1. Patent Search
  2. Details

SYSTEM AND METHOD OF OBTAINING AUTHENTICATION INFORMATION FOR USER INPUT INFORMATION

20230153407 · 2023-05-18

    Inventors

    Cpc classification

    International classification

    Abstract

    A terminal is used to obtain authentication information associated with user input information. The terminal measures a set of values of biometric properties of behavior of a person at the terminal, using one or more biometric behavior sensors of the terminal. An indication of a time interval is provided from which the set of values has to be used for obtaining the authentication information for the user input information. Parameters of a biometric of behavior template are read from a user domain storage device, such as a smartphone, to which access is enabled only under control of the person. The parameters define a predetermined class of sets of values of biometric properties that have been determined to occur for the person when the person is in a predetermined type of mental state, or a computation for computing a score value from the set of values that the set of measured values belongs to said class. The parameters are used in the terminal to determine whether or not the set of values in said time interval are within the predetermined class, and/or to compute a score value that the set of values in the time interval belongs to said class, or the terminal may cause a computing device associated with the user domain storage device to do so.

    Claims

    1. A method of using a terminal to obtain authentication information associated with user input information, the method comprising: measuring a set of values of biometric properties of behavior of a person at the terminal, using one or more biometric behavior sensors of the terminal; receiving an indication of a time interval from which the set of values has to be used for obtaining the authentication information for the user input information; reading parameters of a biometric of behavior template from a user domain storage device, to which access is enabled only under control of the person, wherein the parameters define a predetermined class of sets of values of biometric properties that have been determined to occur for the person when the person is in a predetermined type of mental state, or a computation for computing a score value from the set of values that the set of measured values belongs to said class; using the parameters in the terminal to determine whether or not the set of values in said time interval are within the predetermined class, and/or to compute a score value that the set of values in the time interval belongs to said class, or causing a computing device associated with the user domain storage device to do so.

    2. The method according to claim 1, wherein the parameters of the biometric of behavior template are determined using an enrollment device prior to said measuring, wherein the enrollment device performs the steps of: measuring time dependent biometric behavior properties of the user under a plurality of different conditions; receiving input from a supervisor about the answers, by the user, to questions by a supervisor, indicating whether the user lied or not, and indicating the time points or time intervals during which the user supplied the answers; for each answer, forming a set of values of the measured biometric behavior properties of the user in a time interval in which the answer was given and or prepared; the enrollment device or the user domain storage device determining the parameters of the biometric behavior template based on the sets of values and the input when the user answered questions and whether the user lied or not.

    3. The method according to claim 2, wherein the enrollment device detects whether each of number of predetermined norms has been achieved, and provides feedback to the supervisor indicating information gaps that cause failure to achieve at least one of the norms.

    4. The method according to claim 1, wherein the predetermined type of mental state is a state wherein the person believes that the input information is not true.

    5. A method of using a system of terminals to obtain authentication information for user input information, wherein a first terminal of the system performs the method according to claim 1, the first terminal of the system further recording the set of values in association with an identifier of an event wherein the user input information was input, the method further comprising: storing a subsequent feedback in association with the identifier in a server of the system, the subsequent feedback indicating that the person lied at the event; executing the method of claim 1 by a second terminal of the system, wherein, when the person gives the second terminal access to the user domain storage device, and before the second terminal uses the parameters in said step of using the parameters, the second terminal updates the parameters based on the recorded set of values and the subsequent feedback associated with the identifier that was stored in the server, or causes the user domain storage device to do so.

    6. The method according to claim 5, wherein the first terminal comprises an additional biometric behavior sensor of a type from which measurements are not used in the biometric behavior template, when the first terminal performs the method according to claim 1, the first terminal recording a further value, of a measurement determined using the additional biometric behavior sensor, in association with the identifier, said updating comprising determining parameters of a new biometric behavior template that involves measurements of the additional biometric behavior sensor.

    7. The method according to claim 1, comprising biometric identification of the person before said using the parameters.

    8. The method according to claim 7, wherein the user domain storage device stores biometric identification data of the person in association with the parameters of the biometric of behavior template, said biometric identification comprising measuring biometric identification data of the person when access is to the user domain storage device is provided, and comparing the measured biometric identification data with the biometric identification data of the person before using the associated parameters of the biometric of behavior template.

    9. The method according to claim 1, wherein the user domain storage device is a portable physical information carrier supplied by the person, or a remote storage device to which access has been given under control of the person.

    10. The method according to claim 1, comprising measuring biometric identification data of the person and comparing the measured biometric identification data with biometric identification data stored in the user domain storage device, the access to the user domain storage device being enabled dependent on whether the biometric identification data matches the stored biometric identification data.

    11. The method according to claim 1, wherein the terminal records the user input information in association with an indication whether or not the set of values in said time interval is within the predetermined class, or computing a score value that the set of values in the time interval belongs to said class.

    12. A terminal for obtaining authentication information associated with user input information, the terminal comprising one or more biometric behavior sensors, a control interface, a processor and a communication unit for communicating with a user domain storage device, to which access is enabled only under control of a person, the processor being configured to: obtain a set of values of biometric properties of behavior of the person at the terminal, using an output of the one or more biometric behavior sensors; receive, from the control interface, an indication of a time interval from which the set of values has to be used for obtaining the authentication information for the user input information; use the communication unit to cause parameters of a biometric of behavior template to be read from the user domain storage device; wherein the parameters define a predetermined class of sets of values of biometric properties that have been determined to occur for the person when the person is in a predetermined type of mental state, or a computation for computing a score value from the set of values that the set of measured values belongs to said class; the terminal using the parameters to determine whether or not the set of values in said time interval are within the predetermined class, and/or to compute a score value that the set of values in the time interval belongs to said class, or causing a computing device associated with the user domain storage device to do so.

    13. A system of terminals comprising a terminal according to claim 12 and an enrollment device, wherein the enrollment device is configured to: measure time dependent biometric behavior properties of the user under a plurality of different conditions; receive input from a supervisor about the answers, by the user, to questions by a supervisor, indicating whether the user lied or not, and indicating the time points or time intervals during which the user supplied the answers; for each answer, form a set of values of the measured biometric behavior properties of the user in a time interval in which the answer was given and/or prepared; the enrollment device or the user domain storage device being configured to determine the parameters of the biometric behavior template based on the sets of values and the input when the user answered questions and whether the user lied or not.

    14. The system of claim 13, wherein the enrollment device is configured to detect whether each of number of predetermined norms has been achieved, and to provide feedback to the supervisor indicating information gaps that cause failure to achieve at least one of the norms.

    15. A system of terminals comprising a first and second terminal according to claim 12, the system of terminals being used to certify user input information, wherein the first terminal is configured to record the set of values in association with an identifier of an event wherein the user input information was input, the system comprising a server configured for storing a subsequent feedback in association with the identifier, the subsequent feedback indicating that the person lied at the event; the second terminal being configured to update the parameters based on the recorded set of values and the subsequent feedback associated with the identifier that was stored in the server, or to cause the computing device associated with the user domain storage device to do so, when the person gives the second terminal access to the user domain storage device, and before the second terminal uses the parameters in said step of using the parameters.

    16. The system according to claim 15, wherein the first terminal comprises an additional biometric behavior sensor of a type from which measurements are not used in the biometric behavior template, the first terminal being configured to record a further value, of a measurement determined using the additional biometric behavior sensor, in association with the identifier, said updating comprising determining parameters of a new biometric behavior template that involves measurements of the additional biometric behavior sensor.

    17. The terminal according to claim 12, configured to measuring biometric identification data of the person to perform a biometric identification of the person, or causing the computing device associated with the biometric storage device to do so, by reading biometric identification data of the person from the user domain storage device and comparing the measured biometric identification data with the biometric identification data of the person before using the associated parameters of the biometric of behavior template.

    18. The system according to claim 15, wherein the user domain storage device is a portable physical information carrier supplied by the person, or a remote storage device to which access has been given under control of the person.

    19. An enrollment device for use in the system according to claim 13, wherein the enrollment device is configured to: measure time dependent biometric behavior properties of the user under a plurality of different conditions; receive input from a supervisor about the answers, by the user, to questions by a supervisor, indicating whether the user lied or not, and indicating the time points or time intervals during which the user supplied the answers; for each answer, form a set of values of the measured biometric behavior properties of the user in a time interval in which the answer was given and or prepared; determine the parameters of the biometric behavior template based on the sets of values and the input when the user answered questions and whether the user lied or not.

    20. The enrollment device of claim 19, wherein the enrollment device is configured to detect whether each of number of predetermined norms has been achieved, and to provide feedback to the supervisor indicating information gaps that cause failure to achieve at least one of the norms.

    Description

    BRIEF DESCRIPTION OF THE DRAWING

    [0025] These and other advantageous aspects will become apparent from a description of exemplary embodiment with reference to the following figures.

    [0026] FIG. 1 shows an overview of a system with devices that use lie detectors

    [0027] FIG. 2 shows a flow chart of an aspect of operation of the system

    [0028] FIG. 3 shows a flow chart of a further aspect of operation of the system

    [0029] FIG. 4 shows a flow-chart of an embodiment of operation of a terminal

    DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

    [0030] Lie detection has both awkward and useful aspects for a person that submits to lie detection. Obviously, lie detection is an infringement of mental privacy. On the other hand if a person can achieve a desirable goal by convincing others that a statement is not a lie, the person may voluntarily submit to lie detection. Submission to lie detection to prove one's innocence from a punishable act is a familiar example, but lie detection can also be convenient in more day to day situations such as being allowed to pass luggage through customs quickly based on a statement that the luggage contains nothing to declare, or to obtaining access to a secured space without a body search based on a statement that a person carries no banned objects, or has not engaged in activities that would prohibit access.

    [0031] However, present day lie detection is too time consuming for such day to day use. It would be desirable to make the use of lie detector less time consuming. Such a development may make lie detection more pervasive, but it may also raise concerns of abuse to obtain private information when the interrogated person is unaware that lie detection is used, or used without permission for the purposes of the interrogator. Therefore it is desirable to make use of lie detector less time consuming, in a way that makes unauthorized use difficult, if not impossible.

    [0032] Lie detection per se, in the abstract sense of determining whether a person is in mental state wherein the person believes that a statement made by the person is not true, is not a technical process. But a technical implementation of lie detection involves specific types of sensor measurements, more specifically measurements of biometric behavior properties. In contrast, measurements of static biometric properties, such as nose length measurements, which are not behavior properties, are in practice not sufficient. Moreover, the technical implementation involves a computation of a similarity between sets of measurements of the biometric behavior properties provided as training examples and the measurements of the biometric behavior properties to determine class, or compute a similarity score. Such a computation of a similarity may directly involve comparing with the training examples or indirect comparison, by computing functions such as support vector machine scores or neural network signals, that have been determined by means of the training examples. Parameters for such direct or indirect comparisons will be referred to as a biometric behavior template. The technical implementation should provide for user control over the use of the biometric behavior template.

    [0033] FIG. 1 shows an overview of a system with devices that use lie detection. The system comprises a central server 10, an enrollment device 12, a plurality of terminals 14 and a portable physical information carrier 16. Portable physical information carrier 16 is an example of a user domain storage device, that is, a device to which access is enabled only under control of a specific person. The user domain storage device may be part of a user domain processing device, that comprises a user domain processor and the user domain storage device. For example, portable physical information carrier 16 comprises a memory and a processor. Portable physical information carrier 16 may be a smart phone or a chip card like a smart card for example. Preferably, information carrier 16 is configured so that external access to its memory is not possible without intervention of the processor. Enrollment device 12 is configured to cause information to be written on physical information carrier 16, either by supplying the information to information carrier 16, or by causing the processor of physical information carrier 16 to generate the information and store it. Instead of portable physical information carrier 16 another type of user domain storage device may be used, such as a storage device with encrypted information to which only the person has a decryption key, or a storage device that requires a password or biometric identification data to enable access, but a description using portable physical information carrier 16 will be disclosed by way of example.

    [0034] Terminals 14 are configured to obtain information from physical information carrier 16. Terminals 14 are coupled to central server 10, which may be a computer or a distributed computer system. Central server 10 comprises a storage device (not shown). Terminals 14 may be coupled to central server 10 e.g. via the Internet. Each terminal 14, may have the same structure as the other terminals 14. By way of example, one of terminals 14 is shown in more detail, comprising a computer 140, an optional statement input device 142 and a biometric behavior sensing device 144. When a portable physical information carrier 16 is used, computer 140 may comprise a communication unit (not separately shown) for communicating with portable physical information carrier 16, using e.g. electrical contacts, near field communication or a Bluetooth interface or similar interface. Enrollment device 12 may have a similar structure as terminals 14. In an embodiment enrollment device 12 and terminals 14 may be used interchangeably as enrollment device and terminal. Although a single enrollment device 12 is shown by way of example, a plurality of enrollment devices may be used instead.

    [0035] Dependent on the implementation, biometric behavior sensing device 144 may comprise one or more different sensors, e.g. a camera, a sound signal detector, a contact based sensor, a keyboard etc. Computer 140 may be configured (e.g. programmed) to derive various measurements using input from the sensors. As used herein, a sensor may refer to a combination of a sensing device and a computer program to derive measured values from an output signals of a sensing device, or to the a sensing device per se. For example, computer 140 may be configured to use input from the image sensor to detect movements and events such as head movement, motion of other user limbs, eye blinking events, eye ball movement, mouth deformation, other time dependent face deformation, face color variation etc. in video input with images that contain the face of the user. Computer 140 may be configured to use input from the sound signal detector to detect pitch and loudness in the sound signal, variation of the pitch and/or loudness, words determined by applying voice recognition to the sound signal, the presence of meaningless interjections in the sound signal such as stop words or pause events for breathing. Contact based sensors may be used to detect time dependent heartbeat, typing frequency on a keyboard, electrical skin resistance of a finger on a key or on a dedicated sensor, time dependent pressure variation e.g. during typing etc. Furthermore, biometric behavior sensing device 144 may comprise a fMRI scanner or other type of scanner. The biometric fMRI scanner or other type of scanner may be configured to perform scans of positions in the brains and to determine one or more values of measurements of predetermined types of brain activity at one or more predetermined regions in the brain.

    [0036] Optional statement input device 142 is configured to input information supplied by the user. Computer 140 may be configured to process this information. The information or processed information will be referred to as the “statement”. Statement input device 142 may share an input device with biometric behavior sensing device 144. E.g. statement input device 142 may comprise a keyboard for typing the statement or a sound signal input device for recording the statement.

    [0037] The information derived for statement input differs from that derived for biometric behavior sensing. The information derived for statement input typically uses only one input device, and only meaning carrying aspects of the input from the input device, such as key codes of typed keys, speech recognition data or compressed speech data. In contrast, information derived for biometric behavior sensing typically uses a plurality of aspects of the input that are independent of the meaning carrying aspects used by statement input device 142 and/or more than one different input device.

    [0038] FIG. 2 shows a flow chart with an overview of operation of the system. When a human user presents her or himself at enrollment device 12, enrollment device 12 generates a biometrics behavioral template for use to classify biometric behavior sensing data. The generation of the template will usually be executed under supervision of a human supervisor, but in some embodiments it may be performed automatically.

    [0039] The template generation involves a first step 21 wherein enrollment device 12 measures time dependent biometric behavior properties of the user under various different conditions, for example when the user answers different questions posed by the supervisor. In one example the supervisor may first inform the user of a complex of facts (e.g. a series of events) that should be assumed to be true and subsequently ask questions about those facts from that complex of facts.

    [0040] The supervisor may ask the user to find and tell lies in response to part of the questions, or to hide certain facts from the complex of facts in answers to a series of questions. Enrollment device 12 may receive input from the supervisor for each answer indicating whether the user lied or not, for example based on whether the user was asked to find and tell a lie to the question or not, or whether the answer is at variance with the complex of facts. Furthermore, enrollment device 12 may receive input from the supervisor that indicates time points or time intervals during which the user supplied the answers and optionally time points or time intervals during which questions were asked to which these answers were a response.

    [0041] Enrollment device 12 may be configured to use feedback from the supervisor about the status of relevant mental constructs in the user, such as aspects of the user's mental state (such as a classification of mood, degree of stress, excitedness, emotion, degree of cognitive pressure), in relation to the context at the time.

    [0042] Enrollment device 12 may be configured to detect information gaps. Enrollment device 12 may use the detection of signal information gaps to validate the quality of the template, e.g. by determining whether each of number of predetermined norms has been achieved.

    [0043] An example of a norm is that behavior of at least a predetermined number of different emotions must have been observed when giving answers that were lies. A similar norm may apply for giving answers that were not-lies. Another example of a norm is that at least a predetermined number of different forms of behavior have been detected within a time interval of predetermined length before and/or after giving an answer. Another example of a norm is whether the user was under more than a predetermined threshold degree of cognitive pressure during any of the answers.

    [0044] For the purpose of testing the norms, classifications of the emotions, forms of behavior degree of cognitive pressure or other features used in norms may be determined by enrollment device 12 based on sensor measurements of physical parameters such as skin resistance, body motion such as eye blinking, mouth deformation etc, heart rate, breathing rate, blood pressure, etc. Alternatively, feature values such as degrees of emotions, forms of behavior or cognitive pressure etc. may be computed and used in the norms, e.g. for comparisons with predetermined thresholds.

    [0045] When enrollment device 12 is configured to use feedback from the supervisor about the status of relevant mental constructs in the user, enrollment device 12 may be configured to use this feedback for the testing the norms in addition to, or instead of the classifications or feature values.

    [0046] Enrollment device 12 may be configured to provide feedback to the supervisor to direct further questioning in order to fill the information gaps. (i.e. obtain information relevant to achieve a norm or norms that have not yet been achieved). The feedback to the supervisor may signal a specific information gap (e.g. emotional conditions that need to be created in a time interval leading to an answer, forms of behavior that still need to be observed, the need to create more cognitive pressure), or provide an overview of such gaps. This may help the supervisor direct the questioning and relevant contextual factors so that the parameters of the biometric behavior template can be set, or their reliability can be increased to a predetermined level. The supervisor may respond to the feedback for example by increasing cognitive pressure by creating distractions, or asking more questions about a same complex of facts that require more thinking from the user.

    [0047] For example, enrollment device 12 may be configured to determine a norm whether or not the user was under more than a predetermined threshold cognitive pressure during any of the answers. The absence of cognitive pressure above this threshold signals that the behavior template does not yet contain behavior information that describes the user's behavior when under cognitive pressure. For specific applications, this can be considered an information gap which causes a poor quality, or incomplete, biometric behavior template.

    [0048] The indication whether or not the user was under significant cognitive pressure may help the supervisor decide to pose more difficult questions, or alter contextual factors, such as by creating distractions, in order to reduce the information gaps. This process can be repeated until the biometric behavior template is of sufficient quality and complete. The same goes for other possible norms, such as the norm of a predetermined number of different observed emotions during lying or not lying, detection of a predetermined number of different forms of behavior.

    [0049] The feedback makes it possible to adjust the amount of questioning to avoid insufficient or unnecessary questioning.

    [0050] The enrollment device may comprise a programmable computer system and a computer program configured to cause the programmable computer system to perform any or all of these actions. In some embodiments, enrollment device 12 may be configured to perform part or all of the tasks of the supervisor automatically.

    [0051] For each answer, enrollment device 12 may form a set of values of measured biometric behavior properties of the user in a time interval in which the answer is given and or prepared. The set of values may be based on measurements at a single time point in the time interval, or on the evolution of the measurements of the measured biometric behavior properties during the time interval.

    [0052] In a second step 22 enrollment device 12 and/or physical information carrier 16 determine parameters for computation classifications or likelihoods of classifications based on the sets if values of measurements of the dependent biometric behavior properties and the input when the user answered questions and whether the user lied or not obtained in first step 21.

    [0053] As part of first or second step 21, 22 enrollment device 12 converts the sets of values of biometric behavior properties obtained at the time points or time intervals of the answers into machine independent sets of values of measurement data. For biometric behavior properties like eye blinking rate, no conversion may be needed to obtain machine independent measurement data, but for other properties enrollment device 12 may need to use calibration data to obtain device independent data. Next, enrollment device 12 and/or physical information carrier 16 determines parameters for computation of classifications or likelihoods or similar score of classifications that will classify the machine independent set of value measurement data, according to the input whether the user lied or not, or that will optimize likelihood scores according to this input. In an embodiment, the classification parameters may be determined using the different answers as independent training examples.

    [0054] The method of determining the parameters depends on the classification method that will be used. For example, if support vector machine classification will be used, the machine independent measurement data may be binned according to a predetermined feature dictionary and support vectors may be determined. If a neural network will be used, a known neural network training method may be used. In other embodiments clustering may be used.

    [0055] Furthermore, enrollment device 12 may perform a user identification process, to obtain an identification of the user, which is associated with user identification information. Alternatively, enrollment device 12 or physical information carrier 16 may derive user identification information directly from measurements performed on the user.

    [0056] In a third step 23, enrollment device 12 and/or physical information carrier 16 generates a machine independent biometrics behavioral template containing the parameters. In the embodiment wherein user identification information is derived, enrollment device 12 and/or physical information carrier 16 executes a fourth step 24 of storing the biometrics behavioral template in association with user identification information on physical information carrier 16.

    [0057] FIG. 3 shows a further process executed by any terminal 14 and physical information carrier 16 later, when the human user presents physical information carrier 16 at that terminal 14. The terminal 14 executes a sixth step 26, of measuring time dependent biometric behavior properties of the user during one or more time intervals, using biometric behavior sensing device 144. As in the case of the steps performed by enrollment device 12, the input may involve human supervisor, which asks one or more questions from the user and provides input to terminal 14 indicating time point(s) or time interval(s) wherein the user answers the questions. Like enrollment device 12 in first or second step 21, 22, terminal 14 converts the biometric behavior properties into a set of values of biometric behavior properties, each obtained at the time point or time interval of a respective answers. Each set of values may be converted into machine a set of values of independent measurement data of biometric behavior. As used herein this machine independent biometric behavior measurement data will be said to be associated with the answer. Physical information carrier 16 or terminal 14 may generate an identifier for the answer, thus associating the identifier of the answer with the machine independent biometric behavior measurement data. The identifier for the answer is preferably made unique among all answers given in any answering session in which the physical information carrier 16 of the same user is used. In one example, the identifier for the answer comprises an identifier of the user, or the physical information carrier 16 and a time stamp of the answer.

    [0058] Preferably, in sixth step 26 the identity of the user is also determined. This may be done by inputting a password (e.g. pin code) and verifying that this password is a password that has been defined for the user. Preferably, a biometric identification is performed to verify that the person that presents physical information carrier 16 is the user for which the biometric behavior template has been generated. Sixth step 26 may comprise a sub-step wherein terminal 14 or physical information carrier 16 verifies an identity of the user, for example by using biometric identification data measured by terminal 14 in sixth step 26 and comparison of the measured biometric identification data with the biometric identification data stored in physical information carrier 16.

    [0059] In a seventh step 27, terminal 14 and/or physical information carrier 16 computes a likelihood or similar score value and/or determines a classification from the set of values of machine independent measurements of biometric behavior properties, under control of the parameters defined by the biometrics behavioral template stored in association with the verified user.

    [0060] In an embodiment terminal 14 transmits the set of values for a question to physical information carrier 16 and the processor of physical information carrier 16 computes the likelihood or similar score value and/or determines a classification of the set of values using values of the parameters of the machine independent biometrics behavioral template from the memory of physical information carrier 16, without transmitting these values to terminal 14. In this way it is ensured that the value of the parameters of the machine independent biometrics behavioral template will not become known to terminal 14.

    [0061] Alternatively, this may be ensured by performing different steps of the computation in terminal 14 and physical information carrier 16 respectively, wherein steps that involve access to information that discloses the value of the parameters or the classifications for which these parameters are used are performed by the processor of physical information carrier 16. Alternatively, this may be ensured by transmitting encrypted values of the parameters from physical information carrier 16 to terminal 14, and decrypting these values and performing computations of the likelihood or similar score value and/or classification using these values in a secured processor of terminal 14, or using a computation using the encrypted values (e.g. by means of a secure comparison protocol, and/or homomorphic encryption etc.). In the later alternative, the secured processor may alternatively be remote from terminal 14.

    [0062] To facilitate encryption in this alternative, terminal 14 may first assign labels from a predetermined class of labels from a predetermined set of labels to the observed behavior and transmit encrypted information about the assigned labels. The secured processor computes the likelihood or similar score value and/or determines a classification of the set of values using values of the parameters of the machine independent biometrics behavioral template using the encrypted labels.

    [0063] In an eight step 28, terminal 14 and/or physical information carrier 16 returns the likelihood or similar score value and/or a classification to the terminal 14. In a ninth step 29 terminal 14 executes an action based on the statement input in sixth step 26 and the likelihood or similar score value and/or a classification received in eight step 28. Alternatively, or in addition terminal 14 may be configured to generate an electronic certificate, linked to the statement wherein the likelihood or similar score value and/or a classification is recorded. The statement my be an electronic audio or video recording of speech of a person for example. The terminal may be configured to use a one way function or a cryptographic key based linking method to make subsequent tampering with the statement and/or the electronic certificate detectable. Methods of linking an electronic certificate to data in such a way are known per se.

    [0064] When an experienced interrogator uses terminal 14 to question the user, it may be preferable to have a possibility to obtain likelihood or similar score value and/or classification for a plurality of different classes that relate to different aspects of the mental state of the user, which may be used as factors to determine whether the user believes that his or her answer is true. For example the classes may comprise a class of biometric behavior measurement values that are known to occur when the user hesitates, a class of biometric behavior measurement values that are known to occur when the user is tired, a class of biometric behavior measurement values that are known to occur when the user is angry, a class of biometric behavior measurement values that are known to occur when the user is solving a problem etc. The experienced interrogator may use information about such classifications to form his or her own opinion about lying by users with which the interrogator is not familiar. Optionally, the biometric behavior template may be dependent on the result of one or more of these classifications, and these results may also be used as input for the biometric behavior classification to determiner whether or not the measurements of the biometric behavior properties is in a class corresponding to the mental state of lying by the person.

    [0065] In an alternative embodiment, terminal may be configured to select a suggestions from a predetermined set of interrogation strategies or from a predetermined set of types of questions based on such classification into such different classes, and output the selected suggestion to an inexperienced interrogator. This may be used to assist in bringing the interrogated person into a mental state wherein a subsequent state of believing or not believing the statement can be more reliably detected.

    [0066] In an embodiment, terminal 14 and/or physical information carrier 16 may be configured to compute likelihood or similar score value and/or determine a classification for a plurality of such different classes, using values of the parameters of the machine independent biometrics behavioral template from the memory of physical information carrier 16.

    [0067] In an embodiment, enrollment device 12 may be configured to operate as terminal 14 as well and vice versa at least some of terminals 14 may be configured to operate as enrollment device 12 as well. However, the same biometrics behavioral template in physical information carrier 16 may be used in all terminals. Terminals 14 are configured to operate independent on whether the biometrics behavioral template was obtained using measurements at the same terminal operating as enrollment device 12 or by another enrollment device 12.

    [0068] In a further embodiment, it is made possible to use later obtained information whether the user lied or not when giving an answer to update the biometric behavior template. To do so, the set of values of machine independent biometric behavior measurement data associated with the answer is stored in association with the identifier of the answer, e.g. physical information carrier 16 or in central server 10. Later, when information is received that the answer was a lie or not, that information is also stored in association with the identifier of the answer, e.g. in central server 10.

    [0069] Subsequently, when physical information carrier 16 is presented to an enrollment device 12 or a terminal 14, the enrollment device 12 or terminal 14 receives the information that the answer was a lie or not and, if not stored in physical information carrier 16, the behavior measurement data associated with that answer. In a step similar to third step 23 of FIG. 2, the biometric behavior template in physical information carrier 16 is updated using the information that the answer was a lie or not and the set of values of behavior measurement data associated with that answer. Further information such as the values of the parameters of the biometric behavior data stored in physical information carrier 16 may be used as well. Preferably, physical information carrier 16 stores more information for this purpose in addition to the template. For example, physical information carrier 16 may store machine independent sets of values biometric behavior measurement data associated with all answers, or with a number of most recent answers for use in the update. As another example, physical information carrier 16 may store indications of weight values to be given to the existing biometric behavior template and the new information.

    [0070] In an embodiment, terminals 14 that are configured to trigger such updates are configured to do so when a physical information carrier 16 is presented, by requesting central server 10 to send the information that one or more answers that were given in sessions using that physical information carrier 16 were a lie or not and, if not already stored on physical information carrier 16, the sets of values behavior measurement data associated with those answers. Subsequently, such a terminal 14 and/or physical information carrier 16 executes the update the biometric behavior template in physical information carrier 16 using the received information.

    [0071] FIG. 4 shows a flow-chart of operation of a terminal 14 according to this embodiment. In a first step 41, terminal 14 detects the presentation of and physical information carrier 16 preferably verifies the identity of the user, e.g. based on biometric identification data from physical information carrier 16. In a second step 42, terminal 14 sends a message to central server 10, requesting information that one or more answers that were given in sessions using that physical information carrier 16 were a lie or not and the set of values of behavior measurement data associated with those answers. In a third step 43, terminal 14 receives a response to the message. If the response provides such information, terminal 14 and/or physical information carrier 16 executes a fourth step 44, similar to third step 23 of FIG. 2, and updates the parameters of the biometric behavior template in physical information carrier 16.

    [0072] The method of updating the parameters depends on the classification method that will be used. For example, if support vector machine classification is used updated support vectors may be determined. If a neural network is used, a known neural network training method may be used. In other embodiments clustering may be used. If physical information carrier 16 stores machine independent biometric behavior measurement data associated with all previous answers and indications whether the used lied or not in at least part of the answers, the update may involve a fresh determination of the parameters.

    [0073] After the process of FIG. 4, the terminal may proceed with the process of FIG. 3, using the updated parameters of the biometric behavior template.

    [0074] Storage of the machine independent biometric behavior measurement data associated with different answers and the parameters of the biometrics behavior template in physical information carrier 16 has the advantage that it is easy to ensure that no unauthorized access to this information is possible. In other embodiments part or all of this information may be stored elsewhere, e.g. in encrypted form. In that case, the information may be downloaded to terminal 14 and decrypted, used and disposed of under control of the user, e.g. in response to biometric identification of the user.

    [0075] Preferably, it is prevented that biometric behavior measurement data on one hand and classifications that have been associated with such data for training, or in the biometric behavior template on the other hand are not stored in the same storage device, or at storage devices where they can be accessed both without an act from the person. If the biometric behavior measurement data of examples for a user is stored in a storage device of server 10, the classifications associated with these examples is preferably stored elsewhere, where they cannot be accessed without an act from the person, e.g. in physical information carrier 16. Similarly, if the biometric behavior template provides for classes corresponding to lying and not lying, all or part of the parameters of the template may be stored in a storage device of server 10, and the classes associated with these examples are preferably identified elsewhere, where they cannot be accessed without an act from the person, e.g. in physical information carrier 16.

    [0076] In other embodiments terminal 14 may send the machine independent biometric behavior measurement data associated with an answer to central server 10, and the server may be configured to perform seventh step 27 of the process FIG. 3 computes a likelihood or similar score value and/or determines a classification from the machine independent measurements, under control of the parameters defined by the biometrics behavioral template stored in association with the verified user. In this case, the server does not need information about the content of the answer, or the question to which it was an answer. The server merely computes a likelihood or similar score value and/or determines a classification and returns the result to the terminal. However, use of a server can make it more difficult to ensure protection against unauthorized use of the data.

    [0077] Although embodiments have been described wherein terminals 14 have identical capabilities to measure values of biometric behavior properties, this is not indispensable. In an embodiment one or more advanced terminals may have one or more further sensors that are not present in the other terminals. Such advanced terminals may be configured to use initially a biometric behavior template prepared for the other terminals, recording, but ignoring, the measurements of the one or more further sensors. Subsequently, the process described with reference to FIG. 4 may be used to prepare a further biometric behavior template that involves measurements of the one or more further sensors and store this further biometric behavior template in the user domain storage device. The advanced terminals may be configured to use the further biometric behavior template when it is available.

    [0078] More generally, in an embodiment, a plurality of biometric behavior templates for different combination of sensors may be stored in the user domain storage device. In this embodiment, at least one of the terminals may be configured to select one of the stored biometric behavior templates for use in the process to classify and/or compute a score function as described with reference to FIG. 3. Said at least one of the terminals may be configured to do so based on the combination of biometric behavior sensors that is available in the terminal, so that a stored biometric behavior template is selected that requires only measurements from biometric behavior sensors that are available in the terminal, and preferably all of these biometric behavior sensors, or at least as many as possible of these biometric behavior sensors. To establish a plurality of biometric behavior templates for this purpose, the template generation process as described with reference to FIG. 2, and/or the update process as described with reference to FIG. 4, may be executed a plurality of times, each for measurements from biometric behavior from a different set or sub-set of the biometric behavior sensors that is available in part or all of the training examples.