FIELD OF INVENTION
[0001] The present subject matter relates to authenticating a user and, particularly, but
not exclusively, to a system and a method for authenticating a user in the computing environment.
BACKGROUND
[0002] With recent advances in information technology and its wide spread use in daily
life, it is becoming increasingly important to have reliable and robust authentication systems. Generally, authentication systems provide access to private data, protected applications, and the like based on an authentication code based approach or token based approach. In the authentication code based approach users may be required to provide personal passwords, personal identification numbers (PINs), etc., to establish their identity. Based on the authentication code, a user may be provided access to the underlying data may be rejected or granted. Often times, such authentication codes may be forgotten, shared, or hacked by an unauthorized user to gain access to the underlying data, thereby making an authentication system that is entirely based on the authentication codes vulnerable to unauthorized access. Further, in token based approaches, the users may be required to swipe an identification (ID) card, provide a code displayed on a dongle, etc. Like code based authentication approach, the authentication system employing token based approaches may be vulnerable to unauthorized access, since the token may be lost or stolen.
[0003] In order to enhance robustness of the authentication systems, biometric based
approach may be employed. Biometric based authentication systems may automatically recognize individuals based on their biological, behavioral, and chemical characteristics. Such characteristics are often difficult to forge, and therefore the biometric based authentication systems provide reliable solutions for security applications. The biometric based authentication systems may have biometric templates, of authorized users, against which a biometric trait of a user to be authenticated is checked. However, the biometric based authentication systems may be susceptible to falsification and there may be privacy and security concerns related to the biometric templates stored on networks and client servers. Further, considerable computational
2

time and resources may be consumed while creating and storing biometric templates. Additionally, in certain cases erroneous decision may be taken due to variations in biometric traits, which are input by the user to be authenticated.
SUMMARY
[0004] This summary is provided to introduce concepts related to authentication of a
user. This summary is not intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.
[0005] According to an embodiment, a method for authenticating a user is described. The
method includes requesting the user to provide one or more biometric traits indicative of users’ identity. Further, one or more background effects to the one or more biometric traits to obtain an intermediate test biometric template corresponding to each of the one or more biometric traits. A test biometric template corresponding to each of the intermediate test biometric templates based on at least one template creation technique may be generated. A similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates may be computed. The reference biometric templates and the decoded reference biometric templates may be generated based on the at least template creation technique. The similarity scores to authenticate the user based on predetermined authentication logic may be determined.
[0006] In another embodiment, an authentication system for authenticating a user is
described. The system includes a processor and an authentication module coupled to the processors configured to select one or more biometric traits that are to be requested from a user based on enrollee data. Further, at least one background effect may be applied to the one or more biometric traits to obtain an intermediate test biometric template corresponding to each of the one or more biometric traits. A test biometric template corresponding to each of the intermediate test biometric templates based on at least one template creation technique may be generated. Additionally, the authentication system may include an analysis module coupled to the processors configured to determine a similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates, wherein the reference biometric templates and the decoded reference biometric templates are
3

generated based on the at least one template creation technique. The analysis module may further analyze similarity scores to authenticate the user based on predetermined authentication logic.
[0007] According to yet another, a computer-readable medium having embodied thereon
a computer program for executing a method for authenticating a user. The method includes requesting the user to provide one or more biometric traits and applying at least one background effect to the one or more biometric traits to obtain an intermediate test biometric template corresponding to each of the one or more biometric traits. A test biometric template corresponding to each of the intermediate test biometric templates based on at least one template creation technique. Further, a similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates may be determined. The reference biometric templates and the decoded reference biometric templates may be generated based on the at least template creation technique. The generated similarity scores may be analyzed to authenticate the user based on predetermined authentication logic.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] The detailed description is described with reference to the accompanying figures.
In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components. Some embodiments of system and/or methods in accordance with embodiments of the present subject matter are now described, by way of example only, and with reference to the accompanying figures, in which:
[0009] Fig. 1a illustrates various components of an authentication system, according to
an embodiment of the present subject matter.
[0010] Fig. 1b illustrates a schematic block diagram showing various components of the
authentication system in authorization and authorization modes, according to an embodiment of the present subject matter.
[0011] Fig. 2a illustrates a schematic block diagram showing various components of the
authentication system employing compression sensing technique, according to an embodiment of the present subject matter.
4

[0012] Fig. 2b and 2c illustrate schematic block diagrams showing various components
of the authentication system employing a sparse signal representation technique, according to an embodiment of the present subject matter.
[0013] Fig. 3a and 3b illustrate a method for authenticating a user, according to an
embodiment of the present subject matter.
[0014] It should be appreciated by those skilled in the art that any block diagrams herein
represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DESCRIPTION OF EMBODIMENTS
[0015] Systems and methods for authenticating a user are described herein.
Authentication of a user may include verification or identification of a user and accordingly the user may be authorized to access secure data, for example, data maintained by banks, medical institutes or data locally saved on a users’ computing system, such as mobile phone. The methods for authentication of a user can be implemented in various computing systems, such as cellular phones, smart phones, personal digital assistants (PDAs), tablets, laptops, desktops, and servers. Although the description herein is with reference to certain specific computing system, the methods, and systems may be implemented in any other computing system, albeit with a few variations, as will be understood by a person skilled in the art.
[0016] Typically, to have a reliable and robust authentication, most of the authentication
systems employ biometric based approach. Biometric authentication refers to identification or verification of individuals based on their biometric characteristics or traits. A biometric trait may be understood as a composite signal which commonly includes different morphological components. The biometric trait commonly varies across users and also for a single user under different environmental and behavioral-stress conditions. Example of such traits include, but are not limited to, fingerprint, face, iris, retina, palm print, vein geometry, signature, hand geometry, ear, finger knuckle print, voice, handwriting, electrocardiogram (ECG), electroencephalogram
5

(EEG), phono-cardiogram (PCG), facial thermograph, Deoxyribonucleic acid (DNA), gait, keystrokes, odor.
[0017] Authentication systems employing biometric based approach may be unimodal or
multimodal. Unimodal biometric authentication systems collect and process a single biometric trait for authentication of a user. However, unimodal authentication systems may encounter certain issues, such as noisy biometric data, non-universality, and spoofing attacks, which in turn may lead to a high false acceptance rate, false rejection rate, limited discrimination capability, and falsification. In multimodal biometric authentication systems two or more biometric traits of a user are collected and processed to validate a user’s identity. Though the multimodal biometric authentication systems prove to be more robust and reliable as compared to the unimodal ones, but they may still be susceptible to attack or falsification. Additionally, since data pertaining to biometrics of authorized user(s) is also vulnerable and susceptible to spoofing attacks, the security of such data is also to be ensured. Further, in certain cases accuracy issue may arise owing to variations in biometric traits available with biometric authentication system and the biometric traits provided by a user.
[0018] According to an implementation of the present subject matter, systems and
methods for authenticating a user are described. To initiate an authentication process, or, in other words to access secure data, a user may send an authentication request. Upon receiving the authentication request from the user, a primary authentication may be initiated. For the purpose of explanation a user requesting to access the secure data may be referred to as a test user. For primary level authentication, the test user may be requested to provide response to one or more security questions selected from primary authentication data. The primary authentication data may include authentication codes, codes on tokens, and answers to user specific questions. Based on the response, either secondary level authentication is initiated or the authentication process is terminated. In case secondary level authentication is initiated, the test user is requested to provide one or more biometric traits. The biometrics traits that are to be provided by the test user may be selected randomly to enhance robustness and accuracy.
[0019] Further, a background effect may be applied to the received biometric traits to
obtain test biometric data. Additionally, it may be determined whether the test biometric data is live or fake thereby ensuring that an imposter is not granted access to the secure data. In case it is
6

determined that the test biometric data is live, or to say, genuine, it may be determined if the test biometric data is encrypted. For example, if the test user provides the requested biometric traits from a remote location then a user device associated with the test user may encrypt the biometric traits to ensure security and privacy of information pertaining to the biometric traits. In case, the test biometric data is encrypted, feature information corresponding to each of the biometric traits may be extracted and a test biometric template is generated using a template creation technique. The template creation technique may include compression and encoding techniques, such as compressive sensing (CS) based techniques and sparse signal representation techniques or sparse coding techniques, and feature extraction techniques. The feature extraction technique may include techniques to extract acoustic features, visual features, temporal and spectral features, statistical features, and sparse representation features. In said case, a feature extraction technique may be employed to generate the test biometric template.
[0020] Further, in case it is determined that the test biometric data is not encrypted, the
test biometric templates are generated using the template creation techniques. In said case, the test biometric templates may be created using the compression and the encoding techniques. Upon creation of the test biometric templates corresponding to each of the requested biometric traits, the test templates are compared for similarity with corresponding reference biometric templates. Reference biometric templates are indicative of biometric traits of authorized users and are generated using the template creation techniques. The creation of biometric templates using template creation techniques provide for reduction in computational time and resources during template creation process and authentication process. Based on the comparison, similarity scores may be generated using classifiers, such as Euclidean distance classifiers and Mahalanobis distance classifiers, for each test biometric template.
[0021] In an implementation, a fusion technique is used to compute fusion score based on
the similarity scores. For example, a weighted sum of the similarity scores may be determined to compute the fusion score. Further, based on the fusion score it may be determined whether the test user is an authorized user or an imposter. Alternately, based on the fusion score the test user may be identified.
7

[0022] The described methodologies can be implemented in hardware, firmware,
software, or a combination thereof. Herein, the term "system" encompasses logic implemented by software, hardware, firmware, or a combination thereof.
[0023] For a firmware and/or software implementation, the methodologies can be
implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein. Any machine readable medium tangibly embodying instructions can be used in implementing the methodologies described herein. For example, software codes and programs can be stored in a memory and executed by a processing unit. Memory can be implemented within the processing unit or may be external to the processing unit. As used herein the term "memory" refers to any type of long term, short term, volatile, or other storage devices and is not to be limited to any particular type of memory or number of memories, or type of media upon which memory is stored.
[0024] It should be noted that the description merely illustrates the concept of the present
subject matter. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described herein, embody the concepts of the present subject matter and are included within its spirit and scope. Furthermore, all examples recited herein are principally intended expressly to be only for pedagogical purposes to aid the reader in understanding the principles of the invention and the concepts contributed by the inventor(s) to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass equivalents thereof.
[0025] The manner in which the systems and methods shall be implemented has been
explained in details with respect to the Fig. 1, Fig.2a, Fig. 2b, and Fig. 3. While aspects of described systems and methods can be implemented in any number of different Devices, transmission environments, and/or configurations, the embodiments are described in the context of the following exemplary system(s).
[0026] Fig. 1 illustrates an authentication system 100, according to an implementation of
the present subject matter. The authentication system 100 can be implemented in systems that include, but are not limited to, desktop computers, hand-held devices, multiprocessor systems,
8

mobile phones, personal digital assistants (PDAs), laptops, network computers, minicomputers, mainframe computers, and the like. In one implementation, the authentication system 100 is configured to authenticate one or more users, such as a user 102-1, user 102-2….., and user 102-n to access secure data 104. The users 102-1… 102-n may be referred to as user(s) 102. The secure data 104 may be understood as data that is to be accessed by the users 102 and is protected by way of an authentication system, such as the authentication system 100.
[0027] In an implementation, the authentication system 100 includes interface(s) 106 and
one or more processor(s) 108. The interfaces 106 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, a camera, a microphone, touch pad, stylus, an ECG generating device, a PCG generating device and other sensing devices; and interfaces for applications, such as a background effect application, a regions of interest application instant messaging application, and a global positioning system (GPS) location application. Thus, the interfaces 106, among other things, receive biometric traits from the users 102. Further, the interfaces 106 may enable the authentication system 100, hereinafter referred to as the system 100, to communicate with other computing systems, such as web servers and external databases. The interfaces 106 can facilitate multiple communications within a wide variety of networks, and protocol types, including wired networks, for example, local area network (LAN), cable, etc., and wireless networks such as Wireless LAN (WLAN), cellular, or satellite. For the purpose, the interfaces 106 may include one or more ports for connecting a number of computing systems to each other or to another server computer.
[0028] The processor 108 may be implemented as one or more microprocessors,
microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor(s) is configured to fetch and execute computer-readable instructions stored in a memory.
[0029] The functions of the various elements shown in the figure, including any
functional blocks labeled as “processor(s)”, may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated
9

processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
[0030] In another embodiment, the authentication system 100 may include a memory
110. The memory 110 may be communicatively coupled to the processor 108. The memory 110 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0031] Further, the authentication system 100 may include module(s) 112 and data 114.
The modules 112 and the data 114 may be coupled to the processors 108. The modules 112, amongst other things, include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. The modules 112 may also be implemented as, signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulate signals based on operational instructions.
[0032] Further, the modules 112 can be implemented in hardware, instructions executed
by a processing unit, or by a combination thereof. The processing unit can comprise a computer, a processor, a state machine, a logic array or any other suitable devices capable of processing instructions. The processing unit can be a general-purpose processor which executes instructions to cause the general-purpose processor to perform the required tasks or, the processing unit can be dedicated to perform the required functions.
[0033] In another aspect of the present subject matter, the modules 112 may be machine-
readable instructions (software) which, when executed by a processor/processing unit, perform any of the described functionalities. The machine-readable instructions may be stored on an electronic memory device, hard disk, optical disk or other machine-readable storage medium or non-transitory medium. In one implementation, the machine-readable instructions can be also be downloaded to the storage medium via a network connection.
[0034] Further, the data 114 serves, amongst other things, as a repository for storing data
processed, received, and generated by one or more of the modules 112. The modules 112 further include, for example, an enrollee data creation module 116, an authentication module 118, an analysis module 120, and other module(s) 122. The other modules 122 may include programs
10

that supplement applications on the system 100, for example, programs in the operating system. It will be understood that the certain modules may be provided on separate devices, which in combination may form the system 100. The data 114 includes, for example, enrollee data 124 and other data 126. The other data 126 may include data generated as a result of the execution of one or more modules in the other modules 122.
[0035] Further, the system 100 may be coupled to the secure data 104. Though, the
secure data 104 is illustrated external to the system 100, it will be understood that the secure data 104 may be internal to the system 100 as well. The secure data 104 may be stored on computing devices, such as mobile phones, laptops, desktops, and PDAs, personal storage servers, digital libraries, and medical information database. Further, the secure data 104 may be stored or processed in local or distributed environment so that it may be accessed anytime and anywhere by an authorized user.
[0036] In an implementation, the system 100 may be configured to function in an
authentication mode, a description mode, and an authorization mode. Further, the system 100 may work in an enrollment phase, authentication phase, or both the phases. In the enrollment phase, information identifying authorized users, hereinafter referred to as enrollees, may be stored by the system 100 in enrollee data. While in the authentication phase, one or more users 102 are provided access to the secure data 104 based on the enrollee data. It will be understood that the modules participating in enrollment and authentication phases may be provided on the same device or in certain cases may provided on separate devices as well.
[0037] Referring to enrollment phase, in an example, information identifying authorized
users may be processed by the enrollee data creation (EDC) module 116 and may be stored in the enrollee data 124. Though, the enrollee data 124 has been illustrated internal to the system 100, it will be understood that the enrollee data 124 may be external to the system 100 as well. The enrollee data 124 may include primary authentication data 128 and secondary authentication data 130.
[0038] The EDC module 116 may obtain primary authentication information associated
with the enrollees and store the same in the primary authentication data 128. The primary authentication data 128 may include, for example, user IDs, passwords, personal identification numbers (PINs), smart cards, mobile phone numbers, International Mobile Equipment Identity
11

(IMEI) numbers, IP addresses, educational details, family details, employee details, medical details, social security number, date and place of birth, physical and contact address details, passport number, driver‘s license number, taxpayer identification number, financial account or credit card number and electronic device details. Thus, while creating the enrollee data 124, the EDC module 116 may either request answers to a certain set of security questions and save the answers in the primary authentication data 128; or may provide the enrollees with certain unique codes, such as passwords and PINs, which may be stored in the primary authentication data 128. Further, the enrollees may be provided with tokens or dongles and the codes for such tokens may be stored in the primary authentication data 128.
[0039] In addition to the primary authentication data 128, the EDC module 116 may also
process biometric traits associated with the enrollees to obtain the secondary authentication data 130. In an implementation, during the enrollment phase, the EDC module 116 may request the enrollees to provide a plurality of biometric traits. The biometric traits may be captured by way of the sensing devices (not shown in the figures), which may be associated with a computing device of the enrollee. In an example, the interface 106 couples input received from the sensing devices to compressive sensing devices or analog-to-digital converters. In another example, the sensing devices may be capable of providing the input biometric traits in compressed form and/or as discrete- domain signal, which in turn provide for reduction in computational time and resources.
[0040] The EDC module 116 further applies certain background effects to the received
biometric trait and/ or collects biometric traits under different test environments, thereby creating multiple copies of the same biometric trait. For example, if the received biometric trait is thumb impression of the enrollee, blurring effect may be applied to it and it may be stored as an intermediate biometric template corresponding to the enrollee. Further, some color effect may also be applied to the thumb impression to obtain another intermediate biometric template for the thumb impression. In another example, an audio may be overlapped to the received speech. Thus, there may be multiple biometric templates for a single biometric trait corresponding to an enrollee. The application of the background effects enhances the robustness of the system 100, since the original biometric trait is masked due to the changes applied to the background. Further, the multiple versions of the same biometric data aid in enhancing recognition accuracy in adverse environmental conditions.
12

[0041] Upon application of the background effects, using template creation techniques
reference biometric templates may be created based on intermediate biometric templates. The template creation techniques include compression and encoding techniques, and feature extraction techniques. Examples of the compression and encoding techniques include compressive sensing (CS) based techniques and sparse signal representation techniques. The compression and encoding techniques encode and compress the biometric traits based on the assumption that a biometric trait can be represented as a linear combination of elementary atoms from a composite learned composite dictionary matrix. Thus, the compression and encoding technique represent input biometric traits as a linear combination of reference biometric templates.
[0042] The CS technique is a signal processing technique for efficiently acquiring and
reconstructing a signal. The CS technique uses a signal’s or input data’s sparseness or compressibility in some domain, thereby allowing the entire signal to be determined from relatively few measurements. The CS based techniques generate the reference biometric templates based on a compressive measurement matrix.
[0043] The sparse signal representation technique represents input biometric traits as a
linear combination of reference biometric templates from a learned composite dictionary matrix, which includes multiple types of multimodal biometric traits of enrollees. The creation of the reference biometric templates using CS technique and sparse signal representation technique has been explained in detail with reference to description of Fig 2a, 2b, and 2c. The template creation techniques used herein ensure security and privacy of the secondary authentication data 130, which is under the risk of being accessed by an unauthorized person, while being transmitted over a network or a spoofing attack. The reference biometric templates obtained using the template creation techniques may be stored in the secondary authentication data 130. Further, the reference biometric templates of an enrollee may be linked to the corresponding primary authentication data 128.
[0044] In an implementation, the EDC module 116 may also determine quality of the
reference biometric templates for each enrollee during enrolling phase. Based on the quality, in the subsequent authentication phase, the system 100 may request for the biometric traits. For example, in case for the user 102-1, the quality of thumb impression is better than signature, in
13

the authentication phase, the system 100 may request for thumb impression. On the other hand, if for the user 102-2, the quality of signature better than thumb impression, in the authentication phase the system 100 may request for the signature as biometric trait against which secondary authentication may be performed. Further, the EDC module 116 may obtain predetermined thresholds of clinical features that may be used for detecting abnormal medical and emotional patterns, which may be subsequently used for authenticating the user 102 or for storing medical history of the user 102.
[0045] It will be understood that the creation of the enrollee data 124 may be a one time
step and it may be updated as and when new enrollees are added or an existing enrollee is to be removed. Since, biometric data stored in the enrollee data 124 is encrypted and compressed it provides for enhanced robustness and reliability.
[0046] Referring to the authentication phase, the authentication module 118 may
authenticate the users 102 to access the secure data 104 based on the enrollee data 124. The authentication module 118 may include a primary authentication module 132 to perform primary level authentication and a secondary authentication module 134 to perform secondary level authentication. For the purpose of explanation a user, such as the user 102-1, sending a request to access the secure data 104, i.e., a user who is to be authenticated may be referred to as a test user. In an implementation, upon receiving a request from the test user, the primary authentication module 132 may select one or more security questions based on the primary authentication data 128 and request the test user to respond to the security questions. In an example, the primary authentication module 132 may randomly select the security questions every time a request to access the secure data 104 is received. Thus, the different test users may have to provide answers to a different set of security questions. Also, every time a test user requests to access the secure data 104 a different set of security questions may be asked.
[0047] The inputs received from the test user may be compared with the information
stored in the primary authentication data 128. If the primary authentication module 132 determines that the inputs provided by the test user do not match with the corresponding information stored in the primary authentication data 128, the authentication process is terminated and the test user is not provided access to the secure data 104. On the other hand, if it is determined that the inputs provided by the test user match with the corresponding information
14

stored in the primary authentication data 128, the secondary authentication module 134 is activated. Further, based on the primary authentication, a probable enrollee may be identified and enrollee data corresponding to the probable enrollee may be used for secondary authentication.
[0048] The secondary authentication module 134 may randomly select one or more
biometric traits that are to be obtained from the test user. The number of the biometric traits that are to be selected may be chosen based on computing capacity of the system 100 and level of security that is required. Since, the biometric traits are randomly selected the robustness of the system 100 is enhanced. It will be understood that the biometric traits may be received via the interface 106. In an example, the secondary authentication module 134 may also save GPS location of the test user for future references. For instance, in case of unauthorized access it may help identify an imposter.
[0049] Further, upon receiving a biometric trait, a background effect may be applied to
the same and regions of interest from the input biometric traits may be acquired to generate intermediate test biometric templates may be obtained. In an example, the background effects may be applied while sensing the biometric traits, i.e., in real time. Further, the regions of interest may also be extracted while sensing the biometric traits. The user specific background traits and regions of interests may be obtained from the enrollee data 124. It will be understood that a separate module may be provided to apply one or more effects to the background of the biometric traits during the enrolment phase or the authentication phase; or this functionality may be provided in both the EDC module 116 and the authentication module 118.
[0050] In an implementation, based on the test biometric data, the secondary
authentication module 134 may perform liveness test. The liveness test may be performed to check whether the biometric trait provided by the test user is a live biometric, i.e., a genuine biometric; or a fake or masked biometric, based on liveness criteria. In an example, boundary of the modified biometric trait may be used as liveness criteria. In another example, the secondary authentication module 134 may record one or more physiological data or may display one or more sentences for recording voice of the test user. In case it is determined that the modified biometric trait is fake, the authentication process may be terminated.
[0051] However, if it is determined that the biometric trait is live, it may be determined if
the test biometric data is encrypted. In an example, the test user may wish to access his bank
15

account details through his mobile device. In such a case, the system 100 may be provided on a server maintained by the bank. In scenarios where biometric traits are provided remotely, a user device associated with the test user may employ watermarking and data hiding techniques for providing security and privacy.
[0052] If it is determined that the test biometric data is provided through a remote
location, feature information corresponding to the biometric traits of the test users is extracted using a feature extraction technique. In such cases, the test biometric data may be transferred via wireless communication networks for authenticating the test user. Further, to ensure data security, the system 100 may employ two sets of secret keys, one at sensing level, and another one may involve scrambling of measurements before coding. The feature information may include, for example, speed invariant feature transform (SIFT) features and speeded up robustness feature (SURF) features. Further, based on the features information a test biometric template may be created corresponding to each biometric trait using a feature extraction technique. Thus, in cases where the test biometric data are extracted is encrypted, the input biometric data may be reconstructed. Additionally, in such a case, the secondary authentication module 134 using a template creation technique may decode the reference biometric templates corresponding to the probable enrollee and extract the feature information to obtain decoded reference biometric templates. For example, in case CS based technique is used, then the system 100 may decode the reference biometric templates that may be encoded using the CS technique. The process for decoding the reference biometric templates has been explained in detail with reference to description of Fig. 2a.
[0053] However, if it is determined that the test user is not accessing remotely, the test
biometric data may be converted to test biometric template(s) using one or more template creation techniques. In case CS based technique is used to generate the reference biometric templates, the CS based technique may be used to compute compressive measurement vector corresponding to each biometric trait to obtain the test biometric templates. Similarly, in case sparse signal representation technique is used, the test biometric templates may be created using sparse signal representation based on a learned composite dictionary matrix. The generation of the test biometric templates with respect to various template creation techniques has been explained in detail with reference to the description of Fig. 2a, 2b, and 2c. Thus, the system 100 may perform authentication in measurement domain or encrypted domain, where compressed
16

sensing measurements of the test biometric traits are used as the test biometric templates, which may be compared with compressive measurements of the reference biometric templates in the enrollee data 124. Further, in such case the input biometric traits may not be reconstructed for comparison.
[0054] Upon obtaining the test biometric templates, the analysis module 120 may analyze
the test biometric templates with respect to the reference biometric templates or decoded reference biometric templates to determine whether the test user is an imposter. In an implementation, the analysis module 120 performs a similarity check between the test biometric templates and the reference biometric templates. To perform the similarity check the analysis module 120 may employ one or more classifier, which may generate a similarity score. The similarity score may be generated based on Euclidean distance, Mahalanobis distance, Vector Quantization (VQ), Gaussian Mixture Models (GMM), Hidden Markov Model (HMM), Neural-Nets and Fuzzy logics, Support Vector Machine, Kullback–Leibler divergence (KLD), Mutual Information and Entropy, or Linear discrimental analysis (LDA).
[0055] Further, upon obtaining similarity scores corresponding to the test biometric
templates, the analysis module 120 may determine whether the test user is a genuine user or an imposter based on fusion techniques. The fusion techniques may involve weighted sum of the similarity scores. For example, one biometric trait may be provided higher weight than other and therefore the fusion score may not be merely be a sum of similarity scores but a weighted score of the similarity score. Once the fusion score is obtained, based on analysis rules, the test user may be authenticated. The analysis rules may be, for example, whether the fusion score is greater than threshold or is between a given range of scores. The implementation of the fusion techniques aid in improving accuracy of the system 100.
[0056] In an implementation, the system 100 may be employed in a cellular device
having the secure data 104. For example, the user 102-1 may have the system 100 on his cellular device for preventing an unauthorized user to access some or all information stored on the cellular device. It will be understood that in said implementation, the system 100 may only include reference biometric templates corresponding to the user 102-1. In another implementation, a user may wish to remotely access the secure data 104, for example, data stored on a network server maintained by a bank. In such a case, the system 100 may be employed as a
17

network server and the users 102 may access the secure data 104 upon being authorized by the system 100. In said implementation, the user 102 may provide biometric traits in encrypted form.
[0057] Fig. 1b represents a schematic block diagram illustrating functioning of the
system 100 in various modes, according to an embodiment of the present subject matter. In an implementation, a test user may be requested to provide response to the security questions as indicated. Upon receiving the response, primary level authentication may be performed by the primary authentication module 132. As mentioned before, primary level authentication may be performed using primary authentication data 128. If the test user is granted access at the primary level authorization, the test user may be requested to provide the biometric traits. A liveness detection unit 142 may ascertain whether the biometric traits provided by the test user, test biometric data, are live or not. In one implementation, if it is ascertained that the test biometric data is live, the test biometric data may be provided to a crypto compressive authentication unit 144. The crypto-compressive authentication unit 144 may be configured to perform the secondary level of the authentication described above. In case it is determined that the test user is an imposter a geographical information monitoring unit 146 may be activated, which may obtain information pertaining to geographic location of the imposter. Further, this geographic formation and gathered test biometric data may be stored in a test data storage 148.
[0058] In one implementation, if it is determined that the test user is an authorized user
and the system 100 is functioning in an authorization mode, the test biometric data may be provided to an authorization unit 150. The authorization unit 150 may determine rights and access granted to the test user, based on the enrollee data 124. For example, the user 102-1 may be granted access to only certain portion of the secure data 104 or only to certain resources. Similarly, the user 102-2 may be granted with only read rights.
[0059] In another implementation, if it is determined that the test user is an authorized
user and the system 100 is functioning in a description mode, the test biometric data may be provided to a monitoring unit 152. The monitoring unit 152 may be associated with the authentication module 118. The monitoring unit 152 may analyze the test biometric data to generate data, for example, data associated with a medical history report of the test user. Further, the monitoring unit 152 may monitor medical and emotional state of the test user. For example, the monitoring unit 152 may determine clinical features derived from the test biometric trait. The
18

extracted clinical features may be compared with the corresponding predetermined thresholds of the clinical features to detect abnormal medical and emotional patterns. For example, if the system 100 requests an ECG or PCG then the monitoring unit 152 computes heart rate and variations in other clinical features that are extracted during authentication process. The heart rate and other variations may be compared with those stored in the enrollee data 124.
[0060] In case there are large variations in physiological and acoustical parameters an
abnormal medical or medical pattern may be determined. In an example, the pathological voices can be determined by using acoustic vocal tract and source features that are computed for voice authentication processes. The abnormalities in the phonetic sounds may be detected by comparing the acoustic features of the voice sounds of a test user with those stored in the enrollee data 124. In an implementation, the comparison processed used in the authentication process may be same for performing comparison performed by the monitoring unit 152. In said implementation, the predetermined thresholds may be different in the case of medical and emotional state monitoring systems as compared to the authentication process.
[0061] Further, data relating to the test biometric traits and data generated upon
comparison performed by the monitoring unit 152 may be provided to a description unit 154. The description unit 154 collects data related to the medical history and emotional conditions and may provide authorized services after authenticating the test user. The description unit 154 may request primary authentication data associated with the test user. The description unit 154 may also collect environmental conditions that may be sensed during authentication process and may correlate abnormal features of the test biometric traits with environmental parameters and the primary authentication data. Further, data gathered in each authentication process may also be stored.
[0062] It will be understood that the authorization process may not substantially increase
the computational complexity since the monitoring unit 152 utilizes the same features that are used in the authentication process. For example, the system 100 uses chemical or smell sensors to collect chemical characteristics of a user. Those chemical sensors can also determine alcohol concentration level in recorded breath sample around a device associated with the user.
[0063] Thus, it will be understood that based on the requirements, the system 100 may
function in an authentication mode, the authorization mode, and the authorization mode. In the
19

authentication mode, the system 100 is only configured to determine whether a user is an authorized user or not. Further, in the authentication mode, the system 100 may either identify a test user, i.e., one to many mapping, or may verify the test user, i.e., one to one mapping. As mentioned before, in the authorization mode, where the system 100 is only configured to determine resources allocated to a user. Additionally, in the authorization mode, upon authentication the system may store data, such as clinical data, pertaining to the test user.
[0064] Fig. 2a illustrates a schematic block diagram representation of the enrollment
phase and the authentication phase of the authentication system 100 employing CS based technique, according to an embodiment of the present subject matter. For the sake of brevity, only secondary level authentication is explained in Fig. 2a, Fig. 2b, and Fig. 2c. It will be understood that the secondary level authentication will follow the primary level authentication as explained above. The system 100 employing the CS based approach assumes that biometric traits are sparse in a composite analytical dictionary. Thus, the biometric trait can be recovered from a few random measurements with composite elementary atoms from a learned composite dictionary matrix by solving a convex optimization minimization problem.
[0065] In an implementation, the system 100 includes the interface 106, a biometric trait
sensing unit 204, a crypto-compressive sensing (CCS) encoding unit 206, a decoding unit 208, a feature extraction unit 210, a similarity matching unit 212, a fusion unit 214, a decision unit 216, and the enrollee data 124. It will be understood that the interfaces 106 may include the interface 106, the sensing devices (not shown in figures) may include the biometric trait sensing unit 204. Further, the modules 112 may be associated with the or may include the functions of the CCS encoding unit 206, the decoding unit 208, the feature extraction unit 210, a similarity matching unit 212, the fusion unit 214, and the decision unit 216. The interface 106 allows the users 102 to interact and provide identification details and biometric data to the system 100.
[0066] The biometric trait sensing unit 204 may include one or more sensors to capture
audio, image, and video. The biometric trait sensing unit 204 may employ analogue or digital compressive sensing devices and/or analog to digital converters. Further, in an implementation, the interface 202 may couple the input biometric traits received from the sensors to the compressive sensing devices or analog-to-digital converters. Thus, the biometric trait sensing unit 204 may provide compressive measurements and/or discrete- domain signal.
20

[0067] In an example, the biometric trait sensing unit 204 may be provided on a user
device which may communicate with the system 100. Thus, the biometric trait sensing unit 204 can provide a platform for transmitting raw biometric traits to remotely located system(s) 100, which may be connected to the users 102 using communication networks. In such cases, the user device associated with an enrollee may employ watermarking and data hiding techniques to ensure the security of the biometric data.
[0068] Upon receiving the biometric data from the enrollees or test users, the CCS
encoding unit 206 generates encrypted and compressed biometric templates corresponding to each enrollee or test user. To generate the biometric templates, reference or test, the CCS encoding unit 206 may perform encoding of the biometric data which can be received either in analog or digital form. The CCS encoding unit 206 may include a compressive sensing measurement system 218, a compressive sensing matrix generator 220, a scrambler, a quantizer, an encoder and an interleaver.
[0069] The compressive sensing measurement system 218 may receive biometric data
from the sensors. An analog biometric sensor deriver may be utilized to integrate with the compressive sensing hardware. Further, a digital compressive measurement unit may receive the digital form of the biometric data which can be used or transmitted via conventional communication systems instead of the compressive sensing based communication systems. The compressive sensing hardware receives random numbers from compressive sensing matrix generator 220 operated with a seed number or secret key to provide random measurements, which may include measurement vectors. Further, the compressive sensing matrix generator 220 may use random number generators.
[0070] Further, the compressive sensing matrix generator 220 may be associated with the
compressive sensing measurement system 218. The compressive sensing matrix generator 220 generates a random matrix or a compressive measurement matrix for a received user-specific identity, a random seed, or secret key. The random matrix can be generated from one of the biometric traits and can be used for generating compressive measurements of the other biometric traits. The sensing matrix may also be received from the smart card, mobile, internet and any other electronic devices. Using the random matrix, the compressive measurement system
21

processes the digital data with compressive measurement matrix to provide the compressive measurements.
[0071] The scrambler scrambles the measurement vectors that are received from the
compressive measurement unit. In an example, a dynamic scrambling method is employed to enhance privacy and security of the biometric data for both storing and transmission purposes. The random measurements are scrambled using one or more scrambling programs. The scrambled measurements are converted into quantized measurements having predetermined precision and amplitude. The quantized measurements may be converted into a binary bit stream by the encoder.
[0072] Interleaving of the binary bit stream for selected encryption key may be
performed by the interleaver. The interleaved data may be stored in the enrollee data during enrollment phase, and may be used by the system 100 during authentication phase. The CCS encoding unit 206 provides a multilevel biometric data security that can increase robustness of the system 100. Further, due to the interleaver and a deinterleaver, which may be involved while decoding the encoded biometric data, errors that may occur when the biometric data in digital bit form is transmitted through a noisy communication channel are reduced. The interleaving process may be selected depending on biometric verification or identification applications. For example, during network based biometric verification or identification the interleaver may be provided in the CCS encoding unit 206. Otherwise, the CCS encoding unit 206 may not use interleaver.
[0073] Thus, in case the test user is remotely connected to the system 100, the decoding
unit 208 may decode the reference biometric templates so that they may be subsequently compared with the test biometric templates. In other words, the decoding unit 208 may reconstruct the reference biometric traits from the reference biometric templates. In an example, subsequent to the primary authentication, a probable enrollee may be identified and the reference biometric templates of the probable enrollee may be decoded. The decoding unit 208 may include deinterleaver, decoder, dequantizer, descrambler, sparse signal representation, and biometric data reconstructing unit. The deinterleaver includes one or more deinterleaver programs for de-interleaving received interleaved encoded data that includes secret key sharing. The decoding unit may include programs that convert binary bit stream back to a quantized
22

format. The dequantizer may include de-quantization mapping rules that convert dequantized data into quantized measurement values.
[0074] Further, the descrambler performs descrambling of the scrambled measurements.
The descrambled measurements are processed to obtain the biometric data using sparse signal representation technique in the composite analytical dictionary containing concatenation of elementary analytical atoms, signal atoms, and feature vectors. The sparse signal representation provides transform coefficient vector for a given compressive measurement vector, a compressive measurement matrix, and a learned composite dictionary matrix. The transformed coefficient vector can be computed by solving the convex optimization minimization problem by using L1-norm optimization or matching greedy techniques and their variants. By using the estimated transform coefficient vector, the biometric data can be obtained by using the corresponding learning composite dictionary matrix.
[0075] Upon obtaining decoded reference biometric templates, the feature extraction unit
210 may extract the feature information from the decoded reference biometric templates to obtain processed reference biometric template. Additionally, the feature extraction unit 210 may extract the feature information from the received biometric traits to obtain test biometric template.
[0076] In case the test user is not remotely coupled to the system 100, the received
biometric traits may be encoded and compressed by the CCS encoding unit 206 to obtain the test biometric templates corresponding to each of the received biometric traits.
[0077] The test biometric template may be compared with the reference biometric
templates or the processed biometric templates by the similarity matching unit 212. The similarity matching unit 212 may perform a similarity check to obtain similarity scores corresponding to each biometric trait. For computing the similarity scores, the similarity matching unit 212 may employ classifiers. The generated similarity scores may be provided to the fusion unit 214 to compute the fusion score. The fusion score may be generated based on a fusion technique employed by the fusion unit 214. The fusion unit 214 may in turn provide the fusion score to the decision unit 216 which based on a predetermined authentication logic authenticates the test user.
23

[0078] Fig. 2b illustrates a schematic block diagram representation of the enrollment
phase and the authentication phase of the authentication system 100 employing sparse signal representation based technique, according to an embodiment of the present subject matter. In cases where the number of users is large, sparse signal representations in a learned composite dictionary matrix can provide effective compact representation of biometric traits obtained from different users.
[0079] In said implementation, the authentication may be performed using the sparse
signal representation, sparse coding, or sparse recovery techniques in a learned composite dictionary matrix containing concatenation of analytical elementary atoms or functions from the impulse, heaviside, Fourier bases, short-time Fourier transform, discrete cosines and sines, Hadamard-Walsh functions, pulse functions, triangular functions, Gaussian functions, Gaussian derivatives, sinc functions, Haar, wavelets, wavelet packets, Gabor filters, curvelets, ridgelets, contourlets, bandelets, shearlets, directionlets, grouplets, chirplets, cubic polynomials, spline polynomials, Hermite polynomials, Legendre polynomials, and any other mathematical functions and curves.
[0080] Let L denote the number of subjects, and P denote the number of enrollment
biometric traits, the using sparse representations, the mth biometric data of the lth subject is expressed as:
Sm(l) =ym(l)am(l)
Y(l) where m denotes the enrollment sub-dictionary created for pth biometric trait from the lth
a(l) subject during enrollment phase, m denotes coefficient vector obtained for the pth biometric
data during authentication phase using sparse recovery or sparse coding in complete dictionaries
form the enrollee data 124. The enrollment sub-dictionary for the lth subject is given by
y(pl) = y[ (pl,)1,y(pl,)2 ,y(pl,)3 , ,y(pl,)N ]
[0081] For example, the biometric application composite signal dictionary containing
concatenation of subject-specific information from all the subjects for representation may be defined as :
24

BCS = \y/(y 1) , y 2(>\ VP)y 12) , y 2(2) ,.. y .(P)....... y 1L) , y2L) ,.. y .PL)]
The aforementioned equation may be rewritten as:
BCS=y 1, y 2 , y 3, ..... , y L ´ p ´ N
[0082] The biometric application dictionary database B may include a variety of
elementary atoms and may be denoted as
B = [BcaBcsBcf ]
where ca represents composite analytical waveforms; cs represents composite raw signal and image components, and cf represents composite signal and image features.
[0083] The input biometric data can be represented as a linear combination of the
elementary atom vectors from the biometric application dictionary. For example, the input biometric data can be approximated in the composite analytical dictionary as
where 1' 2, . , L´p ´N . The sparse recovery is computed by solving convex optimization
problem that may result in a sparse coefficient vector when the B satisfies certain properties and has enough collection of elementary atoms that may lead to sparsest solution. The sparsest
coefficient vector may be obtained by solving the following optimization problem: a ˆ = arg mina subject tox = Ba
a
a ˆ = arg minBa - x +la
a 2 1
Y a -x2 Aa f
where 2 and 1 are known as the idelity term and the sparsity term, respectively, x is
the signal to be decomposed, and X is a regularization parameter that controls the relative importance of the fidelity and sparseness terms. The 1 -norm and 2-norm of the vector a are
fi aU =£i a aL =kia i 2Y2
dened as 1 and z2 ( ) , respectively. The above convex optimization
25

problem may be solved by linear programming such as basis pursuit (BP) or nonlinear iterative greedy algorithms such as matching pursuit (MP) and orthogonal matching pursuit (OMP).
[0084] In such signal representations, the input biometric data may be exactly
represented or approximated by the linear combination of a few elementary atoms that are highly coherent with the input biometric data. According to the sparse representations, the elementary atoms which are highly coherent with input biometric data have large amplitude value of coefficients. By processing the resulting sparse coefficient vectors, the input identity of the biometric data may be identified by mapping the high correlation coefficients with their corresponding subject class in the biometric application database. The elementary atoms which are not coherent with the input biometric data may have smaller amplitude values of coefficients in the sparse coefficient vector.
[0085] In said implementation, as explained in description of fig. 2a, biometric traits of
the enrollees and the test users may be collected using the interface 106 and biometric trait sensing unit 204. Further, a sparse signal encoding unit 222, which is coupled to a learned composite dictionary matrix 224 may generate test biometric templates and reference biometric templates. The sparse signal encoding unit 222, in an embodiment may obtain and analyze sparse coefficients for representation of the input biometric traits. The analysis may include computing number of dominate sparse coefficients, amplitudes of dominant sparse coefficients, indices of sparse coefficients, and other features like sparse coefficient flatness, sparse coefficient flux, sparse coefficient centriod, sparse coefficient roll-off, low sparse coefficient energy ratio, sparse coefficient sign ratio, etc. As mentioned before, in case the test user or an enrollee is remotely connected to the system 100, the feature extraction unit 210 may extract the features from the received biometric traits. The feature extraction unit 210 may extract invariant moment features, Eigen faces, Laplacian faces, higher-order statistics, information-theoretic features, wavelet features, principal components, independent components, curvatures, SIFT and SURF features, Gabor features, singular value decomposition features, etc. Further, in the enrollment phase, discriminative prominent feature vectors for each enrollee user may be determined and these feature vectors may be used to select the biometric traits that are to be requested when the enrollee sends an authentication request. In an implementation, the feature extraction unit 210 analyzes texture patterns and provides feature vectors for representation of the biometric traits. In an example, the feature extraction unit 210 may implement transformation operations, such as,
26

Hough transform, and Hilbert transform; and mathematical operations for extracting prominent geometrical and structural features. The feature information along with the primary authentication data corresponding to en enrollee may be stored in the enrollee data 124.
[0086] Additionally, in such a case a sparse representation classifier unit 226 and a sparse
correlation analyzer unit 228 may decode the reference biometric templates of the probable enrollee. The sparse correlation analyzer unit 228 may perform analysis of texture patterns and may provide feature vector for representation of the biometric traits. Further, the sparse correlation analyzer unit 228 may implement Hough transform, Hilbert transform and mathematical operations for extracting prominent geometrical and structural features. It will be understood that the feature information extracted during the enrollment phase may be stored in the enrollee data.124.
[0087] Upon receiving the test biometric templates, the similarity matching unit 212
performs a similarity check as mentioned above. Further, based on the similarity scores, the fusion unit 214 generates the fusion score. Based on the fusion score, the decision unit 216 authenticates the test user.
[0088] Fig. 2c illustrates a schematic block diagram representation of the enrollment
phase and the authentication phase of the authentication system 100 employing sparse signal representation based technique, according to an embodiment of the present subject matter. In said implementation, the system 100 functions in verification mode. As explained above, the biometric trait sensing unit 204 receives the biometric traits requested by the system 100. Further, a multiple biometric trait generator 230 may generate multiple versions of the received biometric traits using background effects. The multiple versions of the biometric traits are encoded and compressed using the sparse signal encoding unit 222, which is associated with a learned composite dictionary matrix 224. Further, the feature extraction unit 210 may extract the feature information from the received biometric traits. A biometric trait reconstruction unit 232 may retrieve user-specific sparse feature vectors from the enrollee data 124. The biometric trait reconstruction unit 232 reconstructs the biometric trait from the sparse coefficient vectors and their corresponding elementary functions from the learned composite dictionary matrix 224. Thus, the biometric trait reconstruction unit 232 may provide decoded reference biometric templates.
27

[0089] The similarity matching unit may generate the similarity scores based on the
similarity between the test biometric templates and the decoded reference biometric templates. In said implementation, the test biometric template may be the input biometric trait having the background effects applied by the multiple biometric trait generator 230. The similarity can be measured by using global and local distance, correlation and information-theoretic metrics. Finally, the similarity scores may be analyzed to generate the fused score by the fusion unit 214. The fused score may be further processed and compared to the predetermined threshold by the decision unit 216 to verify the test user.
[0090] Thus, it can be gathered the system 100 may include a composite analytical
dictionary matrix, a composite signal dictionary matrix, and a composite feature dictionary matrix. Further, the system 100 implementing sparse signal representation may be configured with all the composite dictionary matrices. The composite analytical dictionary matrix, the composite signal dictionary matrix, and the composite feature dictionary matrix may be may be associated with the EDC module 116 and the authentication module 118. Also, input biometric data may be reconstructed from the transformed coefficients obtained using the sparse signal representations either in the composite analytical dictionary matrix containing concatenation of different elementary functions or the composite signal dictionary matrix including all the possible variations of biometric data and different background noises and distortions encountered in practice.
[0091] Fig. 3 illustrates a method 300 for authentication of a user, in accordance with an
implementation of the present subject matter. The method 300 may be performed by a computing system, such as the system 100. The exemplary method may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The methods may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
28

[0092] The order in which the method steps are described is not intended to be construed
as a limitation, and any number of the described method blocks can be combined in any order to implement the method, or an alternative method. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. It will be understood that the method 300 may be carried out in all the three modes, viz., authentication, authorization, and description mode.
[0093] At block 305, an authentication request, i.e., a request to either verify a test user’s
identity or a request to identify a test user is received. In an example, the authentication request may be received by the authentication module 118.
[0094] At block 310, one or more security questions based on the primary authentication
data are selected to initiate primary level authentication, upon receiving the authentication request. In an example, the security questions may be randomly selected. The primary authentication data may include authentication codes, codes on tokens, and answers to user specific questions. In an implementation, the primary authentication module 132 may select the security questions based on the primary authentication data 128.
[0095] At block 315, the test user is requested to provide response to the security
questions based on primary authentication data. For example, the primary authentication module 132 may perform a primary level authentication based on the primary authentication data 128.
[0096] At block 320, it is ascertained whether the response to the security questions are
correct or not, based on the primary authentication data. In an implementation, the primary authentication module 132 may determine whether the response(s) to the security questions are correct. If it is determined that the response provided is incorrect, the method 300 proceeds to block 325. At block 325, the authentication process is terminated and the test user is denied access to secure data, such as the secure data 104.
[0097] However, if it is determined that the response provided by the test user is correct,
the method 300 proceeds to block 330. At block 330, one or more biometric traits, which are to be requested from the test user, are selected to perform secondary level authentication. In an example, the biometric traits are selected randomly. Further, the biometric traits that are to be requested may be selected based on secondary authentication data. The secondary authentication
29

data may include information pertaining to biometric traits stored therein. The information may include, for example, quality of the biometric traits of a probable enrollee, what all biometric traits are available for the probable enrollee. In an implementation, based on the result of the primary level authentication, the primary authentication module 132 activates the secondary authentication module 134 to perform the secondary level authentication.
[0098] At block 335, one or more effects may be applied to the background of the
biometric traits provided by the test user. Examples of such effects include, but are nit limited to, blurring effect, addition of certain music to voice biometric trait, and selection of a certain portion of an image. In an implementation, the secondary authentication module 134 applies the background effect to the received biometric traits.
[0099] At block 340, it is ascertained whether each of the received biometric traits is live
biometric or not, based on liveness criteria. In an implementation, the secondary authentication module 134 ascertains whether each of the received biometric traits is live biometric or not. If it is determined that the received biometric traits are fake, the method 300 proceeds to block 325 (‘No’ branch), where the authentication process is terminated.
[00100] However, if at block 340, it is determined that the received biometric is live, the
method 300 proceeds to block 345 (‘Yes’ branch). At block 345, it is determined whether the received biometric traits are encrypted. For example, if the test user is providing the biometric traits over a shared network, the biometric traits may be encrypted. In an implementation, the secondary authentication module 134 may ascertain whether that the received biometric traits are encrypted. If it is determined that the received biometric traits are encrypted, the method 300 branches to block 350.
[00101] At block 350, feature information is extracted from the received biometric traits.
The feature information may include for example, SIFT features and SURF features. In an implementation, the secondary authentication module 134 may extract feature information from the received biometric traits.
[00102] Referring to block 345, if it is determined that the received biometric traits are not
encrypted, the method 300 proceeds to block 355. At block 355, a test biometric template corresponding to each of the received biometric traits is generated. In case the biometric traits were encrypted, the test biometric template is generated based on the feature information.
30

Further, the test biometric templates may be generated using one or more template creation techniques.
[00103] At block 360, compute a similarity score for each of the test biometric templates
with respect to reference biometric templates. The reference biometric templates may be the biometric templates indicative of biometric traits of enrollees. The reference biometric templates may be generated using the template creation techniques. In an implementation, the EDC module 116 creates the reference biometric templates and stores these templates in the enrollee data 124. Further, the analysis module 120 may have one or more classifiers to compute the similarity scores.
[00104] At block 365, a fusion score is generated based on the similarity scores generated
at the previous block. The fusion score may be generated using fusion techniques, such as weighted sum of the similarity scores.
[00105] At block 370, the fusion score is analyzed to authenticate, i.e., to verify or
identify, the test user. In an implementation, the analysis module 120 determines whether the test user is a genuine user based on the fusion score using a predetermined authentication logic. For example, the fusion score may be compared to a threshold score to perform the authentication.
[00106] Since, the present authentication process employs template creation techniques,
which may compress and encrypt biometric information to generate reference and test biometric templates, computational time and resources are reduced. Further, the encryption of the biometric information enhances the robustness of a system employing the present authentication process. The robustness of the process is further enhanced owing to application of background effects. Furthermore, having two levels of authentication ensures accuracy of the present authentication process. Additionally, the two levels of the authentication also enhances robustness since test biometric data may be provided only when primary level authentication results in positive output
[00107] Although embodiments for authentication of a user have been described in
language specific to structural features and/or methods, it is understood that the invention is not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as exemplary embodiments for authentication of a user.
31

I/We claim:
1. A method for authenticating a user (102) in a computing environment comprising:
requesting a user device corresponding to the user (102) to provide one or more biometric traits to authenticate the user (102);
applying at least one background effect to the one or more biometric traits to generate an intermediate test biometric template corresponding to each of the one or more biometric traits;
generating a test biometric template corresponding to each intermediate test biometric template based on at least one template creation technique;
determining a similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates, wherein the reference biometric templates and the decoded reference biometric templates are generated based on the at least template creation technique; and
analyzing similarity scores to authenticate the user (102) based on a predetermined authentication logic.
2. The method as claimed in claim 1, wherein the method further comprises:
selecting one or more security questions to perform primary level authentication based on
primary authentication data;
requesting the user (102) to provide responses to the one or more security questions; and initiating a secondary level authentication based on the responses, wherein in the
secondary level authentication the user (102) is requested to provide the one or more biometric
traits.
3. The method as claimed in claim 1, wherein the method further comprises:
upon applying the at least one background effect, ascertaining whether at least one of the one or more biometric traits provided by the user (102) is a live biometric, based on a liveness criteria; and
identifying the user (102) as an imposter, when it is determined that at least one biometric trait is not the live biometric.
32

4. The method as claimed in claim 1, wherein the method further comprises:
ascertaining whether the one or more biometric traits provided by the user (102) are encrypted; and
extracting feature information from each of the one or more biometric traits to generate the test biometric templates.
5. The method as claimed in claim 4, the extracting further comprises analyzing texture patterns of the one or more biometric traits to provide feature vectors representing the one or more biometric traits.
6. The method as claimed in claim 1, wherein the analyzing further comprises computing a fusion score based on the similarity scores using a fusion technique.
7. The method as claimed in claim 1, wherein the method further comprises selecting the one or more biometric traits that are to be requested from the user (102), and wherein the one or more biometric traits are selected randomly.
8. The method as claimed in claim 1, wherein the at least one template creation technique is a compression and encoding technique.
9. The method as claimed in claim 1, wherein the method further comprises storing the one or more biometric traits, geographic location of the user (102) and an authentication system (100) performing authentication process, and responses to one or more security questions.
10. The method as claimed in claim 1, wherein the applying comprises:
selecting the at least background effect to be applied on the one or more biometric traits, and regions of interest of the one or more biometric traits, based on the enrollee data (124); and
acquiring the regions of interest from the one or more biometric traits to obtain the intermediate test biometric templates.
33

11. An authentication system (100) comprising:
processor(s) (108);
an authentication module (118) coupled to the processors (108), the authentication module (118) configured to:
select one or more biometric traits that are to be requested from a user (102) based on enrollee data (124):
apply at least one background effect to the one or more biometric traits to obtain an intermediate test biometric template corresponding to each of the one or more biometric traits; and
generate a test biometric template corresponding to each of the intermediate test biometric templates based on at least one template creation technique; and an analysis module (120) coupled to the processors (108) configured to:
determine a similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates, wherein the reference biometric templates and the decoded reference biometric templates are generated based on the at least template creation technique and
analyze similarity scores to authenticate the user (102) based on a predetermined authentication logic.
12. The authentication system (100) as claimed in claim 11, wherein the authentication system
(100) further comprises an enrollee data creation module (116) coupled to the processors
(108) configured to:
obtain primary authentication information and secondary authentication information to populate the enrollee data (124); and
generate the reference biometric templates indentifying enrollees based on the at least one template creation technique.
13. The authentication system (100) as claimed in claim 12, wherein the enrollee data creation
module (116) is configured to generate multiple versions of each biometric trait associated
with an enrollee.
34

14. The authentication system (100) as claimed in claim 11, wherein the authentication module
(118) is configured to
ascertain whether the one or more biometric traits provided by the user (102) are encrypted; and
extract feature information from the one or more biometric traits to generate the test biometric templates.
15. The authentication system (100) as claimed in claim 11, wherein the authentication module
(118) is further configured to:
select one or more security questions to perform a primary level authentication based on primary authentication data (128);
request the user (102) to provide responses to the one or more security questions; and
initiate a secondary level authentication based on the responses, wherein in the secondary level authentication the user (102) is requested to provide the one or more biometric traits.
16. The authentication system (100) as claimed in claim 11, wherein the analysis module (120) is configured to compute a fusion score based on the similarity scores using a fusion technique.
17. The authentication system (100) as claimed in claim 11, wherein the at least one template creation technique includes a compressive sensing sampling technique and sparse signal representation technique.
18. The authentication system (100) as claimed in claim 11, wherein the authentication system (100) further comprises a composite analytical dictionary matrix, a composite signal dictionary matrix, and a composite feature dictionary matrix.
19. The authentication system (100) as claimed in claim 11, wherein the authentication system (100) is configured to operate in one of an authentication mode, an authorization mode, a description mode.
20. The authentication system (100) as claimed in claim 11, wherein the authentication system (100) further comprises a monitoring unit (152) configured to analyze the one or biometric traits to generate and monitor data associated with a medical and emotional state of the user (102).
35

21. A computer-readable medium having embodied thereon a computer program for executing a method for authenticating a user (102), the method comprising:
requesting the user (102) to provide one or more biometric traits to authenticate the user (102);
applying at least one background effect to the one or more biometric traits to obtain an intermediate test biometric template corresponding to each of the one or more biometric traits;
generating a test biometric template corresponding to each of the intermediate test biometric templates based on at least one template creation technique;
determining a similarity score for each test biometric template with respect to one of reference biometric templates and decoded reference biometric templates, wherein the reference biometric templates and the decoded reference biometric templates are generated based on the at least template creation technique; and
analyzing similarity scores to authenticate the user (102) based on a predetermined authentication logic.
36