Method and device for behavioral biometric authentication

Abstract

The present invention relates to a method for behavioral biometric authentication of a user interacting with an application system by at least one interaction device, the method including: obtaining (530) values ​​of characteristic parameters of the user's behavior determined from events generated by the user's interaction actions with the interaction device; determining (540) a first score by applying a behavioral model of an authorized user to the values ​​of the characteristic parameters; determining (550) a second score by applying each of the behavioral models of reference users respectively to the values ​​of the characteristic parameters; and determining (560) a decision to authenticate the user as an authorized user based on the first score and the second score.

Description

[Technical Field] 【0001】 The present description relates to methods and devices for behavioral biometric authentication. [Background technology] 【0002】 In the context of video games, passwords are used to protect user accounts on game consoles. Many users use passwords to protect their accounts from access by others (such as friends or family). To enter a password, users must typically use an on-screen virtual keyboard (e.g., a television) that is navigated through their game console. 【0003】 When payment is required, the user can store their payment information in their account and set a password, which may be the account password or a password specific to the payment transaction to add an additional layer of security during payment (in case of console theft or to prevent others from purchasing games from their account). Such measures may result in the video game pausing or interrupting for the user when the user attempts to verify the transaction. Furthermore, the user cannot prevent payment even if another user tries to obtain their password. 【0004】 Furthermore, payments on digital platforms associated with video games may require strong authentication, which in most cases requires the user to use a separate device (e.g., a mobile phone) to confirm the authentication and verify the transaction, which can lead to undesirable "friction," interruptions, or pauses for users when making payments through the platform. 【0005】 Therefore, there is a need for a strong authentication solution suitable for the context of video games or other applications where strong authentication may be required at all times during a user's interaction with a given application system. Summary of the Invention 【0006】 The scope of protection is defined by the claims. 【0007】 According to a first aspect, the present description relates to a method for behavioral biometric authentication of a user interacting with an application system by means of at least one interaction device, the method comprising: - obtaining a behavioral biometric model of a reference user; - obtaining a behavioral biometric model of an authorized user, wherein the behavioral biometric model of the authorized or reference user is configured to receive as input values ​​of characteristic parameters of the behavior of the user in question during an interaction action with the interaction device, and to generate as output a score representing the probability that the behavior represented by the input characteristic parameter values ​​is the behavior of the user in question; obtaining values ​​of characteristic parameters of the user's behavior determined from events generated by the user's interactive actions with the interactive device; - determining a first score by applying a behavioral biometric model of the authorized user to the values ​​of the characteristic parameters; - determining a second score by applying each of the behavioral biometric models of the reference user to the value of the characteristic parameter respectively; - determining a decision to authenticate the user as a legitimate user based on the first score and the second score. 【0008】 According to one or more embodiments, the first score represents the probability that the user is a legitimate user. 【0009】 According to one or more embodiments, each second score represents a probability that the user is a reference user associated with the behavioral model used to generate the score in question. 【0010】 According to one or more embodiments, the steps of determining the first score, the second score, and the decision to authenticate are repeated for characteristic parameter values ​​obtained respectively for a time sequence of time intervals, and the method further comprises: - updating the current value of the weight for each time interval, wherein the weight is decremented if one of the second scores obtained for this time interval is greater than the authentication threshold, and the weight is incremented if the first score obtained for this time interval is greater than the authentication threshold; The first score obtained for the time interval is modified by adding the current value of the weight after updating for this time interval, and the modified first score is used to determine the decision to authenticate. 【0011】 According to one or more embodiments, If the first score is below the certification threshold, the decision to certify is negative; - if the first score is above the certification threshold and at least one of the second scores is above the certification threshold, the decision to certify is negative; If the first score is above the certification threshold and all of the second scores are below the certification threshold, the decision to certify is positive. 【0012】 According to one or more embodiments, If the first score is below the certification threshold, the decision to certify is negative; - if the first score is above the authentication threshold and fewer than N second scores are above the authentication threshold, the decision to authenticate is positive; If the first score is above the authentication threshold and at least N or more second scores are above the authentication threshold, the decision to authenticate is negative. 【0013】 According to one or more embodiments, N is strictly an integer greater than 1 and less than or equal to 10. 【0014】 According to one or more embodiments, the reference user is a user that is different from the authorized user. 【0015】 According to one or more embodiments, the reference user behavior model is the most discriminatory behavior model from the set of reference user behavior models. 【0016】 According to one or more embodiments, the application system is a video game system. 【0017】 According to a second aspect, the present description relates to a device comprising means for carrying out the method according to the first aspect. 【0018】 The means may be software and / or hardware means, which for example perform one or more or all of the steps of one of the methods according to the first aspect. The means may comprise, for example, at least one processor and at least one memory containing program instructions configured, when executed by the processor, to cause the device to perform one or more or all of the steps of one of the methods according to the first aspect. 【0019】 According to another aspect, the present description relates to a storage medium readable by a data processor having stored thereon a program comprising program instructions configured to cause a data processor to perform one or more or all of the steps of the method according to the first aspect. According to another aspect, the present description relates to a computer program comprising program instructions configured to cause a data processor to perform one or more or all of the steps of the method according to the first aspect. [Brief explanation of the drawings] 【0020】 Further features and advantages will become apparent from the following detailed description based on illustrative and non-limiting embodiments and examples, with reference to the accompanying drawings. [Figure 1] FIG. 1 depicts a block diagram illustrating phases in creating a reference behavior model in accordance with an illustrative embodiment; [Figure 2] FIG. 1 depicts a block diagram illustrating phases of registration of one or more authorized users in accordance with an illustrative embodiment. [Figure 3] FIG. 1 depicts a block diagram illustrating the phases of authenticating a user in accordance with an illustrative embodiment. [Figure 4] FIG. 1 depicts a block diagram illustrating the phases of updating an authorized user's biometric template in accordance with an illustrative embodiment. [Figure 5] 1 illustrates a flowchart of a method for behavioral biometric authentication according to an example embodiment. [Figure 6] 1 illustrates a schematic diagram of a system including a behavioral biometric authentication device according to an exemplary embodiment. [Figure 7] FIG. 1 illustrates the performance of a behavioral biometric authentication method according to an exemplary embodiment. [Figure 8] FIG. 1 illustrates the performance of a behavioral biometric authentication method according to an exemplary embodiment. DETAILED DESCRIPTION OF THE INVENTION 【0021】 Various embodiments will now be described in more detail with reference to the drawings. Specific structural and / or functional details disclosed herein are used to provide an understanding of various possible embodiments. However, those skilled in the art will understand that the exemplary embodiments may be subject to various modifications and may be implemented without all of these details. The present description relates to an invisible behavioral biometric authentication method and device that makes the authentication step smoother, simplifies the user experience, and provides a "frictionless" experience and verification of transactions, while ensuring a high level of security. 【0022】 This method also allows for authentication during the user experience that the user is in fact a legitimate user and not spoofed or aided by fraudulent means, i.e., that the legitimate user is not a fraudster. 【0023】 The authentication system is based on biometric behavioral data collected during user interactions with an application system, which is used to train behavioral models of reference users, particularly non-authentic users, through machine learning. 【0024】 Behavioral biometrics are based on the analysis of a person's behavioral characteristics, such as how the person interacts with a device or system. Behavioral biometrics are different from physiological biometrics, which are based on a person's physical characteristics, i.e., fingerprints, face, voice, eyes, etc. Behavioral biometrics are based on behavioral parameters unique to each person, such as typing rhythm, pressure on keyboard keys or buttons, mouse movements, gestures, etc. Behavioral biometrics examine, for example, specific patterns or characteristics in a person's movements to enable comparison with past behavior and authentication and / or identification. A user behavior model is configured to receive values ​​of the characteristic parameters of this user's behavior as inputs and generate a score as output. 【0025】 User behavior here refers to interactive actions performed by this user (in particular gestures performed by one or more interactive elements). 【0026】 The score represents the probability that the behavior represented by the input characteristic parameter value is the user behavior associated with the behavior model. The value of this score can be normalized, for example, between 0 and 1. By convention, it is assumed herein that a higher score indicates a higher probability. 【0027】 Thus, scores obtained from behavioral biometric models associated with different users allow for discrimination between users. This discrimination based on scores is made all the more effective by the fact that the reference users themselves have behaviors that distinguish them from one another. 【0028】 This solution is inexpensive in that it uses only behavioral data generated by the user's actions on one or more interaction devices (including various interaction elements such as one or more buttons, a scroll wheel, a joystick, a mouse, a touch screen, etc.) while interacting with the application system, and does not require additional sensors or additional measurements. 【0029】 The method and device may be particularly useful for video games, where biometric behavioral data may be collected during a user's gaming session from raw behavioral data generated by the game console (buttons and / or joystick) following the user's actions. 【0030】 The authentication device allows for continuous authentication of a user, for example, throughout an interaction session. In the context of a video game, this authentication can be performed throughout the entire game session. There is no need to interrupt the interaction with the application system. The authentication is transparent to the user and does not require any specific action on the part of the user. The authentication level is a level of strong authentication. 【0031】 The behavioral data collected is, for example, that generated by a user interface such as an interaction device, control device, or control panel. In the case of a video game, this may be a game console including a keyboard and / or joystick or other interactive elements. The behavioral data typically includes information about actions (such as presses and releases) performed by the various interactive elements. There is no need to use special sensors such as accelerometers or gyroscopes. If sensors are available on the game console (accelerometers, gyroscopes, etc.), they may be used to enhance the user's behavioral data, but are by no means required for authentication. 【0032】 The authentication method mainly includes four phases. Phase 1: generating a baseline behavioral biometric model for a baseline user; Phase 2 of registering one or more authorized users, and Phase 2, which involves training a behavioral biometric model; Phase 3, in which the user's trained behavioral biometric model is used to perform continuous authentication during interaction with the application system; Phase 4, in which the behavioral data acquired during Phase 3 can be used to update the biometric templates of authorized users. 【0033】 In this description, the terms behavioral model and behavioral biometric model are used interchangeably to refer to a biometric model of a given user's behavior, whether trained or not, and the term biometric template is used to refer to a trained behavioral biometric model. 【0034】 The reference user can be any user or a legitimate user different from the target legitimate user (the user for which the model is to be trained or authenticated). 【0035】 An impostor is a user who uses another user's account to play. In the context of this document, the focus is on the case of authenticated users, i.e., potential impostors who seek to spoof the account owner's actions to avoid being unmasked, or legitimate users, i.e., the owner of the user account used for the interactive session. 【0036】 An authenticated user may also be a cheater, for example in a video game, who uses various cheating methods to change the rules of the game to gain an unfair advantage in a match or session. 【0037】 1 shows a block diagram illustrating phase 1 of creating discriminative baseline behavioral models for reference users. The baseline behavioral models (or more precisely, the coefficients of these baseline behavioral models) are stored in a database called the baseline database 190. 【0038】 This reference database 190 includes raw behavioral data acquired about reference users, behavioral characteristics extracted from these raw data, and biometric templates of the reference users (more precisely, the coefficients of these reference biometric templates). 【0039】 The phase of creating the reference base 190 may include the following steps. 【0040】 In step 110, raw behavioral data is collected during a game session played by any user, referred to as a reference user, who may be a regular user with an account using the application system in a real-world situation. 【0041】 These raw behavioral data correspond to a set of events representing interaction actions with an application system (in this case, a video game) performed by a user via one or more interaction devices (also referred to herein as user interface devices). 【0042】 These interactive actions generate input data for the application system via the application system's user interface. Raw behavioral data can be collected during a time interval of a predetermined duration or in a manner that obtains a minimum number of events (e.g., 200, 300, 500 events). 【0043】 These events correspond, for example, to button presses and releases, joystick or scroll wheel movements, and the like. 【0044】 An interactive action on a button may be a button press or release, a double press, etc. An interactive action on a joystick, trackball, or scrollwheel may be a press, release, movement, or change of position (e.g., changing a joystick axis or rotating a trackball or scrollwheel), etc. An interactive action on a touchscreen may be a press with one or more fingers, a tap or short press, a swipe action, a rotation action, a resize action, or a zoom in / out, etc. Interactive actions may be performed with the hand, or with a stylus or other object or body part. 【0045】 Each event can be described by one or more descriptive parameters. For example, for each button, a button press can be described by the duration of the press, the force of pressure on the button, the rising or falling edge of the pressure variation curve, the press start time, the press release time, etc. For a joystick, the start position, release position, travel distance, etc. can be used. 【0046】 For an interactive action that includes movement along a spatial path, the descriptive parameters of the interactive action may include differential parameters or derivatives determined for the movement (such as velocity or acceleration), a Fourier transform, the duration of the movement, the spatial amplitude of the movement, the user's reaction time (the user's reaction time may be, for example, the time between two interactive actions, between a game instruction and a user's interactive action, between a starting position and a first interactive action), one or more spatial positions or spatial orientations of an interactive element, etc. 【0047】 The collected raw behavioral data may undergo pre-processing in step 115 (typically including cleaning, for example, by removing noise or inconsistent data). The raw behavioral data is stored in a reference database 190. 【0048】 In step 120, the raw behavioral data collected in step 115, or optionally preprocessed, is analyzed to extract values ​​of characteristic parameters ("features") of the user's behavior, also called behavioral characteristics, to generate a unique biometric template for each user. 【0049】 One or more of the characteristic parameters may include parameters describing one or more dialogue actions and / or parameters from raw behavioral data obtained for one or more dialogue elements. One or more of the characteristic parameters may be determined from parameters describing one or more dialogue actions and / or parameters from raw behavioral data obtained for one or more dialogue elements. 【0050】 These characteristic parameters are, for example, statistical parameters determined over a time interval from one or more descriptive parameters of the detected events. Examples of statistical parameters include minimum, maximum, mean, standard deviation or variance, frequency, periodicity, median, etc. These characteristic parameters are determined for each time interval in the sequence of time intervals. The time intervals can have durations ranging from 0.1 seconds to 3 seconds. It is also possible to group events into sequences of at least N events and determine the value of the characteristic parameter for each sequence so that the calculated statistics for the behavioral characteristics are meaningful. For example, the value of the characteristic parameter is calculated for the first N events, then for the next N events, and so on. For example, N=20, 30, 50, 100 is the number of events per sequence. 【0051】 The next training step 130 may be performed only when a minimum number G of sequences of events and corresponding characteristic parameter values ​​is obtained. For example, G=5, 10, 20, 30, 5 It is 0. 【0052】 The characteristic parameter values ​​thus obtained are stored in the reference database 190 . 【0053】 In step 130, a biometric template of the reference user is generated by training a behavioral model using the characteristic parameter values ​​obtained in step 120. For each reference user, a biometric template (trained behavioral model) specific to this reference user is generated using a machine learning algorithm to train the model. The trained behavioral model specific to the reference user is called a "reference model." 【0054】 The user behavior model is configured to receive characteristic parameter values ​​as inputs and generate a score as output. The score represents the probability that the behavior represented by the input characteristic parameter values ​​is the user behavior associated with the behavior model. The value of this score can be normalized, for example, between 0 and 1. By convention, it is assumed herein that a higher score corresponds to a higher probability. 【0055】 Different types of machine learning algorithms (supervised, unsupervised, semi-supervised, reinforcement-based, etc.) can be used to generate behavioral models, e.g., neural networks, random forests, boosting algorithms (e.g., XGBoost, Extreme Gradient Boosting), support vector machines (SVMs), hidden Markov models (HMMs), etc. 【0056】 Therefore, various methods and models can be applied to determine the degree to which an authenticated user corresponds to a reference user and to generate a corresponding score. 【0057】 A score calculation method may, for example, determine one or more reference vectors that contain parameter values ​​representative of a reference user's behavior and serve as a biometric template for this reference user, and then compare these one or more reference vectors with a current vector representing the behavior of the user to be authenticated. Score calculation may be based on such vectors and distance calculations, centroids of the reference vectors, standard deviation calculations, classification and comparison of the resulting labels, probability calculations, etc. 【0058】 Different training methods can be used, for example supervised methods where the data is labeled (known classes), unsupervised methods (unlabeled data), semi-supervised methods (labeled and unlabeled data). 【0059】 In the example supervised method used here, training is performed using data from legitimate users that test the hypothesis that "the user is legitimate" and data from reference users (different from the target legitimate user) that test the opposite hypothesis that "the user is not legitimate." Thus, to train the model to distinguish between the two classes (the behavior of the target legitimate user and the behavior of the unknown user) and predict the correct class, the data from the target legitimate user is labeled "regular" and the data from the reference user is labeled "non-regular." 【0060】 In step 140, reference users are selected to retain only those reference users whose behavior is highly distinctive relative to other reference users stored in the reference database 190. For this purpose, various statistical analysis methods can be used. 【0061】 This selection is performed by statistical analysis using, for example, cross-validation, which measures the false positive and false negative rates each time. This cross-validation is performed by, for example, comparing the characteristic parameters obtained for another user B. This may consist of comparing reference users pairwise by providing their data values ​​as input to this behavioral model and calculating an intersection score for the behavioral model of a given user A. Users whose behavioral model produces too high a false positive rate (rate of scores above a threshold) and / or whose intersection scores are consistently below the threshold are then identified. 【0062】 In step 150, all data from reference users whose behavioral models are not sufficiently distinctive is removed from the reference base 190; these users will not form part of the final reference database (raw behavioral data, behavioral characteristic parameters and biometric templates) used in phases 2 and 3, particularly since their behavior was not established as sufficiently distinctive in step 140. 【0063】 The reference users selected in this way can be any user and / or legitimate users, who have a behavior model that is insensitive and resistant to the behavior of imposters or unknown users. 【0064】 2 shows a block diagram illustrating phase 2 of enrolling one or more authorized users. This phase includes training behavioral biometric models for these authorized users and creating a database of authorized users, also referred to as authorized user database 290. 【0065】 This authorized user database 290 includes raw behavioral data obtained for authorized users, values ​​of behavioral characteristics extracted from these raw data, and biometric templates of authorized users (more precisely, coefficients of these biometric templates). For each authorized user, the enrollment steps may include: 【0066】 Raw behavioral data is collected during a game session played by this authorized user in step 210. This step is similar to step 110 above, but is performed during a game session played by this authorized user. 【0067】 The collected raw behavioral data may undergo pre-processing in step 215, similar to the pre-processing in step 115. The raw behavioral data and the pre-processed behavioral data are stored in authorized user database 290. 【0068】 In step 220, the raw behavioral data collected in step 210 or the preprocessed data obtained in step 215 is analyzed to extract therefrom values ​​of characteristic parameters of this user's behavior, in order to generate a unique biometric template for each authorized user. This step is similar to step 120 described above for the reference user. In particular, the same characteristic parameters as for the reference user can be used. The characteristic parameter values ​​are stored in authorized user database 290 for use in step 230, but also later in phase 4, to update the authorized user's biometric template after successful authentication. 【0069】 In step 230, a biometric template of the legitimate user is generated. This step uses not only the characteristic parameters of the legitimate user generated in the preceding step 220, but also the characteristic parameters of the reference user obtained in step 120 and stored in the reference user database 190. The characteristic parameter values ​​of the reference user in this database constitute a representative, reduced set of behaviors, allowing for faster training than when using characteristic parameter values ​​for all other users. In order to train a behavior model to differentiate a given target legitimate user from other users (other legitimate users, impostors, or unknown users), and to ensure that the training data is balanced, the characteristic parameter values ​​of the reference user are used. The same number of reference user characteristic parameters as the user characteristic parameters are used to train a model of normal users. 【0070】 The biometric template is obtained by training a behavioral model based on a machine learning algorithm. 【0071】 The same type of behavioral model is used with the same training method for the reference users, except that the behavioral model of the target reference user A is trained using the characteristic parameters of the reference user A (representing the regular user class) and the characteristic parameters of the other reference users (representing the non-regular user class). 【0072】 In step 240, the authorized user's biometric template is stored in authorized user database 290 for later use in phase 3 of authentication. Figure 3 shows a block diagram illustrating phase 3 of authenticating a user. The purpose of this phase is to authenticate any user (authorized or otherwise) using the user account whose biometric template was previously obtained for its authorized owner in phase 2. 【0073】 Thus, the authenticated user may be a legitimate user, i.e., the owner of the user account being used. They may also be an impostor who fraudulently uses this user account and any associated payment instruments, for example to avoid paying for themselves. A user may also be a user who has obtained (fraudulently or otherwise) the login details of this user account with or without the consent of the user account owner and is playing using this account. A user may also be a user (e.g., a child or friend) who does not have the login data for the user account but is allowed to play using this user account after being logged in by the user account owner. 【0074】 This authentication can be performed continuously throughout an interaction session with the application system (in this case a game) by comparing their biometric behavior with that of a legitimate user who is the owner of the user account through which the authenticated user interacts with the application system. 【0075】 Phase 3 of authenticating the user may include the following steps: 【0076】 Raw behavioral data is collected as the authenticated user interacts with the application system in step 310. This step is similar to step 110 above, but is performed during the current interaction session. 【0077】 The collected raw behavioral data may undergo preprocessing in step 315, similar to the preprocessing in step 115. The raw behavioral data and the preprocessed behavioral data are stored in a temporary database, also referred to as temporary database 390. 【0078】 This temporary database 390 contains raw behavioral data obtained about the user to be authenticated, values ​​of behavioral characteristics extracted from this raw data, and authentication score values ​​derived based on these values. 【0079】 In step 320, the raw behavioral data collected in step 310 or the pre-processed data obtained in step 315 is analyzed to extract therefrom values ​​of characteristic parameters of this user's behavior. This step is similar to step 120 described above for the reference user. In particular, the same characteristic parameters as for the reference user can be used. The values ​​of the characteristic parameters are stored as temporary data for use in the following steps 330A, 330B, 340. It is stored in base 390, but also in phase 4 to update the authorized user's biometric template if authentication is successful with a sufficiently high degree of confidence at the end of phase 3. 【0080】 In step 330A, the characteristic parameter values ​​obtained in step 320 are tested against the biometric template obtained in phase 2 for the authorized user who owns the currently used user account. To this end, the characteristic parameter values ​​are provided as input to the biometric template of the authorized user to obtain as output a first score. This first score represents the probability that the authenticated user is an authorized user. 【0081】 In step 330B, the characteristic parameter values ​​obtained in step 320 are tested against the biometric template obtained in phase 1 for each of the reference users having the most discriminatory behavioral model selected in step 150. To this end, the characteristic parameter values ​​are provided as inputs to the biometric template of each reference user to obtain a score as output. Each of these scores (also referred to herein as a "second score" or "reference score") represents the probability that the user to be authenticated is the reference user associated with the behavioral model used to generate the score. 【0082】 In step 340, the scores obtained in steps 330A and 330B, respectively, are analyzed to make an authentication decision, i.e., to determine whether the user to be authenticated is a legitimate user. Different methods can be used to combine these scores to make an authentication decision. An authentication threshold is defined for all scores. This score may be equal to, for example, 0.5 or 0.6 or 0.7 or 0.75 or 0.8. The authentication threshold can be set according to several parameters, such as the desired security level, the risk level associated with the unauthorized use of the user account, etc. 【0083】 If the first score obtained in step 330A during comparison with the authorized user is below the authentication threshold, the user is considered to behave differently from the authorized user, and the authenticated user is not recognized as an authorized user (authentication failure). 【0084】 If the first score obtained in step 330A during comparison with the authorized user exceeds the authentication threshold, and one or more of the reference scores obtained in step 330B during comparison with the reference user exceed the authentication threshold, the behavior is considered to be that of an unknown user, and the authenticated user is not recognized as an authorized user (authentication failure). 【0085】 If the comparison score with the authorized user exceeds the authentication threshold and none of the reference scores obtained in step 330B during the comparison with the reference user exceeds the authentication threshold, the behavior is considered to be that of an authorized user and the authenticated user is recognized as an authorized user (authentication successful). 【0086】 If the score is equal to the authentication threshold, it can be treated as if the score is below the authentication threshold or as if the score is above the authentication threshold. 【0087】 Alternatively, an integer N strictly greater than 1, for example an integer N less than 10 (for example N=2 or 3 or 5) is defined, and the decision to authenticate is made as follows: If the first score obtained in step 330A is lower than the authentication threshold, the authentication fails; If the first score is above the authentication threshold and fewer than N reference scores are above the authentication threshold, then authentication is successful; If the first comparison score with a legitimate user is above the authentication threshold and N or more reference scores are higher than the authentication threshold, authentication fails. 【0088】 Steps 310-340 of authenticating the user may be repeated continuously, e.g., periodically, throughout an interaction session with the application system, where characteristic parameter values ​​are calculated for time intervals of a given duration and / or for a minimum number of detected interaction events, such that a decision to authenticate is available at any time throughout the interaction session and changes in the user during the interaction session are detected. 【0089】 This repetition also makes it possible to detect the temporal concatenation of multiple consecutive positive decisions to authenticate (authentication successes) obtained in multiple steps 340, respectively (without time intervals involving authentication failures), and to make a final decision to authenticate (step 350) based on a set of decisions to authenticate obtained independently for separate time intervals. 【0090】 By basing the final decision to authenticate in step 350 on multiple intermediate authentication decisions obtained in step 340, for example, if the final decision to authenticate obtained in step 350 is positive at a given time, a stronger authentication level corresponding to a higher security level can be provided only if all of the intermediate authentication decisions obtained for time intervals within the period preceding this time are also positive. 【0091】 This iteration may also be used to add a bonus / malus mechanism that modifies the current prediction over a given time interval according to previous intermediate decisions made to validate over the previous time interval. 【0092】 Depending on whether a bonus or malus is applied, a positive or negative weight P is added to the score. This weight P is continuously updated during the interactive session according to the obtained score. The weight is set to 0 at the start of an interactive session and is reset to 0 after a period of inactivity by the authenticated user. The weight has a minimum value Pmin and a maximum value Pmax that can never be exceeded, for example, Pmin=-0.5 and Pmax=0.2. 【0093】 The mechanism may be as follows for each newly obtained authentication score in step 330A for a given time interval: -If one of the criteria scores is higher than the authentication threshold, a negative increment (equal to malus, e.g. P1=-0.1) is applied to the weight: P=P+P1. Otherwise, if the first score produced by the model for a legitimate user is higher than the authentication threshold, a positive increment (e.g., a bonus equal to P2 = +0.01) is applied to the weight: P = P + P2. 【0094】 Thus, the first score obtained for a given time interval in step 330A is modified by adding the current value of the weight to obtain the score used for the decision to authenticate in step 340, and this modified score is compared with the authentication threshold. 【0095】 This makes predictions at a given time more accurate by adding additional information to the decision-making process linked to behavioral data from previous predictions. 【0096】 FIG. 4 shows a block diagram illustrating phase 4 of updating the biometric template of an authorized user. 【0097】 This update of the authorized user's biometric template is performed if authentication is successful with a sufficiently high level of confidence in phase 3 (intermediate decision to authenticate in step 340 or final decision to authenticate in step 350). This makes it possible to adapt to any changes in the authorized user's behavior over time and to have a biometric template that closely matches the user's behavior. The phase of updating the biometric template can include the following steps: 【0098】 In step 410, at the end of the interaction session (e.g., at the end of the game session), all of the authenticating decisions (intermediate and final) obtained in step 340 and optionally step 350 are stored in temporary database 390 and analyzed. 【0099】 In step 420, if the confidence level of the decision to authenticate during the session is high enough (above a certain preset threshold), the data (collected raw data and extracted characteristic parameter values) stored in the temporary database 390 is transferred to the authorized user database 290. The confidence level can be evaluated in various ways. For example, the confidence level can be equal to the minimum authentication score produced by the authorized user model over the entire session. Then, the confidence level is compared with a preset threshold to determine whether to execute step 430. 【0100】 In step 430, if the determination in step 420 is affirmative, the authorized users' biometric templates are updated. In step 430, the authorized users' biometric templates are recalculated to take into account the new values ​​of the extracted characteristic parameters just added to their profiles. The authorized users' behavioral models are completely retrained as in step 230, but taking into account the new values ​​of the characteristic parameters just added to their profiles. Alternatively, some of the old characteristic parameter values ​​can be deleted before retraining the models (to keep only the most recent data and avoid scalability issues and storing large amounts of data). 【0101】 When the present invention is applied to video games, user behavior may depend on the video game or type of video game. To enable reliable predictions, a behavior model specific to each video game or type of video game can be trained. The specific behavior model is then used to authenticate legitimate users. 【0102】 Additionally, a metamodel can be generated for a given user from one or more behavioral models specific to one or more games of the user that can serve as a starting point for training new behavioral models specific to the given game. To generate this metamodel, data from regular users collected indiscriminately across different games, along with their data from navigating those game and / or console menus, and data from reference users across all games, along with their navigation data, can be used indiscriminately by applying one of the training methods described above. 【0103】 FIG. 5 shows an overall flow chart of a method for behavioral biometric authentication of a user interacting with an application system by means of at least one interaction device. 【0104】 The application system is, for example, a video game system. The method for behavioral biometric authentication can be implemented by a corresponding device for behavioral biometric authentication comprising means for implementing the method, the device being interconnected with the application system. 【0105】 In step 510, a behavioral model of a reference user is obtained. The behavioral model of the reference user may be the most distinctive behavioral model from the set of reference user behavioral models. The reference user may be, for example, any user other than the authorized user. These behavioral models or biometric templates may be obtained as described with reference to FIG. 1. 【0106】 A behavioral model of the authorized user is obtained in step 520. This behavioral model or biometric template can be obtained as described with reference to FIG. 【0107】 In step 530, values ​​of characteristic parameters of the user's behavior calculated from events generated by the user's interaction actions with the interaction device are obtained. These characteristic parameter values ​​can be obtained as described with reference to FIG. 3. 【0108】 In step 540, a first score is determined by applying a behavioral model of regular users to the values ​​of the characteristic parameters. The first score may represent, for example, the probability that the user is a regular user. 【0109】 In step 550, a second score is determined by applying each of the behavioral biometric models of the reference user to the value of the characteristic parameter. Each second score may represent a probability that the user is the reference user associated with the behavioral model used to generate the score in question. 【0110】 In step 560, a decision to authenticate the user as a legitimate user is made based on the first score and the second scores. If the first score is below an authentication threshold, the decision to authenticate may be negative. If the first score is above the authentication threshold and at least one of the second scores is above the authentication threshold, the decision to authenticate may be negative. If the first score is above the authentication threshold and all of the second scores are below the authentication threshold, the decision to authenticate may be positive. 【0111】 Alternatively, an integer N strictly greater than 1 is defined. For example, N is less than or equal to 10. For example, N=2, 3 or 5. The decision to authenticate is as follows: - negative if the first score is below the certification threshold; positive if the first score is above the authentication threshold and fewer than N second scores are above the authentication threshold; - Negative if the first score is above the authentication threshold and at least N or more second scores are above the authentication threshold. 【0112】 For steps 540, 550 and 560, for example, the details of the embodiment described with reference to FIG. 3 (particularly steps 330A, 330B, 340) can be used. 【0113】 FIG. 6 illustrates a schematic diagram of a system 600 including a behavioral biometric authentication device according to an example embodiment. 【0114】 The system includes a number of user devices T1, T2, T3 used by respective users U1, U2, U3, which communicate with an application system 610, e.g., a video game server 610, via at least one communication network via an application. 【0115】 Interaction with the video game may occur through a user interface of one of the user devices T1, T2, T3, or through a dedicated interaction device (not shown) for the game (joystick, dedicated game keyboard, scroll wheel, console, etc.). can. 【0116】 A behavioral biometric authentication device 620 is operatively connected to this video game server 610 and comprises means for implementing the behavioral biometric authentication methods described herein. 【0117】 The behavioral biometric authentication device 620 accesses one or more databases, including, for example, a reference database 190 for reference users, a database 290 for authorized users, and a temporary database 390 for authenticated users, as described herein with reference to, for example, Figures 1-5. 【0118】 Purpose The behavioral biometric authentication solutions described herein can be used to enable continuous strong authentication throughout a video game, for example, to verify (optionally automatically or after confirmation by the account holder user) the execution of a payment transaction following a positive decision to authenticate, without the user needing to enter authentication data or use any device other than the device for interacting with the video game (console). 【0119】 The authentication solution can also be used for parental control to protect children or to unlock user accounts on game consoles (accounts can be automatically locked if the behavior is not that of a legitimate user). 【0120】 Experimental results in the video game field Tests were performed using a set of approximately 200-250 behavioral features based solely on buttons and joysticks, without using raw data from gyroscopes or other sensors. 【0121】 The length N of the sequence of events can be varied to obtain more accurate statistical properties. 【0122】 After training using a random forest with these features, it was possible to achieve an equal error rate (EER) of only 0.3%. EER is the ratio of the false acceptance rate (FAR) to the false rejection rate (FRR). ) corresponds to the error rate when the score is equal to 1. The authentication threshold for the score was adapted to lower either the FRR (better user experience) or the FAR (better security). 【0123】 While a single enrollment session (phase 2) may be sufficient to directly authenticate / identify the user in future game sessions, it is clear that a second enrollment session, in which the behavioral model is trained again, reduces any risk. 【0124】 By using a sliding window over 500 events to arrive at a final decision to authenticate, it is possible to identify users very accurately and detect user changes within approximately 5-10 seconds of play. Identifying a new user can take an additional 5-10 seconds. This time can be reduced depending on the accuracy requirements of the authentication device. 【0125】 The user's behavior model can be updated with new data to track the user's progress, as behavior changes often occur as the user gets better at the game. 【0126】 Behavioral models also become more robust when trained across different game modes, since actions performed by users may differ depending on the game mode. However, by starting with a behavioral model obtained for a specific first game mode, it is possible to authenticate players across these game modes. The authentication threshold can be increased when the game mode changes. 【0127】 The reference user database can also be updated to consider the emergence of new types of behavior among users and identify new reference users using distinctive behavior models. Generally, the use of reference models for reference users makes it possible to check whether the behavior of a user to be authenticated is similar to one of these reference users. Therefore, instead of using only behavior models of legitimate users, conflict verification is performed based on the reference models. 【0128】 Comparison of performance metrics of the baseline method without a reference user with the method described herein with a reference user The performance metrics used are the false rejection rate and false acceptance rate. Experiments are performed on the same test set using the same users to generate biometric templates for each user. To perform the experiments, 12 independent users were used in both cases, playing for 2-3 sessions of approximately 10 minutes each, i.e., a little over 4 hours of play. As a result, there is no bias between the baseline method and the proposed method other than the use of reference users. 【0129】 The resulting confusion matrix for the basic method is: 【0130】 [Table 1] 【0131】 The confusion matrix obtained for the method described herein using the reference user is: 【0132】 [Table 2] 【0133】 Comparing the two methods, the following ratios are obtained: 【0134】 [Table 3] 【0135】 To the extent that authentication systems attempt to provide a higher level of security, the primary concern is the false acceptance rate (impostors attempting to pass themselves off as legitimate users). . 【0136】 The false rejection rate increases from 1.74% to 12.85%, which corresponds to a multiplication factor of 7.4. However, the false acceptance rate decreases from 11.88% to 0.04%, which corresponds to a splitting factor of 297. 【0137】 Thus, a system with a reference user provides a much higher level of security while maintaining the same authentication threshold. 【0138】 As far as false rejection rates are concerned, weighting the scores using a bonus / malus system as described herein can be shown to reduce false rejection rates by using a time sequence of multiple scores. 【0139】 Figures 7 and 8 show the change in authentication scores over time, over a period of approximately 400 seconds, with and without bonus / malus. These figures show the improvement in scores (0 to 1) obtained by weighting with the bonus / malus system. The horizontal line on the graphs corresponds to the authentication threshold, which was arbitrarily set at 0.5 for the experiment. 【0140】 The evolution of the final score of a legitimate user over time over a game session using the method with a reference user without a bonus / malus system is shown in Figure 7. Several peaks can be seen where the score value falls below the threshold, thus leading to false rejection during these periods. 【0141】 It can be seen in Figure 8 that using a bonus / malus system to weight the final score ensures that the score remains above the authentication threshold, thereby avoiding the occurrence of false rejections using this value for the authentication threshold. This bonus / malus system therefore reduces the false rejection rate and can therefore be used to correct negative decisions to authenticate. 【0142】 Each of the described phases 1-4 corresponds to a method that can be implemented independently of the other methods. Each of the steps in the various described phases can also form part of a behavioral biometric authentication method, and one or more or all of the steps in the various phases can be combined in various ways to implement the behavioral biometric authentication method. 【0143】 In describing the various phases and methods for behavioral biometric authentication, the steps are described sequentially, but one skilled in the art will understand that some steps may be omitted, combined, performed in a different order, and / or in parallel. 【0144】 One or more or all of the steps in one or more of the methods described herein may be implemented by software or a computer program, and / or by hardware, e.g., by circuitry, whether programmable or not, specific or not. 【0145】 The functions, steps, and methods described herein may be implemented by software (e.g., via software on one or more processors for execution on a general-purpose or special-purpose computer) and / or by hardware (e.g., one or more electronic circuits and / or any other hardware components). 【0146】 Thus, the present description relates to the use of one or more data processors to generate behavioral biometric A computer program or software executable by a host device (e.g., a computer) functioning as an authentication device, the program / software including instructions for causing the host device to perform all or part of one or more steps of the methods described herein, the instructions intended to be stored and loaded into a memory of the host device and then executed by one or more processors of the host device to cause the host device to perform the method in question. 【0147】 This software / program may be coded using any programming language and may be in the form of source code, object code, or an intermediate code between source code and object code, such as a partially compiled form, or any other desired form. 【0148】 The host device may be implemented by one or more physically separate machines and may have an overall computer architecture, including architectural components such as data memory, a processor, a communication bus, hardware interfaces for connecting the host device to a network or other devices, a user interface, etc. 【0149】 In one embodiment, some or all of the steps of the behavioral biometric authentication method or another method described herein are performed by a behavioral biometric authentication device equipped with means for performing those steps of the method. 【0150】 These means may include software means (eg, instructions of one or more program components) and / or hardware means (eg, data memory, processor, communication bus, hardware interface, etc.). 【0151】 These means may comprise, for example, one or more circuits configured to perform one, more, or all of the steps of one of the methods described herein. These means may comprise, for example, at least one processor and at least one memory comprising program instructions configured, when executed by the processor, to cause the apparatus to perform one, more, or all of the steps of one of the processes described herein. 【0152】 A means for implementing a function or a set of functions may also refer in this document to a software component, a hardware component, or a set of hardware and / or software components capable of implementing the function or set of functions, as described below for the relevant means. 【0153】 The present description also relates to an information medium readable by a data processor and carrying instructions for the above-mentioned program. 【0154】 The information medium may be any hardware means, entity or device capable of storing instructions of a program as described above. Possible program storage media include ROM or RAM memory, magnetic storage media such as magnetic disks and tapes, hard drives or optically readable digital data storage media, etc., or any combination thereof. 【0155】 In some cases, the computer-readable storage medium is not transitory. In other cases, the information medium may be a transitory medium (e.g., a carrier wave) for transmission of a signal (electromagnetic, electrical, radio, or optical signal) carrying program instructions. The signal may be transmitted over a suitable transmission medium, wired or wireless, electrical or optical cable, radio or infrared link, or by other means. It can be transmitted by stages. 【0156】 One embodiment also relates to a computer program product comprising a computer-readable storage medium having stored thereon program instructions configured to cause a host device (e.g., a computer) to perform some or all of one or more steps of the methods described herein when the program instructions are executed by one or more processors and / or one or more programmable hardware components of the host device.

Claims

[Claim 1] A method for behavioral biometric authentication of a user interacting with an application system through at least one interactive device, - Obtaining a behavioral biometric model of a baseline user (510), - To obtain a behavioral biometric model of a regular user, wherein the behavioral biometric model of a regular user or a reference user is configured to receive values ​​of characteristic parameters of the user's behavior as input during an interaction action with the interaction device, and to generate as output a score representing the probability that the behavior represented by the input characteristic parameter values ​​is the behavior of the user in question (520), - Obtaining the value of the characteristic parameter of the user's behavior determined from the event generated by the user's dialogue action with the dialogue device (530), - Determining a first score by applying the behavioral biometric model of the regular user to the values ​​of the characteristic parameters (540), - Determining a second score by applying each of the behavioral biometric models of the reference user to the respective values ​​of the characteristic parameters (550), A method comprising: (560) determining a decision to authenticate the user as the legitimate user based on the first score and the second score. [Claim 2] The method according to claim 1, wherein the first score represents the probability that the user is the regular user. [Claim 3] The method according to claim 1 or 2, wherein each second score represents the probability that the user is a reference user associated with the behavioral biometric model used to generate the score in question. [Claim 4] The steps of determining the first score, the second score, and the decision to authenticate are repeated for the characteristic parameter values ​​obtained for each time sequence of time intervals, and the method is - Includes updating the current value of the weight for each time interval, wherein the weight is reduced if one of the second scores obtained for that time interval is greater than the authentication threshold, and the weight is reduced if the first score obtained for that interval is greater than the authentication threshold It is incremented if it is also large. The method according to claim 1 or 2, wherein the first score obtained for a time interval is modified by adding the current value of the weight after updating for that time interval, and the modified first score is used to determine the decision to authenticate. [Claim 5] - If the first score falls below the authentication threshold, the decision to authenticate is negative. - If the first score exceeds the authentication threshold, and at least one of the second scores exceeds the authentication threshold, the decision to authenticate is negative. The method according to claim 1 or 2, wherein the decision to authenticate is positive if the first score exceeds the authentication threshold and all of the second scores fall below the authentication threshold. [Claim 6] - If the first score is below the authentication threshold, the decision to authenticate is negative. - If the first score exceeds the authentication threshold, and the second score (less than N) exceeds the authentication threshold, the decision to authenticate is positive. - If the first score exceeds the authentication threshold, and at least N second scores also exceed the authentication threshold, the decision to authenticate is negative. The method according to claim 1 or 2, wherein N is strictly an integer greater than 1 and less than or equal to 10. [Claim 7] The method according to claim 1 or 2, wherein the reference user is a different user from the regular user. [Claim 8] The method according to claim 1 or 2, wherein the behavioral biometric model of the reference user is the most discriminative behavioral model from a set of reference user behavioral models. [Claim 9] The method according to claim 1 or 2, wherein the application system is a video game system. [Claim 10] A device comprising means for carrying out the method described in claim 1 or 2.

Images