CN105518703A

CN105518703A - Behaviometric signature authentication system and method

Info

Publication number: CN105518703A
Application number: CN201480027270.XA
Authority: CN
Inventors: Y·阿维尼; E·祖查德
Original assignee: Adaptive Neural Biometrics Ltd Great Britain
Current assignee: Artificial Intelligence Research Group Ltd
Priority date: 2013-03-14
Filing date: 2014-03-13
Publication date: 2016-04-20
Also published as: GB2523924A; WO2014140768A1; GB201304602D0; GB2523924B; GB2511812A; EP2973214A1; GB201508843D0; GB2511812B

Abstract

The present invention discloses a method of verifying the authenticity of a provided signature, comprising the steps of: receiving a set of sampled data points, each sampled data point being associated with a different position along the signature; identifying a set of characterising nodes within the set of sampled data points using a set of predetermined characterising nodes comprised in a pre-stored user profile; determining if each identified characterising node lies within a predetermined threshold range of a corresponding predetermined characterising node; and generating a positive verification when the characterising nodes lie within the predetermined threshold range. A system arranged to carry out the method is also disclosed.

Description

Behavioral student biometric signature authentication system and method

Technical Field

The present invention relates to biometric security systems, and more particularly to behavioral biometric signature verification systems and methods that can be used for identification authentication purposes.

Background

Biometric authentication refers to the identification of a person by means of its characteristics or features. Biometric identifiers are generally classified as physiological or behavioral. A physiological biometric identifier refers to a unique identifier associated with the physiology of an individual. DNA and fingerprints are examples of such physiological biometric identifiers. Biometric identifiers of behavioral science refer to the behavior of an individual, such as gait and voice. The field of biometrics in behavioral science is collectively referred to as behavioral biometrics (behavimetric).

Signatures have been used to verify documents in the past. The presence of a signature on a document is interpreted as a signatory adopting a representation of the opinions and/or terms indicated in the document. For example, the presence of a person's signature on a legal document, such as a lease, indicates that the person is subject to the legal terms set forth in the document. In the present context, a signature may include one or more symbols or other unique indicia (associated with the identity of the person drawing the symbol and/or indicia), such as a stylized script of letters that spell out the name of the person. The authenticity of the provided signature can be verified by consistency comparison with the template signature. The image comparison process is effective in attempting to determine whether the supplied signature and the template signature look sufficiently similar. Any visual difference may represent a forged signature.

Existing identification verification processes based on signature verification (also referred to as signature verification processes) are relatively insecure. This is done for several reasons. To compensate for the inability of people to reproduce identical graphical copies of their signatures, the image comparison is approximate, which limits the accuracy of the signature verification process-it only provides approximate confirmation of identification. This limitation also means that the existing signature verification process is susceptible to dishonest users, since it is relatively clear to professional counterfeiters that the visually similar signature that can produce a counterfeit positive verification result is graphically reproduced. For these reasons, many high value documents and/or transactions require a more robust and secure form for identification verification. For example, in the case of high value documents and/or high value transactions, it is common for the presence of a trusted third party that requires assurance of the identity of the signer-which is one of the roles of the notary-and/or for alternative means of identification verification.

Due to the growing use of electronic communications, it has also become necessary to provide electronic equivalents to traditional signatures, as well as to provide robust digital means for verifying the identity of a user from a provided signature.

A common implementation of digital authentication involves the use of passwords/passcodes, where a unique secret alphanumeric code is used to uniquely identify a person to the system. Such authentication systems are generally inconvenient because they require the user to remember their unique alphanumeric identification. The security of such systems also depends on the maintained confidentiality of the identification code.

Existing electronic signature verification systems suffer from drawbacks that limit their usefulness in identification verification systems and compromise the level of security provided. Known electronic behavioral biometric signature verification systems operate by comparing a signature received by a user with a pre-stored signature template for the user. This comparison process is typically an image comparison process in which geometric similarities are identified. Such verification systems analyze the provided signature for the presence of specific geometric objects present in the template signature. Various object matching techniques may be employed. Positive signature verification results are returned, where any identified geometric differences between the signatures are within a predetermined allowable threshold. Deny, the failed verification result is returned. The verification process is typically a near statistical process that analyzes statistical image similarity between a reference signature (template signature) and a provided signature by identifying geometrically similar objects present in the signatures.

Electronic signature verification systems that rely on statistical analysis of the graphical similarity between signatures are easily forged by professional counterfeiters who are able to produce forged signatures that look sufficiently similar to the signature template. Thus, known electronic signature verification systems provide a limited level of security when used as a security device.

The article "biometricautherinationurniinigestinates" by Alisher Kholmatov and BerrinYankoglu, ISCSI 2004, LNCS3280, pp.373-380, 2004,springer verlagberlin heidelberg2004, discloses a biometric signature authentication system that verifies the authenticity of a provided signature relative to a reference signature. Each sampled data point on the provided signature is compared to its corresponding partial data point provided on the reference signature. Any change in the sampled data points outside of the acceptable predetermined threshold may be indicative of artifact. A dynamic time warping algorithm is employed to identify the relative fraction of data points present on the reference signature, which requires sampling each signature at the same rate. This significantly limits the utility of this signature verification method. In particular toIt is required that the reference signature and the subsequent signature provided for verification are provided using signature input devices having the same sampling characteristics, or that such sampling characteristics can be emulated by a pre-processing function.

The same limitations apply to the schemes proposed in the article "On-linestrignaturedetermination" by paint recognition35(2002) 2963-.

It is an object of the present invention to provide a more robust electronic signature verification method and system employing behavioral biometric measures that can be used for digital identification purposes and that alleviates at least some of the disadvantages of existing electronic signature verification systems.

Disclosure of Invention

The present invention uses behavioral biometric user information to verify the authenticity of signatures. Since user behavioral biometrics are associated with the user's inherent characteristics, they provide a more accurate means to perform identification verification. Furthermore, the inherent characteristics associated with user behavioral biometrics are difficult to reproduce accurately. Thus, the present invention is significantly more resistant to counterfeiting than the prior art.

A first aspect of the invention relates to a method of verifying the authenticity of a provided signature, the method comprising the steps of: receiving a set of sampled data points, each sampled data point associated with a different location along the signature; identifying a set of signature nodes in the set of sampled data points using a set of predetermined signature nodes contained in a pre-stored user profile; determining whether each identified feature node is within a predetermined threshold range of a respective predetermined feature node; and generating a positive verification when the feature node is within the predetermined threshold range.

The use of a predetermined threshold range improves the utility of the method by compensating for differences in different received copies of the signature (i.e., different copies of the same signature) that exist due to the inability of users to reproduce identical image copies of their signature. In other words, the feature compensates for differences inherent in the different provided signature replicas.

Preferably, each sampled data point includes a time component represented by a time coordinate value, and the receiving step includes, for each sampled data point: calculating a time interval between the sampled data point and the adjacently disposed sampled data point by comparing time coordinate values respectively associated with the sampled data point and the adjacently disposed sampled data point; determining whether the time interval is within a predetermined time interval threshold; and interpolating a location and a time coordinate of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point when the calculated time interval exceeds a predetermined time interval threshold, the interpolated location being selected such that a time interval between the sampled data point and an interpolated time coordinate associated with the one or more other data points is within the predetermined time interval threshold. This ensures that the time interval of separation between adjacent sampled data points is small enough to ensure that the set of received sampled data points accurately defines an associated signature that can be mathematically expressed by a function. Interpolation may then be used to supplement a set of incomplete received sampled data points. This improves the utility of the method, as an incomplete set of sampled data points received can be remedied and used for verification purposes.

The receiving step may include: calculating a separation distance between the sampled data point and an adjacently disposed sampled data point; determining whether a separation distance between the sampled data point and an adjacently disposed sampled data point is within a predetermined distance interval threshold; and when the calculated separation distance exceeds a predetermined distance interval threshold, interpolating positions of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point, thereby causing the separation distance between the sampled and interpolated positions associated with the one or more other data points to be within the predetermined distance interval threshold. This ensures that the distance separation of the separation between adjacent sampled data points is small enough to ensure that the set of received sampled data points is sufficient to accurately define the correlation signature. Interpolation may then be used to supplement an incomplete set of received sampled data points. This improves the utility of the method, as an incomplete set of sampled data points received can be remedied and used for verification purposes.

The identifying step may include obtaining the set of predetermined characteristic nodes contained in the pre-stored user profile and identifying from the set of sampled data points the sampled data point that is most relevant to each predetermined characteristic node using an optimization match. The use of an optimized match is advantageous because it enables the predetermined characteristic node to match the sampled data points even where the set of sampled data points are sampled at a sampling frequency different from the sampling frequency of the predetermined characteristic node. In other words, optimizing the matching requires neither a uniform sampling rate nor a simulation of such a rate by a pre-processing step.

Preferably, each sampled data point associated with the visible portion of the signature and each feature node is represented by a vector comprising a temporal component and a spatial component, wherein the spatial component represents the relative position of the vector along the signature.

The optimization matching may include: selecting a first predetermined characteristic node from the set of predetermined characteristic nodes; calculating a vector dot product value between the selected first predetermined feature node and each sampled data point included in the set of sampled data points; identifying the sampled data point associated with the largest vector dot product value as the data point most relevant to the first predetermined characteristic node and designating the sampled data point as a characteristic node included in the set of identified characteristic nodes; and repeating the previous steps for each predetermined characteristic node. The most relevant sampled data point is the data point oriented in substantially the same direction as the direction of the predetermined characteristic node, whereby the divergence angle θ j between the two vectors associated with the predetermined characteristic node and the sampled data point, respectively, is minimized.

Optimizing the match may include identifying the sampled data points most relevant to the predetermined feature node using a matching function Mj that is a function of three differentiable functions F (θ j), G (dj, dj +1), and Q (rj × dj), where the following definitions apply:

θ j is the angle formed between the vector associated with the predetermined feature node and the vector associated with the sampled data point;

rj is the scalar component of the vector associated with the predetermined feature node;

dj is the scalar component of the vector associated with the sampled data point;

dj +1 is the scalar component of the vector associated with the contiguous sampled data point;

f (θ j) and G (dj, dj +1) are positive numbers and have an upper limit of positive values; and

q (rj × dj) is a convex function selected to monotonically increase while its derivative monotonically decreases to 0.

The method may further comprise: selecting a first one of the identified feature nodes; calculating a geometric relationship of the selected first feature node with respect to the one or more adjacently arranged identified feature nodes; the determining step may include verifying whether each calculated geometric relationship is within a predetermined threshold contained in a pre-stored user profile; and wherein a positive verification result is generated when one or more of the calculated geometric relationships are within the predetermined threshold range. This verifies that the geometric relationship existing between the predetermined feature nodes exists in the received set of sampled data points and improves the accuracy of the signature verification process. In particular, if the geometric relationship associated with the identified feature node is not consistent with the predetermined threshold range, this may indicate a forged signature. This feature also provides a means for verifying the accuracy of the optimized matching process. If the identified feature nodes do not exhibit the expected geometric relationship, this may indicate that different sampled data points may better match the predetermined feature nodes.

A geometric relationship between the identified feature node and each of two adjacent sequentially arranged identified feature nodes may be calculated, thereby defining two different geometric relationships associated with the identified feature node. Alternatively, the geometric relationship between the identified feature node and each of the seven contiguous sequentially arranged identified feature nodes may be calculated, thereby defining seven different geometric relationships associated with the identified feature node. Generally, the more geometric relationships that are analyzed, the more accurate the verification process is. However, this improved accuracy increases processing requirements. In certain applications where available processing resources are limited, it may not be flexible to analyze a large number of geometric relationships. The calculation of the seven geometric relationships provides a good balance improving the accuracy of the verification process while not unduly increasing the processing requirements, ensuring that the method of the present invention can be implemented on a wide variety of different devices having different processing capabilities.

In a preferred embodiment, the calculation of the geometric relationship is performed twice with a different number of identified feature nodes. In the first case, the number of identified feature nodes m is less than or equal to half the number of sampled data points n:

m≤n/2。

in this manner, the calculated geometric relationship may be used to determine whether a local geometric relationship is maintained in the set of sampled data points associated with the provided signature being verified.

In the second case, the number of identified feature nodes m is less than or equal to one quarter of the number of sampled data points n:

m≤n/4。

since the feature nodes are associated with sampled data points that are preferably evenly spaced along the entire length of the provided signature, this low density selection of feature nodes helps determine whether the global geometric relationship is preserved in the set of sampled data points. Analysis of the received set of sampled data points for the presence or absence of global and local geometric relationships improves the accuracy of the verification process.

The method may include sampling the provided signature at a variable sampling rate such that at least a portion of the sampled data points included in the set of received sampled data points are associated with different sampling rates. The method may further comprise: generating a hash value from the set of sampled data points; comparing the generated hash value to a set of pre-stored hash values to determine if the generated hash value is unique; and wherein a positive verification result is generated when the generated hash value is unique. The hash value may be used to prevent replay attacks (also known as man-in-the-middle attacks) in which, for example, data associated with a previously provided signature is reused. Since at least a portion of the sampled data points included in the set of received sampled data points are associated with different sampling rates, each set of sampled data points received should be unique. The uniqueness of the set of sampled data points ensures that the hash values generated from the unique sampled data points are also unique. If the comparison reveals that the hash value associated with a set of received sampled data points is not unique, this indicates that the previously received set of sampled data points was reused, in which case a negative verification result may be returned.

Preferably, the sampling step comprises normalizing the provided signature. This mitigates any effect on the size between the signatures provided.

The method may comprise calculating an elapsed time interval between each identified node; determining whether the calculated time lapse value is within a predetermined threshold range contained in a pre-stored user profile; and generating a positive verification result when the calculated time lapse value is within a predetermined threshold range. Since the signature is associated with a pre-conceived action (the second day of the authorized user), it is expected that the time taken to generate the signature fluctuates only slightly between the different signature replicas provided. Thus, analysis of the elapsed time interval between different parts of the signature may provide a good metric to verify the authenticity of the provided signature, in particular whether the signature was generated by an authentic user.

The method may include calculating a velocity vector for each identified feature node using the spatial and temporal coordinates associated with each feature node; determining whether each calculated velocity vector is within a predetermined threshold range contained in a pre-stored user profile; and generating a positive verification result when the calculated velocity vector is within a predetermined threshold range. The velocity vector provides a convenient way to capture behavioral biometric user motion information associated with the provided signature. Thus, by analyzing the velocity vector, it can be determined whether the provided signature was generated by an authentic user.

The method may further include calculating an acceleration vector for each identified feature node using the spatial coordinates and the temporal coordinates associated with each feature node; determining whether each calculated acceleration vector is within a predetermined threshold range contained in a pre-stored user profile; and generating a positive verification result when the calculated acceleration vector is within a predetermined threshold range. Acceleration vectors provide another convenient way to capture behavioral biometric user motion information associated with a provided signature. By analyzing the acceleration vector, it can thus be determined whether the supplied signature was generated by a real user.

The method may include calculating first and second derivatives associated with a line segment between adjacent sampled data points included in the set of sampled data points; defining the geometric complexity of the provided signature from the calculated first and second derivatives; and rejecting the received signature when the defined geometric complexity is below a minimum predetermined required geometric complexity threshold. This provides an automated method to determine whether a sufficient amount of behavioral biometric information has been derived from the signature. The amount of behavioral biometric information that can be derived from a signature depends in part on the geometric complexity of the signature. In this sense, the behavioral biometric information content of a signature depends, at least in part, on the geometric complexity of the signature. The more geometrically complex the signature provided, the more behavioural biometric information can be derived from it, so that it is easier to distinguish the signature and its forged copies. This feature determines whether the geometric complexity of the signature provided is sufficient for behavioral biometric verification purposes. Different embodiments of the method of the invention may require the provided signature to meet different levels of complexity, depending on the level of security required.

The method can comprise the following steps: maintaining a record of the minutiae values that resulted in a positive verification result, the minutiae values being associated to a plurality of different sets of received sampled data points associated with different copies of the same signature; calculating a statistical variance between the feature node value and a respective predetermined feature node for each different provided copy of the same signature; and modifying the predetermined threshold range of the respective predetermined feature node to be consistent with the calculated statistical variance. The statistical variance may be calculated using the feature node values that result in positive verification results associated with different copies of the same signature provided over a period of time. In this manner, the magnitude of the predetermined threshold range may be automatically determined based on the consistency with which the user is able to generate their signature, and may change as the user's consistency changes slowly over time. This ensures that the user's pre-stored profile is up-to-date.

The method may be used to authorize a transaction between two remotely located entities.

A second aspect of the invention relates to a system for verifying the authenticity of a provided signature, configured for performing the method summarized above. Specifically, the system may include: an input device configured to receive a set of sampled data points, each sampled data point associated with a different location along the signature; and a processor. The processor may be configured to: identifying a set of signature nodes in the set of sampled data points using a set of predetermined signature nodes contained in a pre-stored user profile; determining whether each identified feature node is within a predetermined threshold range of a respective predetermined feature node; and generating a positive verification when the feature node is within the predetermined threshold range.

In a particular embodiment, the input and the processor may be comprised in separate devices.

The processor may be contained within a server remote from the input, and the server may be operatively coupled to the input through a communication channel.

The input may include a touch pad or touch sensitive screen for receiving a signature.

The input may include a mobile phone configured with a touch-sensitive screen. In this way, the user may use the touch sensitive screen of the mobile phone to provide their signature to the processor for subsequent verification. For example, the processor may be contained within a remote server.

The input may include a personal computer, tablet computer, configured to receive a user's signature.

The system may be used to control access to secure resources, such as bank accounts. This is particularly useful for controlling remote access to a user's bank account. For example, as an identification and verification means for internet banking.

The system may be used to control transactions between two remotely located entities. For example, where the transaction involves a financial transaction, the system of the present invention may be used as an intermediary to verify and confirm the identity of the payer and/or payee. For example, the system may be associated with a server arranged as an intermediary between a payer and a payee, and arranged for verifying the authenticity of a set of sampled data points associated with the payer's or payee's signature.

A third aspect of the invention relates to a mobile phone configured to the method described above.

A fourth aspect of the invention relates to a personal computer configured to the method described above.

A fifth aspect of the invention relates to a tablet configured as the above method.

Drawings

Various embodiments of the present invention will now be described with reference to the following drawings, in which:

FIG. 1 is an example of a system configured to perform a signature verification method according to an embodiment of the present invention;

FIG. 2 is a process flow diagram summarizing the steps involved in a signature verification method that may be performed on the example system of FIG. 1;

3a, 3b and 3c illustrate different steps involved in sampling a provided signature using the system of FIG. 1 (FIG. 3a), including the step of sampling a provided signature (FIG. 3b) and the identification of feature nodes (FIG. 3 c);

FIG. 4 is a process flow diagram summarizing the steps involved in a signature enrollment process required to generate a behavioral biometric signature template for a user that may be performed on the example system of FIG. 1;

FIG. 5 illustrates a portion of a signature showing how the signature portion is sampled to define a signature curve; and

fig. 6 is a visible portion of a signature curve that includes a plurality of feature nodes, and illustrates how geometric relationship information may be computed during the signature enrollment process of fig. 4 or during the verification process of fig. 2.

Detailed Description

The present invention relates to, among other things, systems and methods for verifying behavioral science biometric information derived from a user's signature.

To assist the reader in understanding the present invention, a brief, high-level description of a system is described with reference to FIG. 1, illustrating a real implementation of an example of the present invention. More detailed descriptions of specific example aspects of the invention follow.

FIG. 1 is a schematic diagram of an exemplary behavioral biometric signature verification system 1 configured to implement the method of the present invention. The system 1 comprises means 3 suitable for receiving a signature (which means 3 will be referred to as signature input means in the subsequent discussion), display means 5 and authentication means 7. The signature input means 3 may relate to any device by which a user may provide a signature, configured to monitor and record the time taken to receive the signature, and to record an idiosyncratic script associated with the signature as it is generated. The display device 5 may be configured to display visual cues and/or instructions to the user to enter their signature, as well as to display signature verification results. For example, the display device 5 may be configured to display instructions indicating when the user starts to enter their signature at the signature input device 3. The authentication device 7 is configured to verify the authenticity of the provided signature by analyzing the signature (in particular the behavioural student biometric information derived therefrom), comparing this information with pre-stored behavioural student biometric signature templates 9 of the user stored in the database 11. The database 11 is operatively coupled to the authentication device 7, providing the authentication device 7 with access to the pre-stored biometric signature template 9.

The signature input device 3 and the authentication device 7 may each comprise a processor, memory and may include other components typically found in such devices and general purpose computers. In one example, each memory may store information accessible by a processor of the device, including instructions executable by the processor. The memory may further include data that may be fetched, operated upon, or stored by the processor. The memory may be any similar medium of information that can be accessed by the processor, such as a hard drive, memory card, DVD, and/or a write-only-read-memory. The processor may be any conventional processor including general purpose processing units and reduced instruction set computing ("RISC") processors. Alternatively, the processor may be a dedicated controller, such as an ASIC.

Although the signature input device 3 and the authentication device 7 may each comprise their own processor, the processor and memory of each device may comprise a plurality of processors and memories, which may or may not be stored within the same physical object. For example, some of the instructions and data may be stored on removable media, while other portions may be stored on a read-only computer chip. Some or all of the instructions and data may be stored in a location that is physically remote from, but accessible by, the processor. Similarly, the processor may comprise a series of processors, which may or may not operate in parallel.

In some embodiments, any one or more of the signature input device 3, the display device 5 and the authentication device 7 may be comprised in the same physical device. Alternatively, any one or more of the signature input device 3, the display device 5 and the authentication device 7 may be comprised in separate physical devices, in which case the devices are arranged to communicate with each other via one or more communication channels.

The behavioral biometric signature verification system 1 may be deployed as an identification authentication apparatus. For example, the system 1 may be used to control access to a security facility by controlling the operation of a gate or door, or it may be used to control access to a security device, such as a smartphone, tablet or similar device. The signature input device 3 may relate to a touch sensitive panel configured to detect a finger state, and the display device 5 may relate to an LCD screen.

Considering the foregoing example, in which the system 1 is implemented to control the control of a security facility upon receipt of a user request to open a gate or door, the display device 5, which may involve an LCD screen, may be configured to display instructions instructing the user to provide their signature in an appropriate signature input device 3, which signature input device 3 may involve the aforementioned touch sensitive panel. When a signature is entered on a touch sensitive pad, the finger trace on the pad (which involves a stylized script of the signature) and the time required to enter the signature are recorded. The provided signature is analysed and passed to the authentication device 7 for comparison with a pre-stored biometric signature template 9 of the user. Signature analysis includes analyzing and deriving behavioral biometric information from the provided signature. This may be performed at the signature input device 3 or at the authentication device 7 handling the service license. The analysis may be performed in real time while the signature is being entered, or it may be analyzed after the entire signature has been provided.

The authentication device 7 compares the derived behavioural biometric information with a pre-stored behavioural biometric template of the user to determine whether the behavioural biometric information derived from the provided signature is consistent with the behavioural biometric template of the user. The verification result may then be displayed on the display device 5.

FIG. 2 is a process flow diagram summarizing the different steps involved in the behavioral biometric signature verification method of the present invention, e.g., performed using the system of FIG. 1. At step 13 a signature 29, such as the one shown in fig. 3a, is provided on the signature input device 3. As described above, this may be initiated by displaying a visual cue on the display device 5 instructing the user to provide their signature. In step 15, the provided signature is sampled and preferably normalized.

Normalization is used to mitigate potential differences in size between different provided copies of the same signature, and helps to ensure the accuracy of derived behavioral biometric measures. For example, as will be described in more detail below, a behavioural biometric signature template 9 for a user is generated during an enrollment process in which one or more copies of the user's signature (also referred to herein as signature duplicates) are provided and relevant behavioural biometric information is derived therefrom. The signature is preferably standardized to mitigate differences in physical size between differently provided copies of the signature. This is advantageous to ensure that derived behavioural biometric information is independent of differences in physical size between differently provided copies of the signature. During subsequent signature verification, signature normalization is beneficial to ensure accuracy by minimizing false rejection rates.

The relevant behavioural biometric signature template 9 of the user is identified and accessed at step 17. The relevant behavioural biometric signature template 9 may be identified by requiring the input of a user identifier during the signature input step 13. Once the user identifier is provided, identification of the related behavioural biometric signature template 9 is enabledThe over authentication server 7 executes. The identifier may relate to an alphanumeric code, a name, or any other means of identification. The identifier may be provided by the user on the signature input device 3. Similarly, the signature input device 3 may comprise a touch-sensitive keyboard, such as for exampleSuch as those found in most smart mobile phones equipped with touch screens.

Alternatively, the behavioural biometric signature verification system 1 of fig. 1 may be configured with an additional keyboard (not shown in fig. 1) for providing a user identifier. In this way, the user can provide their identifier and the authentication device 7 can identify the relevant user behavioural biometric signature template 9 at step 17.

The behavioral biometric signature template 9 of the user includes a set of feature nodes that relate to a plurality of pre-selected data points on a stylized script of the user's signature. The signature nodes are used during the signature verification process to identify sampled data points on the provided signature that preferably correspond to the signature nodes contained in the behavioural biometric signature template 9 of the user. At step 19, a deterministic match is used to identify sampled data points corresponding to the feature nodes. In the discussion that follows, the identified sampled data points are also referred to as feature nodes.

It is important to note that the precise stage in which the biometric signature template 9 is identified by the authentication server 7 by the user's relevant behaviour is not important. The only requirement is that the behavioural biometric signature template 9 of the user is identified prior to a definitive match at step 19. For example, the identification of the behavioural biometric signature template 9 of the user may be performed prior to signature entry (step 13).

A correlation analysis is performed at step 21 which includes analysing the correlation between the feature nodes identified at step 19 on the provided signature and the feature nodes contained in the behavioural biometric signature template 9 of the user. This includes identifying statistical variances between two sets of feature nodes. The statistical variance is determined at step 23 to be within a predetermined threshold stored in the behavioural biometric signature template 9 of the user, whereupon the authentication means 7 returns a successful verification result at step 25. If the identified statistical variance is outside of the allowed predetermined threshold, a verification failure result is returned at step 27. Since the average person is inherently unable to perfectly replicate their signature each time, it is expected that the provided signature will be of small magnitude for the observed variance between the contained feature nodes and the feature nodes in the behavioural biometric signature template 9 of the user, even for an authentic authorised user. Thus, each provided signature replica is expected to deviate slightly from the previous replica, and the system and method of the present invention can accommodate this type of expected variance.

Such human features may also be used as additional security features. For example, if the correlation analysis results show a perfect match with the behavioural student biometric template profile at step 21, this may indicate a forged signature and a failed verification result may be returned at step 27 for security reasons. In the present context, a perfect match indicates a situation in which the feature nodes contained on the provided signature do not show any statistical deviation from the feature node values defined in the behavioural biometric signature template 9 of the user.

Depending on the environment in which the signature verification system 1 is deployed, the verification result may be provided on the display device 5. Where the signature verification system 1 is deployed to control access to a facility, for example, successful verification may result in an optional visual confirmation being displayed on the display device 5 and access to the facility being granted. Any display may be used, for example, the display may be: a light that turns on when it is determined that authentication is being performed, a monitor that displays a custom message, or a mechanical device that physically changes the position of an object, such as flipping an object that is marked "off" on one side and "on the other side.

The above and below described embodiments of the invention are provided for illustrative purposes and not for limitation. The methods and systems of the present invention may be deployed in a variety of different environments, and these and other variations and combinations of the features discussed above and below may be employed without departing from the subject matter defined by the claims. The provision of examples (as well as the phrases "such as," "for example," "including," etc.) described herein should not be construed as limiting the claimed subject matter to the specific examples, which are intended to be illustrative of only some of the many possible aspects of the invention.

Furthermore, it should be understood that the physical location of the authentication device 7 is not important. The authentication device 7 may be local to the signature input device 3 or it may be remote from the signature input device 3. For example, where the signature input device relates to a touchscreen of a smartphone, the authentication device 7 may be local to the smartphone, whereby the signature may be verified locally to the smartphone without establishing data communication with a remotely located verification server. In this embodiment, the design is such that the smartphone may only locally store behavioral biometric signature templates of one or more authorized users. Another advantage of this embodiment is that the signature verification system can be used even in so-called 'black holes' of mobile phones. In other words, the system can be used in geographical areas where the mobile phone received signals are very weak or even no mobile phone received signals. Alternatively, the signature input device 3 may be a dedicated device at a certain location, the authentication device 7 may be a server at another location, the database 11 may be contained in a memory at yet another location, and all of these devices communicate with each other via a network, such as a wired Local Area Network (LAN), a Wi-Fi network, a cellular telephone network, or a wide area network such as the internet. To this end, the signature input device 3, the authentication device 7 and the database 11 and their respective components may or may not be comprised in the same device or at the same location. Similarly, the display device 5 may or may not be included in the same device as the signature input device 3, for example, the display device 5 may be a separate monitor. By way of an alternative example, the display means 5 and the signature input means 3 may be implemented via the same touch-sensitive screen.

As previously mentioned, the behavioural biometric signature template 9 of the user is generated during an initial user enrollment process, which will now be described in more detail.

Fig. 3a, 3b and 3c illustrate the different stages involved in the registration process, and in particular the sampling and feature node deployment process. These are described in more detail below with reference to fig. 4.

Fig. 3a illustrates a copy of the signature 29 provided at the input means 3 at step 13 of fig. 2. Fig. 3b illustrates the sampled data points 31 sampled at step 15 of fig. 2. Figure 3c illustrates the identification of a feature node 33 at step 19 of figure 2.

FIG. 4 is a process flow diagram providing an overview of the steps involved in the registration process. The enrollment process may be performed in the behavioural biometric signature verification system shown in fig. 1 or any other similar system comprising at least means for receiving a signature 3, such as the authentication means 7, and configured to derive the behavioural biometric information of the user from the provided signature.

Upon initiating the registration process, the user may be required to provide two or more copies of their signature on the signature input device 3 at step 35. In the discussion of the present invention, the terms signature copy and signature duplicate will be used interchangeably to refer to different copies of the same signature. Preferably, during registration, two or more copies (copies) of the same signature are provided to enable the system to empirically generate a statistical tolerance threshold. These tolerance thresholds improve the utility of the signature verification system by reducing the false reject rate. In practice, however, the tolerance threshold may be arbitrarily duplicated, in which case only a single provided copy/duplication of the signature may be required during registration. However, designing a signature verification system that relies on arbitrarily generated tolerance thresholds is likely to result in a greater false rejection rate. Conversely, a signature verification system that generates a per-user customized tolerance threshold based on empirical analysis will likely result in a lower false rejection rate, since the calculated tolerance threshold value will depend at least in part on how consistent the analysis user replicates their signature. This is why it is preferred that two or more signatures are provided during registration. Behavioral biometric signature templates associated with users exhibiting a high degree of consistency are likely to include a smaller tolerance threshold than users exhibiting a lower degree of consistency, since a lower degree of statistical variance is expected in the provided signature replica for the former. Thus, if a greater degree of statistical variance is observed in the provided signature copy during subsequent signature verification processes, the provided signature is more likely to be a counterfeit signature.

Fig. 3a illustrates an example of a provided signature 29. In the illustrated example, the name "Yossi" has been provided. The script of the signature of the figure is clearly visible in the example illustrated. As previously described, the multiple signature inputs enable the behavioral biometric signature system 1 to generate a tolerance threshold that accounts for inconsistencies (i.e., statistical variances) between different provided replicas of the signature. As previously mentioned, according to a preferred aspect of the present invention, the generated threshold may be user-specific and depends in part on how consistent the user renders substantially identical copies of their signature. Users who are able to consistently reproduce very similar copies of their signatures are likely to have a smaller threshold than users who are unable to reproduce similar copies of their signatures. The signature verification system of the present invention is designed to cater to these two extremes of users.

The greater the number of copies/duplicates of the signature provided during registration, the more accurate the empirically generated tolerance threshold value may be. The term 'accurate' refers in the context of the present invention to statistical accuracy, which increases with the number of signature duplicates provided during registration. The more accurate the resulting threshold that quantifies a user's ability to accurately and consistently reproduce their signature, the lower the likelihood that the verification system will produce false rejects during subsequent signature verification processes. An error rejection is generated when the authentic user fails the signature verification process. One goal of a practical commercially implementable signature verification system is to minimize the frequency of false rejection generation. In other words, minimizing the false reject rate is a goal in order to improve the usability of the signature verification system.

The quality and accuracy of the generated behavioural biometric user information may increase as the number of signature copies provided during enrollment increases.

Preferably, five copies/duplicates of the signature are provided during registration. To avoid confusion in the following discussion, the signatures provided during enrollment will be referred to as reference signatures to distinguish them from signatures provided for verification during subsequent verification processes. The subsequent discussion of fig. 4 will consider an embodiment in which five reference signatures are provided during registration. However, this is not a difficult requirement and the method can be performed with any number of reference signatures (where number refers to two or more copies of a signature) whereby statistical correlation analysis can be performed.

The registration process is initiated by the user entering a first reference signature on the appropriate signature input device 3. In step 37, the reference signature is preferably sampled by the signature input device 3 simultaneously during input, and normalized. After the signature is entered into the registration system, a query is made at step 38 as to whether a sufficient number of copies of the reference signature have been sampled. The number of required reference signatures may be specified by the registration entity. Steps 35, 37 and 38 are repeated until a specified number of reference signatures have been provided. In the presently described example, five reference signatures are required, so steps 35, 37 and 38 are repeated for each of the five reference signatures provided.

The signature may be represented by a population of one or more geometric curves. These one or more geometric curves may be mathematically defined by one or more functions. Sampling includes recording a plurality of data points, each data point corresponding to a point on a geometric curve. A sufficient number of data points on the curve must be sampled to mathematically define a geometric curve, which may be interchangeably referred to as a signature curve. In the following discussion, the signature curves will be referred to in the singular. However, it should be understood that the signature curve may include one or more different geometric curves, each of which is defined by a different mathematical function.

As previously mentioned with reference to fig. 2, in order to mitigate size differences (i.e. to compensate for differences in the relative sizes of the provided reference signatures), each provided reference signature is preferably normalized. This may be performed during the sampling process at step 37. Alternatively, this may be performed after the sampling step 37. Normalization mitigates the effect of size on subsequent validation analysis, thereby increasing the likelihood that the analysis results are accurate results.

Once the system has determined that a predetermined number of reference signatures have been provided at step 38, a first one of the provided reference signatures is selected and the feature nodes are defined in the signature curve, step 39. This may include selecting a subset of the signature data points to sample at a predetermined frequency or at a predetermined interval. This selected subset of signature data points characterizes the signature and is referred to as a feature node to distinguish them from their remaining data points.

For example, the selection of the feature nodes may include selecting a subset of the sampled data points that are evenly distributed along the signature curve. Similarly, data points that are nearby and/or that characterize the boundary of geometric features contained in the signature may be used.

One way to identify the characterizing geometric features is to analyze the first and/or second derivatives between adjacent sampled data points. Analysis of the derivative may provide information about the geometry of the signature curve. In particular, analysis of the second derivative may be used to determine local maxima, minima, and/or points along the curvature of one or more geometric curves. This allows data points associated with significant geometric distortions on the signature curve to be easily identified and designated as feature nodes.

Once the feature nodes have been selected on the first selected reference signature, at step 41, corresponding data points on the remaining reference signatures are identified using a deterministic optimization method described in more detail below. In the current example, this includes identifying corresponding data points on the remaining four reference signatures. This process is referred to as feature node matching because it involves identifying data points on the remaining reference signatures that correspond to the feature nodes defined on the first reference signature.

At step 43, a correlation analysis of the identified feature nodes in the reference signature and the identified correlation statistical variances are performed. The purpose is to determine the threshold and/or allowable values associated with each feature node value that need to be incorporated into the user's behavioral biometric profile template 9.

The correlation analysis effectively analyzes the relative geometric and temporal relationships between corresponding feature nodes defined on different reference signatures. This is accomplished by sampling the position and time data during the sampling process for each sampled data point, step 37. In this way, the relative geometric relationships between corresponding feature nodes defined on different reference signatures, as well as the relative temporal relationships, can be quantified. Further exemplary details of this sampling process will be described in the discussion below.

Correlation analysis by analyzing the statistical variance associated with the coordinate values of each feature node disposed on each reference signature, one average coordinate value and associated statistical variance to be defined for each feature node are achieved. This can be determined by comparing the relative coordinate values (location and time) associated with the respective feature nodes arranged on the different reference signatures. In other words, consider a single feature node arranged over five reference signatures provided. The coordinate values associated with the feature nodes are likely to be different for each different reference signature on which a set of five different coordinate values are deployed and defined (assuming that the reference signatures are all different). By analyzing the set of different coordinate values, the average coordinate value can be associated to the feature node and to the associated variance.

The method of the present invention may employ relative coordinate values. Rather than defining coordinates relative to a fixed axis associated with a characteristic node, the location of a characteristic node may be defined relative to adjacent nodes. This may be accomplished by associating a position coordinate vector with the position of each feature node. The location coordinate vector defines the location of the feature node relative to the location of the neighboring nodes. In this embodiment, the relative coordinate values may relate to scalar components of the position coordinate vector. Relative average scalar coordinate values and associated variance values are determined from the provided reference signature. The statistical variance values define one or more thresholds associated with each feature node.

At step 45, the location coordinate vector, including the average feature node coordinate values and associated variances, is stored in the user's behavioral biometric signature profile template 9 for further reference during the signature verification process shown in FIG. 2. Once the position coordinate vector occupies the behavioural biometric template 9 of the user, the registration process is then terminated at step 47.

For the foregoing summary of the enrollment and verification processes, further specific details are set forth below with reference to preferred embodiments.

Preferably, the provided signature is sampled at a predetermined sampling rate during verification at step 15 of fig. 2 and during signature enrollment at step 37 of fig. 4. The sampling rate may vary from application to application and depends in part on the hardware performance of the signature input device 3. For example, the signature is sampled at a frequency in the range of 50Hz to 200 Hz. Alternative sampling frequencies may be used as well. In general, however, the higher the sampling rate, the more accurate the behavioural biometric information that can be derived is likely. Similarly, a very low sampling rate may result in an insufficient number of sampled data points, which in turn may result in less accurate behavioral biometric information. Alternative sampling frequencies outside the provided sampling range, but within the scope of the invention, are also contemplated.

Each sampled data point is preferably associated with a four-dimensional vector avv, where v ═ x, y, t, c; the set { x, y } is a spatial coordinate; t is a time coordinate, which may take only positive values; c is the tip coordinate (equivalently called jump or jump coordinate, or pen-up or pen-down coordinate) which indicates whether the corresponding spatial and temporal coordinates relate to data points associated with mathematical discontinuities. For example, jump discontinuities and/or removable discontinuities and/or pen lifts may be associated with physical gaps in the signature curve. The gaps between the dots of the letters 'i' and 'j' and the stem are examples of removable discontinuities. In this example, the tip coordinates represent whether the spatial coordinate position is associated with a visible marker or whether the spatial coordinate position relates to a gap in the signature curve.

The tip coordinates are binary values. For example, a tip value of '0' may be assigned to a data point on a signature curve associated with a visible marker, while a tip value of '1' may be assigned to a data point associated with a gap in the signature curve, or vice versa. The chosen convention is insignificant if it is applied consistently.

The tip coordinate c can be taken into account in connection with fig. 5. In this example, the analogy is done using conventional methods, and the use of the analogy provides signatures on paper for illustrative purposes only, since the system shown in FIG. 1 does not require the use of a pen or paper to enter the signature. According to this analogy, a '0' tip value is associated with a 'pen down' position and a '1' tip value is associated with a 'pen up' position. In the following description, the tip coordinate value associated with the 'pen up' position is interchangeably referred to as a 'pen up event', and the tip coordinate value associated with the 'pen down' position is interchangeably referred to as a 'pen down event'. In other words, '0' is associated with a data point related to a visible marker, while '1' is associated with a non-visible region. The letter 'i' 50 is shown in fig. 5, which includes a plurality of sampled data points 52 defined along the visible portion of the signature curve 54 including point 54 a.

Each sampled data point 52 is associated with a time coordinate. For the present purposes, the reference numeral 56 denotes a chronological sequence in which different data points on the signature curve that have been entered are illustrated. It should be appreciated that reference numeral 56 represents a chronological order in which sampled data points that have been entered are proportional to and derivable from the associated time coordinate associated with the particular data point of interest acquired during the sampling of step 15 of fig. 2 or step 37 of fig. 4. In this way, the chronological order of the idiomatic script in which the user enters the signature can be distinguished. For example, chronological order number 56 associated with point 54a indicates that this is the last part of the input signature because its chronological number value is '30'.

The term 'signature curve' may include visible and non-visible line segments that incorporate sampled data points, including singular points such as point 54 a. Defined in this manner, the signature curve may not necessarily be equivalent to a signed stylized script — which is not specifically limited to visible signature markers 54, 54 a. While all data points associated with a visible signature marker are contained in the signature curve, the signature curve may further include a non-visible portion 54b that includes data points associated with signature regions that are not associated with a visible marker but are still sampled by the signature input device 3. For example, interpolated data points 58 (described in more detail below) are examples of data points associated with the non-visible portion 54b of the signature curve, which is therefore associated with a '1' tip coordinate value. In other words, under the current analogy, the interpolated data point 58 is associated with a 'pen up' position.

When a data point is sampled on the non-visible portion of the signature curve, a data point associated with a '1' tip coordinate value (equivalently referred to as 'pen up') appears. The position coordinates of the sampled data points may then be defined using known interpolation techniques. These interpolated data points 58 lie within a curve discontinuity between the visible sampled data points 60 and the singular point 54a, associated with the point of the letter 'i'.

Alternatively, the data point ('pen up') associated with the '1' tip coordinate value may be effectively represented by a two-dimensional vector (2D) including only the time coordinate value and the tip coordinate value. This avoids having to interpolate the position coordinates of the data points. In this example, the sampled data points contained in the visible portion of the signature curve are 4D vectors, while the sampled data points contained in the non-visible portion of the signature curve are 2D vectors.

Alternatively, the sampled data points associated with the '1' tip coordinate values may be ignored and discarded from the sampled data set. For example, all sampled data points bounded by data points associated with pen-up coordinates and data points associated with pen-down coordinates may be discarded. This effectively excludes all but one data point that lies in a discontinuity in the signature curve (i.e., within the signature gap). This reduces the computational burden because interpolation of the pen-up spatial coordinate values is omitted. In this example, the signature curve substantially corresponds to the visible portion of the signature curve.

In particular embodiments, the provided signature may be sampled at a variable sampling rate. This may be achieved by sampling different data points at different frequencies. This reduces the statistical likelihood that any two different signature replicas are sampled equally and ensures that different data points are sampled for each provided signature replica. The result of this sampling process is that the set of sampled data points associated with each sampled copy of the signature forms a unique data set that can be used to improve the security of the method of the present invention. One way in which security may be improved is to perform a hash function using a sampled data set. Since each sampled data set is unique, the resulting hash associated with each sampled signature copy is also unique. The hash value associated with each sampled provided signature may be verified during the verification process of fig. 2. For example, once the provided signature has been sampled, it may be performed at step 15. Furthermore, the authentication device 7 may be arranged to keep a log of the received hash values. In this manner, if the signature has a hash value corresponding to the hash value of the previously received signature, the error may be flagged and a verification rejection result returned. The use of a hash function improves the security of the method of the invention and in particular provides protection against replay-like attacks in which previously sampled signatures are reused. This may occur, for example, when a set of data points associated with a previously sampled signature is passed to the authentication device 7 for verification.

One way in which a random sampling rate may be obtained is to use multi-threaded processing. The means 3 for receiving the signature may comprise a Central Processing Unit (CPU) arranged to execute at least two parallel threads of instructions in turn in the order in which they were received. For example, a first thread may relate to a primary sampling thread that instructs the CPU to sample a received signature at a particular frequency, while a secondary thread may relate to an alternate instruction set that is processed in the event that there are insufficient system resources to process the primary thread. Alternatively, different sampling instructions may be included in different instruction threads, which when executed by the CPU, instruct the means for receiving signatures 3 to sample received signatures at different rates. For example, the means 3 for receiving the signature may be able to sample at a rate of 50Hz to 100 Hz. A series of three different instruction threads may be used to provide the sampling instructions. The first thread of instructions may instruct device 3 to sample down at a rate of 60Hz, while the second and third threads may instruct the device to sample down at rates of 80Hz and 100Hz, respectively. This ensures that the signature provided is sampled at a variable sampling rate, which in this example oscillates between 60Hz and 100 Hz.

Sampling

As previously mentioned with reference to FIGS. 2 and 4, during the verification and enrollment processes of steps 15 and 37, respectively, one or more provided reference signatures are sampled, which includes sampling in the spatial and time domains, and associating tip coordinate values c to the sampled data points (e.g., a '1' for a pen-up event and '0' for a pen-down event)Wherein A is_viIs a vector increment. For the avoidance of doubt, i is any positive integer and specifies different vectors associated with different data points (including data points associated with the non-visible portion of the signature curve).

Since each sampled 4D data point includes a time coordinate value, the elapsed time relative to the previous 4D data point can be determined, whereby a velocity vector (V) and optionally an acceleration vector (V) can be associated with each sampled data point. The velocity and acceleration vectors capture the user's hand movement behavioural biometric information.

The normalization process employed at steps 15 and 37 in the preferred embodiment includes scaling the supplied signature to fit a predetermined rectangle having a predetermined size. For example, the standardized rectangle may have a pixel size of 128,000 x96,000. Alternative normalization methods may also be used in accordance with the present invention.

The sampling process (step 15 of fig. 2; step 37 of fig. 4) may further include a data point density analysis process to determine whether a sufficient number of data points have been sampled along the signature curve. This can be performed both in the spatial domain and in the time domain. The more well-defined the signature curve, the more accurate the derived behavioral biometric information.

For the spatial domain, this can be done by determining two sampled data points (x)_i+1，y_i+1，t_i+1，c_i+1) And (x)_i，y_i，t_i，c_i) (i-1, 2, 3, …, n) is within a predetermined threshold,

maximum allowable distance interval 1.0

For the time domain, this may be accomplished by determining whether the time interval between two sampled data points is greater than a predetermined threshold,

maximum allowable time interval formula 1.1

If either of the distance interval threshold or time interval threshold conditions of equations 1.0 and/or 1.1 do not hold, known linear interpolation techniques may be used to interpolate other data points on the signature curve within the relevant interval.

A sampled data point density analysis using equations 1.0 and 1.1 is performed for all sampled data points along the signature curve. The tip coordinate value of any interpolated data point will coincide with the tip coordinate value of the delimiting sampled data point. For example, in the case where the tip coordinate values ci +1 and ci of the two sampled data points of the framed interpolated data point are '0', then the tip coordinate value of the interpolated data point is also '0'. In other words, if the two delimiting sampled data points relate to a pen down event, the interpolated data point between the two sampled data points will also be associated with the pen down event. Similarly, where the tip coordinate values of the two bounding data points are '1', then the tip coordinate value of the interpolated data point is also '1' -a pen event.

Since the interpolation techniques noted herein are general in the art and well known to anyone skilled in the art, further discussion of the details of the interpolation techniques is not required, it being recognized that any conventional numerical interpolation technique may be used and such alternatives are within the scope of the present invention. To which the interested reader is referredBooks "ampli. interoperable to molecular biology", published by iopublishingltd, 1.1.1989, r.d. harding and d.a.quinney: volume 2: interpolarationanddopproxication "for a more detailed discussion about numerical interpolation.

An illustrative example of a maximum allowable distance interval threshold between two sampled data points may be nine pixels. In this illustrative example, if the distance interval between any two adjacent sampled data points is greater than nine pixels, then illustrative interpolation defines one or more additional data points within the interval until the distance interval threshold condition of equation 1.0 is satisfied.

An illustrative example of a maximum allowable time interval may be five milliseconds, which corresponds to a signature sampling frequency of 200 Hz. Thus, in this illustrative example, if the sampling rate of the signature input device 3 is below 200Hz, interpolation may be used to occupy a time interval between adjacent sampled data points with one or more interpolated data points until the time interval threshold condition of equation 1.1 is satisfied. Similarly, in particular embodiments, interpolation may be used to compensate for any irregularities and/or fluctuations in the sampling rate of the signature input device 3 to maintain a uniform sample data set.

Interpolation may be required in embodiments in which the means 3 for receiving a signature also executes other sets of instructions associated with different applications. For example, in a smartphone configured to provide multiple different functions, multiple different applications may be permitted in parallel, each application associated with a different thread of instructions, and each thread contending for processing resources of the processor. In this example, the processor (e.g., CPU) may be temporarily unavailable to execute the sampling instruction thread while executing the extraneous instruction thread associated with the extraneous application. This may occur, for example, when the CPU of the smartphone is occupied to determine the GPS location of the handset. The CPU may become temporarily unavailable for execution of the instruction thread associated with the signature sampling process, which may result in a larger time interval and/or distance interval gap between two adjacent sampled data points. Instead of reinitializing the sampling process, which may be less convenient, numerical interpolation may be used to complete the set of sampled data points.

Optionally, a smoothing function may be used to improve the accuracy of the interpolated data points. This can be achieved by minimizing the following integral of action,

formula 1.2

Wherein the signature curve A_θIs all the sampled data points B_vAnd the set of interpolated C μ data points (i.e., A)_θ＝B_v∪C_μ) F is a smoothing function, and K is a constant that may have a value of 0.5 or less. In this way, f (A)_θAnd K) is the smoothed function.

The use of a smoothing function is advantageous because it reduces the impact of sampled data points associated with large variances on the validation results relative to neighboring data points, such as the dirac function. Thus, the verification result is more stable. Furthermore, the use of a smoothing function during the registration process also results in a lower determined statistical variance value. This improves the security of the system by making the signature more difficult to forge, reducing the false positive signature verification result rate.

The functional integral of equation 1.2 can be minimized by solving the well-known euler-lagrange equation for the calculus of variables as a discrete problem, which results in a set of linear equations that are solved using a three diagonal matrix. Smoothing functions and euler-lagrange equations are well known in the art and therefore details are not discussed further since they are well known to those skilled in the art.

Identification of feature nodes

As discussed previously with reference to fig. 4, during registration, the first selected reference signature is analyzed and the feature nodes are identified at step 39. Some methods by which this step may be accomplished will now be discussed.

Preferably, the feature nodes may be defined by selecting a subset of the sampled vectors (the sampled data points are vectors, as mentioned above), ignoring any vectors associated with the tip value '1' (pen-up event), whereby the selected subset of vectors are substantially evenly distributed at even length intervals throughout the visible portion of the signature curve. In the following discussion, the selected subset of vectors is referred to as a feature node.

Since the vector associated with the cusp value '1' is ignored, the node is only associated with the 4D vector. The density of the nodes is typically much lower than the density of all sampled vectors. The node hasIn the form of (1). The characteristic nodes are preferably separated from each other by approximately uniform separation intervals, given by the inequality given below.

Formula 1.3

WhereinThe approximately uniform separation interval means that although the feature nodes are preferably separated from each other by the uniform separation interval, this is not a necessary limitation and the intervals between some nodes may deviate from the uniform interval defined in equation 1.3. Equation 1.3 is the Pythagorean theorem expressed in two dimensions. The distance interval of equation 1.3 only takes into account the geometric coordinate values, and ignores the time and tip coordinate values. The index j is used to represent the node without being confused with the index i, which is used to track the vector associated with the sampled data point, and is hereinafter referred to simply as the sampled vector. The number m of nodes deployed along the visible portion of the signature curve is selected to be less than or equal to half the number of vectors sampled, thereby satisfying the following condition

m \leq \frac{1}{2} n

Formula 1.4

Where n is the number of vectors sampled.

This significantly reduces the processing requirements.

At step 41, the M nodes are then deployed on the other four signatures arranged during the registration of step 35. The term 'deployment' is used in the context of the present invention to mean processing such that vectors containing samples on the other four signatures are analyzed to identify those vectors that substantially correspond to the feature nodes defined on the first selected signature.

The interval of the new deployment given by equation 1.3 can be expressed as

Formula 1.5

WhereinRepresents the number of vectors sampled on the new signature curve and is unlikely to be equal to the number of vectors sampled on the previous signature curve, L ≠ n. Moreover, it should be understood that the number of vectors L sampled per new signature curve may be unique, especially if a variable sampling rate is employed, and therefore each signature curve may be associated with a different number of sampled vectors L. The constant spacing of the separation states set forth in equation 1.5 is an approximation and some spacing of the separation may deviate from the uniform spacing defined in equation 1.5.

The number of nodes deployed m on the visible part of each other signature remains constant

({\hat{x}}_{1}, {\hat{y}}_{1}, {\hat{t}}_{1}, \hat{p} e n_{down}_{1}), ({\hat{x}}_{2}, {\hat{y}}_{2}, {\hat{t}}_{2}, \hat{p} e n_{down}_{2}), ..., ({\hat{x}}_{m}, {\hat{y}}_{m}, {\hat{t}}_{m}, \hat{p} e n_{down}_{m})

Formula 1.6

Where the 'a' symbols are used to distinguish between nodes deployed on the remaining four signatures and nodes deployed on the first provided signature.

The condition of equation 1.4 holds for the remaining four provided signatures-the number of nodes m' is less than or equal to half the number of vectors L of samples-which can now be expressed as

m \leq \frac{1}{2} L

Formula 1.7

If this condition is not met for any of the remaining signatures, the sampling error result may be returned by the signature input means 3 and displayed on the display means 5. Such errors may be associated with undersampled signatures, for example.

The analysis may be performed in step 41 by the signature input device 3 or by the authentication device 7. In the event that a sampling error result is returned, the user may be required to re-enter their signature, or if a sufficient number of signatures have been provided, the signature that caused the return of the erroneous result may be discarded. The latter option may arise where a sufficient amount of behavioural biometric information has been derived from a previous signature. In which case discarding of a provided copy of the signature does not unduly impair the quality of the derived behavioral biometric information.

The node deployment process is completed by ensuring that nodes have been deployed on the remaining signatures at substantially equivalent feature locations along the visible portion of the different signature curves. Each different signature curve representing a different copy of the signature complicates the process. Thus, each signature curve will include features that are slightly different from each other signature curve. For this reason, the method of identifying the point of association based on a pictorial comparison of signatures is not suitable because it will be inaccurate because two non-identical objects are compared. Similarly, the method of matching equivalent coordinate positions is also unsuitable because it cannot ensure that equivalent features are matched. And therefore a more accurate parsing process is required. This is provided by the deterministic matching process mentioned earlier and is described in more detail below.

Deterministic matching

The purpose of the deterministic matching process employed in the preferred embodiment is to identify the vectors contained in the remaining four signatures that are most relevant to the nodes deployed on the first provided signature. In the context of the present invention, the term 'phase' associated with a vector is used to denote a substantially parallel orientation. The scalar product of two vectors (also collectively referred to as the 'vector dot product') can be used for this purpose.

The scalar product of two vectors is proportional to the cosine of the angle of separation between the vectors. If the orientation of the two vectors is the same, the angle of separation is zero and the scalar product is the largest. If the orientation of the two vectors diverge by π/2, the scalar product is zero. The scalar product is smallest when two vectors are separated by pi-for example, when the two vectors are oriented in opposite directions. Two vectors associated with the same node should be substantially parallel in orientation and the dot product of the two vectors is correspondingly largest.

Further details of the optimization process will now be described with reference to the signature curve of the first sample on which a node has been defined and the signature curve of the second sample on which a node is to be deployed.

The objective of the optimization process is to identify the relative partial vectors on the second signature curve for each feature node defined on the first provided signature. The relative part is selected as the vector that is most relevant to the node defined on the first signature. The correlation may be determined from the vector dot product. This process is repeated for each defined node to identify the relative partial vector on the second signature curve.

An optimization function M can be defined that is proportional to the scalar product of two vectors and that can be defined algorithmically as

M = Σ_{j = 1}^{n} f (r_{j + 1} * {\hat{r}}_{j + 1}) * g_{j + 1}

Formula 1.8

Wherein,

r_{j + 1} = \sqrt{{(x_{i_{j + 1}} - x_{i_{j}})}^{2} + {(y_{i_{j + 1}} - y_{i_{j}})}^{2}}

formula 1.9

{\hat{r}}_{j + 1} = \sqrt{{({\hat{x}}_{l_{j + 1}} - {\hat{x}}_{l_{j}})}^{2} + {({\hat{y}}_{l_{j + 1}} - {\hat{y}}_{l_{j}})}^{2}}

Formula 1.10

The length of the line segment or the interval between adjacent nodes on the curve of the first signature (formula 1.9) and the second signature (formula 1.10) respectively is defined. 'a' symbol is used to indicate a characteristic node defined on the sampled data point and/or the second signature. Line segment lengths are scalar components of their associated vector quanta. Function g_j+1Proportional to two vectors (defined on the first signature curve)And defined on a second signature curveThe cosine of the angle of separation between. The two vectorsThe product of the scalar components of (a) is a convex function.

By maximizing the matching function M and solving for each j^thExponents to identify the vector relative parts of the feature nodes defined on the first signature

1 max

M = {maxΣ}_{j = 1}^{n} f (r_{j + 1} * {\hat{r}}_{j + 1}) * g_{j + 1}

Formula 1.11

Solving the above equation identifies the exponent of the relative partial vector on the second provided signature that is most relevant to the node deployed on the first signature. In other words, for each node j, maximizing the matching function M identifies the sum j^thOf associations contained on the second signature curve most relevant to the nodeAnd (4) vectors. Thus, the optimization process of the present invention may also be referred to as index matching, with the objective of identifying the index l_jSo that j is 1, 2, 3, …, m and l_j+1＞l_j。

According to equation 1.11, for matching j^thMatching function M of feature nodes_jPreferably in the form of

M_j＝F(θ_j)*G(d_j，d_j+1)*Q(r_j*d_j) Formula 1.12a

Thus, the overall match is given by

Formula 1.12b

Wherein F (theta)_j)、G(d_j，d_j+1) And Q (r)_j*d_j) Is a differentiable function.

The matching function M can be expressed as a series of numbers on all nodes

Σ_{j = 0}^{m + 1} F (θ_{j}) * G (d_{j}, d_{j + 1)}) * Q (r_{j}, d_{j})

Formula 1.13

The following definitions are used:

dX_nodej+1＝X_nodej+1-X_nodej

dY_nodej+1＝Y_nodej+1-Y_nodej

{dX}_{{curvei}_{j + 1}} = X_{{curvei}_{j + 1}} - X_{{curvei}_{j}}

{dY}_{{curvei}_{j + 1}} = Y_{{curvei}_{j + 1}} - Y_{{curvei}_{j}}

r_{j} = \sqrt{{dX}_{n o d e f + 1}^{2} + {dY}_{n o d e j + 1}^{2}}

d_{j} = \sqrt{{dX}_{{curvei}_{j + 1}}^{2} + {dY}_{{curvei}_{j + 1}}^{2}}

formula 1.14

θ can be defined as a vector dX_nodej+1、dY_nodej+1Andthe angle formed therebetween. F (theta)_j)、G(d_j，d_j+1) And Q (r)_j*d_j) The maximum value of (2) is 0. F (theta)_j) And G (d)_j，d_j+1) Is positive and has an upper positive value, and Q (r)_j*d_j) Is a convex function, whereby Q (ax)₁+(1-a)x₂，ay₁+(1-a)y₂)≥aQ(x₁，y₂) Wherein a is more than or equal to 0 and less than or equal to 1. Although Q is a monotonically increasing function, its derivative Q' decreases monotonically to 0. For example, to better understand this point, consider a convex function Z (x) ═ ln (1+ x), whose derivative Z' (x) ═ 1/(1+ x) tends to 0 as x increases. Thus, while z (x) is a monotonically increasing function, its derivative monotonically decreases. Similarly, the convex function y (x) x^kfor0<k<1 is another example of a monotonically increasing function, the derivative of which decreases monotonically, e.g., Y' (x) ═ kx^(k-1)＝k/(x^(1-k))。

Convex function Q (r) in equations 1.12a, 1.12b, and 1.13_j*d_j) To reduce or suppress the effect of edge-to-edge matching. If the value of the function Q is at the product r_j*d_jLarger, the match function may inadvertently match vectors associated with scalar components of similar length (e.g., associated with line segments of similar length), thereby increasing the match function M_jEven if the matching vectors are associated with different geometric features of the signature curve-e.g. different letters in the signature. For this reason, it is preferable that the function Q is convex. Those skilled in the art will appreciate that convex functions are associated with a smaller gradient relative to, for example, a linear function, and thus a slower rate of change of the value associated with the convex function. The use of convex functions in the matching process has the advantage that a function is obtained which is comparable to other formsMore stable matching results of numbers not affected by the product of scalar vector lengths. This reduces the likelihood that a feature node will match a sampled data point associated with a disparate portion of the received signature. …

G(d_j，d_j+1) Provides a measure of how well the characteristic nodes are distributed, and at d_j＝d_j+1Is maximal. Furthermore, function G (d)_j，d_j+1) The matching function values between the feature nodes and the associated sampling vectors, both associated with the pen-down event, are adjusted exactly at the time of matching. F (theta)_j) Dependent on dX_nodej+1、dY_nodej+1、And dX_nodej+1、dY_nodej+1The angle thetaj formed therebetween. In other words, θ_jIs a vector on the supplied signatureAnd the feature node dX contained in the user's behavioral biometric signature profile template 9_nodej+1-X_nodej，dY_nodej+1-Y_nodejThe angle formed therebetween. Briefly, the feature nodes, node j provided in the behavioral biometric signature template 9 and the sampled data points contained in the provided signatureAnd (4) matching.

F(θ_j) May be selected to be positive and have a lower boundary 0.

Preferably, the angle θ j is defined relative to a reference line defined on the new signature curve, which is used to maintain rotation in the variance.

The exact form of the matching function may be selected based on the particular states present on the signature curve. For example, the matching functional form selected to match feature nodes related to a pen-down event to a vector on a signature curve that is also related to a pen-down event may be different from the matching functional form used to match feature nodes related to a pen-up event to a vector related to a pen-up event. Preferably, the selected matching function values should not vary excessively due to reasonable variance between different provided signature copies provided by authentic users, to ensure consistent matching results. The specific form of the matching function that satisfies this requirement is discussed below.

The matching function F (θ) of equation 1.12a may be modified according to the following different scenarios_j)*G(d_j，d_j+1)*Q(r_j*d_j)：

Wherein node j +1 is associated with a pen-up event and a sampling curveIf the vector above is also associated with a pen-up event, then the matching function M of equation 1.12a_jCan be selected to have a form

M_j＝F₂(θ_j)*Q(r_j*d_j) Formula 1.15

Since both the feature nodes and the sample vector vectors that match in the current scenario are associated with the pen-up event, G (d) may be omitted from the matching function_j，d_j+1) And (4) components. In other words, the feature nodes and sample vectors on the subsequently provided signature are both associated to gaps in the visible part of the signature curve.

Associating a pen up event at node j +1 and sampling a curveIn the case that the vector of (3) is associated with a pen-down event, the function M is matched_jCan be selected to have a form

M_j＝F₃(θ_j)*Q(r_j*d_j) Formula 1.16

Wherein F₃≠F₂And the difference between the two functions relates to the functionThe derivative of the logarithm of (i), i.e.

This value is for F₃Ratio F₂Is small.

In this case, the feature nodes are associated with gaps in the visible portion of the signature curve, where the vectors on subsequently provided signatures are associated with the visible portion of the signature. Since the feature node is associated with a gap (i.e., a pen-up event), function G (d) is omitted from equation 1.16_j，d_j+1)。

Where node j +1 is associated with a pen down event, and the curve is sampledIf the vector above is associated with a pen-up event, the function M is matched_jCan be selected to have a form such that,

M_{j} = \frac{F (θ_{j}) * G (d_{j}, d_{j + 1}) * Q (r_{j}, d_{j})}{10}

formula 1.17

In this case, the feature node is associated with the visible portion of the signature curve, and the vector on the subsequently provided signature is associated with the gap in the visible portion of the subsequently provided signature.

The pen down event is associated at node j +1 and the curve is sampledIn the case where the vector above is also associated with a pen-down event, then a matching function having the form of equation 1.12a may be used. In this case, both the feature nodes and vectors on the subsequently provided signature are associated to the visible portion of their respective signature curves.

The form of the matching function selected for the optimization process depends on the characteristics of the nodes and on the characteristics of the vectors contained on the signature curve. Different matching functions are used depending on the characteristics of the matched node-vector pair, in particular depending on whether the node-vector pair is associated with a pen-up event or not. Preferably, the means 3 for receiving the signature may be configured to select the most appropriate form of the matching function according to the node-vector characteristics. Alternatively, the authentication device 7 may be configured to select the most appropriate form of the matching function.

Equation 1.9 defines the vector scalar component associated with node j as the line segment rj +1 between two adjacent nodes j +1 and j, and thus depends on the relative geometric relationship between the two adjacent nodes. The geometric orientation of the vector will be determined by the relative orientation of the line segments. The matching process of equation 1.11 actually identifies a corresponding sample vector on the second signature curve whose associated line segment has a geometric orientation relative to the neighboring sample vector that is most similar to the geometric orientation of the associated line segment of the feature node defined on the first signature. Since the orientation of the feature nodes (and hence the associated line segments) defined on the first signature also depends on the relative geometric relationship between two adjacent feature nodes, the matching process of equation 1.11 actually analyzes and attempts to maintain the relative local geometric relationship.

To improve the accuracy of the method of the present invention, and to maintain the global geometric relationship between the signature replicas, the optimization process is repeated with an alternate node deployment density. In other words, feature nodes are deployed on the first signature at different densities. To distinguish this optimized replica from the replicas described previously, it is referred to as global optimization, and the previous replicas will be referred to as local optimization.

During global optimization, for example, the number of nodes deployed on the first signature is half the number of nodes deployed during local optimization. Preferably, the number of deployed nodes m' is

m' ═ m/2 formula 1.18

Where m is the number of nodes deployed during local optimization. In practice, the number of deployed nodes m' is less than or equal to one quarter of the number of sampled vectors L-for exampleAs a result of this deployment, the line segments between neighboring nodes (recall equations 1.9 and 1.10) will be larger than those found during local optimization. The node matching (optimization processing) is performed in a similar manner to that described previously.

An alternative to relocating nodes to achieve the required node density shown in equation 1.18 is to simply select alternate nodes for deployment on the first signature and repeat the optimization process as described above with these nodes. Note that in this example, the line segments will be longer than their specific optimized counterparts.

This lower resolution global optimization process establishes whether global geometry is maintained among the different signature replicas. Analyzing global geometric relationships between vectors of samples is advantageous because global relationships tend to show a greater degree of variance between different copies of the same signature, whereas local geometric relationships are more prone to variation. To this end, analysis of the global geometric relationship may provide a good indication of whether the provided signature is a forgery.

Both local and global optimization may be performed by the signature input device 3 or by the authentication device 7 during the enrolment in step 41 of fig. 4. During the subsequent verification process, local and global geometry analysis may be performed during the correlation analysis at step 21 of FIG. 2.

Local and global optimization processes are performed on all signature copies provided during registration. Where four different copies of the same signature have been provided, the local and global optimization matching processes are each performed three times. After optimizing the matching process, each node may be associated to a set of coordinate values defining the position of the node on each different signature curve. In this way, a statistical variance may be determined for each node's location at step 43 of FIG. 4, and the statistical variance may be stored with the node in the user's biometric signature template 9 at step 45. Similarly, the local and global geometric relationships associated with each feature node may also be stored with the associated statistical variance. Optionally, the velocity and acceleration associated with each node may also be stored. These behavioural student metrics are stored in the user's behavioural student metric signature template 9 for subsequent verification processing. The registration process substantially ends.

During the subsequent verification process (see fig. 2), at step 19, a node pre-stored in the behavioural biometric signature template 9 of the user is placed on the provided signature. Both the local and global optimized node densities are utilized to determine the respective locations of nodes on the newly provisioned signature. Statistical variances with respect to pre-stored nodes are determined at step 21 and when the respective node location is outside the acceptable statistical variance associated with each node predefined in the biometric signature template 9 of the user at step 23, a verification failure result is returned at step 27. Similarly, if instead the determined statistical variance with respect to the pre-stored nodes is determined to fall within the allowed variance threshold defined in the behavioral biometric signature profile of the user at step 23, a successful verification result is returned at step 25.

Time domain analysis

To improve accuracy during verification, in a preferred embodiment, a time domain analysis of the sampled signature curve is performed. This includes analyzing the time intervals between deployed nodes to determine if the observed intervals are consistent with the behavioural biometric signature template 9 of the user. The muscle movements required to perform signatures become automatic as real users will write thousands of copies of their signatures over their lifetime. Thus, it is expected that the time domain spacing between different signature replicas will be substantially consistent. The analysis may also be performed by analyzing velocity and acceleration vectors associated with each feature node. Thus, in the discussion that follows, the time domain analysis of reference also includes analysis of velocity and acceleration.

During signature verification, a time domain analysis may be performed during correlation analysis at step 21. This may include calculating the time interval and/or velocity and/or acceleration vector between deployed matching nodes on the received signature and comparing that time interval to the time interval and/or velocity and/or acceleration vector existing between feature nodes contained in the behavioural biometric signature profile template 9 for the user. If the calculated time interval is outside the allowed threshold, a verification failure result is returned at step 27, meaning a dishonest user. Similarly, in the event that the calculated velocity and/or acceleration values are outside of the allowable thresholds, a verification failure result may be returned, terminating the verification process.

The time domain data discussed above can be derived during the registration process because each sampled data point is associated with a vector containing a time coordinate value.

Temporal analysis helps to identify intentional signature falsification because it involves a class of behavioral biometric measures that depend on the user's motion (i.e., the muscle motion performed when the user's signature was authored).

While professional counterfeiters may be able to graphically reproduce a sufficiently equivalent copy of the authorized user's signature, it is more difficult for professional counterfeiters to adequately reproduce the authorized user's muscle movements when creating a forged signature. In this way, time domain analysis of the received signature improves the system of the present invention and helps to identify counterfeits.

Geometric analysis

The geometric analysis may be performed during the enrollment process and the verification process, and may include a plurality of different analyses. These analyses also improve the robustness of the signature verification method and system.

In a preferred embodiment, a geometric complexity analysis may be performed with the objective of determining whether the provided signature is geometrically complex enough to enable sufficient behavioural biometric information to be derived therefrom for subsequent use in a reliable verification process. In general, the more behavioural biometric information derived from the provided signature, the more secure the system will be. For example, relatively little behavioral biometric information may be derived from a substantially straight line. Overall, the more geometrically complex the signature provided, the more behavioural biometric information can be derived from it. Moreover, the likelihood of a false positive verification result resulting in a forged signature decreases with increasing behavioral biometric information, as there are more variables that can be used to determine the authenticity of the provided signature.

To ensure the accuracy of the system 1 of the invention, and depending on the specific application, a minimum level of geometric complexity of the signature provided may be required during registration. For example, if the verification system of the present invention is used to control access to a safe housing a high value document, a high level of geometric complexity may be required. In this case, the user may be required to provide their full signature, including first, middle, and last names. Overall, a full signature is likely to be associated with a more complex signature curve from which behavioural student metrics may be derived that are more complex than, for example, signatures that include only the first letter of the user.

For low value applications, geometric complexity requirements may be reduced, and it may be sufficient to simply provide the user initials during enrollment and subsequent authentication.

The geometric complexity analysis may be performed by analyzing first and/or second order derivatives associated with the sampled vector and/or feature nodes. This is equivalent to analyzing the curvature change along the signature curve. Geometrically simple curves will exhibit few curvature changes, while complex signature curves will exhibit a large number of curvature changes.

Geometric complexity analysis may be performed during verification and enrollment. During registration, the complexity analysis may be performed in the sampling phase at step 37 of fig. 4 or in the correlation analysis phase at step 43 of fig. 4. During verification, the geometric complexity analysis may be performed in the sampling phase at step 15 of fig. 2 or in the correlation analysis phase at step 21 of fig. 2. An advantage of performing the geometric complexity analysis during sampling is that the enrollment and/or verification process (as the case may be) terminates immediately if the supplied signature is not sufficiently complex, and a new signature entry period can be initiated. In this case the user will be instructed via the display means 5 to re-enter a more complex copy of the signature. For example, a user may be instructed to enter their full signature including first and last names, optionally including middle and/or first letters.

Statistical and deterministic deviations may also be analyzed. This may include analyzing a geometric relationship between one deployed node and a plurality of sequentially arranged neighboring nodes deployed along a signature curve. For example, more than each deployed node, which may include analyzing the geometric relationship with respect to the next five nodes deployed in sequence along the signature curve. The number of successive neighboring nodes for which the geometry is analyzed is irrelevant. Indeed, it should be understood that the level of security may increase as the number of sequentially arranged neighboring nodes involved in the analysis for each node increases. In the preferred embodiment, six consecutive nodes are used for short signature analysis and eight consecutive sequence nodes are used for long signature analysis. In this scenario, a short signature may be defined as a signature that includes up to four letters with a geometric complexity where the analysis of the signature curve varies by π (e.g., 180) or more. For example, the letter 'C' is an example of a letter in which the signature curve varies by π. Conversely, a long signature may be defined as a signature that includes more than four letters that include signature curves that vary by π or more. Thus, in the context of the present invention, the signature length is not associated with the number of distinct letters contained in the signature, but rather with the number of geometrically complex letters contained in the signature.

During enrollment, geometric relationships are computed during relevance analysis at step 43 of fig. 4 and stored in the behavioral biometric template 9 of the user at step 45.

Fig. 6 provides a schematic example of how geometric relationship information may be calculated during registration. A portion of the signature curve 74 is illustrated as including five consecutive nodes 76a, 76b, 76c, 76d, 76e arranged in sequence therealong. Starting from the first node 76a, the geometric relationship with respect to each of the neighboring nodes 76b, 76c, 76d, and 76e is determined. The geometric relationship may be defined by a vector connecting two related nodes. For example, vector 78a defines the geometric relationship between nodes 76a and 76 b. Similarly, vector 78b defines the geometric relationship between nodes 76a and 76 c; vector 78c defines the geometric relationship between nodes 76a and 76 d; vector 78d defines the geometric relationship between nodes 76a and 76 e. In the illustrated example, although only four geometric relationships are defined between the illustrated five nodes 76a, 76b, 76c, 76d, 76e, preferably five geometric relationships are defined between six sequentially arranged nodes.

The process is repeated for each of the signature copies provided during registration. For example, if five copies of the signature are provided during registration, the above process is repeated for each copy of the signature. In this manner, an average statistical variance value may be determined for each geometric relationship and used to define a threshold tolerance level stored in the user's behavioral biometric template 9.

Preferably, the geometric analysis is repeated for both the local optimization and the global optimization node density. When performing geometric analysis on nodes deployed at the density (local optimization) provided by equation 1.7, geometric analysis actually analyzes local geometric relationships. When performing geometry analysis for nodes deployed at the density (global optimization) provided by equation 1.18, the geometry analysis actually analyzes the global geometry relationships.

During a subsequent verification process, the above geometric analysis is repeated to identify the corresponding geometric relationships. Hereafter, reference to geometric analysis includes analyzing local and global geometric relationships using node densities associated with local optimization and global optimization, respectively.

The geometric relationships identified during verification are then compared to a predetermined threshold tolerance level stored in the behavioural biometric template 9 of the user. If the calculated geometric relationship is outside of the threshold tolerance level, a consistency error may occur and a verification failure result is returned at step 27 of FIG. 2.

During verification, the above-described processing is preferably performed for each feature node such that the relative geometric relationship between each feature node and its neighboring nodes is defined. In this manner, any one or more randomly selected deployment feature nodes may be used to perform the geometric analysis during the subsequent verification process. This reduces the necessary computational complexity and/or power since only the relative geometry of a randomly selected subset of deployment feature nodes is analyzed. A geometric analysis may also be performed on each deployment feature node if processing power allows.

Similarly, during verification, geometric analysis of one or more randomly selected deployment feature nodes and three adjacent sequentially arranged nodes may be analyzed. Any number of nodes arranged in sequence may be used for geometric analysis.

For example, a series of eight deployment nodes in the form of curves ij may be selected as follows:

for example, the curve ij +1, the curve ij +2, the curve ij +3, the curve ij +4, the curve ij +5, the curve ij +6, and the curve ij + 7.

It is noted that the term deployment node refers in this example to a vector of samples contained on subsequently provided signatures that have been matched with feature nodes contained in the behavioural biometric signature template 9 of the user.

Alternatively, the geometric relationships associated with more than eight sequentially arranged deployment nodes may be analyzed. For present purposes, it is not important how many sequentially arranged deployment nodes are involved in the geometric analysis, and embodiments comprising an alternative number of sequentially arranged nodes are contemplated and fall within the scope of the present invention.

In particular embodiments, the geometric analysis may include calculating a moving average of the geometric relationship and monitoring how that average changes for each successive group of nodes arranged in sequence. For example, where six sequentially arranged nodes are selected, the length vector may be selected to be defined between the first selected node and each of the five sequentially arranged nodes, as shown in fig. 6. A statistical average of the length vector may be determined and compared to a statistical average length vector calculated for a subsequently arranged group of six sequentially arranged nodes. This process is repeated for each node contained on the signature curve so that a statistical average length vector value can be associated with each node. The moving average of the determined length vectors may be stored in the behavioural biometric signature template 9 of the user for use during verification.

In subsequent verification processes, a similar analysis is performed for the signature provided for verification. The moving average of the determined length vectors may then be compared to the moving average data stored in the behavioral biometric signature template 9 for consistency. If significant variance is observed in the moving average that is greater than a predetermined threshold, a verification failure result may be returned at step 27 of FIG. 2. The statistical average length vector is proportional to the geometric relationship between adjacent vectors, so if a greater difference is observed during verification between the user's behavioural signature template 9 and the moving average contained in the signature provided for verification, this is likely to indicate that the provided signature is counterfeit.

In different embodiments, different numbers of sequentially arranged nodes may be used to analyze the moving average of the geometric relationship. However, the information content of the moving average will be proportional to the number of different sequentially arranged nodes comprised in the moving average. Overall, less geometric information may be derived from a smaller number of sequentially arranged nodes. For example, if only two sequentially arranged nodes are used, only one geometric relationship data may be derived for the length interval between two adjacently arranged nodes. This option provides a limited overview of any occurring geometric relationships. For this purpose, preferably six to eight nodes arranged in succession are used for geometric analysis purposes. This choice of the number of nodes provides sufficient consideration for local and/or global geometric relationships without too intensive processing.

The method can adjust the processing capacity of the adaptive system. For example, in this way, the method may be performed on hardware having a relatively limited processing power, such as a smartphone.

In case the processing power is sufficient, the moving average may be calculated for more nodes, e.g. for more than eight nodes arranged in sequence.

The geometric analysis may also be combined with the time domain analysis described earlier, in which case the time intervals between selected nodes are analyzed and compared with the data contained in the behavioural biometric template 9 of the user. As previously described, this may include analyzing the time and associated acceleration vectors.

Undiscovered curve error

In a preferred embodiment, an undiscovered curve error analysis may also be performed during verification. This includes determining that there is an amount of geometric information between two adjacently deployed nodes that are deployed on a signature provided for verification. If the determined geometric information is greater than the threshold, an error is identified. This means that the provided signature comprises a portion of the curve that is not present in the behavioural biometric signature template 9 of the user and may represent a counterfeit signature, in which case a verification failure result is returned at step 27 of figure 2.

The geometric information may be determined from an analysis of first and/or second derivatives associated with the vector of samples between the deployed nodes. For example, consider a node deployed contiguouslyIf the geometric information present between the two deployed nodes is greater than a threshold, an error occurs. Error in straight line segment Is mapped toAnd pointAndoccurs when the amount of geometric information present in between is greater than a predetermined threshold. In the context of the present invention, this means that the analysis of the first and second derivatives between the aforementioned points is larger than a predetermined threshold. This may occur between the aforementioned data points that are not present in the behavioural biometric signature template 9 of the userIn the case of occurring bending curves.

Tip error/arc deviation

In a preferred embodiment, an arc bias analysis is performed that includes comparing the lengths of the signature curves of successive nodes deployed on signatures provided by the connection and the lengths of the signature curves of successive nodes on one or more signatures provided during the connection registration. The ratio can be expressed as

{Min}_{j} (\frac{d_{j}}{A r c ({Curve}_{i_{j}}, {Curve}_{1 + i_{j}}, {Curve}_{2 + i_{j}}, ..., {Curve}_{i_{j + 1}})})

Formula 1.19

In which there is a coefficient relationship

{dX}_{{curvei}_{j + 1}} = X_{{curvei}_{j + 1}} - X_{{curvei}_{j}}

{dY}_{{curvei}_{j + 1}} = Y_{{curvei}_{j + 1}} - Y_{{curvei}_{j}}

d_{j} = \sqrt{{dX}_{{curvei}_{j + 1}}^{2} + {dY}_{{curvei}_{j + 1}}^{2}}

If the ratio is less than a predetermined threshold, an error occurs during verification. Arc deviation analysis helps identify statistical variations in the provided signatures that may represent forged signatures.

In a particular embodiment, during the enrollment process shown in fig. 4, the provided signature showing the greatest variance from the other four provided signatures is discarded and not used to derive the user biometric information for populating the user's biometric signature template 9.

Customizable security policies

The method and system may also be used to implement dynamic, customizable security policies, where the employed thresholds contained in the user's behavioral biometric signature profile template 9 may be varied according to the user's historical risk assessment of previous transactions. This may be accomplished by monitoring and maintaining a record of historical transactions associated with the behavioural biometric signature profile template 9 of the user. This will be further explained below.

Risk assessment may include monitoring and calculating any one or more of the following features:

user consistency

The purpose of this feature is to determine how consistent the user reproduces their signature. This may be accomplished by comparing the selection of previously provided signatures and analyzing the statistical variance of the deployed feature node values on each previously provided signature. In this manner, the average statistical variance may be determined and from it, a consistency rating may then be defined. If the observed average statistical variance is very small, the user will show a high degree of consistency when reproducing their signature, and the consistency rating will reflect this. Similarly, if the observed average statistical variance is high, the user will exhibit a relatively low degree of consistency when reproducing their signature, and the consistency rating will reflect this.

The behavioral biometric threshold used to determine whether a provided signature is authentic during the verification process may be reduced for users exhibiting a high degree of consistency, since it is expected from historical analysis that the users will be able to consistently reproduce their signatures with a high level of accuracy.

Similarly, the behavioral biometric threshold used during the verification process to determine whether a provided signature is authentic may be increased for users exhibiting a low degree of consistency, since it is expected from historical analysis that the users will not be able to consistently reproduce their signatures with a high level of accuracy. In fact, it is expected that the provided signatures will show a high degree of inconsistency, which may be reflected by a relatively large average statistical variance between previously provided signatures.

The average statistical variance may be determined by analyzing a plurality of previously provided signatures. For example, the historical analysis may include analyzing all signatures provided during a previous time period. For example over a period of one year. Alternative time periods are also envisaged, such as one or two weeks, or one or several years.

Alternatively, the historical analysis may compare a fixed number of previously provided signatures. For example, five previously provided signatures may be analyzed. The particular number of signatures previously provided may be selected according to the requirements of a particular application.

In this manner, the consistency rating may be used to adjust and/or customize specific behavioral biometric thresholds for users according to how consistently they can reproduce their signatures. One advantage of this scheme is that the false reject rate is reduced. Moreover, as the user's signature may change over a longer period of time, such as a year, the behavioural biometric threshold defined in the user's behavioural biometric signature profile template 9 remains consistent with the user's signature. In particular, behavioral biometric signature profile templates that employ static behavioral biometric thresholds are at risk of being eliminated over time, especially if the user's signature changes over that period of time.

Complexity of signature

The complexity of the signature can be analyzed by looking at the velocity and associated acceleration vectors defined for each node. In particular, a complexity level may be defined as

Formula 1.20

R₁Is a measure of how the velocity varies along the provided signature and it effectively provides information about the change in direction of the signature curve.

R₁Is defined as

{&Integral;}_{t = 0}^{T} (| | \frac{d}{d t} (\overset{\cdot}{V} - \frac{\overset{\cdot}{V} \cdot V}{V \cdot V} V) | | + | | \frac{d}{d t} (\frac{\overset{\cdot}{V} \cdot V}{V \cdot V} V) | |) d t;

Where V is a velocity vector; and V is an acceleration vector.

Signature complexity may be used to determine whether a signature is sufficiently complex. In this context, complexity relates to geometric complexity. For example, straight lines lack complexity, while curves with many different gradient changes are more likely to be geometrically complex. Thus, geometric complexity is proportional to slope (i.e., gradient) and therefore velocity and acceleration.

In the event that the computed signature complexity value for the provided signature is less than the predetermined complexity threshold, then the provided signature may be determined to lack the necessary complexity and signature verification may be denied. Alternatively, a reduced level or a limited level of access may be provided depending on the environment in which the method of the present invention is implemented. For example, when the signature verification method of the present invention is used by you to control remote access to bank accounts, a reduced level of access may include allowing users to view their bank statements, but not allow funds to be transferred unless successful through further security procedures. In general, signatures lacking complexity may be more susceptible to forgery than geometrically replicated signatures, and based on this, an entity implementing the method of the present invention may make policy decisions to determine what further security measures may be required to verify the identity of a user lacking a signature of the necessary complexity.

In particular embodiments, users may be required to re-enter more complex versions of their signatures when providing signatures that lack the necessary level of complexity. For example, where a user has provided a signature that includes only the first letter of the user's name, the provided signature may lack the necessary level of complexity. If this finding is subsequently confirmed by complexity analysis, the user may be required to provide a signature including the full name for verification.

Experience of the user

The analysis may include receiving a history log record associated with the behavioral biometric signature profile 9 of a particular user to determine how often the user provides their signature for verification. The more often a user uses the method of the present invention, the more likely it is that the user's behavioral biometric profile is accurate, especially if the behavioral biometric threshold is updated with historical user data. Thus, experience may indicate how reliable the behavioral biometric threshold is for the purpose of verifying the identity of the user. This observation may have support for the level of service provided to a particular user by the entity implementing the method of the present invention. For example, users associated with a high experience level may be provided with access to more different services based on the verified signature relative to users associated with a low experience level.

Returning to the example of a bank where the signature verification method of the present invention is used to access a user's bank account, users associated with a high experience level may be provided access to funds transfer services, while users associated with a low experience level may be provided access to account financial statements.

Security alarm logging

In a preferred embodiment, a log record may be kept for each user that keeps a record of all previously occurring security alarms. For example, a record of all failed verification results that occurred for all previously provided signatures. From the log record, the behavioral biometric threshold may be modified to improve security. For example, if a particular user's account has experienced a large number of failed signature verification results within a predetermined period of time, the behavioral biometric threshold may be reduced to reduce the likelihood that a dishonest user will produce a false positive signature verification result. In other words, user accounts for which a large number of failed verification results have occurred may be flagged as high risk user accounts and the behavioral biometric thresholds modified accordingly to reduce the likelihood of dishonest users spoofing the system of the present invention.

Similarly, the log record may also include a record of all successful passing verification results, in which case this may be used as an indicator of how accurate the behavioural biometric allowable threshold value contained in the user's behavioural biometric signature profile template 9 is. For example, if the user's log records indicate that a large number of successful signature verification events have occurred, this may indicate that the inclusion of behavioral biometric information (including an allowable threshold) in the user's behavioral biometric signature template 9 accurately represents the user. In this manner, a security rating may be associated with a behavioral biometric signature profile of a particular user. The service provider, e.g., a financial entity, may then adjust the services available to the user based on the associated security rating. For example, a financial entity may allow a user whose behavioural biometric signature template 9 is associated with a high security rating to conduct a high value transaction without requiring any other form of authentication. Conversely, users whose behavioural biometric signature template 9 is associated with a low security rating may be limited to only low value transactions.

According to this embodiment of the invention, the behavioural biometric signature template 9 of a recently enrolled user is likely to be associated with a low security rating, which will increase with the number of successful verifications.

This embodiment may be well suited to dynamically behavioral biometric tolerance thresholds that are precisely adjusted in time based on historical analysis of observed statistical variances displayed by signatures provided over a previous predetermined period of time (e.g., the previous year).

OTHER EMBODIMENTS

In a particular embodiment, the means 3 for receiving the signature may involve an electronic processing means such as a computer comprising a touch screen, a smartphone equipped with a touch screen, or any other electronic means comprising a touch screen. In this embodiment, the functions of the display means 5 and the signature input means 3 may be provided by the same physical device. Similarly, electronic devices, such as computers or smart phones equipped with touch screens, may also be used during signature verification. In other words, the user's biometric signature may be verified using the user's existing electronic device.

Alternatively, the means for receiving a signature 3 may relate to an image capturing device (e.g. a camera), such as a moving image capturing device, which is configured to capture a series of images. In this embodiment, the signature may be provided by a user gesture, which is captured by the image capture device. For example, a user may track their signature via a gesture captured by an image capture device. The captured sequence of graphical frames is then analyzed to determine a signature of the user. The rest of the signature analysis is substantially as described in the previous description. However, in this embodiment, it is envisaged that the image capture device will be arranged to capture three dimensional spatial coordinate values. Thus, any relative change in distance of the user's hand and/or fingers within a plane perpendicular to the capture plane of the image capture device may also be captured. In short, the image capture device is preferably arranged to track relative coordinate positions along each of three orthogonal axes with respect to the image capture device: x (e.g., horizontal axis), y (e.g., vertical axis), and z (e.g., depth axis). This helps to identify pen-up events in the signature (e.g., gaps in the signature curve). In tracking their signature via pose, the user is likely to mimic the movement of their hand in a plane substantially parallel to the graphic capture plane as they would normally reproduce using conventional pen and paper to sign their signature. Each signature gap, e.g. the gap between the stem of the letter 'i' 54 and its point 54a (see fig. 5), is associated with a relative displacement of the hand in a plane oriented substantially orthogonal to the pattern capture plane, which is closely related to the pose of the hand associated with lifting the pen from the paper. In this manner, the hand/finger gestures associated with the signature, as well as the gaps in the signature curve that are easily recognized, can be captured.

The invention can be used as a security means to control unauthorized use of a weapon such as a pistol. For example, a pistol may include a signature input device configured to receive a signature of an authorized user. The handgun may be configured with a secure local memory unit that contains behavioral biometric templates of authorized users. To operate a pistol, input of an authorized signature is required. To accomplish this, the handgun may be configured with electronic and/or mechanical circuitry to prevent operation of the handgun until a valid signature has been provided in the signature input device. The validity of the provided signature can be verified using the methods described previously. The registration process may be performed at the point of sale.

The present invention may also be used to control access to a vehicle. Instead of or in addition to a conventional key and lock, the vehicle may comprise means adapted to receive the signature and authentication means configured to verify the authenticity of the provided signature.

The present invention may be used to control access to secure resources and/or entities. Such as access to a safe containing a valuable item or to a secure facility.

While the foregoing examples of the invention have been described in the context of determining the authenticity of a provided signature of a stylized script that includes letters representing a person's name, the systems and methods described herein may be used to verify other user-generated symbols and/or patterns as well. This may include, for example, verifying the manner in which the user is tracking the pattern on the touchpad and/or touchscreen. When tracing a pattern on the touch pad, the pattern may not be visible while it is being generated (e.g., a person may use the touch pad where there is no separate display to display the pattern being generated). Alternatively, a touch sensitive screen may be used whereby the pattern may be displayed on the screen as it is being generated. The user generated pattern may then be verified in substantially the same manner as described previously, although in this case the user's behavioural biometric signature template 9 may alternatively refer to the user's behavioural biometric pattern template. Thus, it should be understood that, in the context of the present invention, a signature may relate to any user-generated token.

The invention can be used to authorize online transactions via an intermediary payment mechanism, such as PayPal^TM. For example, it may be desirable to initiate a communication with, for example, an online retailer (e.g., amazon^TM) Such as an e-commerce entity, can assign PayPal to be utilized^TMThe transaction is executed. In the transaction confirmation phase, the user may be required to provide their signature in order to complete the transaction, and the provided signature may be verified using the methods and/or systems of the present invention.

The embodiments described herein are provided by way of example only and not by way of limitation. It will be appreciated that the invention may be implemented in a number of different applications where identification verification is required and such applications fall within the scope of the invention. It is also to be understood that the described embodiments may be used alone or in combination, and that such alternatives are within the scope of the invention.

Claims

1. A method of verifying the authenticity of a provided signature, the method comprising the steps of:

receiving a set of sampled data points, each sampled data point associated with a different location along the signature;

identifying a set of signature nodes in the set of sampled data points using a set of predetermined signature nodes contained in a pre-stored user profile;

determining whether each identified feature node is within a predetermined threshold range of a respective predetermined feature node; and

generating a positive verification when the feature node is within the predetermined threshold range.

2. The method of claim 1, wherein each sampled data point includes a time component represented by a time coordinate value, and the receiving step includes, for each sampled data point:

calculating a time interval between the sampled data point and the adjacently disposed sampled data point by comparing time coordinate values respectively associated with the sampled data point and the adjacently disposed sampled data point;

determining whether the time interval is within a predetermined time interval threshold; and

interpolating a location and a time coordinate of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point when the calculated time interval exceeds a predetermined time interval threshold, the interpolated location being selected such that a time interval between the sampled data point and an interpolated time coordinate associated with the one or more other data points is within the predetermined time interval threshold.

3. The method of claim 1 or 2, wherein the receiving step comprises:

calculating a separation distance between the sampled data point and an adjacently disposed sampled data point;

determining whether a separation distance between the sampled data point and an adjacently disposed sampled data point is within a predetermined distance interval threshold; and

when the calculated separation distance exceeds a predetermined distance interval threshold, interpolating positions of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point, thereby causing the separation distance between the sampled and interpolated positions associated with the one or more other data points to be within the predetermined distance interval threshold.

4. The method of any preceding claim, wherein the identifying step comprises obtaining the set of predetermined characterising nodes comprised in the pre-stored user profile and identifying from the set of sampled data points the sampled data point most relevant to each predetermined characterising node using an optimised match.

5. The method of any preceding claim, wherein each sampled data point associated with the visible portion of the signature and each feature node is represented by a vector comprising a temporal component and a spatial component, wherein the spatial component represents the relative position of the vector along the signature.

6. The method of claim 4 or claim 5 when dependent on claim 4, wherein optimizing matching comprises:

selecting a first predetermined characteristic node from the set of predetermined characteristic nodes;

calculating a vector dot product value between the selected first predetermined feature node and each sampled data point included in the set of sampled data points;

identifying the sampled data point associated with the largest vector dot product value as the data point most relevant to the first predetermined characteristic node and designating the sampled data point as a characteristic node included in the set of identified characteristic nodes; and

the previous steps are repeated for each predetermined characteristic node.

7. The method of claim 6, wherein the most relevant sampled data point is the data point oriented in substantially the same direction as the direction of the predetermined characteristic node, whereby the divergence angle θ j between the two vectors associated with the predetermined characteristic node and the sampled data point, respectively, is minimized.

8. The method of claim 7, wherein optimizing the match comprises identifying the sampled data points most relevant to the predetermined feature nodes using a matching function Mj, the matching function being a function of three differentiable functions F (θ j), G (dj, dj +1), and Q (rj × dj), wherein the following definitions apply:

9. The method of claim 8, wherein the matching function Mj is proportional to the product of functions F (θ j), G (dj, dj +1), and Q (rj × dj), whereby

Mj＝F(θj)*G(dj，dj+1)*Q(rj*dj)。

10. The method of any preceding claim, further comprising:

selecting a first one of the identified feature nodes;

calculating a geometric relationship of the selected first feature node with respect to the one or more adjacently arranged identified feature nodes;

said determining step comprises verifying whether each calculated geometric relationship is within a predetermined threshold contained in a pre-stored user profile; and wherein

A positive verification result is generated when one or more of the calculated geometric relationships are within the predetermined threshold range.

11. The method of claim 10, wherein a geometric relationship between the identified feature node and each of two adjacent sequentially arranged identified feature nodes is calculated, thereby defining two different geometric relationships associated with the identified feature node.

12. The method of claim 10, wherein the geometric relationship between the identified feature node and each of the seven contiguous sequentially arranged identified feature nodes is calculated, thereby defining seven different geometric relationships associated with the identified feature node.

13. The method of any of claims 10, 11 or 12, wherein the number of identified feature nodes m is less than or equal to half the number of sampled data points n:

m≤n/2。

14. a method according to any one of claims 10, 11 or 12, wherein the number of identified characteristic nodes m is less than or equal to one quarter of the number of sampled data points n:

m≤n/4。

15. the method of any preceding claim, comprising:

the provided signature is sampled at a variable sampling rate such that at least a portion of the sampled data points included in the set of received sampled data points are associated with different sampling rates.

16. The method of claim 15, wherein the method comprises:

generating a hash value from the set of sampled data points;

comparing the generated hash value to a set of pre-stored hash values to determine if the generated hash value is unique; and wherein

A positive verification result is generated when the generated hash value is unique.

17. A method according to claim 15 or 16, wherein the sampling step comprises normalising the provided signature.

18. A method according to any preceding claim, wherein the method comprises:

calculating an elapsed time interval between each identified node;

determining whether the calculated time lapse value is within a predetermined threshold range contained in a pre-stored user profile; and

a positive verification result is generated when the calculated time lapse value is within a predetermined threshold range.

19. A method according to any preceding claim, wherein the method comprises:

calculating a velocity vector for each identified feature node using the spatial coordinates and the temporal coordinates associated with each feature node;

determining whether each calculated velocity vector is within a predetermined threshold range contained in a pre-stored user profile; and

a positive verification result is generated when the calculated velocity vector is within a predetermined threshold range.

20. A method according to any preceding claim, wherein the method comprises:

calculating an acceleration vector for each identified feature node using the spatial coordinates and the temporal coordinates associated with each feature node;

determining whether each calculated acceleration vector is within a predetermined threshold range contained in a pre-stored user profile; and

a positive verification result is generated when the calculated acceleration vector is within a predetermined threshold range.

21. The method of any preceding claim, comprising:

calculating first and second derivatives associated with line segments between adjacent sampled data points included in the set of sampled data points;

defining the geometric complexity of the provided signature from the calculated first and second derivatives; and

rejecting a received signature when the defined geometric complexity is below a minimum predetermined required geometric complexity threshold.

22. The method of any preceding claim, comprising:

maintaining a record of the minutiae values that resulted in a positive verification result, the minutiae values being associated to a plurality of different sets of received sampled data points associated with different copies of the same signature;

calculating a statistical variance between the feature node value and a respective predetermined feature node for each different provided copy of the same signature; and

the predetermined threshold range of the corresponding predetermined feature node is modified to be consistent with the calculated statistical variance.

23. The method of claim 22, wherein statistical variance is calculated using a feature node value that results in positive verification results associated with different copies of the same signature provided over a period of time.

24. A method according to any preceding claim, for authorising a transaction between two remotely located entities.

25. A system for verifying the authenticity of a provided signature, the system comprising:

an input device configured to receive a set of sampled data points, each sampled data point associated with a different location along the signature;

a processor configured to:

26. The system of claim 25, wherein the processor is configured to retrieve the set of predetermined characterising nodes contained in the pre-stored user profile and to identify from the set of sampled data points the sampled data point that is most relevant to each predetermined characterising node using an optimised match.

27. The system of claim 26, wherein the processor is configured to perform the following optimization matching steps:

the previous steps are repeated for each predetermined characteristic node.

28. The system of claim 27, wherein the processor is configured to identify the most relevant sampled data point as the data point for which the data point is oriented in substantially the same direction as the direction of the predetermined feature node, whereby the divergence angle θ j between the two vectors associated with the feature node and the sampled data point, respectively, is minimized.

29. The system of claim 28, wherein the processor is configured to identify the sampled data points most relevant to the predetermined feature node using a matching function Mj that is a function of three differentiable functions F (θ j), G (dj, dj +1), and Q (rj × dj), where the following definitions apply:

30. The system of claim 29, wherein the matching function Mj that the processor is configured to employ is proportional to the product of functions F (θ j), G (dj, dj +1), and Q (rj × dj), whereby

Mj＝F(θj)*G(dj，dj+1)*Q(rj*dj)。

31. The system of any of claims 25 to 30, comprising an interpolator operatively coupled to the input, configured to interpolate one or more data points.

32. The system of claim 31, wherein the receiver is configured to calculate a time interval between the sampled data point and the adjacently disposed sampled data point by comparing time coordinate values associated with the sampled data point and the adjacently disposed sampled data point, respectively, and determine whether the time interval is within a predetermined time interval threshold; and

the interpolator is configured to interpolate a position and a time coordinate of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point when the calculated time interval exceeds a predetermined time interval threshold, the interpolator configured to interpolate the interpolated position such that a time interval between the sampled data point and the interpolated time coordinate associated with the one or more other data points is within the predetermined time interval threshold.

33. The system of claim 31, wherein the input is configured to calculate a separation distance between a sampled data point and an adjacently disposed sampled data point, determine whether the separation distance between the sampled data point and the adjacently disposed sampled data point is within a predetermined distance interval threshold; and

the interpolator is configured to interpolate a position of one or more other data points that are between the sampled data point and an adjacently disposed sampled data point when the calculated separation distance exceeds a predetermined distance interval threshold, thereby causing a separation distance between the sampled and interpolated positions associated with the one or more other data points to be within the predetermined distance interval threshold.

34. The system according to one of claims 25 to 31, wherein the authentication device is configured to select a first one of the identified feature nodes, to calculate a geometric relationship of the selected first one of the feature nodes with respect to one or more adjacently arranged identified feature nodes, to determine whether each of the calculated geometric relationships is within a predetermined threshold range contained in a pre-stored user profile, and to generate a positive verification result when one or more of the calculated geometric relationships are within the predetermined threshold range.

35. The system according to one of claims 25 to 34, comprising:

a sampling device operatively coupled to the input, the sampling device configured to sample the provided signature at a variable sampling rate such that at least a portion of the sampled data points included in the set of received sampled data points received by the receiver are associated with different sampling rates.

36. The system of claim 35, wherein the sampling device is configured to generate a hash value from the set of sampled data points;

the processor is configured to compare the generated hash value to a set of pre-stored hash values to determine whether the generated hash value is unique, and to generate a positive authentication result when the generated hash value is unique.

37. The system of claim 35 or 36, wherein the sampling device is configured to standardize the provided signature.

38. The system of any one of claims 25 to 37, wherein the input and the processor are comprised in separate devices.

39. The system of claim 38, wherein the processor is contained within a server remote from the input, and the server is operatively coupled to the input through a communication channel.

40. The system of claim 39, wherein the input comprises a touchpad for receiving a signature.

41. The system of claim 39, wherein the input comprises a mobile phone configured with a touch-sensitive screen.

42. The system of claim 39, wherein the input comprises a personal computer.

43. The system of claim 39, wherein the input comprises a tablet.

44. The system of one of claims 25 to 43, wherein the system is used to control access to secure resources.

45. The system of claim 44, wherein the secure resource is a bank account number.

46. The system of claim 44, wherein the secure resource is a car configured with a touchpad, the touchpad to receive the signature.

47. A system according to any one of claims 25 to 43, wherein the system is used to control transactions between two remotely located entities.

48. The system of claim 47, wherein the transaction is a financial transaction.

49. The system of claim 47, wherein the two remotely located entities comprise a payer and a payee.

50. The system of claim 47, wherein the system is disposed on an intermediary device operatively coupled to the two remotely disposed entities.

51. A mobile phone configured to perform the method according to one of claims 1 to 24.

52. A personal computer configured to perform the method of any one of claims 1 to 24.

53. A tablet computer configured to perform the method of one of claims 1 to 24.

54. A method of verifying the authenticity of a provided signature substantially as described herein and/or as shown in the accompanying drawings.

55. A system for verifying the authenticity of a provided signature substantially as described herein and/or as shown in the accompanying drawings.