RU2801673C2 - Method and system for user identification by keyboard typing pattern - Google Patents

Abstract

FIELD: computer technology.

SUBSTANCE: method for identifying a user by keyboard typing pattern consists in performing the steps, which are: the user's credentials are registered in the system and an identifier is assigned to the user; the classifier is trained to identify the user while the credentials are entered into the system from the keyboard a predetermined number of times and time intervals of keystrokes are measured during training; at each input, based on the measured time intervals, a user data set is formed, which is assigned an identifier associated with the corresponding user; the generated data sets are stored in a database; the most stable features are selected from the database using the selection algorithm; the classifier is trained to identify the user when entering credentials into the system based on the selected most stable features; the trained classifier is used to subsequently confirm the identity of the user entering the login credentials to the user on whose data sets the classifier was trained.

EFFECT: increased accuracy of user identification by keyboard typing pattern.

10 cl, 4 dwg

Description

FIELD OF TECHNOLOGY

The present technical solution relates to the field of computer technology, in particular, to a method and system for identifying a user by the manner in which a computer keyboard is manipulated.

BACKGROUND OF THE INVENTION

The task of protecting information from unauthorized access is becoming increasingly important. The most reliable results are obtained by using biometric authentication methods.

These include the following methods:

voice recognition;

face recognition;

recognition of the iris of the eye;

fingerprint recognition.

In addition, each person has their own keyboard style (Keystroke Dynamics, keystroke biometrics, typing dynamics: https://en.wikipedia.org/wiki/Keystroke_dynamics). At the same time, the use of keyboard handwriting recognition has a number of advantages over other authentication methods. The fact is that no additional equipment is required to recognize keyboard handwriting, as a result of which the cost of implementing such a system is low. In addition, monitoring of keyboard handwriting can be performed continuously and imperceptibly for the user, without diverting his attention from the workflow.

Keyboard handwriting is a manifestation of a number of physiological, psychological and other characteristics of a particular person, which is expressed while working on a computer keyboard in various time intervals between elementary actions (pressing and releasing keys).

Human fingers are an extremely complex system with the ability to flexibly adapt to external circumstances; however, in different circumstances, the time required for some elementary action, such as pressing a certain key, will be different and will depend on what other elementary actions were necessary before and after this action.

On the other hand, computer keyboards, as a rule, have similar but different physical parameters, such as the distance between adjacent keys, the height of the keyboard, the angle of its inclination relative to the table, the hardness of the key, etc. As a result of these facts, keyboard handwriting will be different not only for different people, but also for the same person typing with different keyboards.

From the prior art, solutions are widely known that use keyboard handwriting for user identifications, in part, such solutions are described in applications: WO 2011039371 A1, publ. 04/07/2011; GB 2470579 A, publ. 12/01/2010; US 9590986 B2, 03/07/2017; WO 2017070600 A1, 03/27/2017; US 2015169854 A1, 06/18/2015.

In addition, in the current state of the art, solutions are known that locally solve the issues of verifying the user's identity during interaction with the keyboard; they are disclosed in the following documents: EP 2477136 B1 and US 2015169854 A1.

However, the solutions known from the prior art, designed to identify users by keyboard handwriting, have limited functionality: these solutions do not calculate all possible time intervals between all keyboard events that occur during login and password typing.

SUMMARY OF THE INVENTION

The technical problem to be solved by the claimed technical solution is the creation of a computer-implemented method and system for identifying a user by keyboard handwriting, which are described in independent claims. Additional embodiments of the present invention are presented in dependent claims.

EFFECT: technical result consists in automatic user identification by keyboard handwriting.

In a preferred embodiment, a computer-implemented method for identifying a user by keyboard handwriting is claimed, which consists in performing the steps at which, using a computing device:

registering user credentials in the system;

- assign an identifier corresponding to the credentials to the user;

- the classifier is trained to identify the user, while during training the credentials are entered into the system from the keyboard a specified number of times, and during each input:

• Measure the holding time of each key in the pressed state;

Measure the intervals between the moment of pressing each key and each of the moments of pressing all other keys involved by the user when entering credentials;

Measure the intervals between the moment of releasing each key and each of the moments of releasing all other keys involved by the user when entering credentials;

• Measure the intervals between the moment of pressing each key and each of the moments of releasing all other keys involved by the user when entering credentials;

• Measure the intervals between the moment of releasing each key and each of the moments of pressing all other keys involved by the user when entering credentials;

• At each input, based on the measured time intervals, a user data set is formed, which is assigned an identifier associated with the respective user;

• Store the generated datasets associated with the respective user in a database;

• The most stable features are selected from the database using the selection algorithm;

• Train the classifier to identify the user when entering credentials into the system based on the selected most stable features;

- the trained classifier is used to subsequently confirm the identity of the user entering the credentials when logging in to the user on whose data sets the classifier was trained.

In a particular variant, after training the classifier, a threshold value is selected, the excess of which indicates the identity of the user entering the credentials to the user on whose data sets the classifier was trained.

In another particular variant, upon receiving a trained classifier response that is numerically less than the selected threshold value, inform about access to the credentials of an unidentified user.

In another private variant, when typing credentials, the time intervals formed by pressing non-character keys, for example, Shift or Tab, are additionally measured.

In another particular variant, the classifier is trained by the machine learning method.

In another particular variant, the time intervals having the smallest dispersion in the data sets of this user are considered to be stable features for each user.

In another particular variant, the screening of a predetermined number of features that have the largest dispersion in the data sets of the corresponding user is used as a selection algorithm.

The claimed solution is also implemented through a user identification system by keyboard handwriting, containing:

- keyboard;

- a block for registering user credentials in the system;

- a system clock configured to fix the time of pressing and releasing the keyboard keys;

- long-term memory configured to store the database;

- a computing device configured to perform the described method.

In one of the possible implementation options, the claimed solution is part of a remote banking system.

In another of the possible implementation options, the claimed solution is part of a website that implies user authorization, for example, an online store.

DESCRIPTION OF THE DRAWINGS

The implementation of the invention will be described hereinafter in accordance with the accompanying drawings, which are presented to explain the essence of the invention and in no way limit the scope of the invention. The following drawings are attached to the application:

Fig. 1 illustrates a computer-implemented method for identifying a user by keystroke;

Fig. 2 illustrates the time intervals measured by the described method when entering data from the keyboard;

Fig. 3 illustrates non-limiting ways to conditionally divide a computer keyboard into zones;

Fig. 4 illustrates an example general layout of a computing device.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description of the implementation of the invention, numerous implementation details are provided to provide a clear understanding of the present invention. However, one skilled in the art will appreciate how the present invention can be used, both with and without these implementation details. In other instances, well-known methods, procedures, and components have not been described in detail so as not to unnecessarily obscure the features of the present invention.

Furthermore, it will be clear from the foregoing that the invention is not limited to the present implementation. Numerous possible modifications, changes, variations and substitutions that retain the spirit and form of the present invention will be apparent to those skilled in the subject area.

The present invention is directed to providing a computer-implemented method and system for identifying a user by keystroke.

The signal generated by any modern computer keyboard in response to pressing or releasing any single key uniquely identifies the pressed key. Moreover, the type of this signal does not depend on how hard the key was pressed, or on how quickly it was pressed, or on how long it was held pressed before releasing, or on other similar factors.

The output signal of the keyboard on which some text is typed is a set of so-called scan codes (https://ru.wikipedia.org/w/index.php?title=%D0%A1%D0%BA%D0%B0% D0%BD-%D0%BA%D0%BE%D0%B4&oldid=98124315) serially transmitted in digital (binary) form through the port to which the keyboard is connected. Each of these scan codes uniquely identifies a particular key and indicates whether the corresponding key has been pressed or released. In other words, each key is assigned at least two different scan codes:

• scan code of pressing,

• scan code release.

Scan codes are unique within a particular computer configuration; they are transmitted by the keyboard to the port, regardless of the state of other input devices.

As a result, in connection with pressing any key on the computer keyboard, the program that processes the state of the keyboard port becomes aware of: (1) the moment of pressing, (2) the moment of release, (3) information about which particular key was pressed or released. Fixing a specific moment of pressing or releasing (timestamp) in this case can be implemented, for example, by accessing the program to the system clock data.

Before starting work on the computer, a new employee is informed of his credentials and instructed to enter his login and password 10-15 times in the user interface window. The number of required iterations of entering an account for each specific user may be different, because depends not only on the experience of a given user on the keyboard, but also on the “degree of familiarity” with a particular keyboard.

In an alternative embodiment, the system that implements the described method is associated with a browser window in which the user must enter credentials, for example, a window of a remote banking system or an online store site that has the function of a personal account and implies customer authorization. In this case, the system that implements the described method receives the keystrokes of the computer keyboard, calculates and stores the necessary data, which will be described below.

As shown in FIG. 1, the claimed computer-implemented method of user identification by keyboard handwriting (100) is implemented as follows:

In step (101), the user's credentials are pre-registered in the system. The user credentials are the username and password. It is an important component of network security.

Next, at step (102), an identifier corresponding to the credentials is assigned to the user. As a user identifier in the claimed solution, either an arbitrary alias ("Ivanov. I.I."), which does not match the login and entered by the user at the request of the system at the beginning of training, or a pseudo-random number, for example, a hash function of the value system time received at the time of pressing the first key when entering the first password with an accuracy of 0.001 seconds.

In an alternative implementation, identification of a particular user can be done, for example, by his userid, i.e. a unique identifier assigned to each client by a system, for example, a remote banking system (RBS).

In order to further reduce the probability of data loss, the RBS system, having received the correct credentials and associated a specific user id with this user session, can calculate from it any pre-specified hash function and send exactly the hash from userjd to the system that implements the described method, and not the user id itself. For the purposes of implementing this method, it does not matter what the user ID looks like, it is only important that it is consistently repeated in each session of this user.

At step (103), the classifier is trained to identify the user, while during training, the credentials are entered into the system from the keyboard a specified number of times, and during each entry:

• Measure the holding time of each key in the pressed state and fix the measured values;

• Measure the intervals between the moment of pressing each key and each of the moments of pressing all other keys involved by the user when entering credentials, and record the measured values;

• Measure the intervals between the moment of releasing each key and each of the moments of releasing all other keys used by the user when entering credentials, and fix the measured values;

• Measure the intervals between the moment of pressing each key and each of the moments of releasing all other keys involved by the user when entering credentials, and fix the measured values;

• Measure the intervals between the moment of releasing each key and each of the moments of pressing all other keys involved by the user when entering credentials, and fix the measured values;

• At each input, based on the measured time intervals, a user data set is formed, which is assigned an identifier associated with the respective user;

• Store the generated datasets associated with the respective user in a database;

• The most stable features are selected from the database using the selection algorithm;

• The classifier is trained to identify the user when entering credentials into the system based on the selected most stable features.

At step (104), the trained classifier is used to subsequently verify the identity of the user entering the login credentials to the user on whose data sets the classifier was trained.

Let us show, in relation to Fig. 2, using the example with the input of the word "LOGIN", how exactly time intervals can be calculated, which are subsequently used as features for training the classifier.

On FIG. 2 shows a set of time intervals 200, which will be calculated according to the described method when typing the key sequence L 202.0 204, D 206, I 208 and H 210 on the keyboard. For each of these keys, using the system clock, the time of pressing is fixed, for example, time pressing 212 keys L 202 or the time of pressing 216 keys O 204. Also for each of these keys, using the system clock, the release time of the key is fixed, for example, the release time 214 of the L 202 key or the release time 218 of the O 204 key.

The time of holding each key in the pressed state is measured: the time of holding in the pressed state 220 keys L 202, the time of holding in the pressed state 254 keys O 204, the time of holding in the pressed state 280 of the key G 206, the time of holding in the pressed state 294 keys And 208 and the time holding pressed 299 keys H 210.

Measure the intervals between the moment of pressing each key and each of the moments of pressing all other keys involved by the user when entering credentials. This can be done as follows: measure the intervals 222, 226, 230 and 234 between pressing 212 keys L 202 and pressing the keys O 204, D 206, AND 208 and H 210, respectively. Intervals 256,260 and 264 are measured between pressing 216 keys O 204 and pressing the keys Г 206, AND 208 and H 210, respectively. The interval 222 between key presses L 202 and O 204 is not measured, since it has already been measured previously. Measure the intervals 282 and 286 between pressing the keys Г 206 and pressing the keys AND 208 and H 210, respectively. Measure the interval 295 between keystrokes AND 208 and H 210, and thus get the full set of intervals between the moment each key is pressed and the moment all other keys are pressed.

Measure the intervals between the moment of releasing each key and each of the moments of releasing all other keys involved by the user when entering credentials. This can be done as follows: the intervals 240, 244, 248 and 252 are measured between the moment of release 214 of the key L 202 and the moments of release of the keys O 204, D 206, AND 208 and H 210, respectively. Intervals 270, 274 and 278 are measured between the moment of release 218 of the key O 204 and the moments of release of the keys Г 206, AND 208 and H 210, respectively. The interval 240 between the moments of releasing the keys L 202 and O 204 is not measured, since it has already been measured previously. The intervals 291 and 293 are measured between the moment of releasing the key Г 206 and the moments of releasing the keys AND 208 and H 210, respectively. Measure the interval 298 between the moments of releasing the keys And 208 and H 210, and thus get the total set of intervals between the moment of releasing each key and the moments of releasing all other keys.

Measure the intervals between the moment of pressing each key and each of the moments of releasing all other keys involved by the user when entering credentials. This can be done as follows: the intervals 224, 228, 232 and 236 are measured between the moment of pressing 212 of the key L 202 and the moments of releasing the keys O 204, D 206, AND 208 and H 210, respectively. Measure the intervals 258,262 and 266 between pressing 216 keys O 204 and the moments of releasing the keys G 206, And 208 and H 210, respectively. The interval 238 between pressing the O key 204 and releasing the L key 202 is not measured, since it has already been measured previously. The intervals 284 and 288 are measured between pressing the key Г 206 and the moments of releasing the keys AND 208 and H 210, respectively. Measure the interval 296 between pressing the key AND 208 and release the key H 210, and thus get the full set of intervals between the moment of pressing each key and the release of all other keys.

Measure the intervals between the moment of releasing each key and each of the moments of pressing all other keys involved by the user when entering credentials. This can be done as follows: the intervals 238, 242, 246 and 250 are measured between the moment of release 214 of the key L 202 and the moments of pressing the keys O 204, D 206, AND 208 and H 210, respectively. The intervals 268, 272 and 276 are measured between the moment of release 218 of the key O 204 and the moments of pressing the keys Г 206, AND 208 and H 210, respectively. The interval 224 between the moment the key O 204 is released and the moment the key L 202 is pressed is not measured, since it has already been measured previously. The intervals 290 and 292 are measured between the moment of releasing the key Г 206 and the moments of pressing the keys AND 208 and H 210, respectively. The interval 297 is measured between the moment of releasing the key AND 208 and the moment of pressing the key H 210, and thus the total set of intervals between the moment of releasing each key and the moments of pressing all other keys is obtained.

In this case, the measurement of the time interval means the calculation of the difference between two system clock marks (timestamp) obtained upon receipt of the corresponding scan codes.

The time value can be measured, for example, to the nearest 0.01 second and expressed in decimal, hexadecimal, or any other convenient format; the obtained values can, in particular, be stored in a specific user-specific dataset file. The sequence number of the interval may not be recorded, because it follows from the position of the measured value in the series of other values in the set.

A non-limiting example of the order in which time intervals can be calculated and the resulting values stored is given below with respect to FIG. 2.

At the moment of pressing 212 of the first key - this is L 202 - the first mark of the system clock is fixed. At the moment of releasing 214 keys L 202 fix the second mark of the system clock, calculate the interval 220 between the first and second marks of the system clock and store the resulting value. At the moment of pressing 216 keys O 204 fix the third mark of the system clock, calculate the time intervals 222 between the first and third marks of the system clock and 238 between the second and third marks of the system clock and store the obtained values. At the moment of release 218 of the O 204 key, the fourth mark of the system clock is fixed, the time intervals are calculated: 224 between the first and fourth marks of the system clock, 240 between the second and fourth marks of the system clock, 254 between the third and fourth marks of the system clock, and save the obtained values. Further calculations are performed in a similar way.

It should be noted that when working on the keyboard, some users sometimes press the "next" key before releasing the "previous" key. In this case, with reference to FIG. 2, the time of pressing the second key 216 will be closer to the start of dialing 212 than the time of releasing the first key 214. This feature of the keyboard operation will only affect the value of the corresponding time intervals (220, 222, 238, etc.). Neither the total number of time intervals measured for the characters that make up the login and password, nor the functioning of the system that implements the described method, will be affected by such a feature of the user. However, the fact that the measured time intervals in this case will have completely different values than for users with the usual manner of typing, allows us to talk about the greater reliability of identification by the described method.

In addition to the keys corresponding to "meaningful", i.e. characters applicable when entering a login and password, all computer keyboards have a number of service keys. Some of them, such as the Ctrl key, have no effect on entering characters in a text field. Therefore, the receipt of scan codes of such keys can be ignored within the framework of the described method. In an alternative implementation of the method, non-alphabetic key scan codes may be processed similarly to character key scan codes.

Other service keys, such as Del or Backspace, are always used only when the user has made a mistake while typing characters and would like to delete the character just entered.

In this case, given that the Backspace key deletes the character located to the left of the current position of the text cursor, the receipt of the scan code of this key means that the previous character was entered erroneously.

As part of the implementation of the described method, this can lead to the deletion of that part of the generated keyboard set, in the calculation of which this previous character was previously involved, and the continuation of the calculation of the set, starting from the character following the Backspace, which will be considered "instead of" erroneously entered. Actually, the Backspace scan code is ignored when calculating the set.

If the user presses Backspace several times, then the corresponding part of the already calculated set can be deleted, up to its complete zeroing if the number of Backspace presses was greater than or equal to the number of characters already entered.

Since the Del key deletes the character located to the right of the text cursor, in order to delete the last character entered with this key, the user first presses the "left arrow" service key, and only then Del.

Therefore, the receipt of scan codes of the "left arrow" and Del keys one after another is processed similarly to the case with receiving the Backspace scan code. Actually, the scan codes of the "left arrow" and Del keys are ignored when calculating the keyboard set. Combinations of scancodes like "X presses of the "left arrow", then X presses of Del" are processed similarly to the situation described above, when the Backspace key is pressed X times in a row.

The Enter service key in authorization interfaces is often used to confirm the login and password entered in the text fields, i.e. performs the role of the "Enter the typed login and password" command. For this reason, the receipt of the scan code of the Enter key can, along with other signs, serve for the system implementing the described method as a signal that the calculation of the current keyboard set should be completed, and the resulting values should be saved to a file.

With each successful login and password entry, the subsystem generates a user data set, which is assigned an identifier associated with the corresponding user. In addition, in cases where the user makes a mistake by entering incorrect credentials, the subsystem can ask him to repeat the data entry by displaying an appropriate message.

Each new generated data set is stored in the database. After that, the most stable features are selected from the database using the selection algorithm, that is, such time intervals between various keyboard events that most often have similar values.

The algorithm for selecting the most stable features can be any well-known. A non-limiting example of such an algorithm is given below. Suppose there are 10 data sets {K} of one user, each containing the same number of features t(k):

The value of the variance D is calculated for each set of "similar" features, i.e. located at the same position within the data set {K}:

The variance D can be calculated as the variance of a random variable, or by any other well-known method.

Then some predetermined number (for example, 50 or 200) of features t(k) with the minimum dispersion is selected.

The described example of the feature selection method is not limiting. Alternatively, any other known feature extraction method can be used:

https://ra.wikipedia.org/w/index.php?title=%D0%92%Dl%8B%D0%B4%D0%B5%D0%BB% D0%B5%D0%BD%D0%B8 %D0%B5_%D0%BF%D1%80%D0%B8%D0%B7%D0%BD%D0%B0%D0%BA%D0%BE%D0%B2&oldid=98135923

Based on the selected most stable features, the classifier is trained to identify the user when entering credentials into the system. After that, the trained classifier is used to subsequently confirm the identity of the user entering credentials when logging in to the user on whose data sets this classifier was trained.

The technical implementation of the classifier can be any well-known; it can be implemented, for example, as an Isolation Forest or as a One Class SVM.

The following are additional embodiments of the present invention.

In a particular variant, after training the classifier, a threshold value is selected, the excess of which indicates the identity of the user entering the credentials to the user on whose data sets the classifier was trained.

In another particular variant, upon receiving a trained classifier response that is numerically less than the selected threshold value, inform about access to the credentials of an unidentified user.

In another private variant, when typing credentials, non-character keystrokes are additionally recorded.

In another particular variant, the classifier is trained by the machine learning method.

In another particular variant, the time intervals having the smallest dispersion in the data sets of this user are considered to be stable features for each user.

In another particular variant, the screening of a predetermined number of features that have the largest dispersion in the data sets of the corresponding user is used as a selection algorithm.

A variant of the system that implements the described method is possible, in which the system is an integral part of a website that implies user authorization, for example, an online store or a public services portal.

It is also possible to implement the present method, in which the keyboard is previously conventionally divided into two or more dialing zones. Non-limiting examples of such separation are shown in FIG. 3.

For example, the keyboard 300 is divided into a service key zone 302, a left alphanumeric block zone 304, a middle alphanumeric block zone 310, a right alphanumeric block zone 312, a left 306 and a right 314 modifier key zone, a space zone 308, a numeric keypad 318 and the service key area of the numeric keypad 316.

Alternatively, the keyboard 350 is divided into an upper zone 352, a middle zone 354, and a lower zone 356.

In accordance with this implementation option, the time intervals fixed for the keys from each pre-allocated dialing zone, before training the classifier, are additionally multiplied by a factor, also predetermined and assigned to this dialing zone.

For example, for the keyboard 350, the key timings for the upper zone 352 are multiplied by 10, the key timings for the middle zone 354 are left unchanged (multiplied by 1), and the key timings for the lower zone 356 are multiplied by 0.1.

It is also possible to implement the described method, which is used in a situation where a specific account (that is, a login and password) is assigned not to one user, but to a certain, previously known group of persons. For example, students of the same class of high school, students of the same study group, etc. In such an implementation of the described method, all persons entitled to use this account are trained in turn, as described in relation to steps 101 and 102 shown in FIG. 1. After the time intervals have been measured and stored for all, as shown in relation to FIG. 2 is produced using any well-known feature extraction method, feature selection, and then classifier training. The classifier trained in this way is subsequently used to identify this group of persons. The classifier's decision in this case is interpreted as the probability that the person entering the credentials belongs to this group of persons.

On FIG. 4 below will be a general diagram of a computer device (400) that provides the data processing necessary to implement the claimed solution.

In general, the device (400) contains components such as: one or more processors (401), at least one memory (402), data storage (403), input/output interfaces (404), I/O ( 405), networking tools (406).

The processor (401) of the device performs the basic computing operations necessary for the operation of the device (400) or the functionality of one or more of its components. The processor (401) executes the necessary machine-readable instructions contained in the main memory (402).

The memory (402) is typically in the form of RAM and contains the necessary software logic to provide the required functionality.

The data storage facility (403) can be implemented in the form of HDD, SSD disks, raid array, network storage, flash memory, optical information storage devices (CD, DVD, MD, Blue-Ray disks), etc. The facility (403) allows perform long-term storage of various types of information, for example, the above-mentioned files with user data sets, a database containing records of time intervals measured for each user, user identifiers, etc.

Interfaces (404) are standard means for connecting and working with the server part, for example, USB, RS232, RJ45, LPT, COM, HDMI, PS/2, Lightning, Fire Wire, etc.

The choice of interfaces (404) depends on the specific implementation of the device (400), which can be a personal computer, mainframe, server cluster, thin client, smartphone, laptop, and the like.

As means of I/O data (405) in any embodiment of the system that implements the described method, the keyboard must be used. The keyboard hardware can be any known: it can be either a built-in keyboard used on a laptop or netbook, or a separate device connected to a desktop computer, server, or other computer device. In this case, the connection can be either wired, in which the keyboard connection cable is connected to the PS / 2 or USB port located on the system unit of the desktop computer, or wireless, in which the keyboard exchanges data via a wireless communication channel, for example, a radio channel, with base station, which, in turn, is directly connected to the system unit, for example, to one of the USB ports. In addition to the keyboard, the following I/O devices can also be used: joystick, display (touchscreen), projector, touchpad, mouse, trackball, light pen, speakers, microphone, etc.

Network communication means (406) is selected from a device that provides network data reception and transmission, for example, an Ethernet card, WLAN/Wi-Fi module, Bluetooth module, BLE module, NFC module, IrDa, RFID module, GSM modem, etc. With the help of means (405) the organization of data exchange over a wired or wireless data transmission channel, for example, WAN, PAN, LAN (LAN), Intranet, Internet, WLAN, WMAN or GSM, is provided.

The components of the device (400) are coupled via a common data bus (410).

In these application materials, a preferred disclosure of the implementation of the claimed technical solution was presented, which should not be used as limiting other, private embodiments of its implementation, which do not go beyond the scope of the requested legal protection and are obvious to specialists in the relevant field of technology.

Claims (28)

1. A method for identifying a user by keyboard handwriting, which consists in performing the steps at which, using a computing device: registering user credentials in the system; assigning an identifier corresponding to the credentials to the user; the classifier is trained to identify the user, while during training the credentials are entered into the system from the keyboard a specified number of times, and the keyboard is previously divided into dialing zones, and during each input: measuring the holding time of each key in the pressed state; measure the intervals between the moment of pressing each key and each of the moments of pressing all other keys involved by the user when entering credentials; measuring intervals between the moment of releasing each key and each of the moments of releasing all other keys involved by the user when entering credentials; measure the intervals between the moment of pressing each key and each of the moments of releasing all other keys involved by the user when entering credentials; measure the intervals between the moment of releasing each key and each of the moments of pressing all other keys involved by the user when entering credentials; at each input, based on the measured time intervals, a user data set is formed, and the time intervals fixed for the keys from each set zone are additionally multiplied by a factor set in advance and assigned to this set zone, and the data set is assigned an identifier associated with the corresponding user ; storing the generated data sets associated with the respective user in a database; the most stable features are selected from the database using the selection algorithm, and the most stable features for each user are the time intervals having the smallest variance in the data sets of this user; teaching the classifier to identify the user when entering credentials into the system based on the selected most stable features; the trained classifier is used to subsequently confirm the identity of the user entering the login credentials to the user on whose data sets the classifier was trained. 2. The method according to claim 1, characterized in that after training the classifier, a threshold value is selected, the excess of which indicates the identity of the user entering the credentials to the user on whose data sets the classifier was trained. 3. The method according to claim 2, characterized in that upon receipt of a trained classifier response that is numerically less than the selected threshold value, an unidentified user is informed about access to the credentials. 4. The method according to p. 1, characterized in that when typing credentials, non-character key presses are additionally recorded. 5. The method according to claim 1, characterized in that the classifier is trained by the machine learning method. 6. The method according to claim 1, characterized in that the selection algorithm uses the screening of a predetermined number of features that have the highest dispersion in the data sets of the corresponding user. 7. The method according to claim 1, characterized in that user identification is understood as the identification of a predetermined group of persons using the same account. 8. User identification system by keyboard handwriting, comprising: keyboard a block for registering user credentials in the system; a system clock configured to fix the time of pressing and the time of releasing the keys of the keyboard; a long-term memory configured to store a database; a computing device configured to perform the method according to any one of paragraphs. 1-7. 9. The system according to claim 8, characterized in that the user identification system by keyboard handwriting is an integral part of the remote banking system. 10. The system according to claim 9, characterized in that the user identification system is an integral part of the website, which implies user authorization.

Images