2 THE PATENTS ACT, 1970

4 downloads 13 Views 274KB Size Report
CLOUD BASED USER AUTHENTICATION USING 3-D SIGNATURE- .... facial or voice traits and a multi-layered digital signature pad for the restricted user to ...

FORM - 2 THE PATENTS ACT, 1970 (39 OF 1970) THE PATENTS RULES, 2003

COMPLETE SPECIFICATION (Section 10; rule 13)

1. TITLE OF THE INVENTION CLOUD BASED USER AUTHENTICATION USING 3-D SIGNATUREBIOMETRIC FUSION

2. APPLICANTS Applicants Name

Nationality

Address

Hindustan

Hindustan Institute of Technology

Institute of

and Science

Technology and

INDIAN

Science

P.O. No.1, Rajiv Gandhi Salai (OMR), Padur, Kelambakkam, Chennai, Tamilnadu, 603 103. Dr. P.M. Rubesh Anand, Associate Professor, Department of ECE,

Dr. P.M. Rubesh Anand

INDIAN

Hindustan Institute of Technology and Science P.O. No.1, Rajiv Gandhi Salai (OMR), Padur, Kelambakkam, Chennai, Tamilnadu, 603 103.

FORM - 5 THE PATENTS ACT, 1970 (39 OF 1970) THE PATENTS RULES, 2003

DECLARATION AS TO INVENTORSHIP [Section 10(6) and rule 13(6)]

1. NAME OF THE APPLICANTS 1. Hindustan Institute of Technology and Science 2. P.M. Rubesh Anand 3. Dr. Gaurav Bajpai We hereby declare that the true and first inventors disclosed in the complete specification are NAME

Dr. P.M. Rubesh Anand

NATIONALITY

Indian Dr. P.M. Rubesh Anand, Associate Professor, Department of ECE,

ADDRESS

Hindustan Institute of Technology and Science P.O. No.1, Rajiv Gandhi Salai (OMR), Padur, Kelambakkam, Chennai, Tamilnadu, 603 103. Email: [email protected]

NAME

Dr. Gaurav Bajpai

NATIONALITY

Indian

ADDRESS

Dr. Gaurav Bajpai, Head of the Department,

Department of Computer Engineering and Information Technology, College of Science and Technology, University of Rwanda, B.P. 3900, Kigali, Rwanda, Central Africa.

CLOUD BASED USER AUTHENTICATION USING 3-D SIGNATUREBIOMETRIC FUSION

FIELD OF INVENTION

[001] The present invention generally relates to Authentication and Access Control systems. The present invention more specifically relates to an intelligent fusion mechanism that employs both biometric and a 3-D handwritten signature data to validate and authenticate the user.

BACKGROUND OF THE INVENTION

[002] The advancement in computer technology has made the financial and administrative works easier. In order to allow only the appropriate persons to access secure data, the authentication system needs to be very reliable and secure. In the biometric techniques, the physiological identification is based on the biological individuality of users, like, fingerprint, face, hand geometry, retina and iris. The behavioral identification considers voice or handwritten signature.

[003] The circumvention in uni-modal biometric recognition systems exhibit the ways of deceiving the system by fraudulent methods are of main concern in security and privacy. The well-trained imposters perform higher attempt to forge a particular biometric trait in the uni-modal biometric systems. Improving the method of analysis and tightening the threshold for recognition reduces the issue of circumvention but instead, they will increase the false rejection rate and failure to enroll rate.

[004] Therefore, there exists a need to develop a system that uses multibiometric traits working in serial with suitable fusion method to decide upon the credentials of the individual under question. The multimodal biometric

security model considering 3-D handwritten signature biometrics is the solution for efficient authentication against expert forgers. The model deals with three phases for identification, verification and decision. The first phase employs physiological biometric traits for identification, second phase uses 3-D handwritten signature for verification, the third phase decides from the fusion of the obtained matching scores compared with the threshold value. The fusion of physiological and behavioral biometrics is preferred to enhance the decision criteria for minor variations during the acquisition of the biometric traits.

SUMMARY OF THE INVENTION

[005] The following summary is provided to facilitate a clear understanding of the new features in the disclosed embodiment and it is not intended to be a full, detailed description. A detailed description of all the aspects of the disclosed invention can be understood by reviewing the full specification, the drawing and the claims and the abstract, as a whole.

[006] It is therefore, one aspect of the disclosed invention to describe an authentication and access control system using a fusion of physiological and behavioural traits of the restricted user. The system includes the identification of physiological traits of the restricted user, verification of the 3-D handwritten signature of the restricted user and creating a fusion of the physiological data and the 3-D handwritten signature to enable a robust and a seamless authentication and access to the restricted user of an institution or a corporate.

[007] The aforementioned aspects along with the objectives and the advantages can be achieved as described herein. The framework is built on a cloud-based architecture that hosts the cloud database and the modules

for identification, verification, fusion and authentication of the restricted users.

[008] The invention also describes an intelligent user authentication device that comprises of a biometric user interface which will be used by the restricted user to provide physiological data such as retina, iris, finger prints, facial or voice traits and a multi-layered digital signature pad for the restricted user to pen down user 3-D signature and an indicative means such as an audio beep or a sound or a video indication such as flashing of light in with appropriate color of indication or both audio and video indications, as a means to indicate to the user of the ‘granted’ or a ‘try-again’ status to the restricted user.

[009] The aforementioned system and device would be a robust means to counter fraudulent use, all the while reducing the instances of false rejection rate. This system can find application in a wide range of educational, industrial and government use.

BRIEF DESCRIPTION OF FIGURES

[010] FIG. 1 is a detailed block diagram of 3D Handwritten Signature Biometrics based Authentication Model;

[011] FIG. 2 is a special signature pad for authentication with pressure variations in the layers of the signature pad with upper layer being layer 1 and lower layer being layer 3;

[012] FIG. 3 is a special signature pad for authentication and authorization in high security applications with pressure variations in the layers of the signature pad with upper layer being layer 1 and lower layer being layer 5;

[013] FIG. 4 is a flow Diagram of 3D Signature verification through pattern recognition and curve fitting techniques;

DETAILED DESCRIPTION

[014] The principles of operation, design configurations and evaluation values in these non-limiting examples can be varied and are merely cited to illustrate at least one embodiment of the invention, without limiting the scope thereof.

[015] The embodiments will be described in detail with corresponding marked references to the drawings, in which the illustrative components of the invention are outlined. The embodiments disclosed herein can be expressed in different forms and should not be considered as limited to the listed embodiments in the disclosed invention. The various embodiments outlined in the subsequent sections are construed such that it provides a complete and a thorough understanding of the disclosed invention, by clearly describing the scope of the invention, for those skilled in the art.

[016] As discussed in detail below, embodiments of the invention includes an FIG.1 is a block diagram explaining the sequence of steps in the process of authentication through physiological and behavioural biometric fusion model. In the biometric techniques, the physiological identification is based on the biological individuality of users, like, fingerprint, face, hand geometry, retina and iris. The behavioural identification considered is 3D handwritten signature. The model deals with three phases for identification, verification and decision. Initially, all the necessary information about an entity is acquired and stored in cloud database securely. The first phase employs credential information and physiological biometric traits for identification, second phase uses 3D handwritten signature for verification, the third phase

decides from the fusion of the obtained matching scores compared with the threshold value.

[017] The fusion of physiological and behavioural biometrics is preferred to enhance the decision criteria for minor variations during the acquisition of the biometric traits. The physiological biometric traits like, fingerprint, face or iris is used for identifying the individuals. These biometric traits can be used independently or in combined mode depending on the applications for identification. Once an individual is identified, the individual is verified through 3D handwritten signature behavioural biometric trait in the verification phase. The features that are considered usually in signature verification are velocity, acceleration, pressure, direction, pen ups/downs, total time taken, and length of the signature. The handwritten signature considered with pressure information is termed as 3D signature.

[018] Every handwritten signature considered in 3D has a distinct feature of pressure applied on the signature pad. This pressure information in 3D makes the imposters difficult to forge the signature of the genuine user. The verification of signature is done by comparing the specimen signature in the database and the real-time signature through pattern recognition techniques like polynomial curve fitting and normalized 2D cross-correlation technique using template matching. Fusion combines multiple sources of information to form a single value for comparison. The fusion can be performed at different levels in the multimodal biometric systems, like, fusion at feature level, match score level or decision level. Feature level fusion is difficult as the features extracted from the multi-biometric traits are of different types. Decision level feature is like majority voting which depends on the winning results from different biometric traits that can be spoofed by imposters. The only viable way for fusion between different features of the various biometric traits is matching score fusion.

[019] FIG. 2 is a special signature pad with length (l), width (w) and nonequally spaced layers is considered for recording the signature with 3D pressure feature. The pressure variation is measured by non-equally spaced layers of the signature pad. The variable spacing is considered in the model for the reason of capturing the minute pressure variations which normally remains with the upper layers. The lower layers are widely spaced to record the details of the heavy pressure variations during the process of signing. Three layers are considered in Fig. 2 for authentication purpose in low security areas like, attendance, acknowledgement receipt.

[020] FIG. 3 is a special signature pad of non-equally spaced layers with 5 layers is considered for recording the signature with 3D pressure feature. The variable spacing between the layers increases as r, 2r, 3r and 4r is considered in the model for the reason of capturing the minute pressure variations which normally remains with the upper layers. The lower layers are widely spaced to record the details of the heavy pressure variations during the process of signing. Five layers are considered in Fig. 3 for authentication and authorization purpose in high security areas like, cloud security access, financial transactions, defense, and access control.

[021] FIG. 4 is the flow diagram of 3D handwritten Signature verification through pattern recognition and curve fitting techniques. The pattern recognition technique used is 2D Normalized cross-correlation technique and curve fitting technique used is polynomial curve fitting. The matching score result from each layer is considered and decision is made comparing with the threshold value.

Section 1

[022] In FIG. 1, the 6 major components of the block diagram are described in a sequence of steps, as outlined below:

(1)

Credentials like, username and password is verified through secured channel (SSL/TLS) for initiating the process of authentication. Once the credentials are verified in cloud server successfully, a response is given to the requesting application server for proceeding to the next stage. A parallel response from the cloud credential verification server is directed to the Cloud Database Server for identifying the entity’s database

(2)

Once

the

credential

verification

is

successfully

completed,

physiological biometric image acquisition is performed by collecting the biometric trait through feature extraction from finger print, iris or face.

(3)

The extracted features from physiological biometric image is send through secured channel (SSL/TLS) for matching score calculations. The matching score is calculated by comparing the features from the entity’s cloud database information with the requesting information. A response is send to the application server about the result of physiological biometric identification.

(4)

Once the physiological biometric identification is successful, 3D handwritten signature verification is performed by acquiring the depth information of handwritten signature through special signature pad. The feature extraction is performed to collect all the necessary features of the signature.

(5)

The extracted features along with the pressure information of the signature is send through secured channel (SSL/TLS) for matching score calculations. The matching score is calculated by comparing the

curve fitting parameters from the entity’s cloud database information with the requesting information.

(6)

Fusion of the matching scores obtained from the result of physiological biometric identification and 3D handwritten signature verification are preformed and compared with the threshold value. When the fusion value is greater than the threshold value, then authentication is successful and it is send as a response to the application server.

Section 2

[023] In FIG. 4, the 5 major components of the flow diagram are desribed in a sequence of steps, as outlined below:

(1)

In the process of 3D handwritten signature verification, the initial step is to acquire 3D signature biometric trait information. Feature like, velocity, acceleration, pressure, direction, pen ups/downs, total time taken, and length of the signature are extracted from the acquired signature.

(2)

Feature classification is performed of the extracted features. The features like, velocity, acceleration, direction, pen ups/downs, total time taken, and length of the signature are termed as 2D feature and the pressure information on each layer is termed as 3D feature. The 3D feature is separated and the necessary parameters are considered for the verification of the signature.

(3)

Once the parameters are considered, the signature information in each layer is considered individually. For each layer, polynomial curve fitting is applied and the resultant polynomial curve equation is

obtained which is then compared with the database of the entity for calculating the matching score.

(4)

Pattern recognition using 2D normalized cross-correlation is done in parallel with the curve fitting function on the same layer considered for curve fitting application. The matching score is calculated by comparing the pattern recognition parameters with the entity’s database information.

(5)

The matching scores are compared with the threshold value. When any one of the matching score value is greater than the threshold value, authentication is successful else it is considered as failure.

Section 3

[024] The handwritten signatures in 2D are easily forged in static and dynamic ways, thus their impact in biometric security is quite low. When the handwritten signature is considered with additional dimension, especially, the depth of the signature, the forgery becomes difficult. The 3D handwritten signature records the pressure information on the special signature pad during the signing process which is then verified by pattern recognition techniques and polynomial curve fitting techniques for authentication and authorization. The 3D information of handwritten signature is acting as a distinct hidden factor and shows positive sign for consideration of 3D handwritten signature as a unique biometric identifier.

[025] In the experimentation of the proposed model, the large set of samples indicates that the expert forgers are unable to imitate the pressure variation of the genuine signer even though the forgers are able to exactly replicate the signature in 2D. Pattern recognition techniques and polynomial curve

fitting techniques applied in the signatures collected from different layers show significant difference between the genuine and forged signatures.

Section 4

[026] Multimodal biometric systems are tolerable for the circumvention than the unimodal biometric systems. In industries, behavioural biometric (signature or voice) authentication is most preferred in order to check the fitness of the employee in the job field than the routine duty of showing the fingerprint, face and iris. Comparing to other behavioural biometric traits, 3D handwritten signature is the best suitable solution for industries due to their acceptance in legal and social levels.

[027] The hard to forge property of behavioural biometric 3D handwritten signature decreases the problem of circumvention. The application of this model is to use in access control, attendance report, contract/agreement execution, banking services, financial transactions, and acknowledgment of goods/services received.

[028] In multimodal biometrics, fingerprint of the individual forms the superior combination with his/her 3D handwritten signature compared to face recognition and iris recognition as many governmental agencies, like, passport office, immigration, registration office can easily deploy them. The usage of cloud infrastructure for storing entity’s information exhibits that the model can be used in Internet transactions, cloud based applications and network security. The threshold value in the decision phase is varied/adjusted based on the security level that is needed for any application to overcome the problem of circumvention in biometric security systems.

CLAIMS

I/We claim:

1. A cloud-based architecture system that is used to secure, store, validate and authenticate restricted users of an institution or a corporation through physiological and behavioral fusion, comprising of: •

A cloud database that is used to secure and store biometric and physiological data of restricted users of an institution or a corporate



Identification Module that acquires physiological biometric traits for identification of the restricted users upon contact with a biometric device at the point of restricted access



Verification Module that acquires the 3-D handwritten signature of the restricted user to be compared with the specimen 3-D signature stored in the cloud database



Fusion Module that facilitates the authentication of the user by enabling a fusion of the data from the identification module and the verification module

2. The physiological biometric traits could be any one or all of retina, iris, finger prints, facial or voice traits

3. The verification module according to claim 1, considers the velocity, acceleration, pressure, direction, pen ups/downs, total time taken, and length of the 3-D handwritten signature

4. The 3-D handwritten signature according to claim 1, considers the zaxis pressure which is a distinct feature of pressure applied on the signature pad that makes it a robust measure for the imposters to forge

5. The verification module according to claim 1, compares the specimen signature in the database with the real-time signature through pattern recognition techniques such as polynomial curve fitting and normalized 2-D cross-correlation technique using template matching

6. The fusion module according to claim 1, authenticates the user based on a fusion of the physiological and the behavioral data using matching score fusion

7. The cloud architecture, according to claim 1, could be deployed as a private cloud or a public cloud or a hybrid cloud, as required by the institute or the corporate

8. The cloud architecture, according to claim 1, is hosted on a platform that compiles with the cloud computing standards of International Organization for Standards (ISO), IEEE Standards Association (IEEESA), International Telecommunication Union (ITU), National Institute of Standards and Technology (NIST)

9. An intelligent user authentication device, that comprises of: •

A biometric interface for the restricted user to input physiological user data such as retina, iris, finger, face or voice



A multi-layered digital signature pad for the restricted user to pen down user 3-D signature



An indicative mechanism to signal the authentication status of the user

For Hindustan Institute of Technology and Science

Dr. P.M. Rubesh Anand

ABSTRACT

A cloud-based architecture authorization and access control system that facilitates a fusion of physiological and behavioral traits to authenticate a restricted user of an institute or a corporate. The behavioral authentication is based on 3-D handwritten signature. This system provides a robust model against fraudulent attempts that are frequently tried at conventional biometric authentication systems and also reduces the incidence of falserejection rates. The system is hosted on a cloud architecture that facilitates a secure and a seamless way of authentication. The invention also describes an authentication device that consists of an interface for biometric physiological data capture, a signature pad to capture 3-D signature data and an indicate mechanism to indicate the status of authentication.

P.M. Rubesh Anand



FIG. 1

Dr. P.M. Rubesh Anand

P.M. Rubesh Anand



FIG. 2 Length (l) Width (w)

r 2r

Depth (d)

Layer 1 Layer 2 Layer 3

FIG. 3 Length (l) Width (w)

r 2r

Layer 1 Layer 2

3r

Layer 3 4r Layer 4

Layer 5

Dr. P.M. Rubesh Anand

Depth (d)

P.M. Rubesh Anand



FIG. 4

Dr. P.M. Rubesh Anand