System and method to authenticate users on a computing system using a free text behavioral biometric method

12105,782

17/591385

February 02, 2022

A system and method to authenticate users on a computing system using a free text behavioral biometric method by recording on the computer system a dataset for each user to be authenticated to create a user profile for each user to be authenticated, each data set comprising a plurality of free-text keystrokes entered by a respective user on a computer that is part of the computing system, and storing each user profile in the memory, subsequently collecting the keystrokes of a user to be authenticated as the user enters text on a keyboard connected to the computing system, creating a plurality of graphs based on the collection of keystrokes entered by the user and calculating n instance based tail area density (ITAD) metric, and then combining the ITAD metric for each graph duration into a single similarity score.

Hou, Daqing (Potsdam, NY, US); Schuckers, Stephanie (Potsdam, NY, US); Banavar, Mahesh (Potsdam, NY, US); Ayotte, Blaine (Potsdam, NY, US)

CLARKSON UNIVERSITY (Potsdam, NY, US)

1. A computer implemented method for authenticate users on a computing system using a free text behavioral biometric method on a computer having non-transitory memory and a processor, comprising executing on the processor the steps of: a. recording on the computer system a dataset for each user to be authenticated to create a user profile for each user to be authenticated, each data set comprising a plurality of free-text keystrokes entered by a respective user on a computer that is part of the computing system, and storing each user profile in the memory; b. subsequently collecting the keystrokes of a user to be authenticated as the user enters text on a keyboard connected to the computing system; c. creating a plurality of graphs based on the collection of keystrokes entered by the user in step (b), each of which represents a cumulative density function of the user for each feature shared between the user profile and the user to be authenticated entered in step (b); d. using the computer, calculating an instance based tail area density (ITAD) metric by: [mathematical expression included] wherein N is the number of graphs shared between the user profile and collection of keystrokes entered by the user in step (b), CDF gi (*) is the empirical cumulative distribution function of the i th graph g i in the user profile, M g is the median of the i th graph in the user profile, X i is the individual test graph duration for the ith shared graph in the collection of keystrokes entered by the user in step (b); e. using the computer, combining the ITAD metric for each graph duration into a single similarity score using the following equation: [mathematical expression included] wherein the parameter p serves as a scaling factor and can be selectively tuned depending on the application, and if 01 then larger scores will be shifted down by a lesser amount than lower scores; and f. determining, by the computer, whether the user entering the keystrokes in step (b) matches an authenticated user from step (a) based on the single similarity score above a predetermined threshold value.

2. The computer implemented method to authenticate users on a computing system according to claim 1 , wherein the shared features from step (c) can be any of a monograph and any one of a digraph DD, UD, UU, or DU.

3. A non-transitory computer-readable medium for authenticating users on a computing system using a free text behavioral biometric method, comprising instructions stored thereon, that when executed on a processor, perform the steps of: a. recording on the computer system a dataset for each user to be authenticated to create a user profile for each user to be authenticated, each data set comprising a plurality of free-text keystrokes entered by a respective user on a computer via a computer input device that is part of the computing system, and storing each user profile in the memory; b. subsequently collecting the keystrokes of a user to be authenticated as the user enters text on a computer input device connected to the computing system; c. creating a plurality of graphs based on the collection of keystrokes entered by the user in step (b), each of which represents a cumulative density function of the user for each feature shared between the user profile and the user to be authenticated entered in step (b); d. using the computer, calculating an instance based tail area density (ITAD) metric by: [mathematical expression included] wherein N is the number of graphs shared between the user profile and collection of keystrokes entered by the user in step (b), CDF gi (*) is the empirical cumulative distribution function of the i th graph g i in the user profile, M g is the median of the i th graph in the user profile, X i is the individual test graph duration for the ith shared graph in the collection of keystrokes entered by the user in step (b); e. using the computer, combining the ITAD metric for each graph duration into a single similarity score using the following equation: [mathematical expression included] wherein the parameter p serves as a scaling factor and can be selectively tuned depending on the application, and if 01 then larger scores will be shifted down by a lesser amount than lower scores; f. determining, by the computer, whether the user entering the keystrokes in step (c) matches an authenticated user from step (a) based on the single similarity score above a predetermined threshold value.

4. The non-transitory computer-readable medium according to claim 3 , wherein the shared features from step (c) can be any of a monograph and any one of a digraph DD, UD, UU, or DU.

5. An account recovery system, comprising: an account recovery form having a plurality of text entry fields that can accept the entry of text; a processor programmed to determine a scaled Manhattan distance metric for each of the plurality of text entry fields based on a set of keystroke dynamic features associated with text entered into each of the plurality of data fields of the account recovery form; a database containing a user profile containing the scaled Manhattan distant metric for each of the plurality of text entry fields in connection with text previously entered into each of the plurality of data fields of the account recovery form; wherein the processor is further programmed to determine whether the scaled Manhattan distance metric of any new text entered into each of the plurality of text entry fields of the account recovery form matches the scaled Manhattan distant metric for text previously entered into each of the plurality of data fields of the account recovery form; wherein the processor is programmed to calculate an instance based tail area density (ITAD) metric by: [mathematical expression included] wherein N is the number of graphs shared between the user profile and collection of keystrokes entered by the user, CDF gi (*) is the empirical cumulative distribution function of the i th graph g i in the user profile, M g is the median of the i th graph in the user profile, X i is the individual test graph duration for the ith shared graph in the collection of keystrokes entered by the user; and wherein the processor is programmed to combine the ITAD metric for each graph duration into a single similarity score using the following equation: [mathematical expression included] wherein the parameter p serves as a scaling factor and can be selectively tuned depending on the application, and if 01 then larger scores will be shifted down by a lesser amount than lower scores.

6. The account recovery system of claim 5 , wherein the processor is programmed to determine whether the scaled Manhattan distance metric of any new text entered into each of the plurality of text entry fields of the account recovery form matches the scaled Manhattan distant metric for text previously entered into each of the plurality of data fields of the account recovery form by fusing the scaled Manhattan distant metric of a subset of the plurality of data fields.

7. The account recovery system of claim 6 , wherein the fusing of the scaled Manhattan distant metric is performed by merging the set of keystroke dynamic features of multiple of the plurality of text entry fields.

8. The account recovery system of claim 7 , wherein the fusing of the scaled Manhattan distant metric is performed by weighting the scaled Manhattan distant metric of each of the plurality of text entry fields.

9. The account recovery system of claim 8 , wherein the subset comprises five fields.

8285658 October 2012 Kellas-Dicks
9251464 February 2016 Kellas-Dicks
9686300 June 2017 Kurupati
10075846 September 2018 Acar
20130219490 August 2013 Isbister
20150294097 October 2015 Ramachandran
20150379253 December 2015 Cook
20160197918 July 2016 Turgeman
20160239649 August 2016 Zhao
20160294837 October 2016 Turgeman
20170061322 March 2017 Chari
20200050744 February 2020 Hazan
20200251118 August 2020 Sunkavally
20200259638 August 2020 Carmignani
20200387587 December 2020 Perez-Rovira
20210019385 January 2021 Stein
20220083633 March 2022 Hazan

Yu Zhong; Keystroke Dynamics for User Authentication; IEEE:2012; pp. 1-7. cited by examiner

edspgr.12105782