The management of passwords has become problematic for both users and system administrators in nearly all industries due to the fact that users are typically encouraged to create hard-to-guess passwords that are often also hard to remember.
Initial efforts in Keystroke Dynamics (KD) were largely focused on dynamic or continuous authentication that is, users were being continually verified throughout the duration of their session. This process typically involves creating a global representation of how the user types and then being able to predict their typing patterns a priori for any input which requires a lengthy training set (e.g., typically hundreds or thousands of characters). In this way, the user is continually authenticated throughout the duration of his or her session. The other approach has used static authentication, or ‘simple discrimination’ which is reminiscent of more traditional login methods.
For example, U.S. Pat. No. 4,621,334, entitled Personal Identification Apparatus describes a method and apparatus is disclosed for verifying whether a particular individual is a member of a predetermined group of authorized individuals. The subject apparatus is particularly suited for controlling access to a secure resource such as a computer network or database and time delays are measured between successive strokes of a keyboard as the individual enters his name. A timing vector, which is constructed from the time delays, is statistically compared with a stored timing vector derived from the authorized individual. If the timing vectors are statistically similar, the individual will be permitted access to the resource.
As a result, there is a need for an apparatus and method for the classification of subjects based on keyboard input characteristics for the purposes of identification to enable a variety of resulting processing applications including that of user authentication.