Many devices and systems use a keyboard or similar terminal as a user interface to access the device or system. Keyboard terminals are generally hardware devices or user interfaces that emulate typewriters, but they are also keypads on cellular telephones, portable devices such as PDA's and touch screen devices, tablet computers, or other devices that use a touch screen for key entry. These types of devices with the user interfaces may for example be a computer or electronic machine that generally requires any type of input such as alphanumeric input, but keyboards are not restricted to having alphanumeric keys. These devices are also single touch devices where user interaction events are recorded sequentially rather than simultaneously. This invention focuses on multi-touch devices as a means to authenticate users and provide dynamics usability to the user interface.
One embodiment of a multi-touch device uses Frustrated Total Internal Reflection (FTIR) to track the user interaction at the interface. FTIR uses the phenomenon when light traveling in a medium internally reflects due to the critical angle of reflection and the index of refraction of the material. Fiber optics and the like use the concept of total internal reflection (TIR) to transmit light with virtually no loss. If an additional material is introduced at the surface, it can frustrate the internal reflection causing light to escape at that point of contact.
Using FTIR, one can construct a multi-touch device where the finger or device touching the interface of a monitor that has internally reflecting light will produce touch events. These touch events can be constructed into user events similar to keystrokes on a keyboard and mouse clicks via a mouse.
Fingerprint scanners use FTIR to determine fingerprints, but this invention focuses on the behaviormetrics of the user interaction due to finger size and tactile motion provided by the user. User events at the Human Computer Interface (HCI) for multi-touch devices can provide a user signature based on the behaviormetrics of the user interaction.
Typically, when accessing these electronic devices some sort of means of authentication is desired or preferred, and a common such authentication is for an authorized user to be assigned a password or PIN (Personal Identification Number) to allow them to access and use of the device. Other types of systems may also desire to require or provide authentication, such as some computer software applications, which may for example require a password to allow an authorized user to enter the application on the computer it resides, or to enter certain more secure portions of the software or data.
While passwords provide some protection, passwords and other unique names such as user names, may also be a vulnerable point of security access due to any one of a number of different factors, such as poor choice of user-defined passwords, stolen passwords, lost passwords or the user exposes the password to an unauthorized party. In response to the vulnerability of passwords, the industry has incorporated secondary devices such as electronic signatures, smart cards, and biometric devices: fingerprint and retinal scanners, etc, thus requiring the user to log into the system via redundant, multiple and/or varied means. An added safeguard in software applications is to force a user to re-enter the access devices at certain intervals or at certain points-of-entry. These devices and mechanisms however can not prevent an unauthorized user from stealing the secondary devices or from preventing a criminal party from forcing the user to enter the password and/or secondary devices at any given time. None of these methods will protect the system, if the authorized user leaves the system without properly logging out of the system, thus leaving the system open to any bystander or passing unauthorized party.
At the interface for a multi-touch device, numerous behaviormetric observations are tracked which provide user identity. These include the size of a user's finger, the pressure they apply to the monitor as the size of the finger reading grows with pressure, a user tap and the duration of the tap, the timing between taps and double taps, the vector of the finger position, entry/exit vectors, gesture recognition, the chording distance of multi-finger touches and the spacing between the chording fingers, the speed of touching motions, top, side and bottom range of touching events due to different length of arms, distance between arms based on different hand positions. All of these tactile behaviormetrics events are unique to a user. The also provide a measurement for enhancing the usability of an application at the multi-touch user interface.
Embodiments of this invention may also provide a way to account for and sense varying data for a specific user, such as for instance a different authorized user profile when the user is engaging in the measurable dynamics or characteristics at different times of the day, length of time the authorized user has been accessing the system, under different stress or fatigue levels, or any one of a number of different ways there can be a measurable and predictable variance in the data.
Identifying and knowing the user of a computer is a desirable aspect of computer and software application security. Computer and software applications maintain different levels of security which have been breached in any one of a number of different ways, such as by stolen passwords, stolen smart cards, means of spoofing biometric devices, etc. If access to the computer is left open by an authorized user, passersby or bystanders then have ready access to the computer or open software application. The computer or software application on a network of devices needs to be able to define accurately the current user of said computer or software application.
This invention provides for the authentication of a user via the multi-touch behavior of the authorized user. Unlike other biometric devices, it is non-intrusive and adaptable to changes in the user's behavior. The multi-touch device dynamics system provided by this invention are relatively scalable through the use of probability distribution representations, which in some examples or embodiments, may provide scales relative to O(1) number of users in calculating the likelihood the user is the authorized user. Other implementations scale to n or n2 number of users. Embodiments of this invention may also provide a means to notify security sentries and execute programmed actions upon a breach in security based on changes in the multi-touch dynamics.
This invention provides an adaptable means for altering the usability of applications at the interface of the multi-touch device based on the user's multi-touch behaviormetric dynamics.
Probability distribution representations may be used in embodiments of this invention to identify if the purported or alleged authorized user is in fact the authorized user. Calculation and/or algorithms may be utilized to calculate the likelihood the alleged authorized user is the legitimate authorized user who has been authorized to access the system, account or device. The probability distribution representations provide a fast, adaptable and scalable mechanism for discerning legitimate users from illegitimate users. Embodiments of this invention may also provide a system to provide security alerts to, or notify, sentries when the system determines that it may be probable that the new or purported authorized user may not in fact be the authorized user. In some aspects of this invention, the security notification mechanism may provide a more proactive notification and security system to better secure the system to which it is being applied.
Probability distribution representations may be used in embodiments of this invention to identify usability parameters for the determining the size and position of application actions at the user interface.
It is an object of some embodiments of this invention to provide a more scalable system for verifying the identity of an identified user or user group or class of users for multi-touch devices.
It is also an object of some embodiments of this invention to provide a system for determining which of a plurality of identifying data point provide better identification of an identified user, user group or class of users for multi-touch devices.
While the invention was motivated in addressing some objectives, it is in no way so limited. The invention is only limited by the accompanying claims as literally worded, without interpretative or other limiting reference to the specification, and in accordance with the doctrine of equivalents.
Other objects, features, and advantages of this invention will appear from the specification, claims, and accompanying drawings which form a part hereof. In carrying out the objects of this invention, it is to be understood that its essential features are susceptible to change in design and structural arrangement, with only one practical and preferred embodiment being illustrated in the accompanying drawings, as required.