Method and apparatus for achieving secure password access

US 6,895,514 B1
Filed: 06/25/1999
Issued: 05/17/2005
Est. Priority Date: 06/25/1999
Status: Expired due to Term

First Claim

Patent Images

1. A security method requiring entry of a password by an authorized user before an action will be allowed, said password comprising a plurality of actions in a predetermined sequence, said method comprising the steps of:

(1) creating a sequence model of an expected password, said model comprising information defining a plurality of acts occurring in a specified sequence;

(2) creating a temporal model of time intervals between said acts comprising said password;

(3) comparing the sequence model to the password entered by the user and generating a first score from a first accuracy measurement of the sequence of actions of the password entered by the user as compared to the model sequence;

(4) comparing the temporal model to time intervals of the entered password and generating a second score from a second accuracy measurement of the time intervals of the password entered by the user as compared to the model time intervals;

(5) generating a PASS/FAIL output based on a combination score calculated from said first and second scores, wherein said combination score is dynamically adjusted to increase the ratio of said second score to said first score as the number of times said authorized user enters said password increases.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for enhancing the security of password security systems. The authorization decision related to passwords is based not only on entry of the correct characters in the correct sequence but also on the keystroke sequence timing associated with the typing habits of an authorized user. The keystroke sequence timing provides an additional security measure to each password similar to signature or fingerprint systems. Particularly, each person has a unique typing style and this uniqueness is captured in the present invention as keystroke sequence timing and used as an additional recognition means.

Citations

37 Claims

1. A security method requiring entry of a password by an authorized user before an action will be allowed, said password comprising a plurality of actions in a predetermined sequence, said method comprising the steps of:
- (1) creating a sequence model of an expected password, said model comprising information defining a plurality of acts occurring in a specified sequence;
  
  (2) creating a temporal model of time intervals between said acts comprising said password;
  
  (3) comparing the sequence model to the password entered by the user and generating a first score from a first accuracy measurement of the sequence of actions of the password entered by the user as compared to the model sequence;
  
  (4) comparing the temporal model to time intervals of the entered password and generating a second score from a second accuracy measurement of the time intervals of the password entered by the user as compared to the model time intervals;
  
  (5) generating a PASS/FAIL output based on a combination score calculated from said first and second scores, wherein said combination score is dynamically adjusted to increase the ratio of said second score to said first score as the number of times said authorized user enters said password increases.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as set forth in claim 1 wherein step (5) comprises:
    - (5.1) comparing said first score to a first threshold;
      
      (5.2) comparing said second score to a second threshold; and
      
      (5.3) generating a PASS output if and only if said first score exceeds said first threshold and said second score exceeds said second threshold.
  - 3. A method as set forth in claim 1 wherein step (5) comprises:
    - (5.1) generating a first weighting factor;
      
      (5.2) multiplying said first score by said first weighting factor to obtain a first weighted score;
      
      (5.3) generating a second weighting factor;
      
      (5.4) multiplying said second score by said second weighting factor to obtain a second weighted score; and
      
      (5.5) adding said first and second weighted scores to generate an overall score and generating a PASS/FAIL output based upon said overall score.
  - 4. A method as set forth in claim 3 wherein step (2) comprises:
    - (2.1) determining the time intervals between said actions forming said password as performed by an authorized user a plurality of times;
      
      (2.2) generating a mean and a standard deviation corresponding to each interval based on said plurality of times.
  - 5. A method as set forth in claim 4 wherein step (4) comprises:
    - (4.1) comparing said mean and said standard deviation of said temporal model to the time intervals of the entered password.
  - 6. A method as set forth in claim 5 wherein step (4.1) comprises generating said second score by:
    - $TS = \frac{1}{N} \sum_{i = 1}^{N} \frac{1}{1 + d_{i}}$ whereN+1=a number of characters in said password;
      
      i=1, 2, . . . N; and
      
      $d_{i} = \frac{\langle x_{i} - μ_{i} \rangle}{σ_{i} + μ_{i}}$ wherex_i=the time interval for key stroke i of the password entered by the user;
      
      μ
      
      _i=the mean for character i for said temporal model; and
      
      σ
      
      _i=the standard deviation for character i of said temporal model.
  - 7. A method as set forth in claim 5 wherein step (2.2) comprises:
    - recalculating said standard deviation and mean information by incorporating the time interval data corresponding to each entry of said password that results in a PASS.
  - 8. A method as set forth in claim 4 wherein steps (2.1) and (2.2) are performed with respect to each entered password if said entered password results in a PASS.
  - 9. A method as set forth in claim 3 wherein said second weighting factor is M and said first weighting factor is 1=M, where M is a positive fraction less than 1.

10. A security method requiring entry of a password by an authorized user before access to a system will be allowed, said password comprising a plurality of characters in a predetermined sequence, said method comprising the steps of:
- (1) creating a character sequence model of an expected password sequence, said model comprising entry of a plurality of characters in a specified sequence;
  
  (2) creating a temporal model of timing intervals between entry of consecutive characters of said password by said user;
  
  (3) comparing the character sequence model to a character sequence measured from the password entered by the user and generating a first score from a first accuracy measurement of the character sequence relative to the character sequence model;
  
  (4) comparing the temporal model of timing intervals to timing intervals measured from the password entered by the user and generating a second score from a second accuracy measurement of the timing intervals of the password entered by the user to the temporal model;
  
  (5) generating a PASS/FAIL output based on a combination score calculated from of both said first and second scores, wherein said combination score is dynamically adjusted to increase the ratio of said second score to said first score as the number of times said authorized user enters said password increases.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A method as set forth in claim 10 wherein step (5) comprises:
    - (5.1) comparing said first score to a first threshold;
      
      (5.2) comparing said second score to a second threshold; and
      
      (5.3) generating a PASS output if and only if said first score exceeds said first threshold and said second score exceeds said second threshold.
  - 12. A method as set forth in claim 10 wherein step (5) comprises:
    - (5.1) generating a first weighting factor;
      
      (5.2) multiplying said first score by said first weighting factor;
      
      (5.3) generating a second weighting factor;
      
      (5.4) multiplying said second score by said second weighting factor; and
      
      (5.5) adding said weighted scores to generate an overall score and generating a PASS/FAIL output based upon said overall score.
  - 13. A method as set forth in claim 11 wherein step (2) comprises:
    - (2.1) generating said temporal model based on typing of said password by an authorized user a plurality of times;
      
      (2.2) generating a mean and a standard deviation corresponding to each interval based on said plurality of times.
  - 14. A method as set forth in claim 13 wherein step (2.2) comprises:
    - recalculating said mean and standard deviation information by incorporating time interval data corresponding to each entry of said password that results in a PASS.
  - 15. A method as set forth in claim 13 wherein step (4) comprises:
    - (4.1) comparing said mean and said standard deviation of said temporal model to the timing intervals of the password.
  - 16. A method as set forth in claim 15 wherein step (4.1) comprises generating said second score by:
    - $TS = \frac{1}{N} \sum_{i = 1}^{N} \frac{1}{1 + d_{i}}$ whereN+1=a number of characters in said password;
      
      i=1, 2, . . . N; and
      
      $d_{i} = \frac{\langle x_{i} - μ_{i} \rangle}{σ_{i} + μ_{i}}$ wherex_i=the timing interval for key stroke i of the password entered by the user;
      
      μ
      
      _i=the mean for character i for said temporal model; and
      
      σ
      
      _i=the standard deviation for character i of said temporal model.
  - 17. A method as set forth in claim 13, wherein steps (2.1) and (2.2) are performed with respect to each entered password if said entered password results in a PASS.
  - 18. A method as set forth in claim 12 wherein said second weighting factor is M and said first weighting factor is 1−
    - M, where M is a positive fraction less than 1.

19. An apparatus for providing password security for a system comprising:
- a memory for storing a model password, said model password comprising information concerning a plurality of acts occurring in a specified sequence and measurements of the time intervals between said acts;
  
  an input device through which a user'"'"'s performance of said acts may be detected;
  
  a first comparison circuit for comparing the specified model sequence to a sequence of a password entered by a user and generating a first score indicative of an accuracy measurement of the entered sequence to the specified model sequence;
  
  a second comparison circuit for comparing the measurements of the time intervals of said model password to time intervals of a password entered by the user and generating a second score indicative of a second accuracy measurement of the timing intervals of the entered password to the measurements of the time intervals of the model password; and
  
  an output circuit for combining said first and second scores to create an overall score and comparing said overall score to a threshold score to generate a PASS/FAIL output signal, wherein the ratio of said second score to said first score used to create said overall score is dynamically adjusted to increase as the number of times said user'"'"'s performance of said acts increases.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. An apparatus as set forth in claim 19 wherein said output circuit comprises:
    - a first multiplier coupled to multiply said first score by a first weighting factor;
      
      a second multiplier coupled to multiply said second score by a second weighting factor; and
      
      an adder coupled to receive the outputs of said first and second multipliers and output a sum thereof, said sum comprising said overall score.
  - 21. An apparatus as set forth in claim 19 further comprising:
    - a circuit for generating said model password, said circuit comprising;
      
      a timer coupled to said input device to detect intervals between said acts forming said password as performed by a user; and
      
      a circuit for generating a mean and standard deviation corresponding to each time interval of said password entered by said user based on a plurality of entries of said password to create said measurements of the time intervals of the model password.
  - 22. An apparatus as set forth in claim 21 wherein said second comparison circuit compares said mean and said standard deviation of said model password to said time intervals of said entered password.
  - 23. An apparatus as set forth in claim 22 wherein said circuit for generating said mean and standard deviation does so by:
    - $TS = \frac{1}{N} \sum_{i = 1}^{N} \frac{1}{1 + d_{i}}$ whereN+1=a number of characters in said password;
      
      i=1, 2, . . . N; and
      
      $d_{i} = \frac{\langle x_{i} - μ_{i} \rangle}{σ_{i} + μ_{i}}$ wherex_i=the time interval for key stroke i of the entered password entered by the user;
      
      μ
      
      _i=the mean for character i for said model password; and
      
      σ
      
      _i=the standard deviation for character i of said model password.
  - 24. An apparatus as set forth in claim 23 wherein said circuit for generating said model password recalculates said mean and standard deviation by incorporating time interval data corresponding to each entry of said password that results in a PASS into said mean and standard deviation.
  - 25. An apparatus as set forth in claim 24 wherein said input device is a keyboard and said acts comprise typing a sequence of characters on said keyboard.
  - 26. An apparatus as set forth in claim 25 wherein said output circuit comprises a processor.
  - 27. An apparatus as set forth in claim 26 wherein said circuit for generating said model password also comprises a processor.
  - 28. An apparatus as set forth in claim 25 wherein said output circuit comprises a digital signal processor.
  - 29. An apparatus as set forth in claim 28 wherein said circuit for generating said model password also comprises a digital signal processor.

30. A method of restricting access to a system by requiring entry of a password, said password comprising a character sequence of alphanumeric characters, said characters being typed by a user in a habitual manner by a plurality of keystrokes, each of said characters having a particular keystroke, said method comprising the steps of:
- creating a model of an expected password, said model comprising a combination of a first score based upon said character sequence and a second score based upon temporal characteristics of typing habits of said user, wherein a ratio of said second score to said first score is dynamically increased as the number of times said characters are typed by said user;
  
  receiving a user input of a password from said user;
  
  comparing said user input to said model; and
  
  generating a PASS/FAIL output based on the comparing step.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. A method as set forth in claim 30 wherein said step of creating a model of an expected password comprises the steps of:
    - recording entries of said character sequence of said password by said user a plurality of times;
      
      determining said typing habit of said user from said recorded entries.
  - 32. A method as set forth in claim 31 wherein said model is generated by an adaptive system trained to analyze said typing habit of said user and adaptively incorporate said typing habit in said model.
  - 33. A method as set forth in claim 31 wherein said model is generated after conducting a series of adaptive training sessions.
  - 34. A method as set forth in claim 30 wherein said model of said typing habits of said user comprises time intervals between said keystrokes corresponding to said characters.
  - 35. A method as set forth in claim 30, wherein the step of creating a model of an expected password, said model comprising a combination of both said character sequence and a model of typing habits of said user, further comprises the steps of:
    - multiplying a first score based upon said character sequence by a first proportional weight to obtain a first factor;
      
      multiplying a second score based upon said model of typing habits by a second proportional weight to obtain a second factor;
      
      combining said first and second factor to obtain said model of an expected password.
  - 36. A method as set forth in claim 35 wherein said first proportional weight and said second proportional weight are predetermined.
  - 37. A method as set forth in claim 35 wherein a sum of said first proportional weight and said second proportional weight is equal to 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemalto SA (Thales SA)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Kermani, Bahram Gaffarzadeh
Primary Examiner(s)
Caldwell, Andrew
Assistant Examiner(s)
Meislahn, Douglas J

Application Number

US09/344,724
Time in Patent Office

2,153 Days
Field of Search

713/202, 713/183, 713/186, 713/187, 713/200
US Class Current

726/19
CPC Class Codes

G06F 21/316 by observing the pattern of...

Method and apparatus for achieving secure password access

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for achieving secure password access

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links