition system and method
Umphress et al. Identity verification through keyboard characteristics
US8079061B2 (en) Authentication system managing method
US7305559B2 (en) Software method for improved password entry
US8020005B2 (en) Method and apparatus for multi-model hybrid comparison system
US6895514B1 (en) Method and apparatus for achieving secure password access
US5420936A (en) Method and apparatus for accessing touch screen desktop objects via fingerprint recognition
Syukri et al. A user identification system using signature written with mouse
KR19990009965A (en) User authentication method using typing pattern
JP6511293B2 (en) User monitoring system
JP2001092783A (en) Method and system for personal authentication, and recording medium
EP1873675A2 (en) Biometric authentication method and system
JPS62157966A (en) Method and apparatus for checking identity of person
Bours et al. A login system using mouse dynamics
US20080028231A1 (en) Key sequence trustable activation recognition system and method
JP2001516474A (en) User identification confirmation method for data processing device that generates alphabetic characters by keyboard operation
CN106778151A (en) Method for identifying ID and device based on person&#39;s handwriting
US20080034218A1 (en) Key sequence rhythm guidance recognition system and method
JPH10154231A (en) Person authentication device using biometrics information and method therefor
US20080133933A1 (en) Key sequence rhythm recognition system and method
EP2490149A1 (en) System for verifying user identity via mouse dynamics
Siahaan et al. Spoofing keystroke dynamics authentication through synthetic typing pattern extracted from screen-recorded video
US20080028232A1 (en) Key sequence recognition and password hardening system and method
CN113407921B (en) Handwriting recognition login method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 97523449

Format of ref document f/p: F