WO2016001657A1 - Procédé et serveur d'authentification biométrique - Google Patents

Procédé et serveur d'authentification biométrique Download PDF

Info

Publication number
WO2016001657A1
WO2016001657A1 PCT/GB2015/051915 GB2015051915W WO2016001657A1 WO 2016001657 A1 WO2016001657 A1 WO 2016001657A1 GB 2015051915 W GB2015051915 W GB 2015051915W WO 2016001657 A1 WO2016001657 A1 WO 2016001657A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
authentication data
threshold
false
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/GB2015/051915
Other languages
English (en)
Inventor
Daniel THORNHILL
John Petersen
Patrick Carroll
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Validsoft UK Ltd
Original Assignee
Validsoft UK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Validsoft UK Ltd filed Critical Validsoft UK Ltd
Publication of WO2016001657A1 publication Critical patent/WO2016001657A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques
    • G10L17/22Interactive procedures; Man-machine interfaces
    • G10L17/24Interactive procedures; Man-machine interfaces the user being prompted to utter a password or a predefined phrase
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Definitions

  • This invention relates to biometric authentication method and an authentication server for implementing the biometric authentication method.
  • Biometric authentication systems and methods are used in many areas of modern life. In particular, systems where sensitive or personal data is involved, securing transactions which are considered high risk, or other scenarios where security is a concern, biometric authentication is frequently used. These methods may be employed when a participant in such a system needs to transmit or receive sensitive or personal data to another participant. In this situation, one or both participants may need to be
  • An example of such a system is that involving a financial institution, such as a bank, and a client or user of the financial institution.
  • the bank may require that user to prove that they are a person who is authorised to make transactions for the account. Historically, such proof could occur through the user visiting a location of the bank and providing a signature or proof of identification which would match details that the bank possessed regarding the authorized person. Alternatively, the user could write a letter to the bank, again providing a signature or proof of identification.
  • authentication methods can be classified into one of three different types.
  • the first type involves authenticating a user through some apparatus or object possessed by the user.
  • a bank may provide a user with a "card reader" as an authentication apparatus.
  • This device acts as a one-time pin generation pad, which is a well-known form of encryption.
  • a one-time pad allows a user, through the use of a banking card (such as a credit or debit card), to obtain a specific code required to authorize a transaction (that is, to authorize the user attempting the transaction).
  • the code may be generated based on the specific banking card (or associated bank account) details of the user.
  • the code may further be generated based on the date and time of the attempted transactions, or the details for the transaction.
  • the destination account details involved in the transaction in the case of transferring funds.
  • the user can then provide this code to the bank when attempting the transaction.
  • the bank is in possession of similar means to identify or generate a code associated with the transaction. If the code the bank generates is the same as that received from the user (within a tolerance range), the transaction may be authorized. That is, the bank believes the user is legitimate due to being able to provide the correct code.
  • the second type of authentication method involves authenticating a user through the use of something known to the user, such as a password or other authentication information.
  • something known to the user such as a password or other authentication information.
  • An example of this type would be an internet banking service which requires a user name, password, memorable information or other information ideally known only to the user.
  • This type of authentication may be problematic due to the requirement that the user remembers the authentication information.
  • a user may typically re-use the same authentication information for several of the services. This can compromise the security of each service.
  • This security method also assumes the user "secret" information has not been compromised, which may no longer be true in modern society.
  • Biometric authentication systems involve the identification of humans by their characteristic traits.
  • Biometric identifiers are the distinctive, measureable characteristics used to label and describe individuals.
  • Biometric identifiers are often categorized as physiological or behavioural characteristics.
  • Physiological characteristics are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, Palm print, hand geometry, iris recognition, retina and odour/scent.
  • Behavioural characteristics are related to the pattern of behaviour of a person, including but not limited to: typing rhythm, gait, and voice. It will be appreciated that behavioural characteristics are determined partly by physiological characteristics and partly by learned behaviour.
  • biometric scanning apparatus such as: a scanner for detecting fingerprints; a microphone for detecting vocal patterns or other characteristics; or a camera for detecting iris, retina or other eye-related characteristics.
  • a scanner for detecting fingerprints a scanner for detecting fingerprints
  • a microphone for detecting vocal patterns or other characteristics a microphone for detecting vocal patterns or other characteristics
  • a camera for detecting iris, retina or other eye-related characteristics One or more of these characteristics may be used as the basis for an authentication process.
  • biometric authentication methods do not require the user to be in possession of an authentication apparatus or to remember authentication information and so can be particularly attractive to users and service providers such as banks.
  • a user may provide a record of their voice to a bank when they open an account or set up an online service to interact with the account.
  • the voice record may be a vocalization associated with a specific phrase, or some other audible sound.
  • This initial sample may well be accompanied by some more traditional method of authentication to verify that the voice record provided belongs to the legitimate user (to prevent tampering).
  • the user can authorize future actions by providing a voice sample when prompted, such that the bank can compare this to the sample they hold. This can be readily achieved for telephone banking services, and for internet banking services (assuming that the users internet enabled device includes a microphone).
  • the microphone or telephone is capable of reading a voice provided by a user to the standards required by the authentication process.
  • Said standards may relate to the degree of correlation required by the bank between the voice record on file and the voice provided by the user when attempting to authorize and action.
  • Voice authentication may also be referred to as speaker verification when a user seeks to positively confirm that they are who they say they are, and the authentication process comprises comparing a speech sample against a stored voice sample (or a template extracted from such a stored sample) obtained at the time of enrolling a user into the authentication system.
  • Voice authentication may either be text dependent where the same text must be spoken for enrolment and verification or text independent. Both scenarios are based on the recognition that acoustic features of speech vary between individuals as a result of anatomy and learned behavioural patterns. Text dependent voice authentication has the advantage that the chance of successful authentication is increased due to an increased likelihood that the acoustic features of speech will match. That is, text dependent voice authentication has a reduced rate of false negative outcomes to authentication.
  • Varies techniques may be used to compare a voice sample submitted by a user and a stored voice sample. However, each result in a numerical authentication parameter corresponding to a degree of correlation between the samples.
  • authentication parameter may be scaled according to a normalised scale. This degree of correlation may be compared to a predetermined threshold. Based on the results of this comparison, the user is either authenticated or not authenticated.
  • voice authentication has been discussed in detail, it will be appreciated that alternative forms of biometric authentication also result in the establishment of a degree of correlation to determine an authentication parameter that can be compared to a threshold. Adjusting the threshold allows the security of such a biometric process to be controlled.
  • a high threshold may correspond to a high degree of correlation and so a more-secure system, while a low threshold may correspond to a low degree of correlation and so a less-secure system. Due to the fact that biometric authentication is a probabilistic form of
  • a voice sample provided by a legitimate user when authorizing an action is very unlikely to perfectly match the voice sample held by the bank as external and physical factors will influence the scoring algorithms.
  • the degree to which the two may differ can vary, and as such it is entirely possible for a false-negative situation to occur in which a legitimate user fails to authenticate themselves due to the degree of correlation not exceeding the threshold set by the bank. This can be frustrating for the legitimate user.
  • the voice sample of an illegitimate user may match the voice sample of the legitimate user held by the bank such that the illegitimate user is incorrectly authenticated. This occurrence is described as a false- positive, and typically results in fraud perpetrated against the bank.
  • the rate at which false positives and false negatives occur is dependent, at least in part, on the threshold for authentication.
  • a lower threshold or one which requires a lower degree of correlation reduces the number of false-negatives but increases the amount of false-positives. As such, while legitimate user frustration is decreased, fraud is increased. Contrastingly, a higher threshold (requiring a higher degree of correlation) increases the number of false-negatives but decreases the number of false-positives. As such, while legitimate user frustration is increased, fraud is decreased.
  • EER Equal Error Rate
  • the X axis represents the authentication correlation threshold represented on a normalised scale
  • the Y axis represents an error rate.
  • An EER 110 is shown for a false-negative curve 120, corresponding to the number of false-negatives which occur or are predicted to occur for the given threshold value, and a false-positive curve (130), corresponding to the number of false-positives which occur or are predicted to occur for the given threshold value. If the location of the EER 1 10 is also set as the threshold value when implementing the authentication method, there is defined a frustration area 125 and a fraud area 135.
  • the frustration area 125 is the area under the false-negative curve 120 to the left of the threshold
  • the fraud area 135 is the area under the false-positive curve 130 to the right of the threshold.
  • the frustration area 125 relates to the legitimate users of the biometric system who are unable to authenticate themselves.
  • the fraud area 135 relates to fraudulent or illegitimate persons who are able to imitate legitimate users (victims). It should be apparent that to shift the threshold away from the EER 1 10 to higher values would increase the size of the frustration area 125 while decreasing the size of the fraud area 135. Similarly, shifting the threshold away from the EER 1 10 to lower values would decrease the size of the frustration area 125 while increasing the size of the fraud area 135.
  • a low threshold may correspond to a high degree of correlation while a high threshold corresponds to a low degree of correlation.
  • the curves and areas of Figure 1 would be reversed. That is, the false-negative curve becomes the false-positive curve, the false-positive curve becomes the false-negative curve, the frustration area becomes the fraud area and the fraud area becomes the frustration area.
  • the false-negative curve 120 may be substantially different from the false-positive curve 130 (that is, the curves may not be symmetric about the EER).
  • the EER 1 10 may not occur at some average threshold value such as may be implied in Figure 1.
  • a biometric authentication method comprising: receiving biometric authentication data from a user via a communication channel; determining an authentication parameter by comparing the biometric authentication data to stored biometric authentication data;
  • the present invention reduces the false negative rate by comparing authentication data to first and second thresholds, which produces a third result of the authentication method in which further authentication data is requested.
  • Requesting additional authentication data may comprise requesting additional biometric authentication data.
  • the method may further comprise: receiving additional biometric authentication data from a user via a communication channel; determining a second authentication parameter by comparing the biometric authentication data to stored biometric
  • the biometric authentication data or the additional biometric authentication data may comprise voice biometric data or face-recognition biometric data
  • the method may further comprise determining to request additional authentication data from the user if the authentication parameter is between the values of the first and second thresholds.
  • Requesting additional authentication data may comprise requesting at least one of: requesting and receiving the same authentication data through the same
  • Received or stored biometric authentication data may comprise processed data extracted from or a function of biometric authentication data.
  • the processed data may comprise biometric authentication data that has been encrypted or subjected to a cryptographic hash function.
  • the method further comprises setting at least one of the first and second thresholds according to a determined false error rate or a determined false positive rate.
  • the false negative rate may indicate a rate at which it is determined, in error, to refuse to authenticate a user.
  • the false positive rate may indicate a rate at which it is determined, in error, not to refuse to authenticate a user.
  • an authentication server arranged to: receive biometric authentication data from a user via a communication channel; determine an authentication parameter by comparing the biometric authentication data to stored biometric authentication data; compare the authentication parameter to first and second thresholds; and determine, based on the result of the comparison, whether to refuse to authenticate the user, to authenticate the user, or to request additional authentication data from the user.
  • the authentication server may be further arranged to implement the above method.
  • biometric authentication data comprising: receiving biometric authentication data from a user via a communication channel; determining an authentication parameter by comparing the biometric
  • determining the first and second threshold comprises setting one of the first and second thresholds according to one of a currently recorded false negative rate and a currently recorded false positive rate.
  • Setting one of the first and second thresholds according to one of a currently recorded false negative and a currently recorded false positive rate may comprise obtaining information regarding a number of false negatives (or false positives) associated with the current first and second thresholds; and adjusting at least one of the current first and second thresholds based on the obtained information.
  • Setting one of the first and second thresholds may further comprise adjusting at least one of the current first and second thresholds based on information regarding a number of false negatives (or false positives) associated with previously-used first and second thresholds.
  • the information may be obtained by recording information regarding previous performances of the authentication method where a false error or a false positive occurred for the associated first and second thresholds.
  • Another aspect of the invention provides a computer program comprising instructions arranged, when executed, to implement a method in accordance with any one of the above-described aspects.
  • a further aspect provides machine-readable storage storing such a program.
  • Figure 1 graphically shows the proportion of authentication attempts which result in a false-negative or false-positive result for a certain threshold value in a simulated authentication system
  • Figure 2 shows how ranges of threshold values may be allocated to certain zones defined by a first and second threshold in accordance with an embodiment of the present invention
  • Figure 3 shows graphically how a first and second threshold can be used to partition off ranges of thresholds and so modify the proportion of false-negative results for certain threshold values in accordance with an embodiment of the present invention
  • FIG. 4 schematically illustrates an authentication system in accordance with an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a method of performing authentication according to an embodiment of the present invention.
  • the result of an authentication attempt is defined as a degree of correlation or a "score", each of which may be represented by a single value. This value relates to a measure of success of an authentication attempt, where success results in authentication into the authentication system.
  • Embodiments of the present invention intend to decrease or mitigate the rate and volume of false-negatives through application of a technique which may be referred to as "Grey Zone Logic” (GZL).
  • GZL Glass Zone Logic
  • GZL is applied by designating a range of threshold values (or indicators of a degree of correlation, or score values) as a grey zone.
  • This grey zone may be described as non-deterministic, in that an authentication attempt does not pass or fail if the authentication result (or its related degree of correlation or score) corresponds to a score value within the grey zone (that is, the authentication result corresponds to the grey zone).
  • a score value within the grey zone if subjected to conventional authentication processing, may correspond to a pass or a fail: it may fall either side of a single threshold, as shown in Figure 1.
  • GZL is instigated based on predefined contingency rules.
  • the rules may be designed to invoke other methods of authentication that replace the first authentication method, or they may invoke other methods of strong authentication that augment the first authentication method, or they may involve repeated application of the first authentication method.
  • Figure 2 shows how a grey zone may be implemented in an example
  • a false-negative curve 220 and a false-positive curve 230 are shown. Note that there is no requirement as to which curve is which, as evidenced by the lack of axis labels or quantities on the axes of the figure, and so they may be switched.
  • a first threshold 245 and a second threshold 255 are defined, represented in Figure 2 as vertical lines.
  • the first threshold has the effect of defining a first area 240, which encompasses the area to the left of the first threshold 245 of Figure 2.
  • the second threshold has the effect of defining a second area 160, which encompasses the area to the right of the second threshold 255 Figure 2. Between the two thresholds is defined a third area known hereafter as the grey zone 250.
  • the existence of the grey zone 250 relies on the first threshold 245 being distinct from the second threshold 255.
  • first threshold 245 and the second threshold 255 are not strict and the terms could easily be swapped between the two vertical lines in Figure 2. That is, noting the EER 210 of Figure 2, there is no requirement for the first threshold 245 to be located to the left of the EER 210 and there is no requirement for the second threshold 255 to be located to the right of the EER 210. The same considerations apply to the designated first area 240 and second area 260.
  • the first area 240 may be used to define a fail zone.
  • the first area 240 would therefore span a range of score values which are considered to correspond to failed authentication attempts. That is, if an authentication result score corresponds to a score value within the first area 240, then the associated authentication attempt has failed.
  • the second area 260 may therefore be used to define a pass zone.
  • the second area 260 would therefore span another range of score values which are considered to correspond to passed authentication attempts. That is, if an authentication result score corresponds to a score value within the second area 260, then the associated
  • the first area 240 and the second area 260 are defined as the fail zone and pass zone respectively.
  • the first area 240 may be defined as the pass zone and the second area 260 may be defined as the fail zone instead.
  • the false-negative curve 220 and the false-positive curve 230 are defined differently to the above.
  • the first threshold 245 and the second threshold 255 have been defined such that the grey zone 250 is located about the EER 210. It should be noted that this is merely one disposition of the grey zone 250 and that there is no requirement for the grey zone 250 to relate to the position of the EER 210 or even to either of or both of the false-negative curve 220 and false-positive curve 230. That is, a grey zone may be defined independently of other factors in the authentication system, or the disposition of the grey zone may rely on one or more factors in the authentication system. The location of a singular threshold and the grey zone will now be discussed with reference to Figure 3 and Figure 4.
  • threshold scores where the error caused by either false-negatives or false-positives is essentially 100%. As may be expected, these threshold scores also correspond to essentially 0% error caused by false-positives or false-negatives respectively.
  • a single threshold 110 is defined in Figure 1 and is located at the EER of the authentication system. At this point, the errors caused by false-negatives and false- positives is approximately 6% each, resulting in a total error of approximately 12%. For the specific authentication system giving rise to the results shown in Figure 1 , this can be viewed as providing the most efficient system. That is, adjusting the threshold 1 10 to the left or to the right will not decrease the total amount of error to lower than 12%. For example, shifting the threshold 1 10 to a threshold value of O.4' would result in a combined error of approximately 22%. Figure 1 therefore demonstrates the limitations of a system utilizing only a single threshold.
  • FIG 3 this is a graphical representation of an embodiment of the present invention wherein a first threshold 310 and a second threshold 320 have been defined for an authentication system similar to that giving rise to the results of Figure 1.
  • the first threshold 310 has been defined near the threshold value of ⁇ .2'. This is located to the left of the EER value shown in Figure 1 , which was located at a threshold value of approximately ⁇ .3'.
  • the second threshold 320 has been defined near the threshold value of approximately O.575'. This is located to the right of the EER value shown in Figure 1.
  • the grey zone 330 extends around the EER to different extents than that shown in Figure 2, demonstrating the configurability of the present invention.
  • the first threshold 310 and the second threshold 320 also serve to define a fail zone and a pass zone.
  • the area to the left of the first threshold 310 may be defined as the fail zone
  • the area to the right of the second threshold 320 may be defined as the pass zone.
  • Authentication attempts corresponding to authentication results which fall into the fail zone or pass zone are, respectively, failed or passed.
  • DCP Dynamic Contingency Processing
  • the first threshold 310 (or the low-boundary of the grey zone 330) is located at the point (threshold score value) where the error related to false-negatives is approximately zero, or just begins to exceed zero (or just before it begins to exceed zero).
  • Said contingency rule may require further authentication from a user, using a separate of the same authentication system. In this manner, a genuine or legitimate user may be authenticated while a fraudulent or illegitimate user is not authenticated.
  • the false-negative curve is truncated at the second threshold 410 to reflect that false-negatives are now unlikely to occur in this system.
  • a legitimate user may still not be authenticated if they perform an authentication attempt where the authentication result corresponds to a very low threshold score, that is, one that does not exceed even the first threshold 310.
  • authentication result may occur if, to use the example of a voice-based system, the user making the authentication attempt is unwell or if there is a fault with the voice detection apparatus. Certain embodiments of the present may completely eliminate the problem of false-negatives in authentication systems, though the present invention is not limited to complete elimination. While shifting the first threshold 4310 to a lower threshold score (and so diverging from the DCP model) will enable these very low score legitimate
  • the second threshold 320 (or the high-boundary of the grey zone 330) may be located at the point where the error related to false-positives is approximately zero, or begins to exceed zero.
  • the method aims to pass as many legitimate user authentication attempts as possible without passing any illegitimate users. That is, by identifying a threshold score value above which it is unlikely that a false-positive will occur, the second threshold 320 can be set such that all authentication results corresponding to scores above this value are passed.
  • a threshold setting which corresponds to a particular value (for example: 1 %, 2%, 5% etc.) representing an acceptable (or, at least, tolerated) proportion of authentication attempts which result in a false negative or false positive situation.
  • This threshold setting or value may be identified through simulations of similar authentication systems which do not employ DCP, or from other recorded data.
  • first threshold 310 or the second threshold 320 may be defined as described above when using DCP. That is, DCP may be used to define only one of the two thresholds, allowing the other threshold to be defined separately in another manner. This would allow, to use an example as described above, the second threshold 320 to be set at an even higher value resulting in a stricter system in which fewer authentication attempts will be located in the pass zone and more in the grey zone.
  • At least one of the thresholds could be defined in a dynamic manner. For example, if the authentication system is configured to record data corresponding to the number of false-positives and false-negatives that occur (this may be a real authentication system which is in use as opposed to further simulations) then this data could be incorporated into deciding where the thresholds are located. This data may additionally take into account times of day, amount of user authentication attempt, location of a user making an authentication attempt etc. Additionally, this data may be used in combination with DCP such that the first threshold and the second threshold are dynamically set according to the number of false-negatives and false-positives recorded by the
  • this may be accomplished by requiring the system to lower the first threshold whenever a false-negative is recorded and raise the threshold whenever a false-positive is recorded (to use the example of Figure 1 where higher threshold values reflect larger proportions of false-negatives).
  • Setting one of the first and second thresholds in this manner may comprise obtaining recorded data for false negative or false positive rates for a current first threshold and second threshold (that is, the currently-defined grey zone), and adjusting one of the current first threshold and second threshold according to the obtained recorded data.
  • setting one of the first and second thresholds may also comprise taking into account data which was previously recorded for other first and second thresholds (that is, previously-defined grey zones).
  • Dynamically setting at least one of the first and second thresholds in combination with DCP may thereby allow dynamic modification of the extent of the grey zone. That is, the upper and lower boundaries of the grey zone may be adjusted according to the numbers of false negative and/or false positives occurring certain first and second thresholds.
  • This tuning of the grey zone - which may occur continuously (that is, the dynamic setting may occur in the background by monitoring for any new false positive or false negative occurrences and altering a threshold as appropriate) - can allow for control of the number of additional or secondary authentication attempts which may result from authentication parameters from otherwise-legitimate or otherwise-fraudulent authentication attempts falling within the grey zone. That is, the burden on the system resulting from these additional authentication attempts may be relieved, albeit in a manner which still aims to reduce at least one of the false negative rate and the false positive rate.
  • the recorded data may be from known instances where a false negative is determined to have occurred.
  • a false negative may be determined to have occurred if additional authentication data is requested from a user, and it is determined to authenticate the user on the basis of this additional authentication data. That is, in this instance, the user, although being legitimate according to the additional authentication data, was not authenticated on the basis of the authentication data they initially provided, indicating that the relevant threshold may have been set too high.
  • an occurrence of a false negative may be recorded as a result of feedback from a legitimate user.
  • the recorded data may also be from known instances where a false positive has occurred.
  • a false positive may be determined to have occurred if it is determined that fraudulent activity occurred in association with a successful authentication attempt.
  • the skilled person will appreciate how fraudulent activity may be determined to occur, whether by manual reporting on the part of a legitimate user, automatic detection by a monitoring system, or some other suitable means.
  • the recording of a certain number of false-negatives or false- positives may be required before any changes to the first threshold or second threshold occur.
  • the authentication system may comprise an authentication server 400 and a user 402.
  • the server 400 is arranged to compare the received authentication data to stored authentication data and to determine a degree of correlation, which is then compared to first and second thresholds as discussed above.
  • the authentication server 400 may determine that additional authentication data is required, and may send a request to the user for additional information either across the first communication channel 404 or across a second communication channel 406. Alternatively, a message indicating successful or unsuccessful authentication may be sent.
  • the user's biometric authentication data may be transmitted indirectly from the user to the server.
  • biometric authentication is used to secure access to a financial transactions server
  • the user may communicate only with the financial transactions server which may forward biometric authentication data to the authentication server.
  • the authentication server may in return send the result of the authentication or any request for additional authentication data via the financial services server.
  • the server receives biometric authentication data from a user.
  • the server retrieves stored biometric authentication data. This may be locally stored or it may be retrieved from another server (not shown in Figure 4).
  • the received and stored biometric authentication data may comprise raw authentication data.
  • voice authentication this may comprise raw audio recordings.
  • the raw authentication data is not stored. Instead, a processed version of the authentication is stored, which may take the form of a voice print in which data which uniquely characterises a user's voice is retained.
  • voice print data may be stored in an encrypted form or subjected to a one way hash to avoid the risk of a user's voice print being compromised.
  • processing to generate characterising data and/or encrypting or hashing may be performed before transmission to the server.
  • the received biometric authentication data and the stored biometric authentication data are compared to determine an authentication parameter.
  • the authentication parameter is compared to a first threshold, and if the authentication parameter is below the first threshold then the authentication is refused at step 508.
  • the authentication parameter is compared to a second threshold. If the authentication parameter is above the second threshold then the user is authenticated at step 512.
  • additional authentication data is requested from the user.
  • this may comprise the same type of biometric authentication data as the original authentication data, or it may be any other type of authentication data.
  • voice authentication it may be that the user is requested to provide another sample of the same word or phrase, or a different word or phrase.
  • increased security is achieved by requesting additional authentication data across a different channel to the originally used channel.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Acoustics & Sound (AREA)
  • Software Systems (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé d'authentification biométrique. Ce procédé comprend les étapes consistant à recevoir des données d'authentification biométrique d'un utilisateur par l'intermédiaire d'un canal de communication et à déterminer un paramètre d'authentification par comparaison des données d'authentification biométrique avec des données d'authentification biométrique enregistrées. Le paramètre d'authentification est comparé avec un premier et un deuxième seuil. D'après le résultat de la comparaison, l'authentification de l'utilisateur est refusée, l'utilisateur est authentifié ou des données d'authentification supplémentaires sont demandées à l'utilisateur. L'invention concerne également un serveur d'authentification conçu pour mettre en œuvre ce procédé.
PCT/GB2015/051915 2014-07-02 2015-06-30 Procédé et serveur d'authentification biométrique Ceased WO2016001657A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1411824.4 2014-07-02
GB1411824.4A GB2528040A (en) 2014-07-02 2014-07-02 Authentication method and server

Publications (1)

Publication Number Publication Date
WO2016001657A1 true WO2016001657A1 (fr) 2016-01-07

Family

ID=51410541

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2015/051915 Ceased WO2016001657A1 (fr) 2014-07-02 2015-06-30 Procédé et serveur d'authentification biométrique

Country Status (2)

Country Link
GB (1) GB2528040A (fr)
WO (1) WO2016001657A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3422253A1 (fr) * 2017-06-28 2019-01-02 Toyota Jidosha Kabushiki Kaisha Dispositif et procédé d'authentification
CN112086099A (zh) * 2019-06-14 2020-12-15 上海观轶教育科技有限公司 一种留学生教学指导管理系统及方法
WO2021239239A1 (fr) * 2020-05-28 2021-12-02 Irdeto B.V. Authentification biométrique utilisant deux seuils

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7007298B1 (en) * 1999-03-12 2006-02-28 Fujitsu Limited Apparatus and method for authenticating user according to biometric information
EP1645990A2 (fr) * 2004-10-08 2006-04-12 Fujitsu Limited Dispositif, procédé et produit logiciel pour la vérification de données biométriques
US20070136792A1 (en) * 2005-12-05 2007-06-14 Ting David M Accelerating biometric login procedures
US20080209227A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation User Authentication Via Biometric Hashing

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5040223A (en) * 1988-02-17 1991-08-13 Nippondenso Co., Ltd. Fingerprint verification method employing plural correlation judgement levels and sequential judgement stages
JP4321944B2 (ja) * 2000-04-27 2009-08-26 富士通株式会社 生体情報を用いた個人認証システム
US20080298647A1 (en) * 2005-04-08 2008-12-04 Us Biometrics Corporation System and Method for Identifying an Enrolled User Utilizing a Biometric Identifier
JP4743053B2 (ja) * 2006-09-06 2011-08-10 ヤマハ株式会社 生体認証装置、生体認証方法およびプログラム
US8095368B2 (en) * 2008-12-04 2012-01-10 At&T Intellectual Property I, L.P. System and method for voice authentication over a computer network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7007298B1 (en) * 1999-03-12 2006-02-28 Fujitsu Limited Apparatus and method for authenticating user according to biometric information
EP1645990A2 (fr) * 2004-10-08 2006-04-12 Fujitsu Limited Dispositif, procédé et produit logiciel pour la vérification de données biométriques
US20070136792A1 (en) * 2005-12-05 2007-06-14 Ting David M Accelerating biometric login procedures
US20080209227A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation User Authentication Via Biometric Hashing

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3422253A1 (fr) * 2017-06-28 2019-01-02 Toyota Jidosha Kabushiki Kaisha Dispositif et procédé d'authentification
CN109145550A (zh) * 2017-06-28 2019-01-04 丰田自动车株式会社 认证装置及认证方法
US11042614B2 (en) 2017-06-28 2021-06-22 Toyota Jidosha Kabushiki Kaisha Authentication device and authentication method
CN112086099A (zh) * 2019-06-14 2020-12-15 上海观轶教育科技有限公司 一种留学生教学指导管理系统及方法
WO2021239239A1 (fr) * 2020-05-28 2021-12-02 Irdeto B.V. Authentification biométrique utilisant deux seuils
US11403381B2 (en) * 2020-05-28 2022-08-02 Irdeto B.V. Biometric authentication
CN115552489A (zh) * 2020-05-28 2022-12-30 爱迪德技术有限公司 使用两个阈值的生物识别认证
KR20230016668A (ko) * 2020-05-28 2023-02-02 이르데토 비.브이. 2개의 임계치들을 사용한 생체 인증
KR102766701B1 (ko) * 2020-05-28 2025-02-14 이르데토 비.브이. 2개의 임계치들을 사용한 생체 인증

Also Published As

Publication number Publication date
GB201411824D0 (en) 2014-08-13
GB2528040A (en) 2016-01-13

Similar Documents

Publication Publication Date Title
US10777030B2 (en) Conditional and situational biometric authentication and enrollment
US11562363B2 (en) Hardware and token based user authentication
US9704051B2 (en) Method and system for verifying identities
US20210089635A1 (en) Biometric identity verification and protection software solution
US10396985B1 (en) Federated identity management based on biometric data
US10715520B2 (en) Systems and methods for decentralized biometric enrollment
JP4578244B2 (ja) 携帯型データ記憶媒体を使って安全な電子取引を実行する方法
US7690032B1 (en) Method and system for confirming the identity of a user
US8368510B2 (en) Biometric authentication and verification
JP5285432B2 (ja) 署名検証のためのローリング登録の方法及び装置
US9160522B2 (en) System and method for verifying the identity of an individual by employing biometric data features associated with the individual
JP5676592B2 (ja) 参照点を使用した及び使用しない頑強なバイオメトリック特徴抽出
WO2016001657A1 (fr) Procédé et serveur d'authentification biométrique
JP2011118561A (ja) 個人認証装置及び個人認証方法
KR101740574B1 (ko) 확인자의 자필 서명을 이용한 개인 인증 방법 및 이를 활용한 핀테크 시스템
EP2254093A1 (fr) Procédé et système pour confirmer l'identité d'un utilisateur utilisant l'arrière-plan de l'invention
US20160080151A1 (en) Systems and Methods of Authentication of Communications
Raina Integration of Biometric authentication procedure in customer oriented payment system in trusted mobile devices.
US20240236088A1 (en) Method and electronic system for authenticating a subject by means of the assistance of the eyes
JP2005107668A (ja) 生体認証方法及びプログラム並びに装置
Trevathan et al. Online payments using handwritten signature verification
Hung et al. An Enhanced security for government base on multifactor biometric authentication
Basera et al. Mitigating Security Threats in Cloud Biometric Authentication Through a Privacy Preserving Multi Modal Biometric Cryptography Based System for Secure Identification
Bhandari et al. Advanced Security through Biometric Systems and Reporting Techniques
CA2681848A1 (fr) Methode et systeme de confirmation de l'identite d'un utilisateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15736582

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15736582

Country of ref document: EP

Kind code of ref document: A1