Impulse sensors for biometric identification
Impulse wave measurements from multiple body locations create a unique biometric signature, addressing accuracy issues in biometric identification and enhancing user authentication by capturing subtle physiological differences.
Patent Information
- Authority / Receiving Office
- DE · DE
- Patent Type
- Patents
- Current Assignee / Owner
- LENOVO (SINGAPORE) PTE LTD
- Filing Date
- 2017-08-21
- Publication Date
- 2026-06-25
AI Technical Summary
Biometric identification systems face issues with false negatives and false positives, making it difficult to accurately authenticate users, and are vulnerable to impersonation through high-resolution image or voice manipulation.
The use of impulse wave measurements from multiple body locations, recorded and correlated to create a unique biometric signature, independent of measurement location and anxiety level, using sensors like LEDs or cameras to capture blood flow characteristics.
Enhances user authentication accuracy by leveraging subtle differences in impulse wave characteristics across different body points, providing a robust and unique biometric identification method.
Smart Images

Figure 00000000_0000_ABST
Abstract
Description
BACKGROUND Biometric identification is used in many situations. For example, security mechanisms often rely on or include the use of a biometric component, such as a fingerprint reader, iris scanner, voice recognition mechanism, image analysis / face capture mechanism, etc., which can be used to identify a specific user. For example, system access (e.g., login certification) might depend on biometric identification. In addition to security mechanisms, biometric identification is used to personalize a system or device. For example, biometric identification could be used to uniquely identify a specific user and then download the user's preferred device settings. Document US 2014 / 0196131A1 discloses a technology for authenticating a user based on a wrist vein pattern. Publication US 2015 / 0223731A1 describes methods for identifying and analyzing recurring transient physiological conditions using a portable data acquisition device. Document US 2015 / 0 288 810 A1 describes the authentication of users of a telephone call management system using a personal identification number, biometric methods and / or radio frequency methods. Publication US 2016 / 0366128A1 discloses a biometric authentication system that includes a centralized database in which biometric signature information is stored for user authentication. BRIEF SUMMARY The object of the present invention is to enable improved biometric identification of a user using one or more pulse sensors. This problem is solved by the subject matter of main claim 1 and dependent claims 11 and 20, which define the present invention. Preferred embodiments of the present invention are the subject of the dependent claims. In summary, one aspect provides a method according to claim 1. Another aspect is provided by a device according to claim 11. Another aspect is provided by a system according to claim 20. The foregoing is a summary and may therefore contain simplifications, generalizations and omissions of details; consequently, those familiar with the technique will recognize that the summary is merely descriptive and does not aim to be limiting in any way. For a better understanding of the embodiments, along with other and further features and advantages thereof, reference is made to the following description in conjunction with the accompanying drawings. The scope of the invention is set out in the appended claims. BRIEF DESCRIPTION OF THE MULTIPLE VIEWS OF THE DRAWINGS Fig. 1 shows an example of an information handling device circuit. Fig. 2 shows another example of an information handling device circuit. Fig. 3 shows an exemplary method of biometric identification using pulse data. Fig. 4 shows an exemplary system that uses pulse data for biometric identification. DETAILED DESCRIPTION It is readily apparent that the components of the embodiments, as generally described herein and shown in the figures, can be arranged and constructed in a wide variety of different configurations, in addition to the exemplary embodiments described. Therefore, the following detailed description of exemplary embodiments, as represented in the figures, is not intended to limit the scope of the embodiments as claimed, but only to illustrate exemplary embodiments. Any reference in this entire specification to "a single embodiment" or "an embodiment" (or similar) means that a particular feature, structure, or sign described in connection with the embodiment is included in at least one embodiment. Therefore, the appearance of the phrases "in a single embodiment" or "in an embodiment" or similar at different locations in this specification does not necessarily refer to the same embodiment. Furthermore, the described features, structures, or symbols can be combined in any suitable way in one or more embodiments. A multitude of specific details are provided in the following description to give a thorough understanding of the embodiments. However, a person skilled in the art will recognize that the different embodiments can be carried out without one or more of the specific details, or with or without methods, components, materials, etc. In other examples, known structures, materials, or methods are not shown or described in detail to avoid confusion. Many access control systems include a traditional authentication process using something you know (e.g., a password) or something you possess (e.g., a smart card), along with a third factor—something you are—which is a form of biometric authentication. This third layer of security comes in many variations, such as fingerprint authentication using fingerprint readers on laptops that log in with a simple swipe, iris scanners used as supplemental authentication for accessing security facilities, and so on. One drawback of biometric security measurements is the risk of false negatives or false positives. Accuracy issues can prevent a legitimate user from being clearly identified. Alternatively, an imposter could successfully impersonate a legitimate user by providing high-resolution images (when manipulating facial recognition systems) or recordings (in the case of voice manipulation based on an authentication system), thereby being identified as a valid user. One embodiment provides an alternative method of biometric identification that uses a sensor or sensors to measure user impulses at more than one body location, namely at two or more measurement points. In one embodiment, an impulse wave measurement is recorded and correlated with at least one other impulse wave measurement recorded at a different point or location. The biometric measurement data recorded using these measurement points are transformed into biometric signature data that is unique to each individual. The ability to uniquely identify and authenticate a user relies on subtle differences in the impulse wave characteristics and measured blood flow when recorded at different measurement points. Impulse wave recording techniques are capable of acquiring a significant number of intravenous heartbeat features (e.g., up to 15) based on human physiology. Intravenous heartbeat features may include, but are not necessarily limited to, impulse wave velocity as determined across multiple measurement points. Recorded features are unique due to the morphology and amplitudes of the recorded cardiac complexes, which are determined by multiple individual factors, particularly the shape and position of the heart, the individual's physical characteristics, and the presence and nature of pathologies, among others. Recorded impulse measurement data are independent of the measurement location (e.g., neck impulse, left or right impulse, temporal impulse, intraocular / eye impulse, etc.), independent of the individual's anxiety level, and unique to each individual. Impulse measurements can be collected using a variety of sensors, including remote cameras or wearable devices on the fingers, neck, temples, eyes, or by other similar means. It is also possible for a single wearable device to record impulses at multiple points. Biometric identification of a user may occur before or after allowing access to a device or secure source, or biometric identification may be performed continuously, intermittently, or as a progressive authentication process, e.g., throughout the entire time the user accesses the device or source. The exemplary embodiments shown are best understood by referring to the figures. The following description is intended only as an example and simply illustrates certain exemplary embodiments.While various other circuits, circuitry, or components are used in information handling devices, with respect to the mobile device circuit 100, an example shown in Fig. 1 comprises a system-on-a-chip design, which is found, for example, in many smaller or mobile computer platforms. Software and processor(s) are combined in a single chip 110. Processors include internal arithmetic units, registers, cache memory, buses, on / off ports, etc., as are well known in engineering. Internal buses and the like depend on different vendors, but essentially all peripheral devices (120) can be attached to a single chip 110. The circuit 100 combines the processor, memory control, and an on / off control node together in a single chip 110. Also, systems of this type 100 typically do not use SATA, PCI, or LPC. Common interfaces include, for example, SDIO and I2C. There are power management chips 130, e.g., a battery management unit (BMU), which supplies power, for example, via a rechargeable battery 140 that can be recharged by connecting to a power source (not shown). In at least one design, a single chip 110 is used to provide BIOS-like functionality and DRAM memory. The System 100 typically includes one or more WWAN transceivers 150 and WLAN transceivers 160 for connecting to various networks, such as telecommunications networks and wireless internet devices, e.g., access points. It also usually includes devices 120, which may be added based on a specific design. For example, additional devices 120 may include a sensor or sensors, such as an optical sensor like a camera and / or an infrared sensor, a light-emitting diode (LED), or other light-based sensors, as well as wireless short-range devices, e.g., Bluetooth wireless communication devices. The System 100 often includes a touchscreen 170 for data input and output / playback. The System 100 also typically includes various storage devices, e.g., flash memory 180 and SDRAM 190. Figure 2 shows a block diagram of another example of information handling device circuits, circuits, or components. The example shown in Figure 2 may correspond to computer systems such as those in the THINKPAD series of personal computers sold by Lenovo (US) Inc. of Morrisville, NC, or to other devices. As can be seen from the description herein, embodiments may include other features or only some features of the example shown in Figure 2. The example in Fig. 2 includes a so-called chipset 210 (a group of integrated circuits or chips that work together, chipsets) with an architecture that can vary depending on the manufacturer (for example, Intel, AMD, ARM, etc.). Intel is a registered trademark of Intel Corporation in the United States and other countries. AMD is a registered trademark of Advanced Micro Devices Inc. in the United States and other countries. ARM is an unregistered trademark of ARM Holding PLC in the United States and other countries. The architecture of the chipset 210 includes a core and memory control group 220 and an ON / OFF control node 250, which exchanges information (for example, data, signals, instructions, etc.) via a Direct Management Interface (DMI) 242 or a link control device 244. In Fig.2. The DMI 242 is a chip-to-chip interface (sometimes also referred to as a connection between a "northbridge" and a "southbridge"). The core and memory control group 220 comprise one or more processors 222 (for example, single-core or multi-core) and a memory control node 226, which exchange information via a front-side bus (FSB) 224. It should be noted that the components of the group 220 can be integrated on a single chip, replacing the conventional "northbridge"-like structure. One or more processors 222 include internal arithmetic units, registers, cache memory, buses, ON / OFF ports, etc., as are well known in engineering. In Fig. 2, the memory control node 226 forms interfaces with the memory 240 (for example, to provide support for a type of RAM memory that can be referred to as "system memory" or "memory"). The memory control node 226 also includes a differential low-voltage signaling (LVDS) interface 232 for a display device 292 (for example, a CRT, a flat panel display, a touchscreen, etc.). A block 238 includes several technologies that can be supported via the LVDS interface 232 (for example, serial digital video, HDMI / DVI, display connector). The memory control node 226 also includes a PCI Express (PCI-E) interface 234, which can support discrete graphics 236. In Fig. 2, the ON / OFF control node 250 includes a SATA interface 251 (for example, for HDDs, SSDs, etc. 280), a PCI-E interface 252 (for example, for wireless connections 282), a USB interface 253 (for example, for devices 284 such as a digitizer, keyboard, mouse, cameras, telephones, microphones, storage devices, biometric data recording devices, other connected devices, etc.).), a network interface 254 (for example, LAN), a GPIO interface 255, an LPC interface 270 (for ASICs 271, a TPM 272, a super on / off control node 273, a firmware node 274, BIOS support 275, and various types of memory 276 such as ROM 277, Flash 278, and NVRAM 279), a power management interface 261, a clock generator interface 262, an audio interface 263 (for example, for speakers 294), a TCO interface 264, a system management bus interface 265, and an SPI flash 266, which can contain a BIOS 268 and a boot code 290. The on / off control node 250 can have Gigabit Ethernet support. Once the system is powered on, it can be configured to execute a boot code 290 for the BIOS interface 268, as stored in the SPI flash 266, and subsequently processes data under the control of one or more operating systems and application software (stored, for example, in the system memory 240). An operating system can be stored in any number of different locations and accessed, for example, according to the instructions of the BIOS 268. As described herein, a device can contain fewer or more features than those shown in the system of Fig. 2. An information handling device circuit, such as that shown in Fig. 1 or Fig. 2, can be used in devices such as a wearable device (e.g., smartwatch, glasses) or a computing device (e.g., tablet, laptop, desktop) that receive user impulse data and use it to perform biometric identification of a user. For example, the circuit shown in Fig. 1 could be included in a wearable device such as a smartwatch that contains LED sensors to receive user impulse data, with inputs from sensors providing user impulse data being used to perform biometric identification. As another example, the circuit shown in Fig.The circuit shown in Figure 2 may be enclosed in a desktop or laptop computer, an onboard vehicle computer, or any secured device or source that receives user impulse data to perform biometric identification, e.g., from sensors placed on or observing a user. As will be evident from this description, other types of devices may be used. For example, the circuit shown in Figure 1 and / or Figure 2 may be enclosed in a smart TV or other media playback device, where user impulse data is derived from a camera, a portable device, or a combination of the foregoing and used to authorize access to such device. Turning to Fig. 3, one embodiment receives user impulse data at 301, e.g. from LED sensors arranged in a portable device, from a camera arranged in glasses or that effectively observes the user, etc. The user impulse data can include impulse data that allows inferences to be made about the user's identity. User impulse data can take a variety of forms. For example, the user impulse data obtained via 301 may include LED / light reflection data collected from LEDs enclosed in a portable device and wirelessly transmitted to a device such as an in-vehicle computer, a desktop or laptop computer, and / or a media player within the portable device's wireless range. The LED / light reflection data may indicate the relative width of a user's blood vessel at a measurement point at a specific time, or a change in the relative width of a user's blood vessel during a time window. As another example, the user impulse data could include image data captured by a camera or other sensor, such as an ultrasound sensor, where the image data allows for the inference or calculation of a user's impulse characteristics (e.g., pulse rate, pulse width ...B. Changes in blood vessel width at a given time or during a time window). As is evident to a person skilled in the art, different types of user impulse data can be combined to provide a biometric signature of a particular user. This biometric signature can be refined over time, e.g., by repeatedly collecting user impulse data and refreshing a user's biometric signature. The user impulse data obtained in 301 is used in 302 to determine whether it matches the expected user impulse data. This means the currently collected user impulse data obtained in 301 is compared to known user impulse data for a specific user to identify that user. The known user impulse data may be stored locally or accessed from a remote device. It may include a biometric signature or a profile generated based on historically collected user impulse data. If the user is identified, as described in 304, using the user impulse data obtained in 301—specifically, if the currently captured user impulse data (such as pulse wave data) is similar to or equivalent to the known user impulse data—the user may be granted access to a device, or may have continuous access to a device, or may have uploaded special settings (e.g., user-specific or customized settings), as described in 306. Conversely, if a user is not identified in 302, as described in 303, the lack of user identification may result in a request for further authentication data, as described in 305, and / or may lead to reduced device functionality. For example, a guest setting can be applied to a desktop computer or media player (e.g., smart TV) if a special user was not identified in a 302 request. Similarly, if a special user was not identified in a 302 request, a Valvet setting can be applied to an automotive computer or other vehicle-connected device (e.g., smartphone). The guest or Valvet setting can include reduced access to certain applications or device features. As a specific example, if a special user is identified in a 302 request, full device access or user-specific device access may be granted, allowing access to an address book, a communication application, and a navigation application, for example.In contrast, if a specific user is not identified in a 302 error, reduced functionality may be available for a given device. For example, an address book, a communication application, and a navigation application may be blocked until further or additional authentication is provided, as described in a 305 error. As described herein, biometric identification can be incorporated into a device's security mechanism, such as for a laptop or desktop computer, media player or smart TV, in-car computer, etc. Thus, if a user is identified using user impulse data, the device can provide certain user-specific functionalities. Conversely, if the specific user is not identified using user impulse data, reduced functionality or a guest setting can be applied, requiring further identification, such as using a password or alternative biometric identification methods (fingerprint reader, voice authentication system, etc.). User impulse data is acquired at two or more points to offer greater accuracy in user identification. For example, one embodiment can measure two or more different blood vessels of a user to obtain user impulse data for each. The two or more measurements are combined or correlated to further refine and improve biometric identification. In one embodiment, for example, two or more LEDs can be provided, e.g., on opposite sides of a wearable device such as a smartwatch, to acquire user impulse data at multiple locations. The impulse data for multiple locations can be compared (in terms of the time and magnitude of, for example, an impulse wave) to form a biometric signature for the user. As another example, a camera or other sensor can scan or acquire image data from two or more different blood vessels, e.g.,in the user's eye to derive user impulse data, e.g. impulse wave data, for use in the biometric identification of a user. One embodiment can obtain user impulse data for use at different times. For example, one embodiment can use user impulse data on a continuous basis. In a specific example, user impulse data can be obtained on 301, and a determination can be performed repeatedly on 302, for example, according to a strategy by which a user operates a device. Thus, the user can be granted access instantly (with or without the use of impulse-based biometric identification) and subsequently required to continue providing correct user impulse data to maintain the access threshold for the device. This allows the use of user impulse data to complement other types of security mechanisms that can be applied, such as...other biometric identification methods, smartcard security methods, alphanumeric password-based identification, etc. The use of impulse data in biometric identification can be applied in a wide variety of system types. Turning now to Fig. 4, an exemplary system 401 is presented. As shown, the system 401 can be a combination of: a device 402 (such as a computer device selected from the group consisting of a personal computer (e.g., tablet, laptop, desktop), a media device such as a smart TV, and an on-board computer of a vehicle (e.g., an on-board car computer)); and an impulse sensor 403 (such as a portable device, including LEDs / photodetectors, a camera, or other image sensors, etc.). The system 401 can include various other system components 404, e.g., peripheral devices that communicate with the device 402 and / or the impulse sensor 403, vehicle components such as an engine, wheels, etc. One embodiment uses pulse data to complement other biometric-based security measurements, e.g., for devices 402 such as computers. In one embodiment, biometric pulse data is used as one of several layers of biometric security for granting or denying access to a device 402 or a specific type of access to it. Data about a user's impulses can be collected by a variety of sensors; for example, an impulse sensor 403 can be integrated into a wearable device such as a smartwatch, glasses, etc. The impulse sensor(s) 403 provide dynamic biometric-based measurements, such as measurements of impulse wave data from two or more measurement points on the user. As described herein, a system 401 can learn the user's impulse data over time to form a biometric signature for that user. In one embodiment, impulses based on biometric data are used on a continuous basis. For example, in the case where several users share the same device 402, impulse data from one user can provide an additional clue to help determine the user's identity with respect to the current use of the device 402. For example, if a different driver is sitting in another user's car seat, the user's impulse data can be used to indicate that the user is different and not a match, as shown in Figure 302. For example, impulse wave data might not be accurate with respect to the user's expected impulse wave data. Thus, if the impulse data does not match the user's expected impulse data, different settings (e.g., vehicle settings) could be implemented; for example, the vehicle electronics could be put into a validation mode, the vehicle seats could be automatically moved or adjusted, the vehicle interior could be modified, etc. One embodiment provides continuous, periodic, or intermittent authentication using pulse data. For example, when the user works with the device 402 for a period of time, the user pulse data, as detected by a pulse sensor 403, is monitored. If the user pulse data changes significantly, the device 402 will automatically lock itself and request additional authentication. Alternatively, if a user's identity is questioned, instead of locking the device, it could enter a reduced privilege or guest mode in which, for example, only limited functionality is available without further authentication. As is evident to a person skilled in the art, different aspects can be embodied in a system, a process, or a device program product. Accordingly, aspects can take the form of a complete hardware implementation or an embodiment that includes software, which is generally referred to herein as a "circuit," "module," or "system." Furthermore, aspects can take the form of a device program product embodied in one or more device-readable media and containing device-readable program code. It should be noted that various functions described herein can be performed using instructions stored on a device-readable storage medium, such as a non-signal storage device, which are executed by the processor. A storage device may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or apparatus, or any suitable combination of the foregoing. Larger specified examples of a storage medium include the following: a portable computer disk, a hard disk, random access memory (RAM), read-only or programmable memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only storage (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.In the context of this document, a storage device is not a signal and, in a “non-transitory” sense, includes all media except signal media. Program code that is present on your storage medium can be transferred using a suitable medium, which includes but is not limited to wireless, wired, fiber optic cable, RF, etc., or any suitable combination of the foregoing. Program code can execute operations written in any combination of one or more programming languages. The program code can run entirely on a single device, partially on a single device, as a standalone software package, partially on a single device and partially on another device, or entirely on another device. In some cases, the devices may be connected by some kind of connection or network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made through other devices (for example, through the internet using an internet service provider), by wireless connection, such as near-field communication (NFC), or by a wired connection, such as a USB connection. This document describes exemplary embodiments with reference to the figures, which represent, for example, methods, devices, and program products according to different exemplary embodiments. It is understood that the actions and functionality can be executed, at least in part, by program instructions. These program instructions can be provided to a processor of a device, a special-purpose information handling device, or other programmable data processing devices to create a machine such that the instructions, executed by a processor of the device, perform the specified functions / actions. It is important to note that while certain blocks are used in the figures and a specific arrangement of blocks is shown, these are not limiting examples. In certain contexts, two or more blocks may be combined, a block may be divided into two or more blocks, or certain blocks may be rearranged or reorganized appropriately, as the examples explicitly shown are used for descriptive purposes only and are not to be interpreted as limiting. As used herein, the singular “ein” and “eine” can be interpreted as including a plural such as “one or more”, unless otherwise clearly indicated. This disclosure has been presented for illustrative and descriptive purposes, but it is not intended to be exhaustive or limiting. Many modifications and variations will be obvious to the person skilled in the art. The exemplary embodiments have been selected to describe the principles and practical applications, and to enable others with expert knowledge of the prior art to understand the disclosure of the different embodiments with different modifications, as suitable for the particular use under consideration. It is therefore understandable that this description, although exemplary embodiments shown herein are described with reference to the accompanying drawings, is non-limiting and that various other changes and modifications can be made to it by a person skilled in the art without deviating from the scope of protection and the spirit of the disclosure.
Claims
Method comprising: - Obtaining two or more biometric user pulse data from two or more measurement points, each measurement point being located at a different body location of a user, using one or more pulse sensors; - Transforming the two or more biometric user pulse data into the user's biometric signature data, wherein the transformation includes correlating the two or more biometric user pulse data; and - Identifying, using a processor, the user based on the biometric user signature data. The method of claim 1, further comprising an adjustment, using a processor, of a device based on the identified user. Method according to claim 2, wherein the adaptation includes granting access to the device. Method according to claim 2, wherein the adaptation comprises granting some type of access to the device. The method of claim 4, wherein granting a type of access to the device comprises granting access to a device feature selected from the group consisting of an address book, a communication application and a navigation application. The method of claim 1, wherein the user pulse data comprises pulse wave data. Method according to claim 1, wherein the obtaining comprises obtaining reflected light. Method according to claim 1, wherein the obtaining comprises obtaining image data. Method according to claim 1, wherein the two or more measuring points comprise two or more independent bloodstream measuring points. Method according to claim 9, wherein the two or more independent blood vessel measurement points comprise measurement points for two or more different blood vessels. The device comprises: - a pulse sensor; - a processor operationally coupled to the pulse sensor; and - a memory storing instructions executable by the processor for: - obtaining two or more biometric user pulse data from two or more measurement points on the pulse sensor, each measurement point being located at a different body location of the user; - transforming the two or more biometric user pulse data into the user's biometric signature data, the transformation including correlating the two or more biometric user pulse data; and - identifying the user based on the biometric user signature data. Device according to claim 11, wherein the instructions are further executable by the processor to adjust a setting of a device based on the identified user. Device according to claim 12, wherein the processor adjusts the device settings by granting access to the device. Device according to claim 12, wherein granting access comprises granting some type of access to the device. Device according to claim 14, wherein granting a type of access to the device is granting access to a device feature selected from a group consisting of an address book, a communication application and a navigation application. Device according to claim 11, wherein the user pulse data includes pulse wave data. Device according to claim 11, wherein the pulse sensor comprises one or more light-emitting diodes (LEDs). Device according to claim 11, wherein the pulse sensor comprises an image capture device. Device according to claim 11, wherein the two or more measuring points comprise two or more independent bloodstream measuring points. System comprising: - a pulse sensor; and - a device comprising: - a processor operationally coupled to the pulse sensor; and - a memory storing instructions executable by the processor to: execute a method according to any one of claims 1 to 10.