1. Patent Search
  2. Details

IDENTITY VERIFICATION OR IDENTIFICATION METHOD USING HANDWRITTEN SIGNATURES AFFIXED TO A DIGITAL SENSOR

20220222954 · 2022-07-14

    Inventors

    Cpc classification

    International classification

    Abstract

    A method for identifying or for verifying the identity of a user, using a plurality, of previously acquired reference signature vectors, a handwritten signature of the user and at least one additional item of handwritten information linked to the user that arc affixed beforehand to an in particular mobile digital sensor, in which method: a) said handwritten signature of the user and said at least one additional item of information are fused in order to generate at least one test signature vector, b) said at least one test signature vector is compared with a plurality of said reference signature vectors, and c) a likelihood score is generated on the basis at least of this comparison in order to identify or to verify the identity of the user.

    Claims

    1. A method for identifying or verifying the identity of a user, using a plurality of previously acquired reference signature vectors, a handwritten signature of the user and at least one complementary handwritten piece of information related to the user, the handwritten signature of the user and the at least one complementary handwritten piece of information related to the user having been inscribed beforehand on a digital sensor, especially a mobile digital sensor, in which method: a) said handwritten signature of the user and said at least one complementary piece of information are merged to generate at least one test signature vector, b) said at least one test signature vector is compared to a plurality of said reference signature vectors, and c) on the basis at least of this comparison, a likelihood score is generated in order to identify or verify the identity of the user.

    2. The method as claimed in claim 1, wherein, a module being trained beforehand to learn said plurality of previously acquired reference signature vectors, said module is then trained to compare said test signature vector to a plurality of said reference signature vectors in order to generate the likelihood score.

    3. The method as claimed in claim 1, wherein the complementary pieces of information related to the user are the initials, last name, first name, date of birth, and/or place of birth of the user.

    4. The method as claimed in claim 1, wherein, when seeking to identify a user, especially the user of an on-line service or sales site, the reference signature vectors correspond to the signatures of various users, these signatures having been inscribed beforehand on a digital sensor and each having been merged with at least one complementary piece of information related to the corresponding user.

    5. The method as claimed in claim 1, wherein, when seeking to verify the identity of a user, the reference signature vectors correspond to various signatures inscribed beforehand by said user on a digital sensor, each signature having been merged with at least one complementary piece of information related to the user.

    6. The method as claimed in claim 2, wherein a reference identity is formed for the user from the reference signature vectors by learning a statistical model, especially by means of an expectation-maximization algorithm, especially comprising a number of states that is determined depending on the length of said reference signature vectors, each state especially being modeled by one or more Gaussian densities, and preferably by four Gaussian densities.

    7. The method as claimed in claim 6, wherein a handwritten signature of the user and at least one complementary piece of information are merged to generate a test signature vector, which is transmitted to the trained module to be compared with the reference identity of said user in order to generate a likelihood score of the identity of the user.

    8. The method as claimed in claim 2, wherein the trained module uses a hidden Markov model.

    9. The method as claimed in claim 2, wherein the trained module comprises one or more neural networks, and/or one or more decision trees, and/or one or more classifiers.

    10. The method as claimed in claim 1, wherein a computation of an elastic distance between the test signature vector and the reference signature vectors is used for their comparison.

    11. The method as claimed in claim 1, wherein the same type of complementary information is used to generate the reference signature vectors of a given user.

    12. The method as claimed in claim 1, wherein the handwritten signatures are merged with the complementary pieces of information by concatenation to generate the signature vectors.

    13. The method as claimed in claim 1, wherein the signature vectors correspond to handwritten signatures of a user merged with his initials, and/or with his last name and first name, and/or with his date of birth, and/or with his place of birth.

    14. The method as claimed in claim 1, in which the likelihood score takes the form of a probability, or of a numerical value, especially a discrete value, or of a letter.

    15. The method as claimed in claim 1, wherein the likelihood score is compared to one or more predefined thresholds in order to make a decision as to the identity of the user or as to the validity of his identification.

    16. The method as claimed in claim 1, wherein the digital sensor transmits the handwritten signatures and the complementary pieces of information to a database for them to be stored in order to be used for the comparison, especially using a secure protocol, especially the SFTP protocol.

    17. A method for learning signatures in order to identify or verify the identity of users, using at least one module to be trained and a plurality of handwritten signatures and of complementary handwritten pieces of information related to the users, the handwritten signatures and the complementary handwritten pieces of information related to the users having been inscribed beforehand on a digital sensor, especially a moveable digital sensor, in which method: a) at least one signature and at least one complementary piece of information are merged to generate a signature vector, and b) the module is trained to learn said signature vector.

    18. A device for identifying or verifying the identity of a user, using a plurality of previously acquired reference signature vectors, the device being configured to: a) merge a handwritten signature of the user and at least one complementary handwritten piece of information related to the user, the handwritten signature of the user and the at least one complementary handwritten piece of information related to the user having been inscribed beforehand on a digital sensor, especially a mobile digital sensor, in order to generate at least one test signature vector, b) comparing said at least one test signature vector to a plurality of said reference signature vectors, and c) on the basis at least of this comparison, generating a likelihood score in order to identify or verify the identity of the user.

    19. The device as claimed in claim 18, comprising or being connected to a database in which the handwritten signatures and the complementary pieces of information are stored, these having been transmitted beforehand by the digital sensor.

    20. The device as claimed in claim 18, comprising a module trained beforehand to learn said plurality of previously acquired reference signature vectors, said module then being trained to compare said test signature vector to a plurality of said reference signature vectors in order to generate the likelihood score.

    21. A computer program product for implementing the method for identifying or verifying the identity of a user as claimed in claim 1, the method using a plurality of previously acquired reference signature vectors, a handwritten signature of the user and at least one complementary handwritten piece of information related to the user, the handwritten signature of the user and the at least one complementary handwritten piece of information related to the user having been inscribed beforehand on a digital sensor, especially a moveable digital sensor, the computer program product comprising a medium and, stored on this medium, instructions that are readable by a processor so that, when said instructions are executed: a) said handwritten signature of the user and said at least one complementary piece of information are merged to generate at least one test signature vector, b) said at least one test signature vector is compared to a plurality of said reference signature vectors, and c) on the basis at least of this comparison, a likelihood score is generated in order to identify or verify the identity of the user.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0088] The invention will possibly be better understood on reading the following detailed description, of non-limiting examples of implementation thereof, and on examining the appended drawing, in which:

    [0089] [FIG. 1] illustrates steps of the identification or verification of the identity of a user according to the invention,

    [0090] [FIG. 2] shows examples of typical signatures classified into various types,

    [0091] [FIG. 3] shows quality-measurement values associated with the types of signatures in FIG. 2,

    [0092] [FIG. 4] shows the distribution of the values of a quality measure for various types of signature vectors, and

    [0093] [FIG. 5] to [FIG. 7] show performance results of the method according to the invention.

    DETAILED DESCRIPTION

    [0094] FIG. 1 illustrates an example of steps of the identification or verification of the identity of a user according to the invention, using a plurality of reference signature vectors previously acquired via inscription thereof on a digital sensor. The latter advantageously transmits the handwritten signatures and the complementary pieces of information to a database for them to be stored in order to be used in the method according to the invention, especially using a secure protocol, especially the SFTP protocol.

    [0095] In this example, in a step 11, a user inscribes, on a digital sensor, his handwritten signature and at least one complementary piece of handwritten information.

    [0096] In a step 12, said handwritten signature of the user and said at least one complementary piece of information are merged by concatenation to generate a test signature vector.

    [0097] In a step 13, the test signature vector thus generated is compared to a plurality of said reference signature vectors, and, in a step 14, on the basis at least of this comparison, a likelihood score is generated in order to identify or verify the identity of the user.

    [0098] As described above, the complementary pieces of information related to the users may be the initials, last name, first name, date of birth, and/or place of birth of the user.

    [0099] When seeking to identify a user, especially the user of an on-line site, the reference signature vectors correspond to the signatures of various users, these signatures having been inscribed beforehand on a digital sensor and each having been merged with at least one complementary piece of information related to the corresponding user.

    [0100] When seeking to verify the identity of a user, the reference signature vectors correspond to various signatures inscribed beforehand by said user on a digital sensor, each signature having been merged with at least one complementary piece of information related to the user.

    [0101] In one embodiment of the invention, a module is trained beforehand to learn said plurality of previously acquired reference signature vectors, said module being then trained to compare said test signature vector to a plurality of said reference signature vectors in order to generate the likelihood score. This trained module may be such as described above.

    [0102] As a variant, a computation of an elastic distance between the test signature vector and the reference signature vectors is used for their comparison.

    [0103] Preferably and in the example in question, the likelihood score is compared to one or more predefined thresholds in order to make a decision as to the identity of the user or as to the validity of his identification.

    EXAMPLE 1

    Identity Verification

    [0104] In a first example, the identity of a user must be ascertained. When enrolling the latter, for example during the creation of his customer account, he is asked to inscribe, on a digital sensor, the following various types of personal information: handwritten signature, initials, last name and first name, date of birth and place of birth.

    [0105] Reference signature vectors are generated by concatenating the signature with the initials (SI), with the last name-first name (SN), with the date of birth (SD), with the place of birth (SL), with the date and place of birth (SDL), with the initials and date and place of birth (SIDL), and with the last name, first name and date and place of birth (NDL).

    [0106] A reference identity may thus be formed for the user from these reference signature vectors by learning a statistical model of a module trained beforehand, for example by means of an expectation-maximization algorithm, comprising a number of states that is determined depending on the length of said reference signature vectors, each state being modeled by four Gaussian densities in the example in question.

    [0107] During the verification, the user inscribes, on a digital sensor, his handwritten signature, and the same complementary pieces of information: initials, last name and first name, date of birth and place of birth, in order to create at least one test signature vector, which is transmitted in a secure way to a server. The module is then trained to compare said test signature vector to the reference identity of the user in order to generate a likelihood score. Depending on the predefined threshold, which in this example is set by a trusted third party, the user's identity is accepted or rejected.

    EXAMPLE 2

    Identification

    [0108] In a second example, regarding identification of a user on an on-line service or sales site, this user inscribes, on a digital sensor, his handwritten signature and one or more complementary pieces of information, which are then concatenated to create a reference signature vector.

    [0109] The latter is then compared, according to the invention, with reference signature vectors corresponding to various users and acquired and stored beforehand, in order to verify whether the user is part of the population stored in a database linked to this on-line site.

    EXAMPLE 3

    Validation of the Invention

    [0110] We will now describe an example of demonstration of the effectiveness of the invention. In this example, 173 individuals inscribed their handwritten signature on a mobile digital sensor, in the present case an iPad tablet, as well as various complementary pieces of information, such as their initials and their first and last name. 74 users among the 173 also inscribed their date and place of birth. To show the reliability achieved via these pieces of information in terms of security and especially of vulnerability to attacks, dynamic signature forgeries were furthermore generated after analyzing the target signatures in terms of course and speed. Such dynamic signature forgeries are considered in the literature to be the strongest type of attack.

    [0111] A statistical quality measure, personal entropy, was used to measure the quality of the various types of authentic signatures of each individual. The validity of this measurement, which quantifies the complexity and the stability of a signature, has especially been demonstrated in the article by N. Houmani and S. Garcia-Salicetti “Quality criteria for on-line handwritten signature”, in “Signal and Image Processing for Biometrics”, Lecture Notes in Electrical Engineering, Eds: J. Scharcanski, H. Proenca and E. Du; Publisher Springer, 292: 255-283, 2014. An ascending hierarchical classification was applied to the quality measures associated with all of these types of signatures, and their behavior in terms of performance in the resulting categories was analyzed.

    [0112] An identity verification system such as described in patent application FR 2 893 733 was used to evaluate the effectiveness of the method according to the invention. This system used a statistical HMM trained using normalized reference values, and determined an authentication score.

    [0113] FIG. 2 shows examples of typical signatures for various categories of personal entropy generated from the database of 173 individuals, and FIG. 3 shows the personal-entropy values associated therewith.

    [0114] The signatures shown in row (a) of FIG. 2 are considered to have a high personal entropy, i.e. they are rather short and simple (more like initials than a signature in appearance), and are thus very variable, as shown in FIG. 3. These signatures are therefore considered problematic. In contrast, the signatures presented in row (c) of FIG. 2 are considered to have low personal entropy, i.e. they are rather long and complex, sometimes even resembling cursive writing, and are thus considered rather stable, as shown in FIG. 3. Between these two extreme categories, there is a category of transition in terms of complexity and variability: the category with medium personal entropy, as shown in row (b) of FIG. 2 and in FIG. 3. It will be noted that intra-class variability decreases with personal entropy.

    [0115] For each individual among the 74 individuals who also inscribed their initials, last name, first name, date and place of birth, the personal entropy of the following 5 types of signatures was measured: typical signature, initials, last name-first name, date and place of birth. Furthermore, 7 “hybrid” vectors generated by concatenation were considered: typical signature merged with the initials (SI), with the last name-first name (SN), with the date of birth (SD), with the place of birth (SL), with the date and place of birth (SDL), with the initials and date and place of birth (SIDL), and with the last name, first name and date and place of birth (NDL).

    [0116] In this case, the personal entropy was based on statistical modeling of a set of vectors, of a single type among the 12 types mentioned above, using a hidden Markov model, trained here on 10 vectors of the same type. The number of states of this model depended on the total length of the vectors, and each state was modeled by 4 Gaussian densities. FIG. 4 shows the distribution of personal-entropy values for each type of vector.

    [0117] It will be noted that the “initials” type is the one with the highest personal-entropy values, this showing that this type is the simplest and the most variable, this being confirmed in FIG. 4. However, it will also be noted that, in this database of 74 users, some initials have low personal-entropy values, this being explained by the fact that some individuals inscribed 2, 3 or 4 letters by way of initials, sometimes linking them together in the manner of a short signature.

    [0118] It will be noted that the more the signature is enriched by the concatenation of complementary pieces of information, the more the personal entropy decreases: the complexity of the total information content is thus increased and variability decreased. The hybrid types of vectors SDL, NDL and SIDL are those that show the lowest values of personal entropy, and the lowest variance of the latter between individuals.

    [0119] For each of the 74 individuals and for each category of personal entropy (low, medium and high) the performance of the identity verification system was evaluated based on signature alone, then on the 7 other types of “hybrid” vectors described above.

    [0120] FIG. 5 and table 1 show the results for the high-personal-entropy category, corresponding to signatures considered to be problematic.

    TABLE-US-00001 TABLE 1 Typical Last name- Signature + Last Type signature Initials first name name-first name SI NDL SDL SIDL EER 7.17% 13.83% 4.33% 2.67% 4.83% 1.17% 0.17% 0.17%

    [0121] An equal error rate (EER) of 7.17% was obtained considering signatures alone, as may be seen in FIG. 5. A substantial decrease in performance was furthermore observed when individuals sign with their initials, even if their typical signature was already simple. This result thus confirms the vulnerability of initials to attacks, this vulnerability being predictable from the high personal-entropy values in FIG. 4.

    [0122] In contrast, a significant improvement in performance was observed when the signature was merged with last name and first name, this confirming the robustness to attacks of this type of hybrid vector, as shown in FIG. 4. Including information on date and place of birth clearly improved performance: this type of vector increased performance at the EER by 83.68% compared to the signature alone. The best results were obtained with the SDL and SIDL types: improvement of the order of 97.63% at the EER compared to the signature alone. However, the NDL type had a lower personal entropy than the SDL type, as may be seen in FIG. 4. This reveals that a ballistic gesture, even a simple one, when it is combined with alphanumeric information, such as a date, and handwritten information, such as a place, is much more discriminating than a handwritten gesture combined with the same information, identity-related character being far more present in the ballistic gesture.

    [0123] Using a vector of SIDL type in, for example, documents of legal importance, would clearly improve the robustness of the authentication compared to the handwritten signature used alone. However, for high-personal-entropy signatures, this type of vector does not achieve much in terms of attack discrimination, compared to the SDL type. This may be explained by the fact that in this particular case, the individuals' high-personal-entropy signature is simple and very variable, and therefore very close to their initials.

    [0124] FIG. 6 and table 2 show the results for the low-personal-entropy category, corresponding to the signatures considered to be the most complex and the most stable.

    TABLE-US-00002 TABLE 2 Typical Last Signature + Last Type signature Initials name name-first name SI NDL SDL SIDL EER 6.93% 15% 7.07% 2.91% 4.06% 0% 0% 0%
    An EER of 6.93% was obtained considering the signatures alone, as may be seen in FIG. 6. The general trend observed in FIG. 4 for the low-personal-entropy category is also confirmed. However, it will be noted that the signature alone gives a performance comparable to that of last name and first name, which is much more complex. This confirms the importance of the ballistic gesture in the verification of identity of individuals, above all when the typical signature is very complex. It will be noted that, for this category of personal entropy, adding the date and place of birth clearly improves performance, with 0% error at the EER. Thus, by virtue of the invention, it is possible to increase the robustness of a signature to attacks, even if it is already robust by virtue of its original properties.

    [0125] FIG. 7 and table 3 show results for the medium-personal-entropy category.

    TABLE-US-00003 TABLE 3 Typical Last name- Signature + Last Type signature Initials first name name-first name SI NDL SDL SIDL EER 5.93% 16.07% 5.97% 2.3% 3.33% 0.47% 0.4% 0.5%
    The results for this category confirm those already announced above. It will be noted that, for this category, the SDL type is the one that provides the best performance. This result is close to that obtained with the high-personal-entropy category.

    [0126] The invention thus allows a good performance to be achieved under mobile and uncontrolled conditions, it providing error rates comparable to those obtained on graphics tablets under controlled conditions.

    [0127] Of course, the invention is not limited to the examples that have just been described. In particular, any other type of complementary pieces of information related to users, merging and comparing methods, and learning and training models may be used.

    Applications of the Invention

    [0128] The invention is aimed at applications in which digital identity is tested.

    [0129] The method according to the invention may be used in on-line commerce and sales, especially in order to reinforce a password with an on-line signature when creating a customer account with a commerce site. Any order may subsequently be validated with the handwritten signature on-line to ensure the identity of the customer.

    [0130] The invention could also be of interest to public services, especially in respect of tax declarations, the payment of fines, on-line health-insurance accounts (e.g. Ameli in France), the issuance of driving licenses, on-line pension accounts and TFSAs, and of the services of the post office, such as redirection or on-line parcel tracking. Most of these services are already available on-line, especially through the Internet site “FranceConnect” in France, and thus need to be highly secure.

    [0131] The invention may be used in the context of legal and notarial services, especially to sign digital documents.

    [0132] Banking applications could use the methods according to the invention, especially to sign on-line or dematerialized contracts. The invention may also be used in the context of payment of bills on-line, for example for electricity, gas, school canteens or extracurricular activities.

    [0133] In the field of collection and/or delivery of letters and parcels, operators such as La Poste, DHL, UPS, Fedex, etc., already use digital platforms to acquire a handwritten signature on-line during deliveries. Automatic identity verification could be implemented by virtue of the invention.

    [0134] The invention may be used in the context of parental control on platforms connected to the Internet at home or at school.

    [0135] The contribution of the invention is all the greater given that more and more applications deployed on a large-scale require user enrolment to be carried out remotely and/or under uncontrolled mobile conditions.