United States Patent [19] [ii] Patent Number: 4,621,334
Garcia [45] Date of Patent: Nov. 4,1986
[54] PERSONAL IDENTIFICATION APPARATUS
[75] Inventor: John D. Garcia, San Francisco, Calif.
[73] Assignee: Electronic Signature Lock
Corporation, Berkeley, Calif.
[21] Appl. No.: 526,858
[22] Filed: Aug. 26,1983
[51] Int. CM G06F 1/00; A04Q 9/00
[52] U.S. CI 364/550; 340/825.3;
340/825.31; 340/543
[58] Field of Search 364/550, 576, 580;
340/825.3, 825.31, 825.32, 825.33, 825.34, 527,
528, 543
[56] References Cited
U.S. PATENT DOCUMENTS
3,643,219 2/1972 Heimann 340/172.5
3,798,605 3/1974 Fiestel 340/172.5
3,806,882 4/1974 Clarke 340/172.5
3,872,443 3/1975 Ott 340/172.5
3,958,081 5/1976 Ehrsam et al 178/22
4,000,510 12/1976 Cheney et al 340/172.5
4,028,733 6/1977 Ulicki 340/172.5
4,101,959 7/1978 Demike et al 364/200
4,107,775 8/1978 Ott 364/413
4,197,524 4/1980 Salem 340/825.31
4,206,315 6/1980 Matyas et al 178/22
4,229,818 10/1980 Matyas et al 375/2
4,246,638 1/1981 Thomas 364/200
4,455,588 6/1984 Mochida et al 340/543 X
4,499,462 2/1985 Stoesser et al 340/825.64
OTHER PUBLICATIONS
Saltzer, J., "The Protection of Information in Computer Systems", Proceedings of the IEE, vol. 63, No. 9, Sep. 1975, pp. 4.13-4.43.
Sedgwick, G., "The Body Code Machines", The World, Jan. 9, 1983, pp. 9-10.
"Combination Lock", Hobby Electronics, vol. 3, No. 12,
Oct. 1981, pp. 21-23.
Primary Examiner—Felix D. Gruber
Assistant Examiner—H. R. Herndon
Attorney, Agent, or Firm—Limbach, Limbach & Sutton
[57] ABSTRACT
A method and apparatus is disclosed for verifying whether a particular individual is a member of a predetermined group of authorized individuals. The subject apparatus is particularly suited for controlling access to a secure resource such as a computer network or data base. In accordance with the subject invention, time delays are measured between successive strokes of a keyboard as the individual enters his name. A timing vector, which is constructed from the time delays, is statistically compared with a stored timing vector derived from the authorized individual. If the timing vectors are statistically similar, the individual will be permitted access to the resource.
24 Claims, 1 Drawing Figure
![[blocks in formation]](http://www.google.fr/patents?id=5lwzAAAAEBAJ&hl=fr&ie=ISO-8859-1&output=text&pg=PA1&img=1&zoom=3&hl=fr&q=&cds=1&sig=ACfU3U2mqvxaBU2LZUIfPLkPvXn-5b04DA&edge=0&edge=stretch&ci=210,905,621,424)
1 2
Accordingly, it is an object of the subject invention to
PERSONAL IDENTIFICATION APPARATUS provide a new and improved personal identification
apparatus.
TECHNICAL FIELD It is another object of the subject invention to provide
The subject invention relates to an apparatus for 5 a «* and imPTMved personal verification apparatus
•verifying whether a particular individual is a member of where data can be entered through simPle' existing
a predetermined group of authorized individuals. In lnput devices.
accordance with the subject invention, time delays be- . ]l 15 a furthej" ob->ect °{the subJect nation to pro
tween successive input operations performed by an ]n vide a new and improved personal identification appa
individual are recorded and statistically compared for 10 ratus where data is input through a keyboard
verification. The subject apparatus and method are 11 » stlU mother object of the subject, invention to
particularly suited for protecting a valuable resource Provlde a new and improved personal identification
such as access to a computer network. aPfaratus whlch. relles on m^sunng the time delays
between successive input operations of an individual
BACKGROUND OF THE INVENTION 15 through a keyboard.
In recent years, a number of verification systems have 11 » stiU a furthe[ ob->ect object invention to
been implemented for use with protected resources. For Prov,de a "ew and TMPTMTM* personal identification
example, a bank having automatic teller machines will JJ^JJ"^^ data'S statistlcallv analvzed ln
issue its customers a personal identification number 20 a I?aimef.,1or ma_x1,nlz'nS Pe orrnance.
/titxt\ i -*t. J -m, ... e u ",s st"l another object of the subject invention to
(PIN) along with an access card. The PINs of each user ., , .J , J , ., ... .
v / . r ., . . -. provide a new and improved personal identification
are stored in the central memory of the computer con- r . , . . r * w *
. „. . .. . „ , . apparatus wherein the parameters relating to access to
trolling the automatic teller machines When the cus- .fr v * -i J u J lL • * u
° . , , , , , . . , , the resource can be tailored based on the consistency of
the individual's input operations.
tomer wishes to withdraw cash, he inserts his card and enters the secret PIN number through a keyboard. The 25
computer compares the entered PIN with the stored SUMMARY OF THE INVENTION
PIN associated with the account number and deter- Jn accordance with these and other objects> the
mines whether to approve the transaction. subject invention ides for a new and improved
There are many difficulties encountered in the use of nal identification apparatus, particularly suited for PIN systems. For example as these systems become 30 ... access tQ an electronic resource) such as a more prevalent, a user would be required to memorize uter network. ^ identification apparatus is demany different PINs for each activity. Furthermore, signed tQ ide sdective access t0 {he resource tQ customers frequently store their PINs in their wallet, authorized individuals. The apparatus takes advantage such that if the wallet is lost, a criminal could use the of the fact that most computer interfaces include some card and PIN number to access the protected resource. form of key pad or keyboard. Thus, the apparatus of the Accordingly, there is considerable interest in develop- subject invention can be utilized merely by interposing ing personal identification systems which are unique to the device betWeen the keyboard driven input device the individual and can not be utilized by a criminal even and the main computer and controlling the input/outif the basic information were known. 4Q put channel therebetween.
One example of a unique personal identification sys- In accordance with the method of the subject inventem being developed concerns dynamic handwritten tjon> the time delays between successive input operasignatures. More particularly, when an individual signs tjons on the keyboard are used to differentiate between their name, information can be derived based on both authorized and unauthorized personnel. More specifithe downward pressure of the stylus of the pen and the 4J caiiy> m authorized individual will create a data base by x and y motions generated during the signature. This typing in character sets or phrases. Preferably, the indiinformation can be stored for comparison with a later vidual's name is used. The data base is derived as a attempt to gain access to the resource The principal function of the time delays between each successive advantage of dynamic signature verification is that a ietter input on the keyboard To create the initial data criminal having access to the finished product (i.e., the 50 base, the user will type in his name a number of times signature) cannot duplicate the same dynamic actions and a mean value will be stored. At a later time, when which generated that signature. the user attempts to access the system, the individual
Unfortunately, there are a number of shortcomings wiu again type in his name. A timing vector is generated
with dynamic signature verification which are prevent- based on measured time delays The timing vector is
ing its widespread implementation. For example, so- 55 statistically compared to the mean values stored in
phisticated electronic input devices are necessary, such memory. If the input data is statistically similar with the
as a special digitizing pad or electronic stylus, in order stored data, the individual will be granted access to the
to record the dynamics of the handwriting. Further- resource.
more, the manner in which individuals sign their names The subject invention also includes improved methvaries quite drastically. Thus, the key elements in each go ods for statistically handling the timing vectors in order signature, which are studied for verification, must be to maximize the effectiveness of the device. The statistiadapted and modified based on the person to be evalu- cal analysis, which will be discussed in detail below, ated. This requirement places a large burden on the permits the authorization parameters to be varied based processing equipment designed for handling signature on the consistency of the individual's typing. Furtherverification. Therefore, it would be desirable to provide 65 more, the system includes a method of adjusting the a personal identification system which could be broadly error rate to any desired level.
utilized and requires only relatively simple and existing Further objects and advantages of the subject inven
input devices. tion will become apparent from the following detailed
3
description taken in conjunction with the drawing in which:
BRIEF DESCRIPTION OF THE DRAWING
The sole FIGURE is a schematic block diagram of a 5 suggested arrangement of elements for use in protecting a secure resource in accordance with the objects of the subject invention.
DETAILED DESCRIPTION OF THE .„
PREFERRED EMBODIMENT
Referring to the sole FIGURE is illustrated an arrangement for implementing the method and apparatus of the subject invention. More particularly, the subject invention is intended to be used to protect a secure 15 resource, such as a computer network 10. While the arrangement is shown in combination with a computer network, other resources may be protected, such as secure areas through door locks. Access to computer system 10 is through an input/output (I/O) channel 12. 20 Typically, each input device passes through a separate I/O port or channel, although only one channel is shown for clarity.
Connected to the I/O channel are input devices such as a cathode ray tube with an attached keyboard shown 25 schematically at 14. In addition, access to computer resources can also be obtained through telephone dial pads 16. As discussed below, a musical keyboard 18 may also be used as an input device. A single on-off switch or telegraph key can also be used. 30
Presently, access to computer systems is often controlled through the use of passwords. More particularly, each user is assigned a specific password which is stored in the memory of the computer. When the operator wishes to gain access to the system, he types an 35 identifier (his name) and the password, which is then compared in the main computer to determine if access will be permitted. As can be appreciated, the system can be easily defeated when an unauthorized user obtains the password of an authorized user. This shortcoming 40 has led to many computer fraud problems. Accordingly, the subject invention has been designed to limit access to computer resources to authorized individuals.
This object is achieved by providing an apparatus 20 which controls the operation of the I/O channel. The 45 personal identification apparatus 20 includes a processor and electronic switch 22 for handling the system operation and a separate memory 24 for storing the data base on authorized individuals. Preferably, memory 24 is defined by a bubble memory or disc. 50
Briefly, in operation, an individual wishing to gain access to the computer will type in an identifier, such as his name, through one of the input devices 14, 16 or 18. The time delays between each successive key stroke is measured and recorded. The time delays may be mea- 55 sured either by counting the number of CPU cycles of the processor 22 or by measuring the actual time elapsed by an associated real time clock or timing chip. The string of timing delays in the user's name will define a timing vector. This timing vector is then com- 60 pared with stored data recorded earlier by the user and forming a part of the data base. If the timing vector input through the key pad is statistically similar to the data stored in memory, the I/O channel 12 will be opened for communication between the key pad and the 65 main computer. If the information is not statistically similar, the individual will be denied access to the resource.
4
The subject system is based upon the concept that the coordination of a person's fingers is neurophysiologically determined and unique for a given genotype. Any situation in which a person has to reproduce a rapidly changing pattern on one or more keys will produce the unique signature in terms of the time delays between each key pressed. This fact can be used to distinguish between genetically different individuals by means of the personal identification system of the subject invention.
As pointed out above, the keyboard can be any of a variety of input devices, such as a typewriter standard or a touch-tone telephone pad. In addition, a numeric key pad, a single telegraph key or even an electric piano or organ could be used. The only critical feature is that each successive piece of information input into the system be distinct and measurable relative to any timing base with a resolution between 1 and 500 microseconds. Preferably, a timing resolution on the order of 10 microseconds is utilized.
In practice, it has been found that the best data is derived when an individual types his own name. Apparently, the degree of familiarity and the emotional involvement of the input contribute to the stability and uniqueness of the electronic signature. Furthermore, a person's own name is the easiest password to remember. While the use of the individual's name is suggested, various other input systems may be used as discussed more fully hereinbelow.
In order to create a good statistical data base on each individual for storage in the memory, it is necessary to have the individual type his name a number of times to obtain an average input. Furthermore, through experimentation it has been shown that a training period is desirable, prior to actual recordation of data, to permit the signature to stabilize. This training period will vary significantly based on the typing expertise of the individual. For example, an expert typist will need only a few trials to get comfortable and produce reasonably similar input signatures. In contrast, a one finger typist will take significantly longer to build up to a reasonably consistent pattern for generating a usable data base.
Even with the institution of a training system, it should be apparent that the input signals generated each time a user types his name will vary to some degree. Furthermore, where a poor typist is involved, variations can be quite substantial. Therefore, in the preferred embodiment of the subject invention, a unique statistical approach is utilized which defines a function indicating the relative consistency of the individual. By using this statistical approach, discrimination between individuals is greatly enhanced. Furthermore, the error rate of the device can be accurately controlled.
In any personal identification system there are two errors which must be considered. The first error is the denial of access to an authorized individual. This error is not too serious and can be remedied by having the individual enter their name another time or times. The second error is permitting access to a nonauthorized individual. Obviously, this is a far worse error and must be severly constrained.
The parameters of acceptable error will vary from system to system. For example, where the resource is being protected merely from theft of services, and contains no secure data, the parameters can be fairly liberal. In contrast, where the computer network contains highly sensitive and secure information, the parameters must be strictly set. In the latter case, an authorized user
|
