AUTH·ENTICATION BY KEYSTROKE
`TIMING: SOME PRELIMINARY
`RESULTS
`
`PREPARED UNDER A GRANT FROM THE NATIONAL SCIENCE FOUNDATION
`
`R. STOCKTON GAINES, WILLIAM LISOWSKI,
`S. JAMES PRESS, NORMAN SHAPIRO
`
`R-2526-NSF
`MAY 1980
`
`Rand
`
`SANTA MONICA, CA. 90406
`
`ASSA ABLOY Ex. 1011 - Page 1
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`Report Documentation Page
`
`Form Approved
`OMB No. 0704-0188
`
`Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and
`maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information,
`including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington
`VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it
`does not display a currently valid OMB control number.
`
`1. REPORT DATE
`MAY 1980
`
`2. REPORT TYPE
`
`4. TITLE AND SUBTITLE
`Authentication by Keystroke Timing: Some Preliminary Results
`
`6. AUTHOR(S)
`
`7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES)
`Rand Corporation,1776 Main Street,PO Box 2138,Santa
`Monica,CA,90407-2138
`
`3. DATES COVERED
` 00-00-1980 to 00-00-1980
`
`5a. CONTRACT NUMBER
`5b. GRANT NUMBER
`5c. PROGRAM ELEMENT NUMBER
`5d. PROJECT NUMBER
`5e. TASK NUMBER
`5f. WORK UNIT NUMBER
`
`8. PERFORMING ORGANIZATION
`REPORT NUMBER
`
`9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES)
`
`10. SPONSOR/MONITOR’S ACRONYM(S)
`
`11. SPONSOR/MONITOR’S REPORT
`NUMBER(S)
`
`12. DISTRIBUTION/AVAILABILITY STATEMENT
`Approved for public release; distribution unlimited
`
`13. SUPPLEMENTARY NOTES
`14. ABSTRACT
`
`
`15. SUBJECT TERMS
`16. SECURITY CLASSIFICATION OF:
`
`a. REPORT
`unclassified
`
`b. ABSTRACT
`unclassified
`
`c. THIS PAGE
`unclassified
`
`17. LIMITATION OF
`ABSTRACT
`Same as
`Report (SAR)
`
`18. NUMBER
`OF PAGES
`51
`
`19a. NAME OF
`RESPONSIBLE PERSON
`
`Standard Form 298 (Rev. 8-98)
`Prescribed by ANSI Std Z39-18
`
`ASSA ABLOY Ex. 1011 - Page 2
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`The research in this report is supported by the National Science Foundation
`under Grant No. MCS76-00720.
`
`The Rand Publications Series: The Report is the principal publication doc•
`umenting and transmitting Rand's major research findings and final research
`results. The Rand Note reports other outputs of sponsored research for
`general distribution. Publications of The Rand Corporation do not neces(cid:173)
`sarily reflect the opinions or policies of the sponsors of Rand research.
`
`Published by The Rand Corporation
`
`ASSA ABLOY Ex. 1011 - Page 3
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`AUTH·ENTICATION BY KEYSTROKE
`TIMING: SOME PRELIMINARY
`RESULTS
`
`PREPARED UNDER A GRANT FROM THE NATIONAL SCIENCE FOUNDATION
`
`R. STOCKTON GAINES, WILLIAM LISOWSKI,
`S. JAMES PRESS, NORMAN SHAPIRO
`
`R-2526-NSF
`MAY 1980
`
`Rand
`
`SANTA MONICA, CA. 90406
`
`ASSA ABLOY Ex. 1011 - Page 4
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-iii-
`
`PREFACE
`
`This report was prepared as part of Rand's research project on
`Computer Security, sponsored by the National Science Foundation under
`Grant No. MCS76-00720.
`The growing use of computers to store sensitive, private, and
`classified information makes it increasingly important to be able to
`determine with a very high degree of confidence the identity of an
`individual seeking access to the computer. This report summarizes
`preliminary efforts to establish whether an individual can be iden(cid:173)
`tified by the statistical characteristics of his or her typing.
`The investigation was carried out under the joint direction of
`Stockton Gaines and Norman Shapiro, who are responsible for the central
`idea of using keystroke timing as the basis for an authentication sys(cid:173)
`tem. They also developed the textual material upon which the experiment
`was based, and they conducted the experiment.
`James Press developed the
`statistical model for authentication, directed the analysis of the
`experimental data, and drafted the report. William Lisowski programmed
`the authentication procedure for the computer, developed programs for
`analyzing the data, and ran the data through the routines.
`
`ASSA ABLOY Ex. 1011 - Page 5
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-v-
`
`SUMMARY
`
`Can people be identified by the way they type? To investigate
`
`this question, an experiment was carried out at Rand, in which seven
`professional typists were each given a paragraph of prose to type, and
`the times between successive keystrokes were recorded. This procedure
`
`was repeated four months later with the same typists and the same para(cid:173)
`graph of prose. B.y examining the probability distributions of the
`times each typist required to type certain pairs of successively typed
`letters (digraphs), we found that of the large number of digraphs rep(cid:173)
`resented in most ordinary paragraphs, there were five which, considered
`together, could serve as a basis for distinguishing among the subjects.
`The implications of this finding are that touch typists appear to have
`a typing "signature," and that this method of distinguishing subjects
`
`might provide the basis for a computer authentication system.
`
`ASSA ABLOY Ex. 1011 - Page 6
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-vii-
`
`CONTENTS
`
`PREFACE
`
`SUMMARY
`
`Section
`I.
`INTRODUCTION
`
`II.
`
`THE EXPERIMENT
`
`III.
`
`IV.
`
`THE STATISTICAL MODEL
`Intro due tion •••••••••••••••••••••••••••••••••••••••••••
`Authentication Equations and Procedure •••••••••••••••••
`Extensions of the Model •••••••••••••••,o•••••••••••••••
`
`STATISTICAL DATA ANALYSIS
`Background
`Consistency
`Development
`
`of Typing Patterns Over Time·••••••••••••••
`of an Authentication Procedure•••••••••••••
`
`v.
`
`CONCLUSIONS
`
`Appendix
`DERIVATION OF THE STATISTICAL MODEL FOR AUTHENTICATION
`
`BIBLIOGRAPHY
`
`iii
`
`V
`
`1
`
`4
`
`9
`9
`11
`13
`
`15
`15
`20
`25
`
`31
`
`33
`
`41
`
`ASSA ABLOY Ex. 1011 - Page 7
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-1-
`
`I.
`
`INTRODUCTION
`
`This report describes the preliminary results of an investigation
`of the feasibility of using keystroke timing as the basis for authen(cid:173)
`ticating individuals seeking access to sensitive information stored in
`a computer.
`In many such applications, authentication might be carried
`out using software stored in the computer itself. The fundamental
`question that must be answered is, Do people type in timing patterns
`that are so individual that one typist can be distinguished from
`another, with extremely high reliability, on the basis of their typing
`"signatures"?
`There is some a priori reason to believe that individuals type dif(cid:173)
`ferently in a statistically significant way. For instance, it has been
`known that people who use a telegraph key develop a distinctive "fist"
`or telegraphic style that can be recognized. Amateur radio operators
`can often tell which of their friends is transmitting, before direct
`identification is received. Moreover, it has been discovered that not
`only is the form of an individual's written signature unique and dis(cid:173)
`tinctive, so are other aspects of writing a signature. The pen pres(cid:173)
`sure used in producing the signature and the acceleration of the pen
`are variables that can be measured and whose patterns can be associated
`very accurately with the signer. Because the act of typing is mainly
`one of involuntary control of finger movements, at least in the case
`of a skilled typist, we had reason to hope at the beginning of this
`investigation that typing patterns would be both different enough be(cid:173)
`tween individuals and consistent enough over time that authentication
`*
`based on the timing characteristics of typing would be feasible.
`To investigate the extent to which typing signatures exist, and
`to evaluate whether or not individuals can actually be authenticated
`on the basis of them, we designed an experiment involving a typing
`
`* We also examined the earlier efforts to analyze individual
`typing behavior reported by Coover (1923), Dvorak et al. (1936),
`Harding (1933), Lahy (1924), Neal (1977), Ostry (1977), and Rochester
`et al. (1967).
`
`ASSA ABLOY Ex. 1011 - Page 8
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-2-
`
`"test," which we administered to subjects. After analyzing the statis(cid:173)
`tical properties of the subjects' typing patterns, we developed a sta(cid:173)
`tistical model for authenticating subjects; we then applied the model
`to the data from the e~periment. The results were sufficiently promis(cid:173)
`ing to suggest both that more extensive experimentation should be under,...
`taken and that the development of the statistical model should be
`broadened to extend its applicability.
`The experiment is described in Sec. II. Briefly, it involved the
`collection of samples of keystroke timing from seven individuals at
`two different times, separated by four months. However, only six were
`available for the second data collection. The statistical model used
`to analyze the data is described in Sec. III, and the detailed analysis
`of those data is presented in Sec. IV. The mathematical details of the
`model are
`in the Appendix.
`Prior to performing our detailed
`, we conducted the follow-
`ing informal experiment: One member of the project staff was
`all
`the data, with the names of the individuals removed. The data consisted
`of each individual's average time for typing each digraph, i.e., each
`pair of letters typed successively in a text.
`This person then tried to match the data from the first period with
`those from the second
`don an individual-by-individual basis. He
`was able to do this with 100 percent success; he was even able to
`identify the set of data from the individual who took the test the first
`time but was not present for the second session. The comparison was
`simply performed by eye, without using any sort of formal analysis rou(cid:173)
`tines. This result considerably strengthened our hypothesis that in(cid:173)
`dividual typing characteristics are substantially different between in(cid:173)
`dividuals.
`There are, of course, many ways in which a "signature" might occur
`in an individual's typing patterns. We might have looked, for example,
`at the time to type entire words, entire sentences, or entire paragraphs.
`However, we chose to examine digraphs, because they seemed the most
`elemental typing units. Future analyses might explore the potential of
`using other data for authentication. The success we achieved with
`
`ASSA ABLOY Ex. 1011 - Page 9
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-3-
`
`digraphs strengthened our belief that they are useful for authentication,
`but we have by no means ruled out the possibility that other measures
`might be even more useful.
`
`ASSA ABLOY Ex. 1011 - Page 10
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-4-
`
`II. THE EXPERIMENT
`
`Our experiment on keystroke timing involved having six touch typists
`(professional secretaries at Rand) type each of three specially pre-
`*
`They were then asked to repeat this task four months
`pared texts.
`later, using precisely the same texts. We were thus able to study vari(cid:173)
`ations across people who took the same test at the same time, and we
`could also study typing consistency for a given individual typing the
`same text at a later time. Two of the six typists studied were left(cid:173)
`handed and four were right-handed.
`The three texts are reproduced in Figs. 1 through_ 3, The. first
`(Text 1) was designed to read as ordinary English text; the second
`(Text 2) is a collection of "random'' English words; and the third
`(Text 3) is a collection of "random" phrases. We originally hoped to
`be able to make separate conclusions about how individuals differ in
`their typing of the three kinds of textual material. As it turned
`out, however, there was insufficient information in any one of the
`texts to permit statistical inferences to be drawn from that text
`alone. Therefore, we pooled the information in the three texts, so
`our data base was developed by using the three texts as if they were
`one long continuous text.
`The typing keyboards were part of a PDP-11/45 computer system.
`A timer was installed within the system to record the time at which
`each key was struck. A small program then calculated the time between
`each pair of successive letters, or digraphs. The time between suc(cid:173)
`cessive letters is referred to as the "digraph time." Thus, the time
`it takes to type io is one digraph time, and the time to type on is
`(Although we have so far analyzed only digraph times, we can
`another.
`envision using trigraphs such as ion or tetragraphs such as tion!I as
`well.) The digraphs we have considered involve only lower-case letters
`and spaces; upper-case letters, carriage returns, punctuation, and
`
`,'<:
`There were originally seven subjects, but one was not available
`to complete the experiment.
`
`ASSA ABLOY Ex. 1011 - Page 11
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`Most Americans now do at least some of their buying on credit and most
`have some form of life, health, property or liability insurance.
`Institutionalized medical care is almost universally available. Govern(cid:173)
`ment social services programs now reach deep into the population along
`with government licensing of occupations and professions, federal taxa(cid:173)
`tion of individuals, and government regulation of business and labor
`union affairs. Today government regulates and supports large areas of
`economic and social life through some of the nation's largest bureau(cid:173)
`cratic organizations, many of which deal directly with individuals.
`In fact, many of the private sector record keeping relationships dis(cid:173)
`cussed in this report are to varying degrees replicated in programs
`administered or funded by federal agencies.
`
`A significant consequence of this marked change in the variety and
`concentration of institutional relationships with individuals is that
`record 1'~e~i~g about individuals now covers almost everyone and influ(cid:173)
`ences everyone's life, from the business executive applying for a
`personal loan to the school teacher applying for a national credit
`card, from the riveter seeking check guarantee privileges from the
`local bank to the young married couple trying to finance furniture for
`their first home. All will have their creditworthiness evaluated on
`the basis of recorded information in the files of one or more organi(cid:173)
`zations. So also with insurance, medical care, employment, education,
`and social services. Each of those relationships requires the indi(cid:173)
`vidual to divulge information about himself, and usually leads to
`some evaluation of him based on information about him that some other
`record keeper has compiled.
`
`Fig. 1 -
`
`Sample 1
`
`ASSA ABLOY Ex. 1011 - Page 12
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-6-
`
`plasma wring fork gnome twitch vapor proms doze half blur whimper
`fib fuzzy eggnog docent wry placard gyp pablum duffle twenty
`extract wheeze ward churn endurable bystander legible avid razz
`vivisect swat hull smirk paams type active keys lyse skirmish
`frenzy fox extra hubby swamp excite skies keg stanza pun kill
`form sweaty foxy half smuggler lava excise under duffer fuzzy
`active churn smirk half form exise twitch under docent legible
`extract wheeze ward pablum wring doze smuggler keys skirmish
`bystander gnome endurable swamp plasma vapor avid half frenzy
`stanza placard prams vivisect keg fork gyp sweaty pun skies blur
`eggnog razz type swat lyse hubby excite kill duffle foxy lava wry
`fib proms hull fox extra twenty whimper duffer pun form ward
`churcn fork eggnog plasma skirmish endurable razz active foxy swat
`excite vivisect twenty placard fuzzy wheeze fox smuggler avid
`hull fib type docent bystander prams blur pablum doze lyse
`extract duffer keys vapor duffle under skies wry whimper swamp
`kill smirk twitch keg frenzy sweaty hubby excise stanza gyp half
`proms lava gnome wring half legible extra keys frenzy extract
`swamp kill smuggler wring gyp plasma bystander vivisect half
`active under wheeze stanza skies hubby placard type fuzzy
`endurable legible duffer twenty doze skirmish pablum docent foxy
`vapor ward blur eggnog pun proms fox excite lyse half twitch
`duffle lava sweaty form avid prams smirk fork whimper keg gnome
`hull extra churn excise wry swat fib razz eggnog duffer half
`excite pun type placard bystander smuggler hull endurable frenzy
`half keys skies legible hubby fork fib blur twitch swat skirmish
`swamp wheeze gnome active gyp razz lyse extract duffle ward smirk
`whimper excise prams avid proms wry fuzzy stanza vapor under doze
`form pablum twenty docent lava plasma vivisect wring sweaty foxy
`churn extra kill fox keg
`
`Fig. 2 · - Sample 2
`
`ASSA ABLOY Ex. 1011 - Page 13
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`This typing exercise is a strange jumble of awkward phrases,
`representing the quintessence of exquisite digraphs dictated by a
`foreign midget. It is a plethora of puzzling words under the guise
`of psychological authentication policy, although you may perceive
`it quizzically as an ambiguous wasteful plot to overcome summertime
`melancholy. Your vituperations against this phenomenon will add to
`the dense psychodrama in which this impossible business is entwined.
`The hyphenated rhythms of this ridiculous nightmare may elicit
`smothered teardrops as well as excited little laughs. The psychotic
`excesses may lead to indefinite suspense or mumbling traditional
`, or may just produce a kind of loud ringing in the ether.
`Whatever the consequence, enough mystic bifurcations dangled and
`untried will decimate the ranks of all but the most adventurous or
`If it is rough, pound it; if lousy, fight it. All is
`mercenary.
`fair in cybernetic war if plotted smartly.
`
`The English jury snapped under the known betrayal, but still
`sent the European ragamuffin to the penitentiary. The earthenware
`was made from black milk, pounded to a chalky consistency. The
`sedentary safecracker succeeded by using a lubricated blue pencil.
`He would swear that a snafu was unsynchronized, although fencing
`at a high altitude was crass. The excluded sex rarely chuckles
`unless judiciously engaged in schoolwork. The phenomenal pansies
`growing aside the softball mound were fortuitous twins. Stubble in
`bulk should be checked. The suspected lubber did not wear sable
`onto the frigate. A blank lethargy results from a lackadaisical
`If you are dumbfounded, you may quit and go dancing
`twiddling.
`or bicycle on the promenade.
`
`, Fig. 3 -
`
`Sample 3
`
`ASSA ABLOY Ex. 1011 - Page 14
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-8-
`
`special characters have been ignored because of their relative infre(cid:173)
`quency in typewritten material. The digraph times ranged from a mini(cid:173)
`mum of about 75 milliseconds to a maximum of several seconds_ (times
`were recorded to an accuracy of within 1 millisecond). The extremely
`high values probably represented some external interruption of the
`typing task. The typical digraph time was around 125 milliseconds.
`Once we started analyzing the digraph times, it became clear that
`in future experiments we could avoid certain problems by building into
`our experimental texts a certain minimum number of replications of
`"important'' digraphs; moreover, we would try to make the texts used
`in multiple-text experiments more unlike one another than those used
`in the initial experiment. Finally, we would use a larger number of
`subjects in subsequent experiments.
`
`ASSA ABLOY Ex. 1011 - Page 15
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-9-
`
`III. THE STATISTICAL MODEL
`
`INTRODUCTION
`The statistical model we have adopted assumes that a person (called
`the "originator") who will later desire to gain access to a computer
`types some predesignated text into the computer, which then retains in(cid:173)
`formation regarding the keystroke-typing time. Later, another person
`(called the "claimant") who wishes access to the computer and who makes
`a claim to being the originator is asked by the computer to typ~ in
`another predesignated text. The computer must now compare the keystroke(cid:173)
`typing time patterns of the claimant with those of the originator. If
`the two are the same, at least in terms of their statistical character(cid:173)
`istics, then a system based upon our model will authenticate the claimant
`as being the same person as the originator; if the patterns do not match,
`the system will not authenticate the claimant and will not allow him to
`. log on •.
`An authentication system can~make two types of error:
`a "primary"
`error, in which an unauthorized person (impostor) is granted access to
`the computer; and a "secondary" error, in which the system fails to
`give access to an authorized person. While the terms "primary" and
`"secondary" are of course arbitrary, a primary error would, in most
`contexts, be much worse than a secondary error.
`(An exception would
`be the case in which a decisionmaker, such as an army general, must
`issue counterattack commands immediately, in response to an attack,
`and he must do it through a computer.
`If the computer security system
`fails to authenticate him and denies him access, precious minutes are
`lost while the general tries to get his counterattack started.)
`The hypothetical authentication system considered here is based
`upon a statistical model that uses the classical theory of hypothesis
`testing. The basic ideas behind classical hypothesis testing have
`been amply described elsewhere, so they will not be repeated here. We
`will build and draw upon them, however.
`In the authentication problem, we will use H to denote the hypoth(cid:173)
`esis that the claimant and the originator are the same person, and A
`
`ASSA ABLOY Ex. 1011 - Page 16
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`will denote the hypothesis that the claimant and the originator are
`different persons, i.e., that the claimant is an impostor.
`We test H versus A in terms of the significance level of the test,
`which is normally written,
`
`a= P{rej. HjH} = P{making a secondary error}.
`
`The probability of making the other kind of error is given by
`
`B P{rej. AjA} = P{making a primary error}.
`
`In many problems of inference, a is taken to be .01, 05, or .10. We
`will also work in this range.
`Ideally, we should attempt to simultaneously minimize a and S,
`but unfortunately, we cannot reduce one without increasing the other.
`In keeping with normal statistical practice, therefore, we will fix a
`in advance at some tolerably low level and try to keep 6 as small as
`possible.
`In our problem, we will use a test statistic U that reflects the
`difference in keystroke patterns between the originator and the
`claimant. If the two individuals are the same person, U should be
`small (i.e., not significant, reflecting only random sampling varia(cid:173)
`tion), and we should not want to reject H. Therefore, the p-value
`corresponding to an observed U should be large (2:_ .05). If in fact the
`p-value is small, we generate a secondary error.
`Alternatively, suppose the originator and the claimant are dif(cid:173)
`ferent persons.
`In this case, U should be large (significant), and
`we should want to reject H. Therefore, the p-value should be small
`(< .05).
`If in fact the p-value is large, we generate a primary error.
`These concepts are summarized in Table 1.
`We derived the test procedure for our problem on the basis of a
`classical likelihood ratio test. The procedure is summarized below;
`the technical details of the derivation are given in the Appendix.
`
`ASSA ABLOY Ex. 1011 - Page 17
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-11-
`
`Table 1
`
`ERROR CONCEPTS
`
`p-value Large
`(accept H)
`
`p-value Small
`(reject H)
`
`No error
`
`Secondary error
`
`Primary error
`
`No error
`
`His true:
`originator and
`claimant are the
`same person
`His false:
`originator and
`claimant are
`different persons
`
`AUTHENTICATION EQUATIONS AND PROCEDURE
`The subject whose keystroke typing patterns are being evaluated
`(either claimant or originator) is asked to type a paragraph of prose,
`and the computer records the time between all successive keystrokes.
`For a judiciously selected group of digraphs, the authentication pro(cid:173)
`cedure will compare the digraph times from the claimant's sample with
`those from the originator's sample.
`For example, the originator types the digraph th ten times in some
`nonrepetitive, prose context (to avoid "learning"), with a mean digraph
`time of 85 milliseconds and a standard deviation of 5 milliseconds.
`The claimant then types the th digraph 15 times, with a mean digraph
`time of 150 milliseconds and a standard deviation of 10 milliseconds.
`In this case, it seems likely that the claimant is an impostor.
`The raw data collected in any real situation are likely to show
`that digraph times for a specific digraph are roughly log-normally
`distributed (see Sec. IV). Thus, their logarithms are approximately
`normally distributed. We assume in the authentication equations that
`the variables created by transformation from the raw data are approxi(cid:173)
`mately normally distributed.
`We work simultaneously with r distinct digraphs, each of which is
`assumed to be typed M times by the originator and N times by the
`claimant.
`In fact, because of typing errors, subjects tended to type
`different numbers of replications of a given digraph. For example,
`
`ASSA ABLOY Ex. 1011 - Page 18
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-12-
`
`if one typist inadvertently omitted a word that included a th, while
`all of the others made no errors involving a th, that typist would
`have one fewer replication for th than the others. For purposes of
`analyzing the text obtained from an originator, we selected the first
`M replications of a given digraph in the text (for the claimant, we
`selected the first N), and we ignored the remainder. Mand N were de(cid:173)
`termined as the smallest number of replications that occurred for all
`r digraphs. Thus, if there were three digraphs to be considered for
`the originator and one was replicated 12 times, another 15 times, and
`the third 15 times, we would select M=12, because there were at least
`12 replications in all three (and the statistical model requires an
`equal number for all digraphs). We would then select for analysis the
`first 12 occurrences of each of the three types of digraphs in the
`originator's text.
`We assume that the M+N digraph times for each of the r digraphs
`(that is, (M+N}r distinct times) are mutually independent. We know,
`of course, that this assumption is not strictly true, but we adopt it
`for simplicity as a first approximation to see if a system can even(cid:173)
`tually be developed around it. Clearly, the third time a th is typed
`in no way influences (pr is influenced by) the fourth time a th is
`typed by the same person; nor is there generally any natural way to
`pair the digraph times for any particular pair of digraphs (identical
`or not).
`We assume that the distribution of the time required to type a
`particular digraph has, after transformation to normality, the same
`variance for both originator and claimant. That is, the variance of
`the transfonned digraph time distribution for a th will be taken to
`be the same for both originator and claimant, although variances for
`different digraphs such as th and he are permitted. The mean digraph
`times are of course permitted to differ from one another, both across
`digraphs and between claimant and originator; in fact, the test of
`hypotheses H versus A will be carried out on the basis of how the mean
`digraph times of claimant and originator compare. The assu:rnption of;
`equal variances for claimant and originator made above is justifiable
`on the basis of the well-known metatheorem in statistical theory:
`
`ASSA ABLOY Ex. 1011 - Page 19
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-13-
`
`Tests for equality of means, under normality, are fairly insensitive
`to violations of the assumption of equal variances. This is a robust(cid:173)
`ness property of Student t-tests. Thus, the statistical model for
`authentication basically involves testing the hypotheses that the mean
`vectors (vectors of mean digraph times} for two multivariate normal
`populations are or are not the same, assuming that the two populations
`have the same diagonal covariance matrix (diagonal, because the digraph
`1
`~ A likelihood ratio test is
`times are assumed to be independent}.
`carried out to develop an appropriate test statistic, and it is found,
`not surprisingly, that the test statistic is a function of the cor(cid:173)
`In fact,
`responding Student t-statistics for each of the digraphs.
`the test consists of adding 1 to the Student t-statistic for each di(cid:173)
`graph, then multiplying all of them together. A monotone function of
`this product is tested for significance.
`
`EXTENSIONS OF THE. MODEL
`Extensions of this statistical model could conceivably involve
`development of models that permit different numbers of replications
`for different digraphs, unequal variances for the distributions of
`digraph times for claimant and originator, correlations of times for
`distinct digraphs, and perhaps a better approximation to the distribu(cid:173)
`tion of a product of independent beta variates than the one developed
`in the Appendix. Such extensions could increase the flexibility of
`an eventual authentication system and might improve the precision of
`such a system by providing statistical tests that are more powerful
`and make fewer errors. We might also develop a measure of sensitivity
`of the authentication tests based upon the notion of "power" of a test
`of hypotheses. We are considering an alternative model in which the
`parameters of the originator's digraph distributions are assumed to be
`
`,'<
`It is clearly important to test this assumption. A fundamental
`problem, however, is that there is no natural pairing of digraphs that
`will permit us to compute the sample correlation of digraph times
`across N pairs. Alternatively, we computed sample correlations across
`In all
`the first occurring sets of pairs for a great many digraphs.
`such cases, the correlations were not significant at the 5 percent
`level of significance.
`
`ASSA ABLOY Ex. 1011 - Page 20
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-14-
`
`known, because the schema we envision should permit us to obtain large
`numbers of replications of digraphs for the originator, although prob(cid:173)
`ably not for the claimant.
`
`ASSA ABLOY Ex. 1011 - Page 21
`ASSA ABLOY AB v. CPC Patent Technologies Pty Ltd.
`IPR2022-01006 - U.S. Patent No. 9,665,705
`
`

`

`-15-
`
`IV. STATISTICAL ANALYSIS
`
`BACKGROUND
`The data collected in the experiment include typescripts of three
`structured texts, typed on two different occasions by six touch typists.
`The dates on which the experiment was administered, August 16 and
`December 14, 1977, were four months apart. Six subjects participated
`in the experiment, but all of them did not type all three texts each
`time. Typist 2 failed to type Text 3 in December; Typist 3 failed to
`type Texts 2 and 3 in August; and Typist 6 failed to type Text 2 in
`August. The missing data are surrnnarized