1. Field
The present invention relates to a system and method for verifying the identity of an individual based on the differences in the way people type. That is, the invention is based on the keystroke dynamics of individuals. The present invention has particular application in controlling access to data processing systems, such as those used in the banking industry, where typing is usually a primary means of accessing data in the computer system.
2. Art Background
There are various methods for verifying the identity of an individual described in the prior art. These methods include the use of an individual's signature, password (such as a personal identification number--PIN), palm print and/or fingerprint to verify the identify of the individual. Those methods relying on passwords are easily manipulated by obtaining the passwords. Methods relying on a peculiar physical feature (e.g. palm print) of an individual are prone to deception by presenting a photographic or xerographic image of the physical feature of the device attempting to verify an individual's identity. These methods have been suggested for use in the banking industry to control access to sites or devices such as self service banking devices and rooms containing terminals used for electronic fund transfers.
Experiments have been done to show that the way an individual types (usually a passage of text) tends to be as unique as a person's fingerprints. In one prior art embodiment, the investigators found that each of the individuals in the experiment had a distinctive typing pattern which could be used to verify the identity of the same individuals participating in the experiment. Several typists were given a paragraph of prose to type, and the times between successive keystrokes were recorded. At a later date, the same typists were given the same paragraph of prose to type; the times between successive keystrokes were again recorded. The investigators then compared the timing patterns of each individual typist and found that the patterns for a particular typist were much more similar to each other than to patterns from any other typist. In this experiment, the comparison of an individual's typing patterns to his prior typing pattern was performed well after the individual ceased his typing which developed the subsequent typing pattern. Furthermore, the investigators focused on the timing patterns in the time periods between successive keystrokes. This experiment was performed by the Rand Corporation under the sponsorship of the National Science Foundation. A report describing the experiment has been prepared by R. Stockton Gaines and others, and is entitled "Authentication by Keystroke Timing; Some Preliminary Results" and bears the identification R-2526-NSF.
As will be described, the present invention provides methods and apparatus for verifying an individual's identity based on keystroke dynamics. This verification is performed continuously and in real time. The present invention permits hierarchies of security to be defined for access to the computer system, such that more stringent verification thresholds are required for access to specified files or tasks. Lower thresholds may be defined for more routine, less critical, functions.