[go: up one dir, main page]

WO1997016799A2 - Dispositif de securite continue axe sur un code de mouvement - Google Patents

Dispositif de securite continue axe sur un code de mouvement Download PDF

Info

Publication number
WO1997016799A2
WO1997016799A2 PCT/IL1996/000133 IL9600133W WO9716799A2 WO 1997016799 A2 WO1997016799 A2 WO 1997016799A2 IL 9600133 W IL9600133 W IL 9600133W WO 9716799 A2 WO9716799 A2 WO 9716799A2
Authority
WO
WIPO (PCT)
Prior art keywords
pen
output
server
user
terminal
Prior art date
Application number
PCT/IL1996/000133
Other languages
English (en)
Other versions
WO1997016799A3 (fr
Inventor
Ehud Baron
Omry Genossar
Original Assignee
Baron Technologies Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baron Technologies Ltd. filed Critical Baron Technologies Ltd.
Priority to AU73305/96A priority Critical patent/AU7330596A/en
Publication of WO1997016799A2 publication Critical patent/WO1997016799A2/fr
Publication of WO1997016799A3 publication Critical patent/WO1997016799A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/1626Constructional details or arrangements for portable computers with a single-body enclosure integrating a flat display, e.g. Personal Digital Assistants [PDAs]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/02Digital computers in general; Data processing equipment in general manually operated with input through keyboard and computation using a built-in program, e.g. pocket calculators
    • G06F15/0225User interface arrangements, e.g. keyboard, display; Interfaces to other computer systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/02Input arrangements using manually operated switches, e.g. using keyboards or dials
    • G06F3/0227Cooperation and interconnection of the input arrangement with other functional units of a computer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/03Arrangements for converting the position or the displacement of a member into a coded form
    • G06F3/033Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor
    • G06F3/0354Pointing devices displaced or positioned by the user, e.g. mice, trackballs, pens or joysticks; Accessories therefor with detection of 2D relative movements between the device, or an operating part thereof, and a plane or surface, e.g. 2D mice, trackballs, pens or pucks
    • G06F3/03545Pens or stylus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/14Image acquisition
    • G06V30/142Image acquisition using hand-held instruments; Constructional details of the instruments
    • G06V30/1423Image acquisition using hand-held instruments; Constructional details of the instruments the instrument generating sequences of position coordinates corresponding to handwriting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V30/00Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
    • G06V30/10Character recognition
    • G06V30/32Digital ink
    • G06V30/333Preprocessing; Feature extraction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2139Recurrent verification

Definitions

  • the present invention relates to secure comput ⁇ er systems in general.
  • Signature verification systems attempt to identify biometric characteristics of the writer and employ indications such as pressure and acceleration during writing.
  • the assumption is that the signature is a ballistic movement, that is, a movement without closed loop feedback, and therefore that there is little variance in the hand movement.
  • U.S. Patent , 3 ⁇ 5.239 employs pen acceleration for use in a signature verification system.
  • U.S. Patent 5,05 ⁇ ,088 employs both acceleration and pressure data characteristics of signature verification. As indicated by the above patents, pen acceleration is employed for signature verification because it is a personal feature, characteristic of each individual.
  • U.S. Patent 4, 817.03*1 describes a computerized handwriting duplication system employing a digitizer pad.
  • U.S. Patent 4,641,354 describes apparatus for recognizing and displaying handwritten characters and figures in which unrecognized stroke information remains on the display screen.
  • U.S. Patent 4,715.102 describes a process and apparatus involving pattern recognition.
  • U.S. Patent 4,727.588 describes a system for automatic adjustment and editing of a handwritten text image, which preserves format information in a handwritten text.
  • U.S. Patent 4,703.511 describes a writing input and dynamics regener ⁇ ation device wherein a time dependent code is embedded in a writing path.
  • U.S. Patent 5,054,088 describes a method of segmenting and compressing dynamic signature data for storage on a limited capacity device.
  • U.S. Patent 4,856,077 describes a method and device for signature verification using a pen having at its nib a light-emitting member and a light-sensitive member.
  • U.S. Patent 4,495,644 describes a method for real-time signature verification using a transducer pad and a stylus .
  • U.S. Patent 4,345.239 describes apparatus for determining pen acceleration for use in a signature verification system.
  • U.S. Patent 4,263,592 describes an input pen usable with either a CRT display or a tablet input de ⁇ vice .
  • U.S. Patent 4,122.435 describes a method for producing an electrical signal responsive to identifying characteristics of handwriting.
  • the electrical signal is produced responsive to variations in writing pressure between a writing instrument and a ridged writing sur ⁇ face .
  • U.S. Patent 4,751,741 describes pen-type char- acter recognition apparatus, using data representing a change in pressure applied to a tip element of a pen.
  • U.S. Patent 5.022,086 describes apparatus for collecting information on handwriting using a stylus with means for sensing force at a point on the surface, to ⁇ gether with a position sensing pad.
  • U.S. Patent 5.247.137 discloses a pen input device suitable for signature verification.
  • a piezoelectric sensor pen for obtaining pen point dynamics during writing is described in EerNisse et al . , "Piezoelectric Sensor Pen for Dynamic Signature Verification", Conference of the 1977 International Electron Devices Meeting, Washington, DC, December 1977. PP. 473-476.
  • the present invention seeks to provide an improved secure computer system.
  • the secure computer systems known in the art rely on identifying the user once or at specific times, and not continuously. Furthermore, existing secure systems need to take some action in order to achieve the identification of the user, for example, verifying a password, a fingerprint, etc. It is a particular object of the present invention to provide continuous security via continuous handwriting recognition without taking any specific action for identification.
  • Continuous security is believed to be important because of the increasingly widespread use of communica ⁇ tions networks, such as the Internet, in which secure communications are believed to be of great importance in preventing misuse.
  • Continuous security has the particu ⁇ lar advantage of protecting a communications session at all times, thus preventing unauthorized use of an al ⁇ ready-authorized session.
  • the present invention includes continuous security by means of input from a pen, the input including characteristics of handwriting of the user of the pen.
  • the continuous security of the present invention is thus based on a biometric characteristic and, unlike a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself.
  • the prior art does describe security based on identity verification by means of verifying the signature but does not describe continu ⁇ ous security based on handwriting recognition in general.
  • the present invention includes continuous security based on general handwriting recognition.
  • a secure computer system including at least one node connected to a communications network, and a pen input device provid ⁇ ing an output to the at least one node, the node includ ⁇ ing handwriting recognition apparatus operative to re ⁇ ceive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recog ⁇ nizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with refer ⁇ ence characteristics, whereby successful communication is conditional on successful conversion of the output of the pen into writing characters.
  • a secure computer communications system including a commu ⁇ nications network, at least one terminal coupled to the communications network, at least one server coupled to the communications network, and a pen input device commu ⁇ nicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful commu ⁇ nication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
  • communication from the pen input device to the server is secure by virtue of the communication being unintelligible in the absence of the availability of the reference characteristics.
  • the server is located in a secure location.
  • the pen input device includes an accelerometer and provides accelerometer output signals to the terminal.
  • the at least one terminal includes a display and is operative to provide visible indication of recognized symbols in response to an input from the server.
  • the at least one terminal includes a keyboard for the input of function commands.
  • the characteristics of the handwriting of the user include a mapping of hand movements
  • the reference characteristics include a reference mapping of hand movements for the user.
  • the successful communica ⁇ tion is not conditional on any other user input in order to achieve security.
  • the successful commu ⁇ nication is not conditional on use of any additional system resources in order to achieve security.
  • a method for providing a secure computer system including providing at least one node connected to a communications network, and providing a pen input device providing an output to the at least one node, the node including handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing the characteristics with reference characteristics, whereby successful communica ⁇ tion is conditional on successful conversion of the output of the pen into writing characters.
  • a method for providing a secure computer communications system including providing a communications network, providing at least one terminal coupled to the communications network, providing at least one server coupled to the communications network, and providing a pen input device communicating via the at least one terminal with the server, and wherein the server includes handwriting recognition apparatus operative to receive the output of the pen and during substantially the entire duration of the data input from the pen to convert the output of the pen into writing characters, by recognizing the characteristics of the handwriting of a user of the pen and comparing them with reference characteristics, whereby successful communication of information via the server is conditional on successful conversion of the output of the pen into writing characters.
  • Fig. 1 is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention
  • Fig. 2 is a simplified block diagram illustra ⁇ tion of a preferred embodiment of a portion of the appa ⁇ ratus of Fig. 1 ;
  • Fig. 3 is a schematic diagram of a preferred embodiment of the apparatus of Fig. 2;
  • Fig. 4 is a simplified pictorial illustration of a preferred embodiment of the pen 2 of Fig. 1;
  • Figs. A and B a re a pictorial illustration of a preferred implementation of the switch 85 of Fig. 4;
  • Fig. 6 is a schematic diagram of a preferred implementation of the printed circuit board 105 of Fig. 4;
  • Fig. 7A is a simplified block diagram illustra ⁇ tion of a preferred implementation of the server 35 of Fig. 1;
  • Fig. 7B is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 240 of Fig. 7A;
  • Fig. 8 is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A.
  • Appendix A is a specification listing useful in understanding the apparatus of Fig. 4;
  • Appendix B is a netlist of the apparatus of Fig. 6;
  • Appendix C is a part list of the apparatus of Fig. 6.
  • Fig. 1 is a simplified pictorial illustration of a secure computer system constructed and operative in accordance with a preferred embodiment of the present invention.
  • the system of Fig. 1 comprises a terminal 10.
  • the terminal 10 preferably comprises a display screen 1 and a plural ⁇ ity of data input keys 20.
  • the terminal 10 is sufficiently small to be portable.
  • the terminal 10 is described in more detail below with reference to Fig. 2.
  • the terminal 10 is operatively attached to a movement-sensing pen 25. operative to write on any appro ⁇ priate surface such as a sheet of paper 27.
  • the pen 2 is described in more detail below with reference to Fig. 4.
  • the pen 25 and the terminal 10 are shown in Fig. 1 as being operatively attached via a cable, but it is appreciated that any appropriate method of attachment as, for example, wireless communication, may be used.
  • the terminal 10 comprises data communication apparatus (not shown in Fig. 1) which is operative to provide a data communication connection 30 to a server 35-
  • the data communication connec ⁇ tion 30 is a remote data communication connection and may be any appropriate remote data connection such as, for example, a modem connection over switched telephone line or a modem connection over a dedicated telephone line.
  • the data communication connection 30 may be a local connection and the server 35 may be located locally to the terminal 10.
  • the server 35 may be any appropriately pro ⁇ grammed computer.
  • the server 35 comprises a handwriting recogni ⁇ tion database 40.
  • the handwriting recognition database 40 comprises a per-person, per-symbol database identify ⁇ ing handwriting characteristics for each of a plurality of persons, and, for each person, for each of a plurality of symbols.
  • the per-person, per-symbol database is described in more detail below with reference to Fig. 8.
  • the server 35 is located in a secure location 42.
  • the secure location 42 restricts access to the server 35 and thus enhances security with the system of Fig. 1 by preventing tampering with the database 40 or with other aspects of the server 35-
  • the system of Fig. 1 also preferably comprises other nodes 44 which, together with the terminal 10 and the server 35. comprise nodes of a communications net ⁇ work.
  • a user establishes a connection with the server 35 through the terminal 10, using the data input keys 20 for data entry.
  • Establishing a connection includes providing the identity of the user, typically by entering a personal identification number (PIN) using the data input keys 20.
  • PIN personal identification number
  • any means of providing the identity of the user may be employed, such as, for example, the following means which are well-known in the art: signature recognition; electronic key or electronic card based recognition; fingerprint identifi ⁇ cation; retina identification; or any other means of identification.
  • the server 35 receives the connection request from the terminal 10, verifies the identity of the user, and, if the identity is verified successfully, establish ⁇ es a connection with the terminal 10. Typically, the server 35 displays a message on the screen 15 indicating that a connection has been established.
  • the user employs the terminal 10 and the pen 2 ⁇ for data entry, which data is transmitted to the server.
  • the terminal 10 and the pen 2 ⁇ for data entry, which data is transmitted to the server.
  • Typical ⁇ ly a combination of data entry via the data input keys 20 and via the pen 25 is employed, although it is possi ⁇ ble to employ the pen 25 alone.
  • the user employs the pen 25 to write on a surface such as the paper 27-
  • the pen 25 is operative to sense movement of the pen 25 and to transmit signals representing the movement to the terminal 10, which in turn transmits the signals via the data communication connection 30 to the server 3 -
  • the server 35 employs handwriting recognition techniques, as described below with reference to Fig. 8.
  • the handwriting recognition techniques employ the per- person, per-symbol database 40 to identify, for the person previously verified as the user, the most likely symbol written.
  • the handwriting recognition tech- niques also use a dictionary of words to provide word- level recognition, and linguistic analysis to recognize phrases and sentences .
  • the server 35 typically transmits the recognized symbols to the termi ⁇ nal 10 for display on the screen 15, to provide feedback to the user.
  • recognition is based on hand movements which are unique to a given individual.
  • the server 35 recognizes the symbols written based on the per-person, per-symbol characteris ⁇ tics stored in the database 40.
  • the server 35 will not correctly recognize the symbols since the unauthorized other person will employ different hand movements than the verified user.
  • the server 35 may make a determina ⁇ tion that the user is unauthorized, that is, is not the verified user, based on any appropriate criteria such as, for example: inability of the server 35 to recognize more than a minimum percentage of symbols input, which minimum percentage may vary from individual to individual and from application to application according to the security level required; significant misrecognition determined at the word level, based on more than a maximum percentage of words that are not in the dictionary being recognized; or any other appropriate criterion.
  • the system will ipso facto cease to operate in response to pen input by the user and thus no determi ⁇ nation by the server 35 i necessary.
  • the various functions assigned above to the server 35 may alternatively be performed within the terminal 10, in which case the various elements of the server 35 would be incorporated into the terminal 10. Further alternatively, it is appreciated that the pen 25 may be located locally to the server 35 and may be directly connected thereto without use of a terminal 20 or a communication link 30.
  • FIG. 2 is a simplified block diagram illustration of a preferred embodiment of a portion of the apparatus of Fig. 1.
  • the apparatus of Fig. 2 comprises the terminal 10 of Fig. 1.
  • the apparatus of Fig. 2 comprises the display 15. comprising a display subsystem such as, for example, a PC0024-A LCD module, commercially available from Power- tip Technology Corporation, N° 18 - 3 Nan 2 nd Rd. T.E.P.Z. , Tanzu, Taichung, Hsien, Taiwan, R.O.C. It is appreciated that another display subsystem, such as a subsystem with graphics capability, may also be used.
  • a display subsystem such as, for example, a PC0024-A LCD module, commercially available from Power- tip Technology Corporation, N° 18 - 3 Nan 2 nd Rd. T.E.P.Z. , Tanzu, Taichung, Hsien, Taiwan, R.O.C.
  • another display subsystem such as a subsystem with graphics capability, may also be used.
  • the apparatus of Fig. 2 also comprises the data input keys 20, comprising a keyboard module such as, for example, a 88BB2-072 keyboard 4 4 matrix module, com ⁇ surgeally available from Grayhill, Inc., 61 Hillgrove Ave., La Grange IL 60525-0373. USA.
  • a keyboard module such as, for example, a 88BB2-072 keyboard 4 4 matrix module, com ⁇ surgeally available from Grayhill, Inc., 61 Hillgrove Ave., La Grange IL 60525-0373. USA.
  • the apparatus of Fig. 2 also comprises a pen interface module 45. which is operative to provide an electronic data connection between the terminal 10 and the pen 25.
  • the pen interface module 45 may be any suitable interface as, for example, a commercially avail ⁇ able RS-232 interface with associated line driver.
  • the apparatus of Fig. 2 further comprises a microcontroller 0 which is operative to control opera ⁇ tions of the terminal 10 and to control two-way communi ⁇ cations with the server 35 «
  • the microcontroller may be any suitable microcontroller such as, for example, a PIC17C42 high-performance 8 bit EPR0M microcontroller, commercially available from Microchip Technology Inc., 2311 West Chandler Blvd. , Chandler, AZ 85224-6199. USA.
  • the apparatus of Fig. 2 further comprises a communication module 55. suitable to provide the data connection 30 over the medium being used for the data connection 30.
  • a suitable communication module 55 com ⁇ prises the AKl4-D007 ⁇ OOl , commercially available from Rockwell International, Digital Communication Division, 4311 Jamboree Road, P.O. Box C, Newport Beach, CA, 92658- 8902, USA.
  • the microcontroller 50 is preferably connected to the other elements of Fig. 2 as follows: to the display 15 via both data and control connections ; to the data input keys 20 via a data connec ⁇ tion ; to the pen interface module 45 via a data connection; and to the communication module 55 via both data and control connections.
  • the apparatus of Fig. 3 may also comprise a memory module (not shown) .
  • the terminal 10 may be operative to store signals received from the pen 2 and/or commands received from the data input keys 20, and transmit the same at a later time. It is appreciated that, in this case, the terminal 10 may be used for standalone input and may not actually be con ⁇ nected to the data communication connection 30 at the time of input.
  • FIG. 3. is a schematic diagram of a preferred embodiment of the appa ⁇ ratus of Fig. 2.
  • the diagram of Fig. 3 is self-explana ⁇ tory.
  • FIG. 4 is a simplified pictorial illustration of a preferred embodi ⁇ ment of the pen 25 Fig. 1.
  • the apparatus of Fig. 4 comprises a top case 60, a bottom case 65, and a supporting element 70 all preferably formed of plastic.
  • the apparatus of Fig. 4 also comprises a refill holder 75. preferably formed of plastic and shaped to hold a standard pen refill 80.
  • the apparatus of Fig. 4 further comprises a switch 8 .
  • the switch 85 is positioned relative to the refill holder 75 such that, when a user of the pen 10 presses the tip of the refill 80 against a surface, the refill holder 75 actuates the switch 85.
  • the switch 85 when actuated, sends a signal to a microcontroller 100.
  • the switch 85 is preferably formed of silicone rubber, with key travel of 0.2 mm, activation force 20 30 gram, activation time less than 1 millisecond, and maximum contact resistance 500 ohm.
  • FIGs. 5A and B are pictorial illustrations of a preferred implementation of the switch 85 of Fig. 4.
  • the apparatus of Figs. A and B comprises the switch 85, the refill holder 75. and the pen refill 80.
  • the switch 85 is depicted in a state where the pen refill 80 is not in contact with a surface.
  • Fig. ⁇ B the switch 85 is depicted in a state where the pen refill 80 is in contact with a surface, such that the refill holder 75 actuates the switch 85.
  • the apparatus of Fig. 4 also comprises a 3" dimensional accelerometer 90, which is operative to sense accelerations in three mutually orthogonal directions and to output a signal representing the sensed accelerations.
  • the accelerometer 90 is preferably located as close as possible to the tip end of the pen
  • the accelerometer 90 may, for example, be an ACH-04-08, commercially available from AMP Sensors, Inc. , P.O. Box 799. Valley Forge, PA 19482, USA, modified according to the specifications found in Appendix A. Such modified accelerometers are commercially available from BarOn Technologies Ltd. , Gutwirth Science Park, Technion City, Haifa 32000, Israel.
  • a single accelerometer or three accelerometers mounted mutually orthogonally to each other may be used.
  • the apparatus of Fig. 4 also includes an opera ⁇ tional amplifier 95.
  • an opera ⁇ tional amplifier 95 such as a LMC 6464, commercially available from National Semiconductor Corporation, 2900 Semiconductor Drive, Santa Clara, CA 95052-8090, USA.
  • the microcontroller 100 preferably includes an analog-to-digital converter.
  • An example of a suitable microcontroller is the PIC16C71. commercially available from Microchip Technology Inc., referred to above.
  • the apparatus of Fig. 4 also comprises a print ⁇ ed circuit board (PCB) 105.
  • the switch 85. the acceler ⁇ ometer 90, the operational amplifier 95. and the micro ⁇ controller 100 are all mounted on the printed circuit board 105-
  • Fig. 6 is a schematic diagram of a preferred implementa ⁇ tion of the printed circuit board 105-
  • Appendix B which is a netlist of the apparatus of Fig. 6, and to Appendix C, which is a part list of the apparatus of Fig. 6.
  • Fig. 6 is self- explanatory with regard to Appendices B and C.
  • the apparatus of Fig. 4 also comprises a cable 110, preferably having a strain relief apparatus 115. and terminating in a data connector 120.
  • the data connector 120 may be any appropriate data connector, and is typi ⁇ cally an RS-232 connector.
  • the accelerometer 90 measures movement of the pen 2 and sends signals representing the acceleration to the operational amplifier 95.
  • the opera ⁇ tional amplifier 95 amplifies the signals and sends them to the microcontroller 100.
  • the switch 85 sends signals indicating whether the refill 80 is in contact with a surface to the microcontroller 100.
  • the microcontroller 100 digitizes the received signals and sends digital signals through the cable 110 and connector 120.
  • the signals preferably comprise an indication of whether the refill 80 is in contact with a surface, as indicated by the position of the switch 85.
  • the signals also comprise movement data based on acceler ⁇ ations measured by the accelerometer 90.
  • the signals sent by the microcontroller 100 comprise approxi ⁇ mately 100 samples per second.
  • the pen 25 receives electrical power through the cable 110 from the data connector 120.
  • a particular advantage of the present invention is that continuous security by means of continuous handwriting recognition of the indi ⁇ vidual using the system may occur repeatedly or continu ⁇ ously during use of the system rather than occurring only at the beginning of a session. It is also appreciated that a particular advantage of the present invention is that the security criterion is based on a biometric characteristic and, unlike systems based on a PIN or password, is not based on something known by a user, but rather on characteristics of the user himself.
  • Fig. 7A is a simplified block diagram illustration of a preferred implementation of the server 35 of Fig. 1.
  • the elements of Fig. 7 comprise functional components of the server 35. and are typically implemented in software, but may be implemented in a combination of software and hardware or in hardware.
  • the apparatus of Fig. 7A comprises a terminal communication module 200, which is operative to transmit data in both directions between the terminal 10 of Fig. 1 and the apparatus of Fig. 7A.
  • the data received from the terminal 10 may comprise signals representing movement or acceleration of the pen 25; the status of contact between the pen 25 and the surface 27; and commands representing entries made on the data input keys 20.
  • the terminal communication module receives data to be sent to the terminal 10 from a control module 240 described below, and supplies data received from the terminal 10 to the control module 240.
  • the terminal communication module 200 may utilize conventional methods which are well known in the art.
  • the apparatus of Fig. 7A also comprises a handwriting recognition module 210.
  • the handwriting recognition module 210 has a plurality modes of opera ⁇ tion, comprising training mode and recognition mode.
  • the operation of the hand ⁇ writing recognition module 210 is as follows.
  • the user writes symbols from a pre-arranged script known to the handwriting recognition module 210, and the associated symbols appear on the display 15 of Fig. 1 during the writing.
  • the pre-arranged script contains several repetitions of each symbol.
  • the symbols should occur in different parts of the word, such as beginning, mid ⁇ dle, and end, throughout the pre-arranged script.
  • the handwriting recognition module 210 is operative to pro ⁇ quiz the database 40 based on the movement data received during training mode.
  • the database 40 may be produced other than in training mode.
  • the database 40 may be externally loaded into the server 35 based on a similar process of training which occurred with other equipment.
  • the other equipment may be similar to the system of Fig. 1 or may omit the terminal 10 and comprise the pen 25 and the server 35-
  • the operation of the handwriting recognition module 210 is as follows.
  • the handwriting recognition module 210 receives a message from the control 240 indicating the identity of the user.
  • the handwriting recognition module 210 is then operative to receive signals representing movement of the pen 25 and pen-surface contact of the pen 25 with the surface 27, through the terminal 10, from the control 240.
  • the handwriting recognition module 210 is operative to produce text based on the received signals and to send the text to the control 240.
  • the handwriting recognition module 210 is also operative to determine an index of likelihood for the produced text, the index of likelihood representing the likelihood that the produced text is the correct interpretation of the movements of the pen 25 which produced the received signals.
  • the index of likelihood preferably includes an indication, such as a likelihood of 0, that handwriting can not be recognized at all, so that no meaningful text is pro ⁇ quizd.
  • the handwriting recognition module is also operative to send the index of likelihood to the control module 240. The operation of the handwriting recognition module 210 is described more fully below with reference to Fig. 8.
  • the apparatus of Fig. 7A also comprises one or more applications 230.
  • Each application 230 may be any appropriate computer application, capable of running on the server 35. and preferably having network communica ⁇ tion capabilities. Examples of suitable applications include the following: electronic mail applications; bi-directional paging and messaging applica ⁇ tions ; network services applications, such as Internet applications; and other applications.
  • Each application 230 is operative to receive text input from the control module 240, representing text produced by the handwriting recognition module 210. Each application 230 is also operative to send output to the control module 240, for forwarding through the terminal communication module 200 to the terminal 10.
  • the apparatus of Fig. 7A also comprises a control module 240.
  • the control module 240 is operative as described above to send and receive data to and from the terminal communication module 200, the handwriting recognition module 210, and the applications 230.
  • the control module 240 is operative, when receiving data, to determine the destination of the data and to forward the data to the appropriate destination. For example, when receiving data from the terminal commu ⁇ nication module 200 representing movement of the pen 25, the control module 240 is operative to send the data to the handwriting recognition module 210. When receiving data from the terminal communication module 200 repre ⁇ senting a press of one or more of the data input keys 20 indicating a command sequence, the control module 240 is operative to carry out the command received.
  • control module 240 is operative to determine whether data received from the terminal communication module 200 represents movement of the pen 25 or a press of one or more of the data input keys 20 by examining the data received.
  • data received from the terminal communication module 200 For example, a particular binary or hexadecimal sequence, for example hexadecimal FF, might be used to indicate a key press in the follow ⁇ ing one or more bytes of data, while all other values ranging from hexadecimal 00 to hexadecimal FE might be used to indicate pen movement data.
  • the control module 240 is also operative, based on the index of likelihood received from the handwriting recognition module 210, to determine whether the present user of the pen 25 is not the identified user.
  • control module 24 ⁇ is operative to make the determination that the present user is not the identified user based on a comparison of the likeli ⁇ hood received with a minimum likelihood criterion.
  • the minimum likelihood criterion comprises a minimum likelihood level and minimum duration of time below said minimum likelihood level, so that a determina ⁇ tion that the present user is not the identified user would typically be based on the likelihood level being below the minimum likelihood level for at least the minimum duration of time.
  • the minimum likelihood criterion may vary with respect to requirements of a particular application 230, described below, or may vary according to the identified user.
  • the variation according to the identified user is believed to increase the level of accuracy of security achieved because some users write in a more consistent way than other users, so that the more consistent users can be expected to produce a higher index of likelihood, and hence may be assigned a higher minimum likelihood criterion, than the less consistent users.
  • control module 240 Upon making a determination that the present user is not the identified user, the control module 240 is preferably operative to take some action to secure communications, typically to command the terminal commu ⁇ nication module 200 to end the communication session with the terminal 10.
  • Fig. B is a simplified flowchart illustration of a preferred method of a portion of the operation of the control module 24 ⁇ of Fig. 7A.
  • the method of Fig. 7B is a preferred method for determining whether the present user of the pen 25 is not the identified user.
  • the method of Fig. 7B is self-explanatory with respect to the above discussion of Fig. 7A.
  • control module 240 takes some action to secure communication, it is appreciated that, since the handwriting recognition module 210 will not correctly recognize the symbols written by the unauthorized person, the system will ipso facto cease to operate in response to pen input by the user, and no determination by the control module 240 is necessary.
  • Fig. 8 is a simplified flowchart illustration of a preferred method of operation of the handwriting recognition module 210 of Fig. 7A.
  • the method of Fig. 8 preferably includes the following steps:
  • STEP 3 0 Receive accelerometer data. Accel ⁇ erometer data is received from the control module 240.
  • the accelerometer data comprises data points representing sampling of the acceleration measured by the pen 25- Preferably, the sampling rate is approximately l600 data points per second, averaged over 16 points, producing an output of approximately 100 data points per second.
  • STEP 315 Identify individual symbols and words.
  • the data from the previous step is divided into data representing individual symbols.
  • the status which comprises the status of "pen up” is termed herein "pen not down".
  • the number of consecutive data points with status of "pen not down”, which data points represent a particular duration of the status "pen not down” is taken to indicate the end of a symbol or of a word.
  • the duration of status "pen not down” within a range from 200 milliseconds to 400 milli ⁇ seconds is taken to indicate the end of a symbol.
  • Dura ⁇ tion of the status "pen not down” in the range from 800 milliseconds to 1200 milliseconds is typically taken to indicate the end of a word.
  • the end of a symbol or of a word may be indicated by data points which represent pen movements that are not part of a symbol, or by other means .
  • STEP 330 Filter accelerometer data.
  • the accelerometer data received from the previous step is filtered in order to remove noise.
  • the filtering may be accomplished by iterative smoothing of adjacent points until the total change in the signal due to a smoothing operation is less than the desired accuracy of the data, or by other suitable means.
  • STEP 400 For each prototype in the per-person per-symbol acceleration prototype database, build an index of comparison between the sample and the prototype.
  • STEP 410 Create a list of probable symbols sorted by likelihood. Based on the index of comparison generated in step 400, a single list of probable symbols sorted by likelihood is generated.
  • STEP 420 Choose the correct symbols and the correct word based on the list, the database of previous confusions, a dictionary, and linguistic rules. The symbols with greatest likelihood are the candidates from which the correct symbol is chosen.
  • the database of previous confusions provides information that allows the correction of the choice of the correct symbol based on previous incorrect identifi ⁇ cations .
  • An indication of the end of each word has been passed as output since step 315. described above. Based on the indication, the most likely word, comprising the most likely identifications for each symbol in the list, is identified.
  • step 315 may be optional .
  • the most likely word is checked against the dictionary.
  • the dictionary comprises both a general dictionary used for all users of the system and a personal dictionary for each user of the system. If an entry exists in the dictionary for the most likely word, the word is chosen as the correct identification.
  • STEP 440 Update database of previous confu ⁇ sions. Based on a manual correction entered by the user or an automatic correction based on the dictionary and/or on the application of linguistic rules, the database of previous confusions is updated. Based on a manual cor ⁇ rection, the personal dictionary is also updated if the corrected word is not found in the dictionary.
  • STEP 450 Update per-person per-symbol accel ⁇ eration prototype database. The new prototype from the previous step are stored in the per-person per-symbol acceleration prototype database.
  • Step 460 Output recognition information.
  • the sorted list of likely words output by the previous step is output to the control module 240.
  • the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form.
  • the software components may, generally, be implemented in hardware, if desired, using conventional techniques.
  • V os/orr Gate-Source Cutoff Voltage
  • Output impedance is user selected.
  • Nominal sensitivity will typically change ⁇ 5% over this range .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Multimedia (AREA)
  • Computing Systems (AREA)
  • Collating Specific Patterns (AREA)
  • Character Discrimination (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

Cette invention porte sur un système informatique protégé comportant au moins un noeud connecté à un réseau de communications et un dispositif d'entrée à stylo fournissant des données de sortie audit noeud, lequel comprend un appareil de reconnaissance d'écriture manuscrite fonctionnant de façon à recevoir les données de sortie du stylo et, durant quasiment tout le temps de l'introduction des données par le stylo, les convertir en caractères d'écriture, ce qui est rendu possible par la reconnaissance des caractéristiques de l'écriture manuscrite de l'utilisateur du stylo et leur comparaison avec des caractéristiques de référence. De ce fait, le succès de la communication dépend de la conversion réussie des données de sortie du stylo en caractères d'écriture.
PCT/IL1996/000133 1995-10-31 1996-10-28 Dispositif de securite continue axe sur un code de mouvement WO1997016799A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU73305/96A AU7330596A (en) 1995-10-31 1996-10-28 Continuous security system based on motion code

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL115836 1995-10-31
IL11583695A IL115836A0 (en) 1995-10-31 1995-10-31 Continuous security system based on motion code

Publications (2)

Publication Number Publication Date
WO1997016799A2 true WO1997016799A2 (fr) 1997-05-09
WO1997016799A3 WO1997016799A3 (fr) 2001-09-13

Family

ID=11068137

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL1996/000133 WO1997016799A2 (fr) 1995-10-31 1996-10-28 Dispositif de securite continue axe sur un code de mouvement

Country Status (3)

Country Link
AU (1) AU7330596A (fr)
IL (1) IL115836A0 (fr)
WO (1) WO1997016799A2 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999046909A1 (fr) * 1998-03-12 1999-09-16 Johan Ullman Dispositif d'entree de signes dans un telephone cellulaire
WO2000057349A1 (fr) * 1999-03-24 2000-09-28 British Telecommunications Public Limited Company Systeme de reconnaissance d'ecriture manuscrite
WO2001077796A3 (fr) * 2000-04-10 2003-01-23 Digital Ink Inc Utilisation d'informations manuscrites
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
EP1736908A3 (fr) * 2005-06-20 2008-05-28 Samsung Electronics Co., Ltd. Procédé d'authentification d'un utilisateur utilisant un module d'appareil photographique et un terminal mobile

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7268774B2 (en) 1998-08-18 2007-09-11 Candledragon, Inc. Tracking motion of a writing instrument
US7257255B2 (en) 2001-11-21 2007-08-14 Candledragon, Inc. Capturing hand motion

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5544257A (en) * 1992-01-08 1996-08-06 International Business Machines Corporation Continuous parameter hidden Markov model approach to automatic handwriting recognition
US5903668A (en) * 1992-05-27 1999-05-11 Apple Computer, Inc. Method and apparatus for recognizing handwritten words
WO1994015272A1 (fr) * 1992-12-22 1994-07-07 Morgan Michael W Systeme d'enseignement electronique commande par stylooptique
US5561446A (en) * 1994-01-28 1996-10-01 Montlick; Terry F. Method and apparatus for wireless remote information retrieval and pen-based data entry
US5615277A (en) * 1994-11-28 1997-03-25 Hoffman; Ned Tokenless security system for authorizing access to a secured computer system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999046909A1 (fr) * 1998-03-12 1999-09-16 Johan Ullman Dispositif d'entree de signes dans un telephone cellulaire
WO2000057349A1 (fr) * 1999-03-24 2000-09-28 British Telecommunications Public Limited Company Systeme de reconnaissance d'ecriture manuscrite
US7054510B1 (en) 1999-03-24 2006-05-30 British Telecommunications Public Limited Company Handwriting recognition system
WO2001077796A3 (fr) * 2000-04-10 2003-01-23 Digital Ink Inc Utilisation d'informations manuscrites
GB2413425A (en) * 2004-04-23 2005-10-26 Hewlett Packard Development Co Biometric analysis method
GB2413425B (en) * 2004-04-23 2008-04-09 Hewlett Packard Development Co Biometric analysis system, methods, apparatus and software using biometric analysis
EP1736908A3 (fr) * 2005-06-20 2008-05-28 Samsung Electronics Co., Ltd. Procédé d'authentification d'un utilisateur utilisant un module d'appareil photographique et un terminal mobile

Also Published As

Publication number Publication date
AU7330596A (en) 1997-05-22
WO1997016799A3 (fr) 2001-09-13
IL115836A0 (en) 1996-01-19

Similar Documents

Publication Publication Date Title
EP0666543B1 (fr) Appareil d'entrée d'écriture manuscrite utilisant plus d'une technique de détection
US8781230B2 (en) Video-based biometric signature data collection
JP3004495B2 (ja) 手書き記号の認識方法
US6556694B2 (en) Digitizer stylus containing handwriting data
US6633282B1 (en) Ballpoint pen type input device for computer
US20050008148A1 (en) Mouse performance identification
US20090267896A1 (en) Input device
US20110285634A1 (en) Portable data entry device
EP1668670A2 (fr) Procede et appareil de capture et d'authentification d'informations biometriques a partir d'un instrument d'ecriture
CN101149804A (zh) 自适应手写识别系统和方法
JPH08507886A (ja) ハンドライティング読み取り装置
CN111680555A (zh) 一种智能手写笔迹识别系统
EP0681725A1 (fr) Dispositif de communication par image
Pirlo Algorithms for signature verification
US20020067350A1 (en) Wireless handwriting input device using graffitis and bluetooth
US20210345913A1 (en) System and Method for Detecting Handwriting Problems
WO1997016799A2 (fr) Dispositif de securite continue axe sur un code de mouvement
EP3989114B1 (fr) Système de reconnaissance d'écriture manuscrite en ligne
CN1435041A (zh) 移动通信设备
JP2004045844A (ja) 漢字書き順学習システム、漢字書き順判定プログラム、および漢字練習用紙
KR100901870B1 (ko) 전자펜 문자 인식율 개선 방법 및 그 시스템
JP2008123185A (ja) サイン認証システム及びサイン認証方法
CN112105018B (zh) 智能笔连接局域网的方法、装置、存储介质及智能笔
JP2005208729A (ja) 筆者識別方法及び筆者識別装置
KR101179203B1 (ko) 광학인식펜과 전용 수첩을 이용한 필기 메시지 전송 시스템

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): KE LS MW SD SZ UG AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG