WO1999009512A1 - Identification in computer systems using inherent characteristics - Google Patents
Identification in computer systems using inherent characteristics Download PDFInfo
- Publication number
- WO1999009512A1 WO1999009512A1 PCT/US1998/016877 US9816877W WO9909512A1 WO 1999009512 A1 WO1999009512 A1 WO 1999009512A1 US 9816877 W US9816877 W US 9816877W WO 9909512 A1 WO9909512 A1 WO 9909512A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- test
- identifying
- inherent security
- tests
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Definitions
- the present invention involves identifying the authorized users of a computer system. More particularly, the invention provides tools for selecting and using inherent personal behavior preferences to identify users of computer networks, standalone computers, embedded systems, and other computer systems.
- Identification may be used to limit access to financial records, as in an automatic bank teller or credit card processing system. Identification may be used to limit access to confidential information, as in a corporate or governmental network or standalone computer. Identification may be used to limit access to locations such as a laboratory, bank vault, or military facility. At present, and perhaps increasingly in the future, identification requirements may be imposed to limit the use of devices such as cars, boats, planes, and other transports; guns, missiles, and other weapons; and other valuable and/or dangerous items.
- Passwords Examples include computer passwords and pass phrases, automatic teller or debit card or telephone card personal identification numbers ("PINs"), and combinations for opening combination locks. Email addresses, zip codes, government or corporate ID numbers, and telephone numbers are sometimes also used as passwords. Passwords are relatively easy to implement and can be entered quickly and easily, using standard computer hardware and software. • Cards. Magnetic, optical, punched, "smart" (embedded circuit), or other encoded identity cards or similar portable devices can also be used quickly by authorized (or by unauthorized) users. Such cards are relatively inexpensive. They can also hold more data than a password, and they are harder to duplicate than a password.
- Biometrics rely on distinguishing physical patterns found on or in the human body.
- biometric systems may include hardware and software for scanning and identifying finge ⁇ rints, retinal or iris patterns, voice patterns, faces, blood type, DNA, and other physical characteristics.
- Encryption keys examples include symmetric and public key systems such as those built on the cryptographic techniques described in Applied Cryptography by Bruce Schneier (ISBN 0-471-59756-2, John Wiley & Sons 1994), and in other works on cryptography.
- witnesses examples include a guard, escort, or other official who is present at the entry to a secure facility and who personally recognizes and vouches for the identity of persons that are granted access to the facility.
- Identification technologies that rely on cards and/or passwords "identify” whoever possesses the card or the password as the rightful owner to whom the card or password was issued.
- Card readers are also relatively expensive and are standard equipment only on limited classes of computer system, such as automatic teller and telephone systems.
- Encryption keys are best used to transmit identification information between computer tasks, threads, or other processes. They do not serve well to transmit the identity of a user from the user to the system (unless embedded in a card such as a logon certificate), because in that role they are essentially long, difficult-to-remember passwords. Like passwords, encryption keys can also be stolen, and once stolen can be readily used by the thief.
- the present invention provides tools for identifying computer system users by testing their responses to inherent security characteristic tests.
- the responses are used to narrow the range of possible identities for a given user until the risk of error is sufficiently low for the system at hand.
- Inherent characteristics can be seen in the preferences people show when asked to perform certain tasks. Many examples are given below, including the way people clasp their hands, the rhythms they use when typing, and the paths they tend to follow when tracing a path on the computer screen.
- the present invention looks for distinguishing characteristics in the way humans recognize patterns. People are good at recognizing patterns in clouds or wood grain, for instance, and different people see different patterns.
- the invention takes advantage of this human ability to find patterns embedded in a surrounding field of "noise" such as dots or lines or random or semi-random sounds or characters or images.
- Figure 1 is a diagram illustrating one of many networks suitable for use as a computer system according to the present invention.
- Figure 2 is a flowchart illustrating methods of the present invention.
- Figure 3 is one of the many possible visual patterns that may be used for pattern recognition tests according to the present invention.
- Figure 4 is another visual pattern suitable for pattern recognition tests according to the present invention.
- Figure 5 is yet another visual pattern suitable for pattern recognition tests according to the present invention.
- Figure 6 is a visual pattern suitable as a background for pattern recognition tests and also suitable for subjective judgment tests, including halving tests, according to the present invention.
- Figure 7 is a visual pattern suitable for pattern completion tests according to the present invention.
- Figure 8 is an array of faces suitable for subjective judgment tests according to the present invention.
- Figure 9 is one of many possible graphs suitable for inherent mathematical ability tests according to the present invention.
- Figure 10 is one of many possible images suitable for spatial reasoning ability tests according to the present invention.
- Figure 1 1 illustrates the use of three tests to narrow the range of possible identifications by partitioning a population of users according to the present invention.
- the present invention relates to methods and systems for selecting and using inherent security characteristics for user identification in computer systems.
- a clean conceptual line is drawn between the Technical Background, which describes approaches conceded to be part of the prior art, and the Detailed Description, which presents the invention. This is true to some extent in the present document, but it also made sense to discuss some aspects of conventional devices and methods here in the Detailed Description next to particular aspects of the invention.
- the invention is defined by the claims.
- the claimed invention includes novel combinations of known elements (including some elements noted in the Technical Background), novel methods using known elements, combinations of known and novel elements, and other inventive approaches.
- a "computer system” includes at least a processor, a memory, an input device, and an output device.
- the processor may include a general pu ⁇ ose device such as a 80x86, Pentium (mark of Intel), 680x0, or other "off-the-shelf microprocessor.
- the processor may include a special pu ⁇ ose processing device such as an ASIC, PAL, PLA, PLD, or other customized or programmable device.
- the memory may include static RAM, dynamic RAM, flash memory, ROM, CD-ROM, disk, tape, magnetic, optical, or other computer storage medium.
- the input device may include a keyboard, mouse, touch screen, light pen, tablet, microphone, position sensor, pressure sensor, thermal sensor, or other input hardware with accompanying firmware and/or software.
- the output device may include a monitor or other display, printer, speech or text synthesizer, solenoid, switch, signal line, or other process controller.
- the most typical computer system configurations suitable for configuration and use according to the invention presently include personal computers, network computers, or other widely used and relatively inexpensive computing devices.
- the present invention may also be used to improve automatic teller systems, point-of-purchase payment systems, embedded systems in cars or other property, secured facility access control systems, and other computer systems.
- Embodiments of the invention preferably use standard computer hardware, such as a monitor and an input device such as a keyboard or a mouse. Expensive or special- pu ⁇ ose hardware such as identity card readers and retinal scanners are not required. Indeed, although a graphics monitor (such as a graphical user interface-supporting display) is preferred, a simple character device like a teletype or tty can also be used.
- a graphics monitor such as a graphical user interface-supporting display
- a simple character device like a teletype or tty can also be used.
- Suitable computer systems include various networks, such as local area networks, wide area networks, metropolitan area networks, and/or various "Internet" or IP networks such as the World Wide Web, a private Internet, a secure Internet, a value-added network, a virtual private network, an extranet, or an intranet.
- the network 100 includes a server 102 and several clients 104; other suitable networks may contain other combinations of servers, clients, and/or peer-to-peer nodes, and a given computer may function both as a client and as a server.
- the computers connected by a suitable network may be work- stations, laptop computers, disconnectable mobile computers, servers, mainframes, network computers or lean clients, personal digital assistants, or a combination thereof.
- the network may include communications or networking software such as the software available from Novell, Microsoft, Artisoft, and other vendors, and may operate using TCP/IP, SPX, IPX, and other protocols over twisted pair, coaxial, or optical fiber cables, telephone lines, satellites, microwave relays, modulated AC power lines, and/or other data transmission "wires" known to those of skill in the art.
- the network may encompass smaller networks and/or be connectable to other networks through a gateway or similar mechanism.
- Standalone computers (workstations, laptops, personal digital assistants, or others) may also be configured according to the invention; a network may be present in some embodiments but is not required in all embodiments.
- At least one of the computers is capable of using a floppy drive, tape drive, optical drive, magneto-optical drive, or other means to read a storage medium 106.
- a suitable storage medium 106 includes a magnetic, optical, or other computer-readable storage device having a specific physical configuration. Suitable storage devices include floppy disks, hard disks, tape, CD-ROMs, PROMs, random access memory, flash memory, and other computer system storage devices.
- the physical configuration represents data and instructions which cause the computer system to operate in a specific and predefined manner as described herein.
- the medium 106 tangibly embodies a program, functions, and/or instructions that are executable by computer(s) to assist user identification substantially as described herein.
- Suitable software to assist in implementing the various devices, systems, and methods of the invention is readily provided by those of skill in the pertinent art(s) using the teachings presented here and programming languages and tools such as Java. Pascal, C++, C. database languages. APIs. SDKs, assembly, firmware, microcode, and/or other languages and tools.
- FIG. 2 illustrates generally several methods of the present invention.
- a method may include a step 200 for selecting inherent characteristics, a step 202 for using inherent characteristics, or both.
- An inherent characteristic also known as an "inherent security characteristic” or "ISC"
- ISC inherent security characteristic
- An inherent characteristic has certain qualities.
- an ISC should be an inherent part of a person's identity, subject to the constraint that computer systems will be used to receive and evaluate the ISC. For instance, how one thinks about patterns in the world is an inherent characteristic. Computer systems cannot read minds directly to determine how one thinks, but they can be used to present patterns and record responses and characterize those responses according to programmed methods and criteria.
- Inherency has distinct advantages. Unlike a magnetic card or even a fmge ⁇ rint, inherent aspects of one's way of thinking cannot easily be stolen. Unlike a password, an inherent ability to distinguish certain patterns from surrounding noise takes no particular effort to remember. Unlike witnesses, inherent characteristics are always present when a user needs to be identified (unless the user is sleeping, ill, physically restrained, or otherwise incapacitated). The ISC must also be capable of being used to reliably identify a user. Thus, it must be acceptably consistent for a given person over time and in varied circumstances, and it must be different for different people, at least to some acceptable level of risk.
- the ISC identification procedure preferably allows pattern recognition by a user using various combinations of patterns; this is discussed below in connection with Figure 11.
- Combining identification tests provides control over the degree of certainty with which a user is identified. More responses to patterns of a given type being matched (for instance, responses to several halving tests of the type discussed in connection with Figure 6), or more types of patterns being matched (for instance, responses to both the finger interlacing orientation test and a halving test), or more reliable patterns being matched (as determined by clinical tests or product beta tests, for example), each correspond to greater certainty and less risk in identifying the user.
- the situation is roughly analogous to the sort of control provided by using more or fewer bits in an encryption key, since there is a tradeoff between time and certainty.
- ISC tests be language-neutral, visual, and/or rapidly evaluated.
- the illustrated step of selecting inherent characteristics includes a group selecting step 204, a candidate characteristic selecting step 206, a testing step 208, and an evaluating step 210.
- Figure 2 shows a particular order and grouping for the main steps 200 and 202, and for various subsidiary steps. However, those of skill will appreciate that the steps illustrated and discussed in this document may be performed in various orders, except in those cases in which the results of one step are required as input to another step. Likewise, steps may be omitted unless called for in the claims, regardless of whether they are expressly described as optional in this Detailed Description. Steps may also be repeated, or combined, or named differently.
- an ISC must be inherent, preferably testable with standard hardware, and acceptably distinguishing. Unlike a password or card, an inherent characteristic is not easily stolen. Unlike biometrics, an ISC does not routinely require special scanning hardware. (Another advantage of ISCs over biometrics is that ISCs test inherent behavior, which is harder to duplicate than inherent physical metrics; the closest biometrics come to testing behavior is apparently to determine whether blood is flowing through the body part being scanned).
- a single ISC must divide the population of users into at least two groups, so that a combination of ISCs will distinguish between individual users (or user groups) with an accuracy that is deemed acceptable under the circumstances in view of factors such as the value of access to the system, the use of other identification measures, the need for rapid access, and the details of the computer hardware available.
- ISCs belong to one or more of at least the following groups, which are discussed in detail below: Pattern Recognition, Pattern Completion, Subjective Judgment, Orientation, Math, and Music.
- Pattern recognition ISCs reflect an individual's inherent abilities and/or tendencies to recognize certain patterns quickly while recognizing other patterns only later or not at all.
- Figure 3 shows a pattern that may be inte ⁇ reted in different ways by different people.
- people may identify Y, A, T, or X first. Different characteristics of each letter may be more important in one person's pattern recognition though processes than in another person's. For example, the Y is leftmost, and English readers read left-to-right. However, the A is largest, the T is closest to the center, and the X is most symmetric. For these or other reasons, during a brief test several different members of my family (who did not know the pu ⁇ ose of the test) identified the letters in different orders, such as YAXT versus YTAX or YATX.
- Figure 5 illustrates in turn some of the many possibilities for embedding simple geometric shapes, numbers, letters, faces, line drawings of buildings or tools or plants or animals, and other patterns in a field of background noise.
- Figure 5 contains a triangle and a square embedded differently so that different people will tend to see one or the other first.
- Figure 6 shows background noise which is not as regular as the background in Figure 5. Shapes or other patterns could be embedded in such a background by holding proximity, shape, size, vertex presence, or other visual characteristics constant along the "lines" which define the shape and varying them elsewhere, in a manner similar to holding color constant in a driver's license color-blindness test. Like Rorschach blots, optical illusions, color-blindness eye tests, and color images that emerge from a picture only if one focuses on a point outside the plane of the picture, the images used to test ISCs partition the population of viewers according to what they see (or what they tend to see first).
- the driver's license eye tests include tests that ask one to pick out colored shapes such as circles from a field of dots of various colors .and diameters. But the pu ⁇ ose of the eye test is to check for color blindness that would make one an unsafe driver, not to identify one before granting access to digital data or other computer system resources.
- the Rorschach ink-blot and other psychological tests are directed to medical or psychological evaluation, not to user identification for computer security.
- familiar word-search puzzles, hidden image puzzles, alternate focus images, optical illusions, and other known pattern recognition or pattern completion devices and methods are all directed to entertainment or intelligence testing, not to the problem of reliably identifying people to a computer system by using inherent characteristics.
- Pattern Completion ISCs may also be identified or used by having prospective computer system users complete an appropriate sequence or other partial pattern. Different people may use different inherent rules to complete the pattern in different ways. For instance, Figure 7 shows a sequence of images leading to four possible images, only one of which is selected as "the" next in the sequence. In reality, any of the four possible next images is correct, according to the rule instinctively preferred by the user.
- Conventional word association tests, ink blot inte ⁇ retation tests, and other conventional psychological tests may be adapted for use in identifying particular individuals according to the present invention. For instance, it may be the case that one person associates warmth with comfort while another associates heat with discomfort. Once this is determined and stored for reference by a computerized test generator according to the invention, providing each person with a series of association tests will help identify the preferences and thus the person.
- intelligence test designers, mathematicians, computer scientists, cognitive scientists, and others have identified many visual, numeric, and musical sequences which (in combination with the teachings of the present invention) will in some cases help identify inherent security characteristics.
- 1 2 2 3 may be completed in at least two different ways, according to one's inherent preferences: 1, 2, 2, 3, 3, 3, 4, 4, 4, 4, ... 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, ...
- Pattern completion is closely related to the choice of rules for completing a pattern or otherwise solving a problem.
- ISCs In general, the availability of choices and evidence of divergent approaches by different people suggests ISCs may be involved (acceptable consistency of a given person's responses must also be present).
- artificial intelligence researchers have identified various types of "pattern sensitivity" which are present in different people to different degrees but have not applied this to the problem of distinguishing between system users or otherwise recognized that pattern sensitivities may reflect inherent security characteristics. See, for instance, Hofstadter, Fluid Concepts and Creative Analogies. ISBN 0-465-02475-0, at pages 42, 77, 313-318.
- Some inherent characteristics are associated with deeply held feelings about abstract concepts such as beauty, equality, and order. For instance, if different people are given a "halving test" which asks them to draw a straight line that equally divides the image of Figure 6, then different lines will often be drawn. Moreover, preferences can be identified and associated with particular people. Some prefer horizontal lines, others prefer vertical lines, a third group tends toward diagonal lines, and a fourth group shows no consistent preferred angle. Some people favor lines that cut through one or more of the filled-in shapes, while others stick to the white space between shapes, and a third group show no consistent preference in this aspect of their responses.
- orientation inherent security characteristics reflect physical characteristics of a user. Unlike biometrics, however, orientation ISCs reflect the way a user acts. Biometrics are basically static rather than behavioral. At most, a biometric security system might be called “kinetic” or “dynamic” when it checks for blood flow, body temperature, or other indication that a live user with the specified finge ⁇ rint, iris pattern or other biometric is present.
- orientation (and other) ISCs test a user's behavior.
- pattern matching, pattern completion, and subjective judgment tests described above are interactive.
- Orientation tests are likewise interactive, although they are preferably unobtrusive and combined with tests of other ISCs, because they may be easier to falsify if the user knows they are being tested.
- Suitable orientations to test include, without limitation, the user's handedness (left, right, or ambidextrous); natural finger interlacing when the user's hands are clasped together (left thumb on top or right thumb on top); preferred reading direction (in literate users) such as left-to-right and top-to-bottom; preferred natural language (English, French, and so forth, optionally including dialects); and preferred sentence structure (subject- verb-object, subject-object- verb, and so on).
- the user is probably left-handed; if the bjkp portion is faster, then the user is probably right-handed; if the speeds are nearly equal (where "nearly" is determined by empirical tests on a sample of users) then the user is probably ambidextrous.
- the selected keys make it awkward for a user to exchange hand positions (typing zdfy with the right hand and bjkp with the left).
- the request to use a different finger for each key is preferable to an explicit request to use the left hand for the first four keys and the right hand for the last four because it does not expressly raise handedness as an issue with the user being tested. Nevertheless, the test results can be falsified by a knowledgeable and determined user, so this ISC should generally be used in combination with other ISCs and/or other security means such as passwords, cards, biometrics, or witnesses.
- Finger interlacing orientation can be tested by analysis of a video image of the user's clasped hands, using vision hardware and software similar to that employed in factories for sorting or in biometric security systems.
- the finger interlacing orientation of users who have all the necessary fingers can also be tested by a method such as the following. First, ask the user to clasp hands, to then straighten the little finger of each hand so it extends outward, to rest the clasped hands against their chest or on the edge of a table so that the hands hand move up and down but not sideways, to close their eyes, and to then rapidly type the same key fifty or so times with one of their little fingers.
- One keystroke should appear much more than any other.
- G is thus the "center” keystroke for the first sequence
- k is the center keystroke for the second sequence.
- h is a "right-side” keystroke because the h key is to the right of the center key g
- t is a "left-side” keystroke because the t key is slightly to the left of the center key g.
- j is a left-side keystroke because the j key is to the left of the center key k, and there .are no right-side keystrokes.
- Preferred reading direction and sentence structure may be determined by giving the user an initial choice of languages, with each described in its own form (English, Francais, Deutsch, and so forth, including oriental and other languages that use written forms other than a Roman alphabet). Giving users a choice of language is, of course, well-known to make text legible. But to my knowledge this choice has not previously been used to help identify the user for computer system security pu ⁇ oses.
- Preferred sentence structure may also be determined by giving choices based on a sequence of words, a sequence of words and images, or a sequence of images.
- the user could be shown a sequence which contains elements capable of serving either as nouns or verbs and capable of serving either as subject nouns or object nouns.
- an image of flames can mean either the noun "fire” or the verb "burn”; and a face with an O for a mouth and eyes slanted like / and ⁇ could mean either "person” or "cry".
- Most nouns will serve equally well as subject or object.
- the user may also be asked to create a sequence which reflects the sentence structure preferred.
- the user may be presented with images of a stick figure m.an facing forward (bilaterally symmetric about a vertical axis), a similar forward-facing monster, and four spears (left-pointing, right-pointing, up-point, and down-pointing).
- the user is then to drag each image into a designated area to make a "sentence".
- the spear will serve as a verb, the man as subject, and the monster as object to create a sentence such as "man kills monster.”
- the relative order of the images placed by the user will then reveal sentence structure orientation, and possibly reflect reading orientation as well.
- the system embodying the ISC tests may show a user a graph like the one indicated generally at 900 in Figure 9, which contains points 902 and sides 904, and then instruct the user "Separate this figure into two parts, each containing at least one side, by removing as few point as possible; when a point is removed all sides attached to it are also removed.”
- the system may also give the user a scissors, eraser, gun, or other icon to be used in removing the points.
- the user may also be given other mathematical tests.
- One suitable test includes adaptations of the game in which a user is asked to fit a set of triangles and other simple shapes into an outline as quickly as possible; an example is shown in Figure 10. The user is asked to mentally pick up one of the four pieces, flip it over, set it back down, and then place the four pieces together to form a complete oval. The difficulty lies first in determining which single piece to flip, and then in determining how to arrange the pieces to form the oval.
- the graph separation test of Figure 9 and the spatial reasoning test of Figure 10 each have the advantage that they are specific instances of a virtually infinite group of similar tests. Given appropriate constraints on complexity, such as "graph connected by four or fewer points" and “at most two pieces to flip and six pieces total to fit together", those of skill can use computer software and hardware to generate many similar puzzles so that a given user rarely or never sees the same puzzle twice. Such variety reduces the risk that users will be bored or annoyed, and makes it harder to falsify responses to gain unauthorized access by posing as someone else.
- rhythmic signatures can be measured, recorded in an administrative file, and used by the computer system to help identify users.
- Prior methods and devices not directly related to computer security enforcement but nonetheless of possible interest in identifying ISCs include the Turing test; driver's license eye tests; psychological tests such as ink-blot .and word-association tests; word search puzzles; color or shape or other visual pattern-fields such as clouds or marble or certain random or semi-random floor tile patterns; and optical illusions having multiple visual inte ⁇ retations, such as whether one is looking at a stairway from below or above, or whether one is looking a tuning fork with two or three prongs, or whether one is looking at the face of a young woman or an old woman.
- the Turing test asks whether a human tester can tell the difference between human and machine test subjects when the only communication link between tester and test subject is through a computer terminal or similar electronic or mechanical path.
- the present invention provides a way for a machine (computer hardware and software) to distinguish between different humans through such a communication path.
- the present invention allows a computer system to distinguish between an authorized human user, on the one hand, and cracking or simulation or artificial intelligence software that tries to imitate that human, on the other hand.
- the present invention takes advantage of the inability of software and hardware to adequately mimic human biology, neurology, and psychology in general, and of a machine's inability to adequately mimic human pattern recognition abilities and tendencies in particular.
- the invention confirms and demonstrates fundamental differences between people and the tools (including software and computer hardware) they create.
- one or more candidate characteristics are selected. Selection in this and other selection steps may be at least partially automated, but human judgment will be involved either directly (as when a human reviewer makes the selection based on information that may have been produced with the assistance of automation) or indirectly (as when software programmed by a human makes the selection according to criteria embedded in the software by the programmer).
- Selection criteria may reflect practical considerations, such as the estimated time and cost needed to determine whether the selected characteristics will function as desired as inherent security characteristics in a computer system; the estimated time and cost for implementing a large number of tests; and policy considerations such as whether the use of a particular characteristic would be offensive or degrading even if it were feasible (this could rule out tests of characteristics such as particular phobias, ethnicity, sexual preferences, and the like). Selection criteria may also reflect more academic considerations, such as theories and experimental results from psychology, psychiatry, neurology, cognitive science, sociology, genetics, and other fields concerned with human behavior.
- step 206 would therefore rule out ear lobe structure as a candidate and would select finger interlacing orientation as a candidate.
- step 206 may select "facial preference” generally as a characteristic to test; in subsequent iterations of step 200, step 206 may refine the characteristic to select (as a hypothetical example) "pupil presence” or “open-mouthed smile” or “mouth wider than eyes” as characteristics to test for use as ISCs.
- candidate characteristics may be selected based on the available testing equipment, which is preferably limited to standard computer components such as a keyboard, mouse, screen, processor, and memory (speakers and microphones are rapidly becoming standard; a hard disk is standard on many systems).
- Candidates could be identified by asking "What inherent characteristics might be exhibited when a user types on a keyboard?" This leads to consideration of characteristics such as handedness, preference for certain fingers (like many people, for instance, I rarely use the little finger of either hand while typing), the likelihood of committing certain errors rather than others when typing a given text, rhythms when typing the same text several times in rapid succession, and even spelling preferences ("color” versus "colour”) or vocabulary preferences ("gas” versus "petrol”).
- candidates could be identified by asking "what inherent characteristics might be exhibited when a user moves a mouse?" This leads to consideration of characteristics such as a tendency to stay inside a square versus a tendency to hit the corners of the square when asked to rapidly trace several squares, particular ratios between the time spent on certain curves versus the time spent on straight portions when asked to trace an apparently random path, and other behaviors that might serve as ICSs.
- the characteristics selected during step 206 are tested to determine whether they will serve with sufficient accuracy as ISCs.
- a test of the characteristic is devised. The test must help determine whether a given person exhibits the characteristic predictably over time in response to different stimuli, and whether different people exhibit the characteristic differently. Although it will often be necessary to physically test a candidate characteristic on a statistically significant population of human users under controlled conditions before the characteristic's suitability as an ISC is determined, in some cases the mere effort to devise tests, or the results of tests run mentally (so-called "ge philosophicalexperiments"), may reveal that a selected candidate will not serve as an ISC.
- test administration and evaluation methodologies (statistical analysis, responses to questions from the test population, control groups, and so on) of the type normally used with psychological, personality, intelligence, pharmaceutical, or medical research tests are well known. These methodologies are readily adapted for use in testing candidate ISCs.
- a control group is preferably used to ensure that the images presented (or the text to be typed or the other stimuli) reflect the characteristic being tested.
- the test population should generally not be told what characteristic is being tested, since they will generally not be given that information during commercial use of the invention. Knowing the characteristic being tested often makes it easier to illicitly duplicate someone else's behavior and gain unauthorized computer system access.
- test results are evaluated to determine which candidate characteristics will actually serve as ISCs. Results from tests that were administered, from observations during design of the tests, and from geticianexperiments may all be considered. Evaluation may be aided by automation, such as correlation studies or other statistical analyses.
- the evaluation normally relies on the results of at least one physically administered test.
- This test is preferably administered using a computer system configured with a prototype of software that implements the tests that will be used in the commercial embodiment of the invention.
- physical administration of visual tests may also be done with display means other than a computer screen, such as drawings on a sheet of paper or a blackboard or a whiteboard, or drawings projected on a wall or a photographic slide screen.
- a first characteristic may serve for use in low security environments if at least one third of the target user population exhibits the characteristic consistently.
- a second characteristic might be suitable as an ISC in a high-security environment only if virtually every member of the population exhibits it consistently.
- An example of such a first characteristic is preferred reading direction (not everyone is literate) while an example of such a second characteristic is finger interlacing orientation (virtually everyone has two little fingers and enough other fingers to show a preferred interlacing order that is apparently genetic and thus inherent).
- test accuracy may vary.
- a test that accurately reveals the characteristic only about sixty percent of the time may be acceptable in some environments, such as access to a business' s postage meter when the meter always refuses a request for postage over a predetermined limit anyway.
- a test that accurately reveals the characteristic at least ninety-eight percent of the time may be needed in other environments, such as with an automatic bank teller machine.
- the steps 204 to 210 may be repeated, omitted, or performed in other orders. For instance, someone implementing a system using specific tests presented as examples in this patent may effectively proceed straight to implementing and running tests and evaluating their results.
- the use step 202 includes a supplement selecting step 212, an acceptability selecting step 214, .an implementing .and initializing step 216, and an identifying or access controlling step 218. As with the other steps, these may be performed in various orders and combinations.
- zero or more supplemental identification means are associated with the ISC(s) for use during the step 218.
- an extremely high- security environment could combine the use of biometric, password, witness, card, and ISC tests, denying access unless tests of each type are passed.
- a mid- level security environment might request that the password be typed five times in twenty seconds or less and then accept the user's alleged identity as correct only if the password is known and if the typing rhythm matches the previously stored rhythm of the user who has the password in question. (The user ID or user name is thus determined implicitly).
- the supplement selecting step 212 may also combine tests for different ISCs. For instance, a typing rhythm test and a visual pattern recognition test might be used in combination.
- the criteria for accepting the test or the test's results are selected for the system in question. Criteria for a test depend on the system configuration; as just noted, a major constraint is the availability of the necessary hardware (or equivalent hardware - a light pen might be used in place of a mouse). Bandwidth requirements may also be imposed. For instance, graphics needed to test some visual pattern recognition ISCs may be ruled out if it would take too long to download them over a network connection.
- Criteria for accepting a test's results reflect the presence of supplements selected during step 212 and the security level of the system. For instance, an ISC test used alone to guard access to a military system would require much greater accuracy than one used in combination with magnetic cards or one used to limit access to a subscribers-only hobby web site.
- the user's convenience should also be considered during step 214. Identifying oneself to a computer system using ISC tests will often take longer than it would take to simply enter a short password.
- Passwords have disadvantages, but one generally positive feature is their ease of use once they are memorized.
- the added security obtained by using ISC tests will offset the additional user time or effort (such as for typing rhythm tests) needed by those tests.
- the novelty and entertainment value of the ISC tests will reduce or even eliminate user irritation.
- Many people enjoy solving puzzles, as shown by the popularity of pastimes such as crossword puzzles, riddles, fictional ceremonies, logic puzzles, anagrams, mazes, and many others (including at least some aspects of computer programming).
- ISC tests may be presented as non-threatening puzzles. For instance, the task of drawing a single line that divides the image of Figure 6 in half is simultaneously part of an ISC test and a puzzle for the user to solve. Conversely, ISCs may be reflected in preferences or tendencies exhibited in solving popular puzzles, so popular puzzles are another source of candidates for evaluation during step 200.
- the step 216 includes implementing software and/or hardware to present the chosen test images, instructions, or other stimuli to users; to receive the resulting input from users; to access administrative files which associate certain characteristics (as evident in the tests and resulting user responses) with certain individual users or groups of users; to analyze the input in view of the administrative files; and to inform the computer system security software of the results ("user identified as user-39", “unknown user”, and so forth).
- Programming and hardware creation and/or configuration can be accomplished using conventional tools, guided by the architecture and detailed examples described here.
- step 26 includes initializing and/or updating the administrative files so that they accurately reflect the ISCs of users.
- the results of mockups (using paper images rather than a computer screen, for instance) or early prototype tests can be used.
- step 218 Identifying and Access Controlling Step 218 During step 218 all the preparations described above are put to use. To illustrate this step, consider the following examples:
- a standalone business workstation has only one authorized user (other than the system administrator). Some confidential information is stored on the workstation, but the workstation is located in a physically secure room and the value of the confidential information is minimal to anyone other than the single authorized user.
- the workstation is configured with simple ISC identification software. After the workstation boots and a user tries to access it, it displays a prompt like this one: "To gain access, please type your password three times in less than twenty seconds.” The authorized user has been told that the message is a trap for unauthorized users, and that system will actually grant access if the user types between twenty and thirty keys in twenty seconds. The authorized user does not know, however, that the system will also consider factors other than the number of keys and the elapsed time.
- the ISC identification software determines that the authorized user consistently tends to respond by starting with the "q" key and typing successive keys from left to right in that same row at least three times without reaching the "p" key.
- the ISC identification software may also provide a second prompt to obtain data to initialize another ISC test, which replaces or supplements the first test at some point after initialization data characterizes the user. For instance, tests could be changed every two months or so with little inconvenience to the user. Thus, after "passing" the first test, the user might be told that the new prompt will be "To gain access, please type your password once forward and once backward in less than ten seconds" and that the system will actually admit any user who types any sequence of at least six characters twice.
- the system will then note that the user (who is authorized by virtue of passing the first ISC test) consistently responds by typing "zxcvbnm,.zxcvbnm,.” Once the user responds consistently, the first prompt and its test can be replaced by the second prompt and its test.
- Access to a military network is guarded by physical means (a magnetic card and a biometric fmge ⁇ rint test) and by three ISC tests.
- the user seeking access is presented with one ISC test requiring identification of all letters in a drawing similar to Figure 3; one ISC test requiring an estimate of the number of elements in a drawing similar to
- Figure 6 after the drawing is displayed for three seconds and then removed; and one ISC test of typing rhythms or other typing preferences.
- the user's finger interlacing orientation is tested.
- the user is required to grip a joystick with two hands and fly a virtual ship through several hoops; a hidden video camera snaps an image of the user's hands during the flight and the image is analyzed to determine finger lacing orientation.
- piloting behaviors which are learned but nonetheless deeply ingrained and thus inherent may also be used as ISCs because they divide the population of pilots according to experience. For instance, helicopter pilots will react differently to the sudden presence of an obstacle than jet fighter pilots because their aircraft have different capabilities.
- Experience may also be tested by looking for so-called "strong-but-wrong" errors; training (or lack of it) also partitions the population of potential system users. In any case, access is granted to the military network only after all ISC and other identification tests are satisfied.
- biometric tests such as a blood type test or DNA test
- a blood type test or DNA test are used in legal proceedings to narrow the range of possible identities without fully identifying the tested person. Additional information such as eyewitness testimony is combined with the biometric test results to establish identity with acceptable accuracy.
- Computer systems typically identify users by using one or more tests, each of which partitions the population to some degree of certainty into an authorized user and everyone else. The present invention allows this approach, but it also allows identification of users by intersecting populations in a multi-step process of elimination.
- FIG. 11 illustrates partitioning; for clarity of illustration a hypothetical set 1100 containing only a hundred users is shown.
- a first test divides the users into two groups 1102 and 1104 of roughly equal size.
- a second test divides the users differently, into six groups ranging in size from ten to twenty-seven members; the first two of these six groups are indicated at 1106 and 1108.
- a third tests divides the users in yet another way; these divisions are illustrated as light and dark circles, triangles, and squares. The combined test results uniquely identify forty-two of the one hundred users even though the smallest group contains ten members. The combined tests also narrow the identification of the other users, eliminating in each case all but two or three of the hundred users.
- ISC tests can also be combined with other tests to provide identifying information. For instance, an ISC test that partitions the population into groups of several thousand or more persons each could be combined with a request for a "weak password.” Weak passwords include information such as the user's email address, ZIP code, home telephone number, or other information that is available to a unauthorized user only with significant effort .and that is unlikely to be forgotten by the authorized user.
- ISC tests should not rely heavily on a user's aptitude for skills that are enhanced by taking the ISC tests. For instance, the speed and accuracy with which a user can add a column of numbers should not be used because addition skills improve notably with practice. In particular, the ISC test should not have a "right" answer, at least with respect to the characteristics being measured (as opposed to the task set for the user).
- the identification system can be regularly re-calibrated to reflect the user's increasing skill. This re-calibration can be done in a manner similar to the initialization step 216 introduction of a new prompt, so that re-calibration is done unobtrusively as part of the on-going use of the system.
- the present invention provides a novel system and method for identifying users of computer systems.
- the invention may be used in place of, or in combination with, conventional identification means such as cards, witnesses, and biometric scanners.
- Many implementations of the invention require as I/O devices only a keyboard and a screen capable of displaying characters. Other implementations take advantage of the presence of a mouse or other pointing device, or the presence of a color screen.
- expensive and unusual biometric scanners or other devices are not required.
- the invention uses inherent behavioral characteristics to tell users apart, users need not memorize passwords in order to pass the identity tests that implement the invention. Likewise, users need not worry about losing cards, or having them stolen, because their inherent security characteristics are not separate items and (if tests are implemented correctly) are not easily duplicated by others.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU90198/98A AU9019898A (en) | 1997-08-20 | 1998-08-13 | Identification in computer systems using inherent characteristics |
GB0002110A GB2343039B (en) | 1997-08-20 | 1998-08-13 | Identification in computer systems using inherent characteristics |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US5661597P | 1997-08-20 | 1997-08-20 | |
US60/056,615 | 1997-08-20 | ||
US3662198A | 1998-03-07 | 1998-03-07 | |
US09/036,621 | 1998-03-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999009512A1 true WO1999009512A1 (en) | 1999-02-25 |
Family
ID=26713332
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1998/016877 WO1999009512A1 (en) | 1997-08-20 | 1998-08-13 | Identification in computer systems using inherent characteristics |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU9019898A (en) |
GB (1) | GB2343039B (en) |
WO (1) | WO1999009512A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004111806A1 (en) * | 2003-06-19 | 2004-12-23 | Elisa Oyj | A method, an arrangement, a terminal, a data processing device and a computer program for user identification |
US7204425B2 (en) | 2002-03-18 | 2007-04-17 | Precision Dynamics Corporation | Enhanced identification appliance |
EP2290572A1 (en) * | 2009-08-27 | 2011-03-02 | Monika Holland | Process and arrangement for remotely specifiying a user profile |
US9554273B1 (en) | 2015-09-04 | 2017-01-24 | International Business Machines Corporation | User identification on a touchscreen device |
US9680644B2 (en) | 2013-07-25 | 2017-06-13 | Technion Research And Development Foundation Limited | User authentication system and methods |
US10082954B2 (en) | 2015-09-04 | 2018-09-25 | International Business Machines Corporation | Challenge generation for verifying users of computing devices |
USRE47908E1 (en) | 1991-12-23 | 2020-03-17 | Blanding Hovenweep, Llc | Ergonomic man-machine interface incorporating adaptive pattern recognition based control system |
USRE48056E1 (en) | 1991-12-23 | 2020-06-16 | Blanding Hovenweep, Llc | Ergonomic man-machine interface incorporating adaptive pattern recognition based control system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5229764A (en) * | 1991-06-20 | 1993-07-20 | Matchett Noel D | Continuous biometric authentication matrix |
US5557686A (en) * | 1993-01-13 | 1996-09-17 | University Of Alabama | Method and apparatus for verification of a computer user's identification, based on keystroke characteristics |
-
1998
- 1998-08-13 AU AU90198/98A patent/AU9019898A/en not_active Abandoned
- 1998-08-13 WO PCT/US1998/016877 patent/WO1999009512A1/en active Application Filing
- 1998-08-13 GB GB0002110A patent/GB2343039B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5229764A (en) * | 1991-06-20 | 1993-07-20 | Matchett Noel D | Continuous biometric authentication matrix |
US5557686A (en) * | 1993-01-13 | 1996-09-17 | University Of Alabama | Method and apparatus for verification of a computer user's identification, based on keystroke characteristics |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE47908E1 (en) | 1991-12-23 | 2020-03-17 | Blanding Hovenweep, Llc | Ergonomic man-machine interface incorporating adaptive pattern recognition based control system |
USRE48056E1 (en) | 1991-12-23 | 2020-06-16 | Blanding Hovenweep, Llc | Ergonomic man-machine interface incorporating adaptive pattern recognition based control system |
USRE49387E1 (en) | 1991-12-23 | 2023-01-24 | Blanding Hovenweep, Llc | Ergonomic man-machine interface incorporating adaptive pattern recognition based control system |
US7204425B2 (en) | 2002-03-18 | 2007-04-17 | Precision Dynamics Corporation | Enhanced identification appliance |
US7849619B2 (en) | 2002-03-18 | 2010-12-14 | Mosher Jr Walter W | Enhanced identification appliance for verifying and authenticating the bearer through biometric data |
WO2004111806A1 (en) * | 2003-06-19 | 2004-12-23 | Elisa Oyj | A method, an arrangement, a terminal, a data processing device and a computer program for user identification |
EP2290572A1 (en) * | 2009-08-27 | 2011-03-02 | Monika Holland | Process and arrangement for remotely specifiying a user profile |
US9680644B2 (en) | 2013-07-25 | 2017-06-13 | Technion Research And Development Foundation Limited | User authentication system and methods |
US9554273B1 (en) | 2015-09-04 | 2017-01-24 | International Business Machines Corporation | User identification on a touchscreen device |
US10082954B2 (en) | 2015-09-04 | 2018-09-25 | International Business Machines Corporation | Challenge generation for verifying users of computing devices |
US10599330B2 (en) | 2015-09-04 | 2020-03-24 | International Business Machines Corporation | Challenge generation for verifying users of computing devices |
Also Published As
Publication number | Publication date |
---|---|
GB2343039A (en) | 2000-04-26 |
GB2343039B (en) | 2001-06-13 |
GB0002110D0 (en) | 2000-03-22 |
AU9019898A (en) | 1999-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Hart | Faith thinking: The dynamics of Christian theology | |
Veeraiah et al. | Application of biometric system to enhance the security in virtual world | |
Bonneau et al. | Towards reliable storage of 56-bit secrets in human memory | |
Couturier et al. | Donald Barthelme | |
Yanushkevich et al. | Biometric inverse problems | |
Rescher | Cognitive economy: The economic dimension of the theory of knowledge | |
Coren et al. | Sensation and perception | |
KR102228714B1 (en) | Systems and methods for providing security via interactive media | |
Zhao et al. | Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation | |
Rescher | Cognitive pragmatism: The theory of knowledge in pragmatic perspective | |
WO1999009512A1 (en) | Identification in computer systems using inherent characteristics | |
DiMeo | Committed to disillusion: Activist writers in Egypt in the 1960s-1980s | |
Rehling | Letter spirit (part two): Modeling creativity in a visual domain | |
Brodić et al. | The CAPTCHA: Perspectives and Challenges: Perspectives and Challenges in Artificial Intelligence | |
Mehrnezhad et al. | PiSHi: click the images and I tell if you are a human | |
Gresh et al. | Computers of Star Trek | |
Dascal | Critique without critics? | |
Jiang et al. | From mini house game to hobby-driven behavioral biometrics-based password | |
Chithra et al. | CAPTCHAs against meddler image identification based on a convolutional neural network | |
Korkiakoski et al. | Hack the Room: Exploring the potential of an augmented reality game for teaching cyber security | |
Keefer | Becoming Bayek: Blackness, Egypt, and Identity in Assassin's Creed: Origins | |
Suru | Security and usability in a hybrid property based graphical authentication system | |
Queiruga-Dios et al. | An Escape Game to Find the Owner of a Latent Fingerprint While Learning Biometry | |
Chekovska et al. | Postmortal and Posthumous Reproduction: Ethical and Legal Approaches to the Legalization | |
Halverson | An “active vision” computational model of visual search for human-computer interaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref country code: GB Ref document number: 200002110 Kind code of ref document: A Format of ref document f/p: F |
|
NENP | Non-entry into the national phase |
Ref country code: KR |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: CA |