TWM483471U - An authorization system based on eye movement behavior - Google Patents

An authorization system based on eye movement behavior Download PDF

Info

Publication number
TWM483471U
TWM483471U TW103203918U TW103203918U TWM483471U TW M483471 U TWM483471 U TW M483471U TW 103203918 U TW103203918 U TW 103203918U TW 103203918 U TW103203918 U TW 103203918U TW M483471 U TWM483471 U TW M483471U
Authority
TW
Taiwan
Prior art keywords
authorization
eye movement
user
movement behavior
behavior
Prior art date
Application number
TW103203918U
Other languages
Chinese (zh)
Inventor
Hong-Fa Ho
Original Assignee
Univ Nat Taiwan Normal
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Nat Taiwan Normal filed Critical Univ Nat Taiwan Normal
Priority to TW103203918U priority Critical patent/TWM483471U/en
Publication of TWM483471U publication Critical patent/TWM483471U/en

Links

Landscapes

  • User Interface Of Digital Computer (AREA)

Abstract

This utility model provides an authorization system based on eye movement behavior, which offers a user to watch the user's preset visual stimulus materials, and detects the user's eye movement behavior, after that, compares the user's eye movement behavior and the authorization rules set corresponding to the visual stimulus materials, so that determines whether to get an authorization command, and if the eye movement behavior falls in an allowable error range of the authorization rules set, then getting the authorization command. Finally, the corresponding authorization content is provided according to the authorization command. By the authorization mechanism based on eye movement behavior of this utility model, the disadvantage of a manner of alphanumeric characters as password might be stolen can be reduced, and the authorization rule and protection mechanism with more variations can be provided.

Description

基於眼動行為之授權系統Authoritative system based on eye movement behavior

本創作是有關於一種授權機制,更詳而言之,是關於一種基於眼動行為之授權系統。This creation is about an authorization mechanism, and more specifically, an authorization system based on eye movement behavior.

現有常見的授權資訊輸入方法,多半是使用鍵盤、滑鼠或觸控螢幕上的觸控鍵盤,將作為授權資訊的數字、文字或符號輸入裝置或機器,當所輸入的字符與預設授權的字符相同時,則可通過驗證並取得授權,即可啟動裝置或執行裝置中對應的程序。The existing common authorization information input methods are mostly using a keyboard, a mouse or a touch keyboard on a touch screen, which will be used as a digital, text or symbol input device or machine for authorization information, when the characters entered are preset and authorized. When the characters are the same, the device or the corresponding program in the device can be activated by verifying and obtaining the authorization.

目前常用的授權機制可分為兩類,一種是採用非生理特徵,另一種是採用生理特徵。舉例來說,非生理特徵的例子可包括透過鍵盤、位置、眼動資訊、手勢、姿勢、卡片等方法來進行授權判斷,而生理特徵的例子可包括透過指紋、掌紋、眼睛虹膜、聲音等方法來進行授權判斷,但不管是生理特徵或非生理特徵的方法皆有使用上的缺陷。舉例來說,以輸入密碼的非生理特徵方法為例,在輸入密碼的過程中,如果遭受旁人窺視,則密碼有洩漏之虞,而藉由偵測鍵盤上殘留的指紋或溫度,也可容易竊取或複製 密碼。若以生理特徵作為判斷機制,例如最先進的虹膜識別,雖然不容易遭複製,但也無法確認人員是在具有自由意志的情況下來輸入授權資訊,例如人員被人挾持並迫使人員以其虹膜來進行授權,又或者以掌紋及指紋辨識來進行授權判斷,由於指紋及掌紋可被複製,同樣地,也無法確認人員是在具有自由意志的狀態下輸入授權資訊。因此,無論使用生理特徵或非生理特徵作為判斷依據,皆有可能遭竊取、複製或是在非自由意志下所作行為,因而使授權判斷上有所缺陷。At present, the commonly used authorization mechanisms can be divided into two categories, one is to adopt non-physiological characteristics, and the other is to adopt physiological characteristics. For example, examples of non-physiological features may include authorization determination by means of a keyboard, position, eye movement information, gestures, gestures, cards, etc., and examples of physiological features may include methods such as fingerprints, palm prints, irises of the eyes, sounds, and the like. Authorization judgment is made, but there are defects in use regardless of whether it is a physiological characteristic or a non-physiological characteristic. For example, taking the non-physiological feature method of inputting a password as an example, in the process of inputting a password, if a person peepes, the password may leak, and it is also easy to detect the fingerprint or temperature remaining on the keyboard. Stealing or copying password. If physiological characteristics are used as a judgment mechanism, such as the most advanced iris recognition, although it is not easy to be copied, it is impossible to confirm that the person enters authorization information with free will, for example, the person is held and forced to use his iris. Authorization, or palmprint and fingerprint identification for authorization judgment, since fingerprints and palm prints can be copied, similarly, it is impossible to confirm that the person inputs authorization information in a state of free will. Therefore, regardless of whether physiological or non-physiological features are used as the basis for judgment, it is possible to be stolen, copied, or acted under non-free will, thus making the authorization judgment defective.

如中華民國專利公開號第201317822號,其揭露一種視線追蹤密碼輸入方法以及使用該視線追蹤密碼輸入方法的裝置,其授權機制是依據人員眼睛對於輸入區中的數字、文字或符號的注視狀態,以判斷是否可取得授權,然而僅考量人員眼睛注視的文數字或符號,但未考量當輸入過程中眼睛移動的誤差情況。此外,美國專利公開號第20100017874號揭露一種位置感知授權系統及方法,由其說明書可知,該案提出藉由取得空間位置並與特定規則比對後,以判斷是否可取得授權,然而該授權機制僅考量位置關係,無法確認是否遭到盜用或是在具有自由意志情況下來的授權行為。For example, the Republic of China Patent Publication No. 201317822 discloses a method for inputting a line-of-sight tracking password and a device for using the line-of-sight tracking password input method, the authorization mechanism of which is based on the gaze state of a person's eyes on a number, a character or a symbol in an input area. In order to judge whether the authorization can be obtained, only the number or symbol of the person's eyes are considered, but the error of the eye movement during the input process is not considered. In addition, U.S. Patent Publication No. 20100017874 discloses a location-aware authorization system and method. As can be seen from the specification, the case proposes to determine whether an authorization can be obtained by obtaining a spatial location and comparing with a specific rule. Only considering the positional relationship, it is impossible to confirm whether it has been stolen or authorized in the case of free will.

綜上所述,為了防止旁人窺視或竊取使用者各類的授權資訊,特別是傳統密碼輸入方式,如文字、數字或符號等安全性較低的方式,並且減少人員在非自由意志下被迫執行授權,甚至在被迫執行授權下可被察覺,將為目前業 界亟待解決之議題。In summary, in order to prevent others from peeking or stealing various types of authorization information from users, especially the traditional password input methods, such as text, numbers or symbols, are less secure, and reduce the number of people forced by non-free will. Execution authorization, even when forced to execute authorization, can be detected, will be the current industry The issue to be resolved.

鑒於上述習知技術之缺點,本創作提出一種基於眼動行為之授權系統,降低密碼遭他人取得或非自由意識下的授權行為,藉此提升授權安全性。In view of the shortcomings of the above-mentioned prior art, the present invention proposes an authorization system based on eye movement behavior, which reduces the authorization behavior of passwords obtained by others or non-freely, thereby enhancing authorization security.

本創作之基於眼動行為之授權系統,係包括:顯示模組,係用於顯示使用者預設之視覺刺激材料以供該使用者觀看;眼動模組,係用於偵測該使用者觀看該視覺刺激材料之眼動狀態以產生眼動行為;判斷模組,係依據該視覺刺激材料取得相對應之授權規則集合,且比對該眼動行為與該授權規則集合,以於兩者相符時,產生授權指令;以及授權模組,係依據該授權指令提供對應之授權內容。The eye movement behavior-based authorization system of the present invention comprises: a display module for displaying a visual stimulus material preset by a user for viewing by the user; and an eye movement module for detecting the user Viewing the eye movement state of the visual stimulation material to generate an eye movement behavior; determining a module according to the visual stimulation material to obtain a corresponding set of authorization rules, and comparing the eye movement behavior with the authorization rule set, so as to When the match is made, an authorization command is generated; and the authorization module provides the corresponding authorization content according to the authorization instruction.

於一實施例中,該眼動行為包括該使用者對於該視覺刺激材料中之至少一興趣區(region of interest,ROI)之首次凝視時間長度(duration of first fixation,DFF)、首次凝視時間延遲(latency of first fixation,LFF)、總接觸時間(total contact time,TCT)、凝視次數(number of fixations,NOF)、跳視(saccades)、回視或其組合,以及該使用者對該視覺刺激材料中之該些興趣區間的眼動掃描路徑。In one embodiment, the eye movement behavior includes a first time of the first fixation (DFF) and a first gaze time delay of the user for at least one region of interest (ROI) of the visual stimulation material. (latency of first fixation, LFF), total contact time (TCT), number of fixations (NOF), saccades, retrospectives, or a combination thereof, and the user's visual stimuli The eye tracking path of the interest intervals in the material.

於另一實施例中,該授權規則集合包含複數授權路徑資料,該判斷模組將該授權路徑資料與一誤差值進行計算以產生該授權路徑資料的誤差範圍,並判斷在該誤差範圍內之眼動行為者為相符。In another embodiment, the authorization rule set includes a plurality of authorization path data, and the determining module calculates the authorization path data and an error value to generate an error range of the authorization path data, and determines that the error range is within the error range. The eye movements are consistent.

綜上所述,本創作之基於眼動行為之授權系統,利用 視覺刺激材料提供給使用者觀看並偵測使用者眼動行為,之後,取得與該視覺刺激材料相依之授權規則集合,並與所偵測到之眼動行為進行比對,以判定使用者是否取得授權,如此,避免習知文數字輸入可能遭旁人窺視及竊取的缺陷,更重要的是,降低人員在不具有自由意志的情況下輸入授權資訊的可能,且透過不同眼動行為或搭配其他非眼動資訊,將可提供不同授權內容的組合,如此將有效提升授權安全性及實用性。In summary, the creation of the eye movement behavior based authorization system, the use The visual stimulation material is provided to the user to view and detect the eye movement behavior of the user, and then obtain a set of authorization rules that are dependent on the visual stimulation material, and compare with the detected eye movement behavior to determine whether the user is Obtain authorization, so as to avoid the drawback that the digital input may be peeped and stolen by others, and more importantly, reduce the possibility of people entering the authorization information without free will, and through different eye movements or with other non-eyes. Dynamic information will provide a combination of different authorized content, which will effectively enhance the security and practicability of the license.

1‧‧‧基於眼動行為之授權系統1‧‧‧ Authorized system based on eye movement

11‧‧‧顯示模組11‧‧‧Display module

12‧‧‧眼動模組12‧‧‧ Eye Movement Module

13‧‧‧判斷模組13‧‧‧Judgement module

14‧‧‧授權模組14‧‧‧Authorization module

15‧‧‧儲存模組15‧‧‧ Storage Module

30‧‧‧台灣地圖30‧‧‧Taiwan map

31‧‧‧台北31‧‧‧ Taipei

32‧‧‧台中32‧‧‧ Taichung

33‧‧‧高雄33‧‧‧ Kaohsiung

34‧‧‧花蓮34‧‧‧Hua Lian

35至37‧‧‧路徑35 to 37‧‧ path

100‧‧‧螢幕100‧‧‧ screen

S21至28‧‧‧步驟S21 to 28‧‧ steps

第1圖係本創作之基於眼動行為之授權系統的系統示意圖;第2圖係說明本創作之基於眼動行為之授權方法的流程圖;以及第3圖係繪示本創作之眼動行為之具體實施例。Figure 1 is a schematic diagram of the system of the eye movement-based authorization system of the present creation; Figure 2 is a flow chart illustrating the authorization method of the eye movement based on the creation; and Figure 3 is a diagram showing the eye movement behavior of the creation Specific embodiment.

以下藉由特定的具體實施例說明本創作之實施方式,熟習此項技藝之人士可由本文所揭示之內容輕易地瞭解本創作之其他優點及功效。The embodiments of the present invention are described below by way of specific embodiments, and those skilled in the art can readily appreciate other advantages and functions of the present invention from the disclosure herein.

第1圖係本創作之基於眼動行為之授權系統的系統示意圖,如該圖所示,本創作之基於眼動行為之授權系統1包括:顯示模組11、眼動模組12、判斷模組13以及授權模組14。1 is a schematic diagram of a system of an eye movement based authorization system of the present invention. As shown in the figure, the eye movement behavior based authorization system 1 of the present invention comprises: a display module 11, an eye movement module 12, and a judgment module. Group 13 and authorization module 14.

顯示模組11係用於顯示使用者預設之視覺刺激材料以供該使用者觀看,其中,視覺刺激材料可為使用者預設 的時變或非時變之圖片、相片或影片,亦即會依據時間設定變化的圖片或者是靜態圖片,且該些視覺刺激材料可被儲存於基於眼動行為之授權系統1內之儲存模組15或與基於眼動行為之授權系統1所連接之遠端伺服器(圖未示),亦即視覺刺激材料可視需要存於基於眼動行為之授權系統1內或外部的其他設備。The display module 11 is configured to display a visual stimulus material preset by the user for viewing by the user, wherein the visual stimulation material can be preset by the user. a time-varying or non-time-varying picture, photo or video, that is, a picture or a static picture that changes according to time settings, and the visual stimulation materials can be stored in a storage mode in the eye movement behavior-based authorization system 1. The group 15 or a remote server (not shown) connected to the eye movement based authorization system 1, i.e., the visual stimuli, may optionally be stored in other devices within or external to the eye movement based authorization system 1.

眼動模組12係用於偵測使用者觀看視覺刺激材料之眼動狀態以產生眼動行為。具體來說,為了避免現有需輸入授權方式容易遭到密碼複製或竊取,也為了降低使用者在非自由意志下的授權輸入,因而本創作採用眼動行為作為授權判斷依據,因此,眼動模組12將偵測使用者觀看視覺刺激材料時的眼動狀態,並依據該眼動狀態產生使用者的眼動行為,以作為當下的授權資料。The eye movement module 12 is used to detect the eye movement state of the user viewing the visual stimulation material to generate eye movement behavior. Specifically, in order to avoid the existing need to enter the authorization method is easy to be copied or stolen by the password, and also to reduce the user's authorized input under the non-free will, the author uses eye movement behavior as the basis for authorization judgment, therefore, the eye movement mode The group 12 will detect the eye movement state when the user views the visual stimulation material, and generate the user's eye movement behavior according to the eye movement state as the current authorization material.

判斷模組13係依據該視覺刺激材料取得相對應之授權規則集合,且比對該眼動行為與該授權規則集合,以於兩者相符時產生授權指令。其中,授權規則集合可包含複數授權路徑資料,亦即不同授權路徑資料可提供不同授權內容,因此,判斷模組13會先比對眼動行為與授權規則集合,以於兩者相符時依據各授權路徑資料產生對應之授權指令。The determining module 13 obtains a corresponding set of authorization rules according to the visual stimulation material, and generates an authorization instruction when the eye movement behavior and the authorization rule set are matched to match the two. The authorization rule set may include multiple authorization path data, that is, different authorization path data may provide different authorization contents. Therefore, the judgment module 13 compares the eye movement behavior and the authorization rule set first, so as to match the two according to each The authorization path data generates a corresponding authorization instruction.

授權模組14係依據授權指令提供對應之授權內容,舉例說明,第一授權指令對應之第一授權內容為授予使用者全部的存取權限,例如使用者提款金額無上限,而第二授權指令對應之第二授權內容則為授予使用者部分的存取權 限,例如使用者提款金額有上限值為10000元。換言之,可依據各種眼動行為所對應之不同授權路徑資料得到不同授權指令,之後依據不同授權指令可取得不同授權內容,需說明者,授權內容不以上述之實施例為限。The authorization module 14 provides corresponding authorization content according to the authorization instruction. For example, the first authorization content corresponding to the first authorization instruction is to grant the user all access rights, for example, the user withdrawal amount has no upper limit, and the second authorization The second authorized content corresponding to the instruction is the access granted to the user part For example, the user withdrawal amount has an upper limit of 10,000 yuan. In other words, different authorization instructions may be obtained according to different authorization path data corresponding to various eye movement behaviors, and then different authorization contents may be obtained according to different authorization instructions. The content of the authorization is not limited to the above embodiments.

由上可知,本創作之基於眼動行為之授權系統1係利用顯示模組11顯示使用者預設之視覺刺激材料之資訊,再經由眼動模組12偵測使用者眼動行為,接著,判斷模組13會檢查眼動行為與視覺刺激材料對應之授權規則集合是否相符,並依據眼動行為決定該給予的授權指令,最後,由授權模組14依據授權指令提供對應的授權內容。As can be seen from the above, the eye movement behavior-based authorization system 1 of the present invention uses the display module 11 to display the information of the visual stimulus material preset by the user, and then detects the eye movement behavior of the user through the eye movement module 12, and then, The judging module 13 checks whether the eye movement behavior matches the set of authorization rules corresponding to the visual stimulation material, and determines the authorization instruction given according to the eye movement behavior. Finally, the authorization module 14 provides the corresponding authorization content according to the authorization instruction.

如此,使用者無需記憶繁瑣的文字、數字或符號作為輸入密碼,也降低輸入密碼時被竊取或複製的可能性,再者,若使用者在非自由意志下被迫輸入授權資料時,可透過不同眼動行為提供不同授權內容,以ATM提款來說,一般授權就是讓使用者領錢,若被挾持的情況下,使用者可輸入另一套眼動行為,此時雖然可領出錢,但系統將自動連線通知警察局,通知警察有特殊情況出現,如此將有助於即時彌補在非自由意志下被迫授權的損失。In this way, the user does not need to memorize the cumbersome characters, numbers or symbols as the input password, and also reduces the possibility of being stolen or copied when the password is input. Moreover, if the user is forced to input the authorization data under the non-free will, the user can Different eye movements provide different authorization content. In the case of ATM withdrawal, the general authorization is to let the user receive the money. If it is held, the user can input another set of eye movements. However, the system will automatically notify the police station to inform the police that there are special circumstances, which will help to immediately compensate for the loss of forced authorization under non-free will.

此外,授權規則集合除了包含複數授權路徑資料外,該授權規則集合更包括使用者帳號、密碼、生理特徵、日期或時間之非眼動資訊。具體來說,除了不同授權路徑資料可提供不同授權結果,也可搭配一些非眼動資訊來進行組合。因此,判斷模組13會先比對眼動行為與授權規則集合是否吻合,若是,再搭配使用者所輸入之非眼動資訊進 行授權判斷。In addition, the authorization rule set includes, in addition to the plurality of authorization path data, the authorization rule set further includes non-eye movement information of the user account, password, physiological feature, date or time. Specifically, in addition to different authorization path data can provide different authorization results, it can also be combined with some non-eye movement information. Therefore, the judging module 13 first compares the eye movement behavior with the authorization rule set, and if so, matches the non-eye movement information input by the user. Authorization judgment.

另外,由於本系統是透過眼動行為來進行授權判斷,然使用者之眼動狀態並無法穩定或完全無誤的在路徑上移動,故判斷模組13會將授權路徑資料與一誤差值進行計算以產生授權路徑資料的誤差範圍,之後在判斷過程中,將在誤差範圍內之眼動掃描路徑判定為相符,如此可避免微小路徑差異導致判斷錯誤的情況,此誤差值是可由系統提供者自行設定。In addition, since the system performs the authorization judgment through the eye movement behavior, and the eye movement state of the user cannot be stably or completely moved on the path, the judgment module 13 calculates the authorization path data and an error value. In order to generate the error range of the authorized path data, and then in the judgment process, the eye movement scanning path within the error range is determined to be consistent, so that the small path difference can be avoided to cause the judgment error, and the error value can be determined by the system provider. set up.

為了讓眼動行為有更多彈性和變化,使用者可預先設定眼動行為為連續或非連續,具體來說,若為非連續者則使用者之視線可離開視覺刺激材料一段時間後再返回,離開視覺刺激材料的過程將不會被判定為眼動行為,反之,若為連續者,則使用者需持續將視線停留在視覺刺激材料上。In order to make the eye movement behavior more flexible and change, the user can preset the eye movement behavior to be continuous or discontinuous. Specifically, if it is a non-continuous, the user's line of sight can leave the visual stimulation material for a period of time before returning. The process of leaving the visual stimulating material will not be judged as eye movement behavior, and if it is continuous, the user should continue to keep the line of sight on the visual stimulation material.

此外,眼動行為還可將使用者對於視覺刺激材料中之至少一興趣區的狀態以及使用者對視覺刺激材料中之該些興趣區間的眼動掃描路徑加以考量,亦即考量該至少一興趣區之首次凝視時間長度、首次凝視時間延遲、總接觸時間、凝視次數、跳視、回視或其組合,亦即可停留多久、可延遲多久後移動、視線移至該興趣區的次數或興趣區的個別停留時間或總停留時間。此外,除了各個興趣區的停留狀態外,還考量使用者在自訂的多個興趣區之間視線移動所產生之眼動掃描路徑,例如使用者自訂出要先由興趣區A至興趣區B,最後要前進至興趣區C,如此,視線從 興趣區A經興趣區B到興趣區C之移動的眼動狀態,即可稱之為眼動掃描路徑,其可搭配上述對各興趣區的停留狀態一併作為授權考量,舉例來說,前述的跳視和回視就是使用者在視線移動時所產生之眼動掃描路徑的不同變化。上述各種變數應用,後面將有具體範例說明。In addition, the eye movement behavior may also consider the state of the at least one region of interest in the visual stimulating material and the eye movement scanning path of the user in the interest stimulating material, that is, the at least one interest is considered. The length of the first gaze time, the first gaze time delay, the total contact time, the number of gaze, the saccade, the squint, or a combination thereof, how long it can stay, how long it can be delayed, the number of times the line of sight moves to the area of interest or interest Individual residence time or total residence time of the district. In addition, in addition to the staying state of each interest area, the eye movement scanning path generated by the user's line of sight movement between the plurality of custom interest areas is also considered, for example, the user has to customize the interest area A to the interest area first. B, finally go to the interest area C, so, the line of sight from The eye movement state of the interest area A through the movement of the interest area B to the interest area C may be referred to as an eye movement scanning path, which may be used together with the above-mentioned staying state of each interest area as an authorization consideration, for example, the foregoing The saccade and backsight are the different changes in the eye tracking path that the user produces when the line of sight moves. The various variable applications described above will be described later with specific examples.

另外,為了方便使用者知悉自己的眼動狀態,眼動模組12於偵測到使用者觀看視覺刺激材料之眼動狀態時,可依據使用者之眼動狀態在視覺刺激材料上呈現對應之圖形或文字,舉例來說,直線表示移動、圓形表示凝視、圓形半徑越大表示凝視時間越長、熱區圖、或其他形式的圖形或文字,如此使用者可透過觀看視覺刺激材料過程知悉自己的眼動狀態。In addition, in order to facilitate the user to know the state of the eye movement, the eye movement module 12 can display the corresponding eye movement state according to the user's eye movement state when detecting the eye movement state of the user viewing the visual stimulation material. Graphic or text, for example, a line indicating movement, a circle indicating gaze, a larger radius of the circle indicating a longer gaze time, a hot zone map, or other forms of graphics or text, so that the user can view the visual stimulus material process Know your eye movements.

需說明者,本創作所述之基於眼動行為之授權系統1可應用於許多領域,如手機登入的授權判斷、ATM提款的授權判斷,因而上述顯示模組11、眼動模組12、判斷模組13和授權模組14等可以軟體方式呈現,並搭配硬體達到運作效果,例如顯示模組11會連接一顯示螢幕進行資料顯示,眼動模組12會連接影像擷取器來達到影像擷取等,故上面說明中省略了一些電子設備必要元件,例如處理器、記憶體等。It should be noted that the eye movement behavior-based authorization system 1 described in the present application can be applied to many fields, such as authorization judgment of mobile phone login, authorization judgment of ATM withdrawal, and thus the display module 11 and the eye movement module 12, The judging module 13 and the authorization module 14 can be presented in a soft manner and matched with a hardware to achieve a working effect. For example, the display module 11 is connected to a display screen for data display, and the eye movement module 12 is connected to the image capturing device to achieve Image capture, etc., so some of the necessary components of the electronic device, such as a processor, a memory, etc., are omitted from the above description.

第2圖係說明本創作之基於眼動行為之授權方法的流程圖。此授權方式是提供使用者透過其觀看視覺刺激材料的眼動行為來決定是否授權。Figure 2 is a flow chart illustrating the authoritative method of eye movement based on this creation. This authorization method is to provide the eye movement behavior through which the user views the visual stimulation material to determine whether or not to authorize.

於步驟S21中,於使用者要求取得授權時開始執行授 權判斷,例如,使用者在ATM進行提款時,先選擇欲執行作業的選項。In step S21, when the user requests authorization, the execution of the authorization is started. The right judgment, for example, when the user makes a withdrawal at the ATM, first selects an option to execute the job.

於步驟S22中,係顯示使用者預設之視覺刺激材料以供使用者觀看。其中,視覺刺激材料可為時變或非時變之圖片、相片或影片,亦即觀看圖片是否產生變化,此可依據使用者的需求預先設定。In step S22, the visual stimulus material preset by the user is displayed for the user to view. The visual stimulating material may be a time-varying or non-time-varying picture, photo or film, that is, whether the viewing picture changes, which may be preset according to the user's needs.

此外,視覺刺激材料可儲存於單機設備中或儲存在設備所連線之遠端伺服器。舉例來說,ATM密碼為了方便管理且讓使用者可在不同設備使用,故視覺刺激材料會存放於銀行架設的遠端伺服器內,以於需要時連線取得,並不會儲存在ATM單台設備中,反之,若授權機制僅用於單一設備,例如手機開機登入時,此授權機制是提供單機使用,故視覺刺激材料可直接儲存於手機內即可。In addition, the visual stimuli may be stored in a stand-alone device or stored at a remote server connected to the device. For example, for easy management and for users to use on different devices, the visual stimulus material will be stored in the remote server set up by the bank for connection when needed, and will not be stored in the ATM list. In the device, on the other hand, if the authorization mechanism is only used for a single device, for example, when the mobile phone is powered on, the authorization mechanism is provided for single use, so the visual stimulation material can be directly stored in the mobile phone.

於步驟S23中,係偵測使用者觀看視覺刺激材料之眼動狀態以產生眼動行為。在步驟S22中已提供視覺刺激材料給使用者後,使用者會透過觀看視覺刺激材料來進行授權資料輸入,此步驟即偵測使用者眼動狀態並取得眼動狀態過程中的眼動行為。In step S23, the eye movement state of the visual stimuli material is detected by the user to generate an eye movement behavior. After the visual stimulation material has been provided to the user in step S22, the user will perform authorization data input by viewing the visual stimulation material. This step detects the eye movement state of the user and obtains the eye movement behavior during the eye movement state.

於步驟S24中,係取得與視覺刺激材料相對應之授權規則集合。如前所述,授權規則集合是使用者預先設定的且如同視覺刺激材料,也是可儲存於單一設備或儲存於遠端伺服器中,授權規則集合是用於判斷眼動行為是否正確的依據。In step S24, a set of authorization rules corresponding to the visual stimulation material is obtained. As mentioned above, the set of authorization rules is pre-set by the user and is like a visual stimulus material. It can also be stored in a single device or stored in a remote server. The set of authorization rules is the basis for determining whether the eye movement behavior is correct.

詳言之,授權規則集合可包含複數授權路徑資料,藉 此提供不同授權路徑資料下可產生不同授權內容。更佳者,授權規則集合還包括非眼動資訊,例如使用者帳號、密碼、生理特徵、日期或時間等,如此,不同授權路徑資料和非眼動資訊的搭配組合,將可提供更多種變化的授權機制,例如,可設定每天半夜1點到6點無法進行授權,又或者當使用者輸入A帳號且眼動行為判斷正確時,則單次提款上限為一萬,若為B帳號且眼動行為正確時,則單次提款上限為十萬,換言之,經由多種非眼動資訊與各種授權路徑資料的組合,可提供不同的授權內容。In detail, the authorization rule set may include multiple authorization path materials, This provides different authorization content under different authorization path materials. More preferably, the authorization rule set also includes non-eye movement information, such as user account number, password, physiological characteristics, date or time, etc., so that a combination of different authorization path data and non-eye movement information will provide more kinds. The change authorization mechanism, for example, can be set to be authorized from 1 to 6 o'clock in the middle of the night, or when the user enters the A account and the eye movement behavior is judged correctly, the single withdrawal limit is 10,000, if it is the B account When the eye movement behavior is correct, the single withdrawal limit is 100,000. In other words, different authorization contents can be provided through a combination of various non-eye movement information and various authorization path materials.

於步驟S25中,係比對眼動行為與授權規則集合。若比對相符,則進至步驟S26,係獲得授權指令並依據授權指令提供對應的授權內容,之後,進至步驟S28,結束授權判斷流程。若比對不相符,則進至步驟S27,係獲得不可授權的訊息,並進至步驟S28,結束授權判斷。In step S25, the eye movement behavior and the authorization rule set are compared. If the comparison matches, the process proceeds to step S26, where the authorization command is obtained and the corresponding authorization content is provided in accordance with the authorization command, and then proceeds to step S28 to end the authorization determination process. If the comparison does not match, the process proceeds to step S27, where an unauthorizable message is obtained, and the process proceeds to step S28, where the authorization judgment is ended.

此外,為了降低使用者因眼動狀態無法持續穩定或完全無誤的情況,故授權路徑資料會與一誤差值進行計算以產生授權路徑資料的誤差範圍,在此誤差範圍內之眼動行為將判定為相符。In addition, in order to reduce the situation that the user cannot continue to be stable or completely error-free due to the eye movement state, the authorization path data is calculated with an error value to generate an error range of the authorized path data, and the eye movement behavior within the error range is determined. For the match.

再者,為了讓眼動行為有更有彈性,眼動行為可依需求預設為連續或非連續,非連續者可讓使用者視線離開視覺刺激材料一段時間後再返回,且眼動行為還考量使用者對於視覺刺激材料中興趣區的狀態以及視線於各興趣區間的眼動掃描路徑,亦即考量使用者對於該些興趣區之停留時間、延遲多久移動、視線移至興趣區的次數或整體停留 時間等,並考量使用者的視線在多個興趣區之間先後順序移動所產生之眼動掃描路徑。Furthermore, in order to make the eye movement behavior more flexible, the eye movement behavior can be preset as continuous or non-continuous according to the demand. The non-continuous person can let the user leave the visual stimulation material for a period of time before returning, and the eye movement behavior is still Considering the state of the user's interest zone in the visual stimuli and the eye tracking path of each interest interval, that is, considering the user's stay time for the AOI, how long the delay is moving, the number of times the line of sight moves to the AOI, or Overall stay Time, etc., and consider the eye movement scanning path generated by the user's line of sight moving sequentially between multiple regions of interest.

另外,為讓使用者知悉自己的眼動狀態,可於偵測使用者觀看視覺刺激材料之眼動狀態時,依據使用者之眼動狀態在視覺刺激材料上呈現對應之圖形或文字,藉此文字顯示或圖形變化代表移動、凝視或停留時間,如此使用者可清楚知道自己的眼動狀態。In addition, in order to let the user know the state of the eye movement, when the user views the eye movement state of the visual stimulation material, the corresponding graphic or text is presented on the visual stimulation material according to the eye movement state of the user. Text display or graphic changes represent movement, gaze or dwell time so that the user can clearly know their eye movements.

第3圖係繪示本創作之眼動行為之具體實施例。本實施例是授權判斷機制應用於ATM的授權驗證上。Figure 3 is a diagram showing a specific embodiment of the eye movement behavior of the present creation. In this embodiment, the authorization judgment mechanism is applied to the authorization verification of the ATM.

如該圖所示,當使用者至ATM欲進行授權判斷時,會先***自己的提款卡,之後ATM之螢幕100將顯示視覺刺激材料,於本實施例中,視覺刺激材料為台灣地圖30,配合台灣地圖30,使用者可預先產生對應授權規則集合,舉例來說,其中一個授權規則如下:視線於台北31凝視時間為3秒,接著移於台中32且凝視時間為2秒,接著經由路徑35至高雄33,且於高雄33凝視時間為4秒,最後,經由路徑36移動至花蓮34,且於花蓮34凝視時間為5秒,接著結束此授權規則。As shown in the figure, when the user wants to make an authorization judgment to the ATM, the ATM card will be inserted first, and then the ATM screen 100 will display the visual stimulation material. In this embodiment, the visual stimulation material is the Taiwan map 30. In conjunction with the Taiwan map 30, the user may pre-generate a corresponding set of authorization rules. For example, one of the authorization rules is as follows: the line of sight in Taipei 31 is 3 seconds, then moves to the center 32 and the gaze time is 2 seconds, then Path 35 to Kaohsiung 33, and the gaze time in Kaohsiung 33 was 4 seconds, finally, moved to Hualien 34 via path 36, and the gaze time in Hualien 34 was 5 seconds, and then the authorization rule was ended.

依據上述實施例中,授權規則集合中的興趣區為台灣地圖30上各個地點,例如台北31、台中32、高雄33和花蓮34,每一個興趣區可設定一個範圍,如圖上每個區域以虛線表示,亦即視線落於虛線範圍內即可判斷為注視該興趣區,興趣區之首次凝視時間於台北31為3秒、台中32為2秒、高雄33為4秒以及花蓮34為5秒,興趣區之總 接觸時間為3+2+4+5=14秒,興趣區之凝視次數為凝視台北1次、台中1次、高雄1次及花蓮1次,授權規則集合中的眼動掃描路徑為路徑35和路徑36,即進行授權時需有此路徑移動,跳視為視線不經由路徑自第一興趣區到達第二興趣區,舉例說明,使用者視線從台北31不經過任何路徑直接跳到台中32,回視則是假設授權規則集合為使用者視線自第一興趣區先移至第二興趣區,之後到第三興趣區,然而使用者的視線移動是從第一興趣區移至第二興趣區,接著回到第一興趣區後移至第二興趣區,最後到第三興趣區,如此,仍有滿足第一、第二、第三興趣區的順序,故可認定眼動行為與授權規則集合之授權路徑資料相符。以本實施例來說,原訂規則是由台北31到台中32後依序前進至高雄33和花蓮34,於判斷過程中,若使用者視線從台北31經台中32移至高雄33時,若有先返回台中32後又回到高雄33,最後移動到花蓮34,則因有完成四個興趣區的先後移動關係,故可判斷符合授權規則。需說明者,上述各種變化可視使用者習慣和需要搭配使用,本實施例僅是示例說明其中幾種眼動行為的變化,並非限制其實施類型。According to the above embodiment, the interest area in the authorization rule set is each place on the Taiwan map 30, such as Taipei 31, Taichung 32, Kaohsiung 33, and Hualien 34. Each of the interest areas may be set to a range, as shown in each area of the figure. The dotted line indicates that the line of sight falls within the dotted line and can be judged as gazing at the area of interest. The first gaze time of the area of interest is 3 seconds in Taipei 31, 2 seconds in Taichung 32, 4 seconds in Kaohsiung 33, and 5 seconds in Hualien 34. , the total area of interest The contact time is 3+2+4+5=14 seconds. The number of gaze in the interest zone is 1 time in Taipei, 1 in Taichung, 1 in Kaohsiung and 1 in Hualien. The eye tracking path in the authorization rule set is path 35 and Path 36, that is, when the authorization is performed, the path is required to be moved, and the jump is regarded as the line of sight from the first region of interest to the second region of interest without passing through the path. For example, the user's line of sight jumps directly from Taipei 31 to Taichung 32 without any path. The lookback is assuming that the set of authorization rules is that the user's line of sight moves from the first region of interest to the second region of interest first, and then to the third region of interest, but the user's line of sight movement is moved from the first region of interest to the second region of interest. Then, returning to the first interest area, moving to the second interest area, and finally to the third interest area, so that the order of the first, second, and third interest areas is still satisfied, so the eye movement behavior and authorization rules can be determined. The authorization path information of the collection matches. In this embodiment, the original rule is to proceed from Taipei 31 to Taichung 32 and then proceed to Kaohsiung 33 and Hualien 34. During the judgment process, if the user's line of sight moves from Taipei 31 via Taichung 32 to Kaohsiung 33, After returning to Taichung 32 and returning to Kaohsiung 33, and finally moving to Hualien 34, it is possible to judge the compliance with the authorization rules by completing the successive movements of the four regions of interest. It should be noted that the above various changes may be used in combination with user habits and needs. This embodiment is merely illustrative of changes in several eye movement behaviors, and is not limited to the implementation type.

本實施例也對誤差範圍進行考量,透過可容忍誤差之計算以獲得授權路徑資料的誤差範圍,若判斷在誤差範圍內之眼動掃描路徑,則認定眼動掃描路徑與授權規則集合之授權路徑資料相符,舉例說明,如第3圖所示,使用者的視線未停留在台北31中心點上,而是停留在台北31的 虛線範圍內,此情況可被判斷為相符。此外,如第3圖中的路徑35及路徑37所示,路徑37可能是使用者視線移動過程有所偏移而非直線進行,對此可將授權規則集合中之授權路徑資料與一誤差值計算以產生授權路徑資料的誤差範圍,如此當視線移動的路徑在此誤差範圍內時,則可被判斷為相符。In this embodiment, the error range is also considered, and the error range of the authorized path data is obtained through the calculation of the tolerable error. If the eye movement scanning path within the error range is determined, the authorization path of the eye movement scanning path and the authorization rule set is determined. The data is consistent. For example, as shown in Figure 3, the user’s line of sight does not stay at the 31st point of Taipei, but stays at Taipei 31. Within the dashed line, this condition can be judged as a match. In addition, as shown by the path 35 and the path 37 in FIG. 3, the path 37 may be offset by the user's line of sight movement rather than a straight line. For this, the authorization path data in the authorization rule set and an error value may be used. The error range is calculated to generate the authorized path data, so that when the path of the line of sight movement is within this error range, it can be judged as a match.

此外,不同授權規則組合將可提供不同授權內容,舉例說明,假設第一授權路徑資料為台北31凝視時間為1秒,接著於花蓮35凝視時間為2秒,接著結束第一授權規則,假設第二授權路徑資料為於台中32凝視時間為2秒,接著經由路徑35至高雄33,且於高雄33凝視時間為4秒,接著結束第二授權規則。如果使用者眼動行為(包含先後順序和停留時間)與第一授權路徑資料相符,則提供第一授權內容為授予使用者全部的存取權限,例如使用者提款金額無上限。In addition, different authorization rule combinations will provide different authorization content. For example, assume that the first authorization path data is 1 second for the Taipei 31 gaze time, then the gaze time for Hualien 35 is 2 seconds, and then the first authorization rule is terminated, assuming the first The second authorized path data is that the gaze time in Taichung 32 is 2 seconds, then via path 35 to Kaohsiung 33, and the gaze time in Kaohsiung 33 is 4 seconds, and then the second authorization rule is ended. If the user's eye movement behavior (including the sequence and the stay time) matches the first authorization path data, the first authorization content is provided to grant the user full access rights, for example, the user withdrawal amount has no upper limit.

又或者,也可依據不同授權內容加入警戒機制,例如兩個不相同授權規則雖然同樣可領到錢,但是其中一個會私底下連絡警察局,如此當使用者受迫下遂行授權時,將可即時立刻通知警方來進行處理。Or, you can also join the alert mechanism according to different authorized content. For example, two different authorization rules can also receive money, but one of them will contact the police station in private, so that when the user is forced to authorize the bank, Immediately notify the police immediately for processing.

綜上所述,本創作之基於眼動行為之授權系統,利用偵測使用者觀看視覺刺激材料所取得之眼動行為來作為授權判斷依據,眼動行為將與預設之授權規則集合比對以決定使用者是否取得授權,如此,將可避免現有輸入方式的授權手段可能遭旁人窺視及竊取,且利用各種眼動行為、 非眼動資訊、視覺刺激材料之興趣區或眼動掃描路徑的組合,將提供更多種授權權限,有助於避免人員在非自由意志的情況下輸入授權資訊的情況,因此,本創作之基於眼動行為之授權系統將可提供安全性高的授權機制。In summary, the eye movement behavior authorization system of the present invention uses the eye movement behavior obtained by detecting the user to view the visual stimulation material as the basis for authorization judgment, and the eye movement behavior will be compared with the preset authorization rule set. In order to determine whether the user is authorized, in this way, the authorization means that can avoid the existing input method may be peeped and stolen by others, and utilize various eye movements, Non-eye movement information, a combination of visual stimulation material's area of interest or eye-moving scan path will provide more kinds of authorization rights, which will help prevent people from entering authorization information under non-free will. Therefore, this creation An authorization system based on eye movement behavior will provide a highly secure authorization mechanism.

上述實施樣態僅例示性說明本創作之功效,而非用於限制本創作,任何熟習此項技藝之人士均可在不違背本創作之精神及範疇下,對上述該些實施態樣進行修飾與改變。此外,在上述該些實施態樣中之元件的數量僅為例示性說明,亦非用於限制本創作。因此本創作之權利保護範圍,應如後述之申請專利範圍所列。The above embodiments are merely illustrative of the effects of the present invention and are not intended to limit the present invention. Any person skilled in the art can modify the above-mentioned embodiments without departing from the spirit and scope of the present invention. And change. Moreover, the number of elements in the above-described embodiments is merely illustrative and is not intended to limit the present invention. Therefore, the scope of protection of this creation should be as listed in the scope of patent application described later.

1‧‧‧基於眼動行為之授權系統1‧‧‧ Authorized system based on eye movement

11‧‧‧顯示模組11‧‧‧Display module

12‧‧‧眼動模組12‧‧‧ Eye Movement Module

13‧‧‧判斷模組13‧‧‧Judgement module

14‧‧‧授權模組14‧‧‧Authorization module

15‧‧‧儲存模組15‧‧‧ Storage Module

Claims (9)

一種基於眼動行為之授權系統,包括:顯示模組,係用於顯示使用者預設之視覺刺激材料以供該使用者觀看;眼動模組,係用於偵測該使用者觀看該視覺刺激材料之眼動狀態以產生眼動行為;判斷模組,係依據該視覺刺激材料取得相對應之授權規則集合,且比對該眼動行為與該授權規則集合,以於兩者相符時,產生授權指令;以及授權模組,係依據該授權指令提供對應之授權內容。An eye movement behavior-based authorization system includes: a display module for displaying a visual stimulus material preset by a user for viewing by the user; and an eye movement module for detecting the user viewing the vision Sensing the eye movement state of the material to generate an eye movement behavior; determining a module according to the visual stimulation material to obtain a corresponding set of authorization rules, and comparing the eye movement behavior with the authorization rule set to match the two Generating an authorization command; and authorizing the module to provide corresponding authorization content according to the authorization instruction. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,該視覺刺激材料為時變或非時變之圖片、相片或影片。The eye movement behavior-based authorization system of claim 1, wherein the visual stimulation material is a time-varying or non-time-varying picture, photo or film. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,該授權規則集合包含複數授權路徑資料,該判斷模組係依據各該授權路徑資料產生對應之授權指令。The eye movement behavior-based authorization system of claim 1, wherein the authorization rule set includes a plurality of authorization path data, and the determination module generates a corresponding authorization instruction according to each of the authorization path materials. 如申請專利範圍第3項所述之基於眼動行為之授權系統,其中,該判斷模組將該授權路徑資料與一誤差值進行計算以產生該授權路徑資料的誤差範圍,並判斷在該誤差範圍內之眼動行為者為相符。The eye movement behavior-based authorization system of claim 3, wherein the determination module calculates the authorization path data and an error value to generate an error range of the authorization path data, and determines the error. The eye movement actors within the range are consistent. 如申請專利範圍第3項所述之基於眼動行為之授權系統,其中,該授權規則集合更包括使用者帳號、密碼、 生理特徵、日期或時間之非眼動資訊,且該判斷模組係以該非眼動資訊搭配該授權路徑資料進行授權內容的判斷。The eye movement behavior-based authorization system according to claim 3, wherein the authorization rule set further includes a user account, a password, and The non-eye movement information of the physiological feature, date or time, and the judging module judges the authorized content by using the non-eye movement information with the authorized path data. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,該視覺刺激材料及該授權規則集合係儲存於該授權系統內之儲存模組或是該授權系統所連接之遠端伺服器。The eye movement behavior-based authorization system of claim 1, wherein the visual stimulation material and the authorization rule set are stored in a storage module in the authorization system or a remote end connected to the authorization system. server. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,該眼動行為包括該使用者對於該視覺刺激材料中之至少一興趣區之首次凝視時間長度、首次凝視時間延遲、總接觸時間、凝視次數、跳視、回視或其組合,以及該使用者對該視覺刺激材料中之該些興趣區間的眼動掃描路徑。The eye movement behavior-based authorization system of claim 1, wherein the eye movement behavior comprises a first gaze time length of the user for at least one of the interest stimulating materials, a first gaze time delay, Total contact time, number of gaze, saccade, retrospective, or a combination thereof, and an eye movement scan path of the user for the range of interest in the visual stimuli. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,該眼動行為為連續或非連續,且其中,該眼動行為為非連續者係指該使用者視線離開該視覺刺激材料一段時間後再返回。The eye movement behavior-based authorization system of claim 1, wherein the eye movement behavior is continuous or discontinuous, and wherein the eye movement behavior is non-continuous means that the user's line of sight leaves the vision Stimulate the material and return after a while. 如申請專利範圍第1項所述之基於眼動行為之授權系統,其中,於偵測該使用者觀看該視覺刺激材料之眼動狀態時,係依據該眼動狀態以於該視覺刺激材料上呈現對應之圖形或文字。The eye movement behavior-based authorization system of claim 1, wherein when detecting the eye movement state of the visual stimulation material, the eye movement state is based on the visual stimulation material. Present the corresponding graphic or text.
TW103203918U 2014-03-07 2014-03-07 An authorization system based on eye movement behavior TWM483471U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103203918U TWM483471U (en) 2014-03-07 2014-03-07 An authorization system based on eye movement behavior

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103203918U TWM483471U (en) 2014-03-07 2014-03-07 An authorization system based on eye movement behavior

Publications (1)

Publication Number Publication Date
TWM483471U true TWM483471U (en) 2014-08-01

Family

ID=51793145

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103203918U TWM483471U (en) 2014-03-07 2014-03-07 An authorization system based on eye movement behavior

Country Status (1)

Country Link
TW (1) TWM483471U (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI562008B (en) * 2015-12-07 2016-12-11 Utechzone Co Ltd Identity verification method and apparatus and computer program product
CN107066847A (en) * 2015-12-07 2017-08-18 由田新技股份有限公司 Identity verification method, device and system
CN107277046A (en) * 2017-07-25 2017-10-20 湖南云迪生物识别科技有限公司 Coerce-proof password management-control method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI562008B (en) * 2015-12-07 2016-12-11 Utechzone Co Ltd Identity verification method and apparatus and computer program product
CN107066847A (en) * 2015-12-07 2017-08-18 由田新技股份有限公司 Identity verification method, device and system
CN107277046A (en) * 2017-07-25 2017-10-20 湖南云迪生物识别科技有限公司 Coerce-proof password management-control method and device
CN107277046B (en) * 2017-07-25 2020-08-28 湖南云迪生物识别科技有限公司 Anti-coercion password control method and device based on face recognition

Similar Documents

Publication Publication Date Title
CN107995979B (en) System, method and machine-readable medium for authenticating a user
US10678897B2 (en) Identification, authentication, and/or guiding of a user using gaze information
US9330322B2 (en) Controlled access to functionality of a wireless device
US10635795B2 (en) Dynamic graphic eye-movement authentication system and method using face authentication or hand authentication
CN110114777B (en) Identification, authentication and/or guidance of a user using gaze information
WO2016018488A2 (en) Systems and methods for discerning eye signals and continuous biometric identification
CN104200145A (en) Embedded authentication systems in an electronic device
JP2008071030A (en) Biometric authentication device
KR101729959B1 (en) User authentication system and method based on eye responses
TWI585607B (en) Eye movement traces authentication and facial recognition system, methods, computer readable system, and computer program product
TWM483471U (en) An authorization system based on eye movement behavior
TW201535138A (en) An authorization method and system based on eye movement behavior
JP2007322549A (en) Information processor
CN118202347A (en) Face recognition and/or authentication system with monitoring and/or control camera cycling
JP2006099160A (en) Password setting device and password authentication device

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees