A digital scanner is a computer device

DE202017104457U1 - Real-time user authentication with integrated biometric sensor - Google Patents

Real-time user authentication with integrated biometric sensor Download PDF

info

Publication number
DE202017104457U1
DE202017104457U1DE202017104457.2UDE202017104457UDE202017104457U1DE 202017104457 U1DE202017104457 U1DE 202017104457U1DE 202017104457 UDE202017104457 UDE 202017102014457UDE 202017104457 UDE202017104457
Authority
DE
Germany
Prior art keywords
user
computing
biometric data
heartbeat
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE202017104457.2U
Other languages
English (en)
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google LLC
Original assignee
Google LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US15 / 220,891priorityCriticalpatent / US10423768B2 / en
Priority to US15 / 220,891priority
Application filed by Google LLCfiledCriticalGoogle LLC
Publication of DE202017104457U1publicationCriticalpatent / DE202017104457U1 / de
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Left

  • 210000003462VeinsAnatomy0.000claimsabstractdescription83
  • 238000004590 computer programMethods0.000claimsabstractdescription25
  • 230000015654memoryEffects0.000claimsdescription25
  • 230000003287opticalEffects0.000claimsdescription14
  • 230000000875correspondingEffects0.000claimsdescription4
  • 238000000034methodsMethods0.000description15
  • 0C12 = C = [C] 3 (C [C @@] 45C3 [C @@ H] 3C64CC (C (CC1) [C] 536C) CC2) (C *) CChemical compoundC12 = C = [C] 3 (C [C @@] 45C3 [C @@ H] 3C64CC (C (CC1) [C] 536C) CC2) (C *) C0.000description9
  • 238000010586diagramsMethods0.000description7
  • 239000000203mixturesSubstances0.000description5
  • 230000004044responseEffects0.000description4
  • 210000004369BloodAnatomy0.000description2
  • 208000004638Cumulative Trauma DisordersDiseases0.000description2
  • 239000008280bloodSubstances0.000description2
  • 239000000969carriersSubstances0.000description2
  • 239000008264cloudsSubstances0.000description2
  • 230000003993interactionEffects0.000description2
  • 241000218641PinaceaeSpecies0.000description1
  • 230000036772 blood pressureEffects0.000description1
  • 239000004973 liquid crystal related substancesSubstances0.000description1
  • 235000013372meatNutrition0.000description1
  • 230000004048modificationEffects0.000description1
  • 238000006011 modification reactionsMethods0.000description1
  • 230000036633restEffects0.000description1
  • 230000000284 restingEffects0.000description1
  • 230000001953sensoryEffects0.000description1
  • 239000007787solidsSubstances0.000description1
  • 230000002459sustainedEffects0.000description1
  • 230000001360synchronisedEffects0.000description1
  • 230000036962time dependentEffects0.000description1
  • 230000000007 visual effectEffects0.000description1

Images

Classifications

    • G — PHYSICS
    • G06-COMPUTING; CALCULATING; COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F21 / 00 — Security arrangements for protecting computers, components thereof, programs or data against unauthorized activity
    • G06F21 / 30-Authentication, i.e. establishing the identity or authorization of security principals
    • G06F21 / 31 — User authentication
    • G06F21 / 32 — User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • A — HUMAN NECESSITIES
    • A61-MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61B-DIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5 / 00 — Measuring for Diagnostic Purposes; Identification of persons
    • A61B5 / 117 — Identification of Persons
    • G — PHYSICS
    • G06-COMPUTING; CALCULATING; COUNTING
    • G06K — RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9 / 00 — Methods or arrangements for reading or recognition printed or written characters or for recognition patterns, e.g. fingerprints
    • G06K9 / 00362 — Recognizing human body or animal bodies, e.g. vehicle occupant, pedestrian; Recognizing body parts, e.g. hand
    • H-ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L-TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63 / 00 — Network architectures or network communication protocols for network security
    • H04L63 / 08 — Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63 / 0861 — Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using biometrical features, e.g. fingerprint, retina scan
    • H-ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04W — WIRELESS COMMUNICATION NETWORKS
    • H04W12 / 00 — Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12 / 06 — Authentication
    • H04W12 / 065 — Continuous authentication
    • A — HUMAN NECESSITIES
    • A61-MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61B-DIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5 / 00 — Measuring for Diagnostic Purposes; Identification of persons
    • A61B5 / 0059-Measuring for Diagnostic Purposes; Identification of persons using light, e.g. diagnosis by transillumination, diascopy, fluorescence
    • A61B5 / 0062 — Arrangements for scanning
    • A — HUMAN NECESSITIES
    • A61-MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61B-DIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5 / 00 — Measuring for Diagnostic Purposes; Identification of persons
    • A61B5 / 02 — Detecting, measuring or recording pulse, heart rate, blood pressure or blood flow; Combined pulse / heart rate / blood pressure determination; Evaluating a cardiovascular condition not otherwise provided for, e.g. using combinations of techniques provided for in this group with electrocardiography or electroauscultation; Heart catheters for measuring blood pressure
    • A61B5 / 024 — Detecting, measuring or recording pulse rate or heart rate
    • A61B5 / 02416 — Detecting, measuring or recording pulse rate or heart rate using photoplethysmograph signals, e.g. generated by infra-red radiation
    • A — HUMAN NECESSITIES
    • A61-MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61B-DIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5 / 00 — Measuring for Diagnostic Purposes; Identification of persons
    • A61B5 / 02 — Detecting, measuring or recording pulse, heart rate, blood pressure or blood flow; Combined pulse / heart-rate / blood pressure determination; Evaluating a cardiovascular condition not otherwise provided for, e.g. using combinations of techniques provided for in this group with electrocardiography or electroauscultation; Heart catheters for measuring blood pressure
    • A61B5 / 024 — Detecting, measuring or recording pulse rate or heart rate
    • A61B5 / 0245 — Detecting, measuring or recording pulse rate or heart rate by using sensing means generating electric signals, i.e. ECG signals
    • A — HUMAN NECESSITIES
    • A61-MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61B-DIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5 / 00 — Measuring for Diagnostic Purposes; Identification of persons
    • A61B5 / 48 - Other medical applications
    • A61B5 / 4887 — Locating particular structures in or on the body
    • A61B5 / 489 — Blood vessels
    • G — PHYSICS
    • G06-COMPUTING; CALCULATING; COUNTING
    • G06K — RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9 / 00 — Methods or arrangements for reading or recognition printed or written characters or for recognition patterns, e.g. fingerprints
    • G06K9 / 00885 — Biometric patterns not provided for under G06K9 / 00006, G06K9 / 00154, G06K9 / 00335, G06K9 / 00362, G06K9 / 00597; Biometric specific functions not specific to the kind of biometric
    • G06K2009 / 00932 — Subcutaneous biometric features; Blood vessel patterns
    • G — PHYSICS
    • G06-COMPUTING; CALCULATING; COUNTING
    • G06K — RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9 / 00 — Methods or arrangements for reading or recognition printed or written characters or for recognition patterns, e.g. fingerprints
    • G06K9 / 00885 — Biometric patterns not provided for under G06K9 / 00006, G06K9 / 00154, G06K9 / 00335, G06K9 / 00362, G06K9 / 00597; Biometric specific functions not specific to the kind of biometric
    • G06K2009 / 00939 — Biometric patterns based on physiological signals, e.g. heartbeat, blood flow
    • H-ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L-TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63 / 00 — Network architectures or network communication protocols for network security
    • H04L63 / 08 — Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63 / 0853 — Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using an additional device, e.g. smart card, SIM or a different communication terminal

Abstract

Description

  • This description applies generally to the authentication of users of computing devices. The description relates in particular to real-time user authentication by means of biometric data collected by a biometric sensor integrated in a computing device.
  • GENERAL STATE OF THE ART
  • Authenticating a user of a computing device can be important to preserving the integrity, security, and privacy of information stored on and transmitted by the computing device. Generally, users are asked to provide authentication information (e.g., a password, PIN, etc.) before the user can log into the computing device, unlock the computing device, access a user account through the computing device, or otherwise use the computing device can be made available to the user by the user. However, once the proper authentication information has been provided, the user or another user, with or without the user's approval, can generally continue to use the computing device without the need to provide authentication information again, unless a threshold period of inactive time is exceeded, and the device is locked.
  • SUMMARY OF THE DISCLOSURE
  • In a first aspect, a computer program product comprises instructions which, when a program of the computer program product is executed by one or more processors of a computer device, cause the one or more processors to perform a method for authenticating a user while the user is using a human interface device ( i.e. a keyboard or a trackpad) of a computing device, the method including the acquisition of biometric data (i.e. heartbeat data or a vein scan) of the user from a biometric sensor integrated in a housing of the computing device, the biometric sensor in the Housing is integrated so that the biometric data is captured from one or more of the user's hands while the user's fingers interact with the human interface device of the computing device. The captured biometric data is compared to one or more data sets of biometric data associated with the user, and based on the comparison it is determined whether the captured biometric data meet a match condition with the one or more data sets of biometric data. If the captured biometric data meet the matching condition, the user is authenticated.
  • In another general aspect, a computing device includes a housing, a processor, memory, a human interface device (i.e., a keyboard or trackpad), and a biometric sensor incorporated into the housing. The biometric sensor is configured to collect biometric data (i.e., heart rate data or a vein scan) from one or more hands of a user of the device while the user's fingers interact with the human interface device. The memory stores executable commands, the execution of which by the at least one processor cause the computing device to compare the captured biometric data with one or more data sets of biometric data assigned to the user; Determining, based on the comparison, whether the captured biometric data meet a matching condition with the one or more data sets of biometric data; and authenticating the user if the captured biometric data meets the matching condition.
  • Implementations may include the user being continuously authenticated while the user otherwise interacts with the computing device, as well as one or more of the following features, alone or in any combination with one another. For example, the biometric sensor can be integrated into a palm rest portion of the housing of the computing device, and the biometric data can be captured from at least one palm of the user that is in contact with the palm rest portion of the housing. The one or more data sets of biometric data that are assigned to the user can contain a plurality of different data sets of biometric data that correspond to biometric data that were recorded by the user at different times.
  • The biometric data may include heartbeat data recorded over a period of time, the period of time including a time when the user enters a password into the computing device.
  • The computing device may include a display section and a base section hinged to the display section, with the human interface device being integrated into the housing of the base section.
  • The user can be logged out of the computing device if the captured biometric data does not meet the matching condition.
  • A message can be sent from the computing device to another computing device when the captured biometric data does not meet the matching condition, the message indicating that the captured biometric data does not meet the matching condition.
  • It can be determined that biometric data is not collected for a period of time that exceeds a first threshold, and based on the determination, the user can be prompted to place a palm on a palm rest portion of the housing. It may be determined that, upon prompting the user, no biometric data is collected for a period of time that exceeds a second threshold and based on the determination that the user can be logged off the computing device.
  • It can be determined that no biometric data is continuously collected for a period of time that exceeds a threshold, and based on the determination, the user can be prompted to remove the user's palms from a palm rest portion of the housing.
  • The heartbeat monitor may include one or more exposed, electrically conductive surfaces that are electrically coupled to circuitry configured to detect and monitor electrical signals present on the surfaces. When the user's palm (i.e., a portion of the user's hand other than the user's fingers) is brought into contact with the electrically conductive surface, electrical signals associated with the user's heartbeat can be detected and recorded.
  • At least one of the heart rate monitor and the vein scanner can be implemented optically and includes (a) a source of optical signals directed into the flesh of the palm of the user and (b) a detector of optical signals emitted from the meat of the user are reflected.
  • The computing device may include a network interface device that enables the computing device to access a network and provide at least one of the heartbeat and / or vein scan data collected locally by the device on a remote computing device that uses the provided heartbeat and / or vein scan data. or use wire scan data to authenticate the user to the remote computing device.
  • The details of one or more implementations are set forth in the accompanying drawings and description below. Other features will be apparent from the description and drawings and from the claims.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Figure 12 is a schematic / block diagram illustrating a computing device in accordance with an exemplary embodiment.
  • Figure 12 is a schematic / block diagram illustrating a computing device in accordance with an exemplary embodiment.
  • Figure 12 is a block diagram illustrating a computing device that can be used to implement real-time authentication of a user of the computing device based on biometric data collected by the computing device according to an exemplary embodiment.
  • Figure 12 is a flow diagram illustrating a method according to an exemplary embodiment.
  • FIG. 13 is a diagram illustrating a computing device and a mobile computing device that can be used to implement the techniques described herein in accordance with an exemplary embodiment.
  • DETAILED DESCRIPTION
  • As described herein, a biometric sensor, which can be a heartbeat monitor and / or a vein scanner, can be integrated into a housing of a computing device (e.g. a laptop computing device) in such a way that heartbeat data and / or vein patterns can be detected by a hand of a user of the computing device while the user is interacting with the device. For example, the heartbeat monitor and / or the vein scanner can be integrated in a part of the housing on which the hand of the user rests while the user is typing on a keyboard of the device or while the user is using a trackpad of the computing device. Heartbeat data and / or vein images can be collected inconspicuously while the user interacts with the device. The collected heartbeat data and / or vein images can be used to authenticate the user of the computing device. For example, different people can have different characteristic heartbeat patterns and / or vein patterns, so that the collected heartbeat / vein data can be compared with a stored heartbeat or vein pattern that is assigned to the user. The user can be authenticated if the collected heartbeat or vein pattern data meet a match condition with the starting heartbeat or the vein pattern associated with the user. In this way, the user can be continuously authenticated by the computing device while the user is otherwise interacting with the computing device.
  • Figure 13 is a block diagram illustrating a computing device in accordance with an exemplary embodiment. The computing device may include a heartbeat monitor and / or a vein scanner integrated into the housing of the device, the heartbeat monitor configured to capture heartbeat data and the vein scanner configured to capture images of a user's veins from a user of the machine while the user is using the machine. As shown in FIG. 4, the computing device includes a display and a base portion that are connected to one another by one or more hinges. For example, the display may include an LCD display and the display may include a touch screen. The display can be surrounded by a display bezel. The computing device may include one or more human interface devices, which may include, for example, a keyboard, a pointing device, a touch screen, and a mouse. The mouse can communicate with a processor in the housing of the computing device via a wireless connection or via a wired connection.
  • As shown in FIG. 13, the computing device also includes a housing that can be used to house the various components of the computing device. For example, a pointing device (e.g., a touch pad) can be integrated into the housing. The pointing device can be used by a user of the computing device to navigate the primary display to interact with the programming content displayed on the display. The keyboard can also be integrated in the housing. The housing contains one or more palm rest sections in which one or more heartbeat monitors and / or vein scanners are integrated. The heartbeat monitors and / or vein scanners are exemplary representations, which is why other arrangements are entirely possible. For example, the housing can contain an integrated heartbeat monitor scanner or vein scanner, while in other embodiments the housing can contain additional heartbeat monitor scanners and / or vein scanners.
  • The palm rest portion of the housing includes the portion of the housing between the keyboard and the edge of the housing that is distal to the display when the device is open when the display is on the hinge (s) away from the configuration is rotated in which the display and the base portion are arranged parallel to each other. The palm rest portion (s) can include the portion of the housing that is horizontally adjacent to the pointing device, and can also include the pointing device itself.
  • The heartbeat monitor and / or scanner can be implemented in the computing device in a number of ways. For example, a heartbeat monitor can include one or more exposed, electrically conductive surfaces that are electrically coupled to circuitry that is configured to detect and monitor electrical signals present on the surfaces. When the user's palm (i.e., a portion of the user's hand other than the user's fingers) is brought into contact with the electrically conductive surface, electrical signals associated with the user's heartbeat can be detected and recorded. A pattern of recorded heartbeat signals can be assigned to the user.
  • In other embodiments, a heartbeat monitor may be implemented optically and include a source of optical (e.g., infrared) signals directed into the flesh of the user's palm and a detector of optical signals reflected from the flesh of the user become. Since properties of the user's blood (e.g. density, speed, etc.) at the position of the heartbeat monitor change during a heartbeat cycle, the detected properties of the reflected light (e.g. amount of reflected light), which according to the time-dependent Properties of the user's blood vary, used to monitor and detect the pattern of the user's heartbeat. In still other embodiments, the heartbeat monitor can be implemented with other suitable technologies, or implemented with a combination of different types of probes, sensors, and circuitry.
  • In other embodiments, a vein scanner may be implemented optically and include a source of optical (e.g., infrared) signals directed into the flesh of the user's palm and a detector of optical signals emitted from the flesh of the user Be reflected by the user. The detector may include a multi-pixel detector that records record images of a pattern of veins in the user's hand where the veins are illuminated by the optical signals.
  • FIG. 13 is a schematic diagram of the computing device depicted in FIG. 11 in accordance with an exemplary embodiment. The computing device can correspond to the computing device and include the elements of the computing device described above. Correspondingly, the same elements in FIG. 13 as those in FIG. 13 have the same reference numerals. For the sake of brevity, elements shown in FIGS. 13 and 14 are no longer described in detail with respect to FIG.
  • As shown in FIG. 13, a user interacting with a human interface device (e.g., keyboard or pointing device) of the device can place his or her palms on the palm rest portion of the housing of the computing device. For example, while the user is typing on the keyboard, the user's palms can rest on the palm rest portions of the computing device. In this position, the heartbeat monitor integrated in the housing of the computing device can record heartbeat data from the user while the user is interacting with the computing device. In this position, the vein scanner integrated in the housing of the computing device can capture images of the veins of the user while the user is interacting with the computing device.
  • Figure 13 is a block diagram illustrating the system including a computing device that can be used to collect heartbeat data from a user of the device while the user interacts with the device according to an exemplary embodiment. As shown in FIG. 4, the computing device may include one or more heart rate monitors, one or more vein scanners, a clock, one or more human interface devices (e.g., a touch pad, keyboard, mouse), an operating system, a display device, a processor and memory that can be used in appropriate combinations to implement one or more user authentications based on heartbeat data and / or vein scans collected by the heartbeat monitor and / or vein scanner of the computing device. For example, the memory can be configured to store commands to implement a user heartbeat monitoring / vein scan and user authentication based on the monitored heartbeat data / vein scans on the computing device, while the processor can be configured to execute these commands to perform the monitoring and authentication to implement.
  • It should be understood that the elements of the system that are shown in Figure 4 to implement heartbeat monitors / vein scanning and user authentication are illustrative. In other embodiments, elements for implementing heartbeat monitoring and / or vein scanning may be added and / or omitted from the computing device. For example, the computing device can include a network interface device (not shown). This network interface device can allow the computing device to access a network and provide at least one of the heartbeat and / or vein scan data that is collected locally by the device on a remote computing device that the provided heartbeat / vein scan data at the remote Computing device to authenticate the user with an account associated with the remote computing device, etc. The network can take a number of forms, such as: E.g. a private network (e.g. a LAN) or a public network (e.g. the Internet).
  • The heartbeat monitor, which is integrated in a housing of the computing device, can be used to collect heartbeat data from a user while the user is using the computer. For example, while the user is interacting with a human interface device of the computing device (e.g., tapping one or more fingers of the user on a keyboard or moving a cursor with a touch pad on the device), heartbeat data may be collected from the heartbeat monitor. The heartbeat data can be collected over a period of time so that a pattern of the user's heartbeat can be determined from the collected data. The collected data can then be compared with one or more data sets of heartbeat data assigned to the user. In some implementations, the records of heartbeat data can be captured and stored in memory with the express consent of the user, e.g. B. after a positive response to a prompt on the display device that the user has the opportunity to record heartbeat data so that they can be used for real-time authentication of the user at a later point in time. Heartbeat data can be assigned to a specific user if the user links collected heartbeat data to himself, e.g. By logging into an account associated with the user (e.g., a local account associated with the computing device or a device-independent, cloud-based account) and then allowing the heartbeat monitor to collect heartbeat data from the user.
  • Heartbeat data collected by the heartbeat monitor can be compared with previously collected data sets of heartbeat data associated with the user. Since different people have different heartbeat patterns, the comparison of the collected data and the previously collected data can be used to authenticate the user, provided that the collected data and the previously collected data meet a matching condition. For example, the collected heartbeat data and the previously collected heartbeat data can include patterns that represent a blood pressure or voltage amplitude of the heart of the user over a period of time, the period of time including at least one heartbeat cycle. The collected data and the previously collected data can be compared using selection techniques, including, for example, normalizing the data and comparing a plurality of values ​​of the normalized heartbeat data collected into a plurality of normalized values ​​of the previously collected heartbeat data.
  • In an exemplary technique, the two data patterns can be normalized to a common mean pulse and their amplitudes normalized in a similar manner. The absolute value of the difference in the normalized amplitudes between the two patterns can then be integrated over a period of time which corresponds to at least a portion of a heartbeat cycle. If the integral value is smaller than a threshold value, or if the value of the integral value divided by the integral of one or the mean value of the pattern over the same period is smaller than a threshold value, the corresponding condition can be fulfilled. The user can be authenticated based on determining that the matching condition is met. If the matching condition is not met, a determination can be made that the user is not authenticated