Pointing device biometrics for continuous user authentication

What is claimed is: 1. A method comprising using at least one hardware processor for: receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, wherein the pointing device data comprises screen coordinate and time stamp pairs; monitoring an input data stream from a pointing device in real time, wherein the input data stream comprises screen coordinate and time stamp pairs and covers a plurality of spatial regions of a display screen; segregating the input data stream into at least one subset stream that is restricted to one of the plurality of spatial regions, wherein the segregating comprises: using multi-scale two-dimensional accumulator matrices to extract, from the input data stream: spatial clusters, and transition areas between the spatial clusters, having each screen coordinate in the input data stream vote for cells in each of the matrices, wherein the cells voted for are ones which contain the respective screen coordinate of the input data stream, and weighting the votes using at least one of the following parameters: speed of movement through the respective screen coordinate of the input data stream, and pressure applied by the human user to the respective screen coordinate of the input data stream; reducing a time needed for a user authorization system to verify an identity of the human user, and preventing accidental false-positive verification of the identity of the human user, by: segregating the at least one subset stream into further subsets of overlapping time windows, and computing a similarity score based on at least one comparison of the behavioral biometric model and each of the further subsets of overlapping time windows; and sending the similarity score to the user authorization system, to verify the identity of the human user. 2. The method according to claim 1 , further comprising the steps of: monitoring a training data stream from a pointing device of a user interface, wherein the pointing device is operated by an authorized user, and wherein the training data stream covers the plurality of spatial regions of the display screen; computing the plurality of spatial regions using spatial cluster analysis of the screen coordinates of the training data stream; segregating the training data stream into at least one subset training stream, each restricted to one of the plurality of spatial regions; and computing the behavioral biometric model from the at least one subset training stream. 3. The method according to claim 1 , wherein the behavioral biometric model is selected from the group consisting of a path model and a pattern model, wherein the path model is a statistical model of pointing device motions between the plurality of spatial regions, and wherein the pattern model is a statistical model of pointing device motions within the plurality of spatial regions. 4. The method according to claim 1 , wherein the pointing device data further comprises at least one from the group consisting of a mouse button transition a mouse button state, a combined keyboard and mouse button state, and a difference in timestamp values greater than a threshold. 5. The method according to claim 1 , further comprising at least one action from the group consisting of sending a notification, activating an alarm, and sending a login request. 6. The method according to claim 1 , further comprising the action of computing a confidence score based on a statistical power of the similarity score and the comparison of the behavioral biometric model and the at least one subset stream. 7. The method according to claim 1 , wherein the similarity score is computed from a plurality of comparisons of the behavioral biometric model and a plurality of subset streams, thereby providing an aggregate similarity score. 8. The method according to claim 1 , wherein the segregating of the input data stream into at least one subset stream comprises: finding an optimal number (G) of spatial clusters to extract from the input data stream, by fitting a mixture of density functions to the input data stream using maximum likelihood estimation. 9. The method according to claim 8 , wherein the finding of G further comprises: classifying each potential value of G by hierarchical agglomeration that approximately maximizes a classification likelihood, starting with each data point in a singleton cluster and successively merging pairs of spatial clusters that maximize an increase in classification likelihood, until only G clusters are left. 10. The method according to claim 9 , further comprising estimating and maximizing the mixture of density functions by: applying an Expectation-Maximization (EM) algorithm using an initial classification result from the hierarchical agglomeration. 11. The method according to claim 1 , further comprising creating the behavioral biometric model by: monitoring data streams from pointing devices operated by multiple different human users; generating a background model that comprises a common representative behavior of all the multiple different human users; and characterizing the pointing device data of the human user relative to the background model, to create the behavioral biometric model. 12. The method according to claim 11 , wherein the characterizing of the pointing device data of the human user relative to the background model comprises: constructing a multi-feature statistical model of the pointing device data of the human user, wherein the features are at least some of: a length of pointing device strokes, a curvature of pointing device strokes, a speed of pointing device strokes, and times of silence between pointing device strokes; and combining the features into high-level descriptors which best separate the human user from high-level descriptors of the multiple different human users. 13. A computerized system, comprising: at least one hardware processor; a user interface comprising a display screen and a pointing device; and a non-transitory computer-readable storage medium having program code embodied therewith, the program code executable by at least one hardware processor for: receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, wherein the pointing device data comprises screen coordinate and time stamp pairs; monitoring an input data stream from a pointing device in real time, wherein the input data stream comprises screen coordinate and time stamp pairs and covers a plurality of spatial regions of a display screen; segregating the input data stream into at least one subset stream that is restricted to one of the plurality of spatial regions, wherein the segregating comprises: using multi-scale two-dimensional accumulator matrices to extract, from the input data streat: spatial clusters, and transition area between the spatial clusters, having each screen coordinate in the input data stream vote for cells in each of the matrices, wherein the cells voted for are ones which contain the respective screen coordinate of the input data stream, and weighting the votes using at least one of the following parameters: speed of movement through the respective screen coordinate of the input data stream, and pressure applied by the human user to the respective screen coordinate of the input data stream; reducing a time needed for a user authorization system to verify an identity of the human user, and preventing accidental false-positive verification of the identity of the human user, by: segregating the at least one subset stream into further subsets of overlapping time window