Background
      To protect the privacy of the user, various authentication mechanisms are applied to smartphones, such as fingerprint scanning, facial recognition, PINs, and graphical passwords. These mechanisms provide one-time authentication at user login, which verifies that the current user has credentials that are set in advance. Although this conventional one-time authentication method is dominant on smartphones, there are problems in terms of security and ease of use. In terms of security, the conventional authentication method on the smart phone does not detect whether the system has invaded after the user passes, which causes the authentication method to be invalid when an adversary accesses the unlocked phone. In addition, the adversary can break through the defense of the traditional authentication method through the means such as shoulder surfing, guessing attack, stain analysis, deception attack and the like. In terms of ease of use, conventional authentication methods require the user to actively enter a password each time the user uses the service, even if the user briefly views an email or an online chat message.
      To remedy the deficiencies of conventional authentication methods, continuous authentication techniques have been proposed that continuously and implicitly verify the identity of the user. The persistent authentication mechanism essentially utilizes physiological and behavioral biometric information of a user to construct a pattern unique to the user. Physiological bio-information can be used to verify identity, for example, through facial features captured by a front-facing camera configured on most smartphones, and then whole or local features extracted from the facial information are used, but this approach is largely limited by the battery capacity and computational power of the mobile device. On the other hand, the behavioral biometric information of the user comes from their daily usage habits, such as touch patterns, gait, historical application usage data, device location. The user behavior information can be obtained from built-in sensors and accessories commonly existing in the smart phone, such as an acceleration sensor, a gyroscope, a gravity sensor, a pressure sensor, a GPS and the like. The continuous authentication system may collect behavioral data without being perceived by the user and determine whether the collected data is from the device owner by using a trained identity model. If the result is "TRUE", the system will not generate any response and the collection and verification operations will continue; otherwise, the system will ask the current user to enter a preset password or alert the owner that the device has been hacked. Ideally, the normal interaction of the legitimate user with the device is not interrupted by the continuous authentication system throughout this authentication process.
      At present, a continuous identity authentication method based on a user touch sliding feature on a smart phone mainly uses a user to leave a touch position and time information when the user touches the sliding phone to extract features, so that an identity model of the user is constructed to authenticate the user. Literature [ m.frank, r.biebert, e.ma, i.martinovic and d.song, "touchhalitics: on the application of touch screen Input as a Behav biological biometry for Continuous Authentication, "in IEEE Transactions On Information Forensics and Security, vol.8, No.1, pp.136-148, Jan.2013 ] extracts 30-dimensional touch behavior characteristics including the area and pressure of touch at the middle point of the sliding process, the direction of the connection line of the end points of the sliding track, and the sliding speed from the original touch screen log of the user, but part of important characteristics such as the touch pressure and the area need hardware support, and most of the touch screens of smart phones currently use capacitive screens which do not support pressure detection. Chinese patent CN104239761A proposes an identity continuous authentication method based on the sliding behavior characteristics of a touch screen, in which only the sliding trajectory data of a user is used as a data source, the dynamics characteristics generated by the finger when touching the screen are not considered, and different motion states of the user are not considered.
    
    
      Disclosure of Invention
      Aiming at the problems of low availability caused by high requirements on equipment hardware, single data source, low robustness and accuracy caused by too simple characteristics and the like in the continuous authentication method based on the sliding behavior characteristics of the touch screen, the invention provides the continuous identity authentication method fusing the sliding track and the dynamic characteristics.
      In order to realize the task, the invention adopts the following technical scheme:
      a continuous identity authentication method fusing sliding track and dynamic characteristics is characterized by comprising the following steps:
      (1) personalized data generated when a user touches a slide is collected.
      (1.1) the collected data is divided into two parts, wherein firstly, a user starts to turn on any APP and collects data from motion sensors including an acceleration sensor, a gravity sensor and a gyroscope; and secondly, when the user slides the touch screen, collecting sliding track data from the touch screen.
      (1.2) for data from the motion sensor, the data format of the ith sample point is: (i, X)a,Ya,Za,Xgy,Ygy,Zgy,Xgr,Ygr,ZgrTag) (i ═ 1, 2, 3.., n) means an X-axis value of the acceleration sensor, a Y-axis value of the acceleration sensor, a Z-axis value of the acceleration sensor, an X-axis value of the gyroscope, a Y-axis value of the gyroscope, a Z-axis value of the gyroscope, an X-axis value of the gravity sensor, a Y-axis value of the gravity sensor, a Z-axis value of the gravity sensor, and a state of the touch event, respectively. For the sliding track data from the touch screen, the data format of the jth touch point in the touch point sequence generated by each sliding is as follows: (j, X)t,Yttag) (j ═ 1, 2, 3.. times, m), where m denotes the data length of the current sequence and m ≧ 3, Xt,YtRespectively representing the X and Y axis coordinates of the touch point on the touch screen.
      (2) The raw data is preprocessed.
      And (2.1) dividing the data according to the motion state of the user. We consider that a user has two motion states, a stationary state and a walking state, when using a smartphone. The state of motion of the user when using is judged through the data of the motion sensor, and then the data are divided according to the motion state.
      (2.2) data in the two states of (2.1) were normalized by Z-Score.
      And (2.3) for the sliding behavior in the static state, extracting data of each sliding from the acceleration sensor and the gyroscope, and combining the data with corresponding sliding track data in the touch screen data. Thus, each sliding corresponds to two parts of data, namely data from the motion sensor and sliding track data from the touch screen in the sliding process.
      And (2.4) extracting data of each sliding from the acceleration sensor and the gyroscope and combining the data with corresponding sliding track data in the touch screen data for the sliding behavior in the walking state, and extracting the acceleration sensor and the gyroscope data within 3S before and after each sliding. Thus, each sliding corresponds to three parts of data, namely data from the motion sensor in the sliding process, sliding track data from the touch screen and the motion sensor data within 3 seconds before and after the sliding.
      And (2.5) performing discrete Fourier transform on the motion sensor data within 3 seconds before and after each sliding in the step (2.4) to obtain a frequency spectrum and a phase spectrum of the motion sensor data.
      (3) And extracting sliding track characteristics and kinematic characteristics and selecting the characteristics.
      And (3.1) respectively extracting kinematic features and sliding track features from the two parts of data generated by each sliding in the static state in the step (2.3). The kinematic feature vector is { maximum, minimum, range, mean, median, standard deviation, root mean square, skewness, kurtosis factor, form factor, pulse factor, margin factor of each sensor data, average square root of the square sum of each sensor data }, and sampling point number of each sensor data } of each sensor data, and 2 (3 × 13+2) is calculated in total, which is 82 dimensions. The characteristic vector of the sliding track is { sliding initial point coordinate, sliding end point coordinate, 20%, 50% and 80% quantiles of sliding speed, average sliding speed, direction and distance of an end-to-end connecting line, sliding direction average value, sliding starting direction average value, sliding middle direction average value, sliding tail direction average value and sliding type }, and the total 18 dimensions are calculated. The sliding characteristic in the whole static state is 100 dimensions.
      And (3.2) respectively extracting kinematic features and track features from the three parts of data generated by each sliding under the walking state in the step (2.4). First, the same 100-dimensional features as those in the stationary state in step (3.1) are extracted from the first two data portions, and frequency domain features generated by walking are extracted from the collocated spectrum and phase spectrum in step (2.5), where the frequency domain feature vector is an amplitude corresponding to a { sine wave with a frequency of 0, a maximum amplitude except for the amplitude corresponding to the frequency 0, a frequency with the maximum amplitude except for the frequency 0 and a phase, an amplitude average value, an amplitude standard deviation, an information entropy, a root mean square, a skewness and a kurtosis of the amplitude } are 10 × 3 × 2 to 60 dimensions. The sliding characteristic in the whole walking state is 160 dimensions.
      (3.3) calculating the Pearson correlation coefficient between every two of all the characteristics in the step (3.1) and the step (3.2), and deleting one of the characteristic pairs with the correlation coefficient larger than 0.98.
      And (3.4) finding the optimal characteristic combination by using a recursive characteristic elimination method with cross check.
      And (3.5) reducing the dimension of the feature vector by using a PCA method, and retaining 98 percent of information.
      (4) And constructing an identity model of the user.
      And (4.1) selecting a training data set. And respectively and randomly selecting a subset from the feature vector sets of other users for the feature sets in two different motion states, wherein the size of the subset is equal to that of the feature vector set of a legal user in the same state. The labels of the feature vectors of other users are set to 0, and the labels of the feature vectors of legitimate users are set to 1.
      And (4.2) training the feature vector training sets in different motion states respectively. And finally obtaining two identity models in a motion state and a walking state.
      (5) And continuously authenticating the current user of the smart phone.
      (5.1) when a user uses a certain APP in the mobile phone and generates a touch sliding behavior, the system collects the motion sensor data and sliding track data of the sliding behavior, preprocesses the data, judges the motion state of the user, extracts features and selects the features, and finally sends the features to a corresponding identity model for prediction to obtain a prediction result.
      And (5.2) according to different prediction results, the system gives corresponding responses. When the result is "True", that is, the current user is a legal user, the system has no response; when the result is "False", that is, when the current user is an illegal user, the system will adopt a corresponding method to ensure the privacy of the legal user.
      The touch event state tag in the step (1.2) is 4, namely no touch, pressing, moving and lifting, and the actual sampling data are respectively represented by 1, 2 and 3. Each slide trajectory data is composed of data of a plurality of touch points, and the touch points need to include a press touch point, one or more moving touch points and a touch lift point, and the order of the touch points cannot be changed, so that the length of a data sequence generated by each slide is at least 3.
      The moving state of the user in the step (2.1) can be judged by the gravity sensor and the acceleration sensor together. Specific general formula
Where θ can be obtained through experiment, when state > 0, it indicates that the current user is in walking state, otherwise, it is in static state.
The calculation formula of z-score in the step (2.2) is
Where x is the sample data and μ, σ are the mean and standard deviation of the population, respectively.
The calculation formula of the skewness in the step (3.1) is
The kurtosis is calculated by the formula
The kurtosis factor is calculated by
The form factor is calculated by
The pulse factor is calculated by
The margin factor is calculated by

Where x is the sample data and μ, σ are the mean and standard deviation of the population, respectively. Since the sampling frequency for the touch points in the sliding trajectory is constant, the velocity between two consecutive touch points can be calculated by the euclidean distance between them. The vector direction of the connecting line of the two points is an angle from the direction vector along the positive direction of the x axis to the direction vector of the vector, which rotates anticlockwise, and the range is 0 to 2 pi. The slide start direction, the slide middle direction, and the slide tail direction use direction average values calculated from 3 points before the start of the touch point sequence, 3 points in the middle, and 3 points at the tail, respectively. The sliding types are bottom-up, top-down, left-to-right and right-to-left, respectively. When the vector formed from the starting point to the end point is in the direction range

Inner means that the slide is a bottom-up slide; when the direction range is in
When inside, the sliding is from top to bottom; when the direction ranges from
Inner means sliding from left to right; when the direction range is in
Inner time indicates a sliding from right to left. In addition, the type of sliding is coded using a four-bit one-hot coding, and {0, 0, 0, 1}, {0, 0, 1, 0}, {0, 1, 0, 0}, {1, 0, 0, 0} denote sliding types from bottom to top, top to bottom, left to right, and right to left, respectively.
The calculation formula of the information entropy in the step (3.2) is
Wherein f (k), k is 1, 2.
The calculation formula of the Pearson correlation coefficient in the step (3.3) is
Wherein P and Q are any pair of characteristic variables mu
P,μ
QExpectation of P, Q, σ
X,σ
YThe overall variance of P, Q, respectively.
In the step (5.2), when the system detects that the current user is an illegal user, the mobile phone can be locked, the user inputs a preset password to unlock the mobile phone, and meanwhile, a warning mail is sent to a registered mailbox of the user.
      The invention aims to construct a continuous identity authentication system based on user touch sliding behavior characteristics, and the system solves the problems of low availability, single data source, simple characteristics, low robustness and accuracy and the like caused by overhigh requirement on equipment hardware by a continuous authentication technology based on touch sliding characteristics on the traditional smart phone. Through the design of the invention, the data on the acceleration sensor, the angular velocity sensor, the gravity sensor and the touch screen which are supported by most smart phones are used, and the 100-dimensional and 160-dimensional user touch sliding behavior characteristics are respectively extracted in the static state and the walking state by fusing the sliding track and the dynamic characteristics, so that the identity model of the user is constructed. When the user uses the smart phone, the user can be continuously and transparently authenticated through the identity model.
      The prominent substantive features and the remarkable progress of the invention are mainly reflected in the following points:
      1. the invention uses a motion acceleration sensor, an angular velocity sensor, a gravity sensor and a touch screen on the smart phone as data sources for extracting the touch sliding behavior characteristics. Data sources are rich and ubiquitous in smart phones.
      2. The method and the system construct the identity model of the user by fusing the sliding track characteristics and the dynamic characteristics when the user touches and slides. The characteristics describe the sliding behavior of the user through the track left by the user during sliding and the motion characteristics of the equipment in the hand, so that the method has higher robustness and improves the accuracy rate during authentication.
      3. The invention considers that the user can generate additional gait characteristics when using the smart phone to perform sliding operation during walking, separately processes data in different motion states, respectively trains different identity models, and improves the application range of the method.
    
    
      Detailed Description
      The above-described scheme is further illustrated below with reference to specific examples. It should be understood that these examples are for illustrative purposes and are not intended to limit the scope of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
      Fig. 1 shows a schematic diagram for determining the sliding track angle used in the present invention. In the figure, a rectangular coordinate system consisting of an X axis at the top of the screen and a Y axis at the left side of the screen only comprises a first quadrant is a coordinate system which represents the position of a touch point inside the smart phone. In addition, a rectangular coordinate system comprising four quadrants is constructed in the center of the screen for judging the type of touch sliding, and the judging process is as follows:
      step 1) determining a starting point a and an end point b of a current sliding track and constructing a vector
 Step 2) translation vector
To the origin and determining the direction vector of the vector
 Step 3) calculating the direction vector of the positive direction of the x axis and rotating anticlockwise to
The angle of rotation a required when
When it means that the sliding is from bottom to top when
When the sliding is from top to bottom, when
It means that the sliding is from left to right when
Indicating that the sliding is from right to left.
Fig. 2 shows the overall flow of the invention. The whole process comprises a training stage and an authentication stage, and the specific implementation steps are as follows:
      a training stage:
      step 1) when a user opens any APP, the system starts to collect data of motion sensors including an acceleration sensor, an angular velocity sensor and a gravity sensor, and the sampling frequency is 50 Hz. The present invention uses a background resident service for collection and registers a broadcast receiver in the service. When a user opens any APP, the broadcast receiver receives a notification, the service starts a collection task, and each collected sampling data is as follows:
      (i,Xa,Ya,Za,Xgy,Ygy,Zgy,Xgr,Ygr,Zgr,tag)(i=1,2,3,...,n)
      and 2) monitoring the touch event of the screen by the system, recording the X and Y coordinate values generated by the current event by the monitor when the touch event is generated by sliding the mobile phone screen by the user, and transmitting the type of the current touch event to a service for collecting the data of the motion sensor to change tag in the sampling data. The data of the touch points in each collected sliding track are as follows:
      (j,Xt,Yttag)(j=1,2,3,...,m)
      wherein m represents the data length of the current sliding track sequence and m is more than or equal to 3.
      Step 3): and judging whether the sliding data collected currently is enough, wherein the total sliding times are required to be not less than 400, and each type of sliding is not less than 80.
      And 4) dividing the collected data into data in a static state and data in a walking state according to the motion state. Because the value of the acceleration sensor contains the gravity acceleration, the data of the acceleration sensor on the X, Y and Z axes are respectively subtracted by the data of the corresponding axis of the gravity sensor, and then the sum of squares is calculated to obtain the total acceleration caused by the external force except the gravity, and the specific formula is as follows:
      
      θ was obtained by experiment as 0.6. When state > 0, the user is in walking state, otherwise, the user is in static state.
      Step 5) the same normalization process is performed on the data in the two different states. Data of different magnitudes are uniformly converted into the same magnitude by using z-score method standardization, so that comparability between the data is guaranteed, and finally prediction accuracy of the identity model is improved. The specific calculation formula is
Where x is the sample data and μ, σ are the mean and standard deviation of the population, respectively. Then we merge the data characterizing each sliding together, and the data of each sliding in the static state comprises two parts: motion sensor data and touch rail during slidingThe trace data also included 3 seconds of motion transmission sensor data before and after the slip in the walking state.
Step 6) discrete Fourier transform is performed on the motion sensor data of 3 seconds before and after sliding in the walking state. Since the sampling frequency of the motion sensor is 50Hz, a data sequence with the length of N-150 needs to be subjected to fast fourier transform, and the return result of the fast fourier transform is an array of complex numbers with the length of N, each complex number represents a sine wave, and the amplitude, the phase and the frequency of each sine wave can be obtained from the result.
      Step 7) extracting 100-dimensional and 160-dimensional features from the data set in the static state and the data set in the walking state respectively.
      And 8) calculating Pearson correlation coefficients for all the features pairwise, and measuring the correlation of any two groups of features, wherein the correlation coefficient is between-1 and 1. The method comprises the steps of constructing a Pearson correlation coefficient matrix, recording the characteristics corresponding to columns where all elements with correlation coefficients larger than 0.98 in absolute values of upper triangles of the matrix are located into an array, and finally deleting the characteristics in the array from all characteristic vectors.
      And 9) finding out the optimal Feature combination for the features by using RFE (Recursive Feature elimination), using the accuracy of all Feature vectors in the SVM of the linear kernel as an evaluation standard, and adopting 5-time cross validation.
      Step 10) dimensionality reduction of the eigenvectors using PCA (Principle Component Analysis) with 98% of the information retained.
      Step 11) judging whether the current stage is a registration stage or not, wherein the current stage can be judged whether the identity model of the user already exists or not, if not, the current stage is the registration stage, otherwise, the current stage is the authentication stage. If the user is in the registration stage, training an identity model by using an SVM (support vector machine) of an RBF (radial basis function) core, and finally generating and storing the identity model of the user; if the user is an illegal user, corresponding post-processing operation is adopted, for example, the current equipment is locked, the user inputs a preset password, and a warning mail is sent to a registered mailbox.
      The experimental results of this method are as follows.
      We developed a piece of software on an Android phone to collect touch slide data of a user, which emulates three common software types: document browsing, photo album and shopping software, all of which produce a large number of different types of sliding operations. The 20 users run the software and operate it, requiring the users to browse the documents and answer 3 simple questions separately, then browse the albums, finally browse the goods and make selections, and do so separately in static and mobile states. The final average number of slips collected for each user was 412. Then, user data is classified by using an svm (support Vector machine), the core function uses an RBF core, the occupation ratios of the training set and the test set are 70% and 30%, respectively, the optimal parameters in the static state are determined to be 0.68 and C is 1.0 by grid search and 10-fold cross validation, and the optimal parameters in the walking state are determined to be 0.24 and C is 0.1.
      The average precision and recall of the user at different states in the test set is shown in table 1. The precision ratio is calculated by the formula
The recall ratio is calculated by the formula
Where TP represents the true positive rate, FP represents the false positive rate, and FN represents the false negative rate. The precision rate in a static state is 92.16 percent, and the recall rate is 87.04 percent; the precision rate in the walking state was 96.15%, and the recall rate was 92.59%. The method has high precision ratio and high recall ratio, which means that the invasion of illegal users can be well detected and the legal users can not be misjudged too much. It can be seen that the recall and precision of the user in the walking state are significantly higher than the corresponding values in the resting state, since the user has extracted additional gait features in the walking state.
Table 1 experimental results of the continuous identity authentication method of the present invention