Field of the Invention
This invention relates generally to the field of data processing systems. More particularly, the invention relates to a system and method for adaptive user authentication.
Description of Related Art
FIG. 1 illustrates an exemplary client 120 with a biometric device 100. When operated normally, a biometric sensor 102 reads raw biometric data from the user (e.g., capture the user's fingerprint, record the user's voice, snap a photo of the user, etc) and a feature extraction module 103 extracts specified characteristics of the raw biometric data (e.g., focusing on certain regions of the fingerprint, certain facial features, etc). A matcher module 104 compares the extracted features 133 with biometric reference data 110 stored in a secure storage on the client 120 and generates a score 153 based on the similarity between the extracted features and the biometric reference data 110. The biometric reference data 110 is typically the result of an enrollment process in which the user enrolls a fingerprint, voice sample, image or other biometric data with the device 100. An application 105 may then use the score 135 to determine whether the authentication was successful (e.g., if the score is above a certain specified threshold).
Systems have also been designed for providing secure user authentication over a network using biometric sensors. In such systems, the score 135 generated by the application 105, and/or other authentication data, may be sent over a network to authenticate the user with a remote server. For example, Patent Application No. 2011/0082801 (“'801 Application”) describes a framework for user registration and authentication on a network which provides strong authentication (e.g., protection against identity theft and phishing), secure transactions (e.g., protection against “malware in the browser” and “man in the middle” attacks for transactions), and enrollment/management of client authentication tokens (e.g., fingerprint readers, facial recognition devices, smartcards, trusted platform modules, etc).
Authenticators such as those described above require some form of user interaction such as swiping the finger, or entering a secret code. These “normal” authenticators are intended to authenticate the user at a given point in time. In addition, “silent” authenticators may also be used which are designed to authenticate the user's device at a given point in time (rather than the user). These silent authenticators may rely on information extracted from the user's device without interaction by the user (e.g., sending a Machine-ID).
However, there are certain use cases where requiring explicit user interaction presents too much friction (e.g., near field communication (NFC) payments, frequently used apps requiring authentication without being tied to high value transactions), whereas a “silent” authentication technique such as sending a Machine-ID does not provide enough certainty that the legitimate user is still in possession of the device.
Several “continuous” authentication methods have been proposed by the research community such as Anthony J. Nicholson, “Mobile Device Security Using Transient Authentication,” IEEE TRANSACTIONS ON MOBILE COMPUTING VOL. 5, NO. 11, pp. 1489-1502 (November 2006); Mohammad O. Derawi, “Unobtrusive User-Authentication on Mobile Phones using Biometric Gait Recognition” (2010); and Koichiro Niinuma, Anil K. Jain, “Continuous User Authentication Using Temporal Information” (currently at http://www.cse.msu.edu/biometrics/Publications/Face/NiinumaJain_ContinuousAuth_SPIE10.pdf). Some of these methods have even been adopted by the industry such as BehavioSec, “Measuring FAR/FRR/EER in Continuous Authentication,” Stockholm, Sweden (2009). These methods generally provide an assurance level that the legitimate user is still in possession a device without adding friction to the authentication process, but they focus on a single modality (i.e. using a wearable token, gait recognition, face and color of clothing recognition and user's keyboard input).
One problem which exists, however, is that directly providing location data or other personal (e.g. face image, color of clothing, gait or typing characteristics, . . . ) or environmental data (e.g. temperature, humidity, WLAN SSIDs, . . . ) to the relying party for supplementing the risk estimation violates the user's privacy in some regions of the world. Consequently, more advanced remote authentication techniques are needed which are both non-intrusive and adequately protect the end user's privacy.
In addition, the strength of current authentication methods (e.g. passwords, fingerprint authentication, etc) is mostly constant over time, but the resulting risk varies based on the current environment in which authentication is performed (e.g. the machine being used, the network the machine is connected to, etc). It would be beneficial to select and/or combine authentication modalities based on the current detected risk.
When considering increasing the assurance level of authentication, typically methods for enhancing the level of explicit authentication methods like requiring more complex passwords or use more accurate biometric methods like fingerprint or face recognition come to mind. In reality, the authentication assurance level (or the transaction risk derived from it) also depends on other data, such as whether the authentication performed from the same device as before and whether the location of the authentication is realistically near to the location of the last successful authentication (e.g., authentication at 1 pm in San Francisco and at 2 pm same day in Tokyo doesn't seem to be realistic for one person).
Passwords still are the predominant explicit authentication methods. Unfortunately they are attacked easily and those attacks scale well. Additionally, entering passwords is cumbersome especially on small devices like smartphones. As a consequence many users do not use password based protection methods to lock their phones at all or they use trivial PIN code.
Some smartphones are using fingerprint sensors in order to provide a more convenient way to authentication. Using biometric modalities for authentication has been criticized for not providing sufficient spoofing attack resistance and for introducing privacy issues by potentially not protecting biometric reference data properly.
Various “fusion” methods for combining biometric modalities have been proposed. Some of them address usability issues by reducing the false rejection rate (FRR); other address the security issue by reducing the false acceptance rate (FAR). These methods thus far have proposed static fusion algorithms. Unfortunately this approach still leads to varying assurance levels depending on the “other inputs” (as discussed above).