The present invention relates to methods, devices, and systems for unobtrusive user recognition and user authentication of mobile devices.
User authentication is an important component for providing secure access to a computerized system. Authentication allows a computerized system to know who the user is and to determine that the user is not impersonating the identity of an authorized user. Typically, passwords have been used to implement authentication of users to computerized systems, though other methods including biometric identification, one time tokens and digital signatures are also used.
A common drawback to such methods is that they are obtrusive to the user, requiring the user to remember and enter a sequence of characters, interact with a biometric device or be in possession of a device that generates one-time tokens each time that he wishes to access the computerized system.
In order to prevent secure information from being compromised by brute force attacks and searches, secure passwords need to be long, difficult to guess and frequently generated a fresh. These aspects of maintaining protection increase the intrusive and cumbersome nature of passwords.
A mobile device is typically accessed multiple times daily and typically requires spontaneous and immediate access. The intrusive nature of current authentication techniques impedes their adoption on mobile devices, forcing users to forgo security in favor of usability. Currently available authentication methods have a low adoption rate among users of mobile devices as their obtrusive nature is not suited to the frequent and immediate usage patterns mandated by mobile device usage.
It would be desirable to have an unobtrusive method for authenticating a user to a mobile device that can also be exploited to provide authentication for accessing other computerized systems, performing secure payments or for unlocking physical barriers.
Modern mobile devices are equipped with multiple sensors which can be used for tracking Human Computer Interface (HCI) behavior patterns.
Prior art has suggested the use of various user behavior metrics generated by keyboard, mouse or haptic events to identify and authenticate authorized users to a computer terminal or network. In a paper titled “Direct and Indirect Human Computer Interaction Based Biometrics”, Yampolskiy et al. (journal of Computers (JCP), Vol. 2(10), 2007, pp. 76-88) surveys the state of the art in direct and indirect human computer interaction based biometrics. Yampolskiy distinguishes between “Direct HCI biometrics” based on abilities, style, preference, knowledge, or strategy used by people while working with a computer and “indirect HCI-based biometrics” based on events that can be obtained by monitoring a user's HCI behavior indirectly via observable low-level actions of computer software.
Behavioral traits such as, voice, gait and keystroke have been suggested in the prior art for user identification. Although these behavioral traits can be used unobtrusively, there currently does not exist an economical and accurate method of user authentication using such traits.