The invention relates to training biometric authentication systems. More specifically, the invention relates to selecting an adequate number of training samples to achieve a desired level of authentication performance, and evaluating the level of authentication performance that may be expected from a set of training samples.
Biometric identification and authentication systems measure physical and/or behavioral characteristics of a person and compare the characteristics to an earlier-prepared sample or “template” to determine whether the measurements were taken from the same person. This determination can be used to control access to tangible or intangible assets and resources on a per-person basis. Other systems based on a physical or informational key (e.g. an actual key, an electronic identification card, or a password) cannot restrict access to a particular person, since the person can transfer the key or password to someone else.
The measurements taken by a biometric system typically vary slightly at each measurement, so the comparison process must accommodate such slight variances. The accuracy of a biometric identification is inversely proportional to the amount of variability tolerated in a set of measurements: if more variability is permitted in measurements, then it becomes easier for an impostor to fool the system. On the other hand, as the permissible variability is reduced, legitimate users are more likely to be rejected due to normal measurement variances. Two key metrics describing the performance of a biometric identification system are the false reject ratio (“FRR” or “α,” the probability of legitimate user erroneously being rejected as an impostor), and the false accept ratio (“FAR” or “β,” the probability of an impostor erroneously being identified as a legitimate user). Administrators of biometric identification systems often tune the system's parameters to achieve a FAR and FRR that balance the security requirements of the resource protected by the system against the inconvenience to legitimate users of erroneous rejections.
One difficulty encountered in operating a biometric identification system is that of enrolling users into the system. Because of the previously-mentioned measurement variances, many systems require a new enrollee to provide a large number of measurement samples so the system can build a template that will permit accurate identifications later. Providing many samples can be tedious or inconvenient for the new user. Formal methods of evaluating samples to determine when “enough” have been collected, and of estimating identification performance that may be expected given a set of samples, may improve the usefulness and convenience of biometric identification systems.
Embodiments are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings in which like references indicate similar elements. It should be noted that references to “an” or “one” embodiment in this disclosure are not necessarily to the same embodiment, and such references mean “at least one.”
This disclosure presents an analysis of variance-based methods to estimate the number of samples required to achieve a desired level of discriminative performance from a biometric-measurement-based identification system. Formal mathematical methods are used to explain the operation of systems and methods according to embodiments of the invention.
For concreteness, the following discussion will focus on keystroke or typing rhythm patterns as the biometric measurement source. However, it will be apparent to those of ordinary skill in the relevant arts that the methods discussed here can be applied to other biometric measurements, such as fingerprint images, hand geometry measurements, voice recordings, iris and retina patterns, and other similar data.
Note that typing a multi-character string once results in the generation of a plurality of timing measurements. In this disclosure, a single “biometric measurement” is considered to be a plurality of scalar quantities. It is convenient to think of a biometric measurement as a vector. In accordance with common academic practice, vectors will be indicated by bold, upper-case letters (e.g. “Y”), while the scalar quantities that make up a vector are indicated by subscripted, upper-case, italic letters (e.g. “Y1”). One of a plurality of biometric measurements will be indicated as a subscripted vector (e.g. “Y2”). One scalar quantity out of a plurality of biometric measurement vectors will be indicated as “Yij” (the jth scalar quantity of ith the biometric measurement vector).
Biometric measurement values are modeled as
Yij=μj+εij Eq. 1
where 1≦i≦n (the number of independent biometric measurements collected) and 1≦j≦m (the number of scalar elements in each biometric measurement). μj is the mean of the jth element, and εij is an error random variable with a mean of zero. μj can be rewritten as μ+τj, where μ is a constant and τj represents the positive or negative deviation of the jth measurement from this constant. Thus, we have
Yij=μ+τj+εij Eq. 2
A simplifying assumption used here is that εij are mutually independent.
Further comments regarding notation: dot (e.g. “Y•j”) means “add over all the values of the subscript replaced with a dot,” and the bar (e.g. “
The mean of each measurement element in a sequence of biometric measurement vectors may be different. For example, consider the vectors obtained by recording key press times while a user types the password “Gamma 3” several times. These times are shown in Table 1 (all in milliseconds):
The table shows that the “G” key is struck, on average, 147.20 ms after the “shift” key, and the first “a” keystroke occurs, on average, 204.80 ms after the “G.” (The first column, “shift,” is blank because that key is the first key struck and serves only to mark the beginning of a trial.) Elements of other vectors of biometric measurements will also, in general, have different means. However, if the measurements are transformed as:
the measurements may be dealt with as random variables of zero mean and unit variance (standard normal variables). This transformation can be thought of as shifting the means of corresponding measurements to coincide at zero, and scaling the samples so that the variance of each set of corresponding samples is one. Thus transformed, the measurements can be treated more uniformly. For example, an estimate of sum of squares for errors is given by
and an estimate of mean square for error is given by
Similarly, the sum of squares of measurement elements is given by
and the mean square measurement is
With these quantities defined, we can derive the upper confidence limit for σ2 as
where χm−n,1−α2 is the percentile of the chi-squared distribution with probability of 1−α in the right-hand tail, because
follows the χ2 distribution. Replacing SSE by its observed value ssE (Eq. 4) gives a one-sided 100(1−α) % confidence bound for σ2:
This is the upper bound for the error (ε) variance.
This result is significant because it relates an important variable describing biometric identification system performance (α) to the samples collected while enrolling a new user. Thus, it becomes possible to answer the questions, “given the samples collected, how can the system be expected to perform?” And conversely, “are the samples that have been collected consistent enough to achieve a desired level of performance?”
It is also possible to calculate the number of (additional) biometric measurements likely to be required to achieve target values for false reject ratio (“FRR” or “α”) and false accept ratio (“FAR” or “β”), given the variance (σ2) of the samples already collected. Let Π(Δ)=(1−β) denote the power of the F-test at Δ, which is the probability of rejecting a hypothesis H0={τ1, . . . τm} when at least two of the elements differ by Δ. Thus for given values of Δ, Π(Δ), m, and α, and variance σ2 of the data being collected, we can calculate how many more samples are needed.
Given a hypothesis H0 against HA: {at least two τjs differ} is given by reject H0 if
If the null hypothesis is correct then
has an F distribution, but if the null hypothesis is incorrect then
has a non-central F distribution Fm−1,n−m,δ
where
Q(τj)=Σiri(τi−Σhrhτh/n)2/(m−1) Eq. 11
Thus, when Q(τj)=0 then δ2=0 and the distribution of
becomes the usual F-distribution. If δ2>0 then the mean and spread of the distribution of
are larger then the usual F-distribution. For equal sample sizes
Now let μ+τ2=μ+τ3= . . . =μ+τm−1=c and
some constant c, then
The power of the F-test depends on the sample size r through the distribution of
which depends on δ2. Since the power of the F-test is the probability of rejecting H0, we have
The noncentral F can be found from standard tables of F distribution, which are tabulated with power Π given as a function of
for various values of v1=m−1 and v2=n−m and α. Now,
(substituting the value of δ2 from Eq. 12), so
r is the result of interest: it is the estimated number of biometric samples required to enroll the user to an expected level of accuracy. Practical implications of this result include that more samples should be collected if the number of samples collected so far is less than r. Also, the form of the equation confirms the intuitive hypotheses that the higher the variation σ2 in the collected samples, the more samples will be required, and that the larger the value of Δ, the fewer samples will be needed.
Listing 1 shows an pseudo-code implementation of an algorithm for finding the required sample size given the variance of the already-collected samples and other parameters:
Listing 1
The following paragraphs work a concrete example of an embodiment of the invention that uses keystroke latency timings (key-(o-key delays as described above). The user is typing the string “phoha” to enroll. Nine samples were collected (raw data is shown in Table 2, and normalized latencies shown in Table 3) but, as the following calculations will show, only three are needed (so, using an embodiment of the invention, the sample collection could have terminated after collecting the third sample). A computation will also be shown using only the first three latencies (as if the user had only typed “phoh”) to show the effect of a shorter biometric vector.
Table 4 shows the results of calculating ssE as described in relation to Eq. 4. No values are shown in the upper and left cells because a minimum of two samples (each with at least two normalized latencies) are required to decide whether more samples are required.
Table 5 gives the corresponding values for msE, which are computed as ssE/(m−n) (Eq. 5) (blank rows and columns have been omitted); and the corresponding values of Chi-squared (χ2) (from statistical tables) are given on the right.
Table 6 gives the upper bound for σ2 at 95% confidence level obtained by
With these foundational statistics computed, we proceed to calculate an estimate of the number of samples required to enroll the user successfully. This estimate is first computed after the second sample is collected, and may be re-computed after each additional sample, until the estimate is less than or equal to the total number of samples already in hand. In these calculations, we choose Δ=2σ (that is, if the variation is more than the 2σ of the already-collected samples then we need to take more samples). Since the data is standardized (i.e. σ=1), Δ=2.0.
The estimate is given by Equation 14, reproduced here for convenience:
m is 4 because there are four latencies measured as the user types “phoha”: p-to-h, h-to-o, o-to-h, and h-to-a. σ2 is 1.846536747 (from Table 6) and Δ2 is 4 (because Δ was chosen to be 2.0).
Now, statistical tables of the power of the F-test, Π(Φ) are consulted to find the value for Φ. Those tables require values for v1, the number of degrees of freedom, which in this case is simply m−1 or 3; α; and v2. We look for the desired power of the test (its discriminative power) and read off the corresponding value for Φ at the column head. As described in the algorithm of Listing 1, we begin with a large value for v2 and successively approximate r by setting v2 for the next iteration to m(rprevious−1) until r converges to a stable value or oscillates between two values (in the latter case, we select the smaller of the two values). Table 7 shows the power of the F-test for v1=3 and α=0.01:
For the first iteration, we calculate
Then, looking up the value for Φ that corresponds to our initial choice of v2=1000, power of the test=0.99 (highlighted triple border), we find Φ=2.67 (bold). Substituting, we obtain
or rounding to the nearest integer larger (because it is not possible to take a fraction of a biometric sample), 27.
For the next iteration, we set
then, interpolating from the values in Table 7 since there is no row for v2=104, we might estimate a value for Φ of 2.95. This gives a second iteration result of r=32.20, and v2 of 132. Estimating Φ=2.98 gives r=32.85, and v2 of 132. Since r has converged at 33, we estimate that—based on the two samples collected—a total of 33 samples will be required.
After collecting the next sample, however, we find that the variance σ2 is 0.428004072 (Table 6). By repeating the iterative algorithm of Listing 1, we find that our estimate of samples required has dropped significantly, to only eight. The values of v2, Φ and r that occur during the processing of the third sample are shown in Table 8:
As the sample collection progresses, σ2 keeps shrinking because the typist is quite consistent, and after the fifth sample is obtained, the method indicates that “enough” samples have been collected. Table 9 shows the iterations performed for the fourth and fifth samples:
Repeating these calculations for the σ2 values in the second column of Table 6 (i.e. the values that apply if the shorter string “phoh” was being typed, m=3, v1=2) we see that the estimates of samples required goes from 47 to 11 to 6 to 5, and the method indicates that “enough” samples have been collected after the fifth sample. Table 10, which follows the layout of Table 9, shows how the estimated number of samples required changes after each sample is collected. Note that the value for Φ must be looked up in a different table (i.e. not Table 7) because m and v1 are different in this example. The corresponding table for the power of the F-test for v1=2, α=0.01 is not reproduced here, but may be found in many statistics reference books.
Note that in processing the fourth and fifth samples above, the iterative algorithm began oscillating between two values. The smaller of the two was selected in each case. Thus, after the fourth sample, 5.79 samples (rounded to six samples) were estimated to be required, while after the fifth sample, only 4.37 (5) samples were estimated to be required. Since five samples had already been collected, the enrollment process could have stopped.
This method uses the variability in a user's keystroke patterns with desired FAR and FRR to arrive at sampling decisions. In an experiment with 43 users, this method resulted in sample size of six for 75% of the users and sample sizes varying from three to nine for rest of the users. In this user population, a prior-art system would require at least nine samples from each user to be certain of successfully enrolling every user. However, by evaluating samples collected on the fly according to an embodiment of this invention, the majority of users could have enrolled with fewer samples.
The methods described above relate the number of biometric samples needed to achieve desired FRR and FAR ratios with the length of the number of characters needed in a password for keystroke authentication system. An algorithm based on this method can give an indication to give a user feedback on when he may stop giving biometric samples for authentication.
An embodiment of the invention can be implemented on a data processing system like the one shown in block-diagram form in
A display 360 may be provided to present instructions, messages and other information to a user (not shown). Software instructions stored in memory 310 and executed by CPU 305, dedicated hardware circuitry, or a combination of hardware and software may be used to implement functions such as control logic 365 to coordinate the activities of other subsystems and peripherals; biometric data collector 370 to operate a peripheral and take biometric measurements; statistics module 375 to analyze the collected biometric measurements according to the methods described earlier; and database 380 to store biometric templates constructed after user enrollment. Once a user has been enrolled, access control logic 385 may compare biometric data collected from a prospective user and compare it with a template stored in database 380 to decide whether the prospective user should be granted access to a resource controlled by the system (not shown).
An embodiment of the invention may be a machine-readable medium having stored thereon instructions which cause a programmable processor to perform operations as described above. In other embodiments, the operations might be performed by specific hardware components that contain hardwired logic. Those operations might alternatively be performed by any combination of programmed computer components and custom hardware components.
A machine-readable medium may include any mechanism for storing or transmitting information in a form readable by a machine (e.g., a computer), including but not limited to Compact Disc Read-Only Memory (CD-ROM), Read-Only Memory (ROM), Random Access Memory (RAM), and Erasable Programmable Read-Only Memory (EPROM).
The applications of the present invention have been described largely by reference to specific examples and in terms of particular allocations of functionality to certain hardware and/or software components. However, those of skill in the art will recognize that evaluation of biometric samples for their discriminative power can also be achieved by software and hardware that distribute the functions of embodiments of this invention differently than herein described. Such variations and implementations are understood to be captured according to the following claims.
The application is a continuation of U.S. patent application Ser. No. 12/868,657, filed Aug. 25, 2010 which is a continuation of U.S. patent application Ser. No. 11/503,427, filed Aug. 10, 2006 issued as U.S. Pat. No. 7,809,170 on Oct. 5, 2010.
Number | Name | Date | Kind |
---|---|---|---|
4685140 | Mount, II | Aug 1987 | A |
4805222 | Young et al. | Feb 1989 | A |
5056141 | Dyke | Oct 1991 | A |
5208869 | Holt | May 1993 | A |
5491698 | Patel et al. | Feb 1996 | A |
5557686 | Brown et al. | Sep 1996 | A |
5617490 | Kume et al. | Apr 1997 | A |
5806030 | Junqua | Sep 1998 | A |
6591224 | Sullivan et al. | Jul 2003 | B1 |
7167583 | Lipson et al. | Jan 2007 | B1 |
7336814 | Boca et al. | Feb 2008 | B2 |
7409371 | Heckerman et al. | Aug 2008 | B1 |
7493340 | Rui | Feb 2009 | B2 |
20020081033 | Stentiford | Jun 2002 | A1 |
20020184019 | Hartley et al. | Dec 2002 | A1 |
20030212544 | Acero et al. | Nov 2003 | A1 |
20040053242 | Volker et al. | Mar 2004 | A1 |
20040091136 | Dombrowski | May 2004 | A1 |
20040193019 | Wei | Sep 2004 | A1 |
20040236573 | Sapeluk et al. | Nov 2004 | A1 |
20050102665 | Barta et al. | May 2005 | A1 |
20050180547 | Pascovici | Aug 2005 | A1 |
20050265618 | Jebara | Dec 2005 | A1 |
20060018523 | Saitoh et al. | Jan 2006 | A1 |
20060074656 | Mathias et al. | Apr 2006 | A1 |
20060173673 | Jeong et al. | Aug 2006 | A1 |
20060287856 | He et al. | Dec 2006 | A1 |
20070174308 | Rausch | Jul 2007 | A1 |
20070177773 | Hu et al. | Aug 2007 | A1 |
20070180261 | Akkermans et al. | Aug 2007 | A1 |
20070203707 | Carus et al. | Aug 2007 | A1 |
20070217676 | Grauman et al. | Sep 2007 | A1 |
20070241861 | Venkatanna et al. | Oct 2007 | A1 |
Entry |
---|
Louisiana Tech University, Final Office Action mailed Feb. 11, 2011 for U.S. Appl. No. 12/868,657., 25 pages. |
Louisiana Tech University, Non Final Office Action mailed Dec. 7, 2010 for U.S. Appl. No. 12/868,657. |
Penn State Research Foundation, et al., Non final office action dated Jan. 14, 2010 for U.S. Appl. No. 11/503,427. |
Penn State Research Foundation, Final office action dated May 24, 2010 for U.S. Appl. No. 11/503,427. |
Number | Date | Country | |
---|---|---|---|
20110222741 A1 | Sep 2011 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 12868657 | Aug 2010 | US |
Child | 13111919 | US | |
Parent | 11503427 | Aug 2006 | US |
Child | 12868657 | US |