Patent Application
20200089852
The present disclosure relates to electronic devices and, more particularly, to user interfaces for portable electronic devices.
Passwords remain the dominant approach for user authentication by computer systems because of their simplicity, legacy deployment and ease of revocation. Unfortunately, common approaches to entering passwords by way of keyboard, mouse, touch screen or any traditional input device, are vulnerable to attacks such as shoulder surfing and password snooping.
Shoulder-surfing is an attack on password authentication that has traditionally been hard to defeat. It can be done remotely using binoculars and cameras, using keyboard acoustics, or embedded keystroke tracking software. Access to the user's password simply by observing the user entering a password undermines the effort of encrypting passwords and protocols for authenticating the user securely. To some extent, the human actions when inputting the password are the weakest link in the chain.
Biometric authentication approaches, which identify individuals based on physiological characteristics, have the advantage that they are harder to replicate and therefore are not susceptible to the risks of shoulder surfing. However, biometric techniques suffer from the drawback that physiological characteristics are nonsecret and non-revocable. While it is easy for a user to change a password, it is perhaps not possible for the user to change a fingerprint.
Some embodiments of the present disclosure are directed to a method of performing operations on a processor of an electronic device. The operations include receiving a personal identification number (PIN) comprising a sequence of numeric digits. For each digit of the PIN, the operations receive from a fingerprint detector sensor a digital fingerprint scan of a finger, and register the digital fingerprint scan of the finger associated with the digit of the PIN. The operations later initialize a sequence of PIN digit counters, and set a PIN digit pointer to reference a first one of the PIN digit counters in the sequence. The operations receive from the fingerprint detector sensor a digital fingerprint scan of a finger. When the digital fingerprint scan matches the digital fingerprint scan that was registered for the digit of the PIN which corresponds to the PIN digit counter referenced by the PIN digit pointer, the operations increment the PIN digit counter referenced by the PIN digit pointer. In contrast, when the digital fingerprint scan does not match the digital fingerprint scan that was registered for the digit of the PIN which corresponds to the PIN digit counter referenced by the PIN digit pointer, but does match the digital fingerprint scan that was registered for the next one of the PIN digits in the sequence, the operations move the PIN digit pointer to reference the next one of the PIN digit counters in the sequence, and increment the next one of the PIN digit counters that is referenced by the PIN digit pointer. When a PIN entry completion condition is satisfied, the operations selectively allow electronic access by a user to an application processed by the processor of the electronic device based on determining whether the sequence of PIN digit counters contain values matching the PIN.
Corresponding operations by computer program products and electronic devices are disclosed. Other methods, computer program products, and electronic devices according to embodiments will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such additional methods, computer program products, and electronic devices be included within this description, be within the scope of the present inventive subject matter, and be protected by the accompanying claims. Moreover, it is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
Other features of embodiments will be more readily understood from the following detailed description of specific embodiments thereof when read in conjunction with the accompanying drawings, in which:
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention. It is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
As explained above, password entry remains a weakness in efforts to improve user authentication effectiveness. Some electronic devices authenticate users using digital fingerprint scans. One security weakness with this approach is that fingerprints are not secret, and can be easily observed and may be replicated to obtain unauthorized access to such electronic devices. Moreover, fingerprint authentication operations provide a single factor authentication, i.e., where the scanned fingerprint matches the registered fingerprint or it does not.
Various embodiments of the present disclosure are directed to providing improved fingerprint authentication operations that perform matching of digital fingerprint scans to registered digital fingerprints, in combination with matching a registered sequence of fingers that are scanned and a counted number of scans of each of the fingers in the sequence. These operations provide multi-factor authentication for fingerprint-based access control to electronic devices. The order of scanned fingers and the number of repetitive scans of each of the fingers in the sequence can be registered and stored in a data structure in a memory of the electronic device during a registration process, and maintained as a secret by the authentic user (e.g., registered owner of the electronic device and/or an application processed by the electronic device). Accordingly, replication of the fingerprint of the authentic user by a fraudster may satisfy one but not all the required multi-factor authentication operations, so the electronic device would prevent access to an application or other content of the electronic device.
The array of capacitive sensor elements 202 outputs a digital fingerprint scan of a user's finger. The scan can contain an array of capacitance values measured by the elements 202 based on capacitive coupling to the ridges and valleys of the epidermis layer of the finger which form a fingerprint. In some other embodiments, the array of capacitive sensor elements 202 is configured to capacitively couple to a subdermal layer of the user's finger, such as to the small blood vessels and tissue structure within the skin of the finger. The capacitance values from the capacitive sensor elements 202 contained in a digital fingerprint scan can be processed by the processor as a grayscale image of the fingerprint to identify features that are compared against a fingerprint that has been earlier registered by an authentic user in an authentication data structure stored in a memory of the electronic device 100 during a registration process for the electronic device 100 and/or an application processed by the electronic device 100.
A user is authenticated by the processor of the electronic device 100 based on whether the user scans different fingers a defined number of times with the fingerprint detector sensor 102 to generate digital fingerprint scans which match the registered fingerprint scans and corresponding repeated numbers that have been earlier registered in the authentication data structure. Thus, in some embodiments, the processor of the electronic device can be configured to selectively allow electronic access by a user to an application processed by the processor of the electronic device based on determining a combination of whether the digital fingerprint scans match a defined number of digital fingerprints stored in the authentication data structure and whether an order of the digital fingerprint scans in the sequence matches a registered order of the defined number of digital fingerprints.
Accordingly, a fraudster may be able to replicate the fingerprints of enough fingers of the authentic user for digital scanning by the sensor 102 to satisfy the authentication requirement that the digital fingerprint scans match registered fingerprint scans stored in the authentication data structure. However, the fraudster would not know the required order in which the fingerprints must be scanned and the number of times that each finger in the sequence must be scanned, since that is secret to the authentic user. The fraudster would therefore not be able to successfully complete authentication and would consequently be prevented from accessing content of the electronic device.
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
In contrast, when the digital fingerprint scan is determined 506 to not match the digital fingerprint scan that was registered for the digit of the PIN which corresponds to the PIN digit counter referenced by the PIN digit pointer, but is further determined 510 to match the digital fingerprint scan that was registered for the next one of the PIN digits in the sequence, the operations move 512 the PIN digit pointer to reference the next one of the PIN digit counters in the sequence, and increment the next one of the PIN digit counters that is referenced by the PIN digit pointer.
When a PIN entry completion condition is determined 514 to be satisfied, a determination 516 is made whether the sequence of PIN digit counters contain values matching the registered PIN. The operations selectively allow 518/520 electronic access by a user to an application processed by the processor of the electronic device based on determining whether the sequence of PIN digit counters contain values matching the PIN. For example, when a match is determined 516, the operations allow 518 electronic access by communicating a user authentication completed message to the application. In contrast, when a match is not determined 516, operations prevent 520 electronic access by communicating a user authentication failed message to the application.
In a further embodiment, when the PIN entry completion condition is satisfied 514, the operations allow electronic access by the user to the application processed by the processor of the electronic device based on determining that the sequence of PIN digit counters contain values matching the PIN, and prevent electronic access by the user to the application processed by the processor of the electronic device based on determining that the sequence of PIN digit counters does not contain values matching the PIN.
In a further embodiment, the operations to selectively allow electronic access include receiving, from a user through a user interface of the electronic device, a command to login to the application. The operations communicate a user authentication failed message to the application responsive to determining that the sequence of PIN digit counters contain values that do not match the PIN. In contrast, the operations communicate a user authentication completed message to the application responsive to determining that the sequence of PIN digit counters contain values matching the PIN.
Referring to
Corresponding operations of the device 100 include receiving 610 two time-spaced apart scans of finger 400a (e.g., thumb), receiving 612 one scan of finger 400b (e.g., index finger), receiving 614 three time-spaced apart scans of finger 400c (e.g., ring finger), and receiving 616 four time-spaced apart scans of finger 400d (e.g., little finger).
Referring to
For example, when the third finger 400c is scanned and determined to have an angle between 30 and 60 degrees relative to a longitudinal axis of the device 100, the operations may add an offset value of 2 or another defined value to the third PIN digit counter. In this manner, the device 100 for the user may define an offset value that can be selectively added to the PIN digit counter that is presently being incremented, which may be useful to allow the user to perform less finger scans in order to reach a higher value number corresponding to that digit of the PIN (e.g., to reach values 6-9).
The operations to determine the offset value corresponding to the rotational angle, can include selecting an offset value from among a set of offset values responsive to the rotational angle, where each of the offset values in the set is associated with a different defined range of rotational angles.
The operations to receive 700 from the fingerprint detector sensor 102 a digital fingerprint scan of a finger, can include receiving from the digital fingerprint scan an array of capacitance values measured by the array of capacitive sensor elements based on capacitive coupling to fingerprint ridges and valleys of a finger, and measuring a rotational angle between a pattern of the capacitance values in the array and a pattern of capacitance values that have been earlier registered for the digit of the PIN which corresponds to the PIN digit counter.
When the digital fingerprint scan matches the digital fingerprint scan that was registered for the digit of the PIN which corresponds to the PIN digit counter referenced by the PIN digit pointer, the electronic device 100 may perform operations that receive an indication of a rotational angle of the digital fingerprint scan. The operations can determine a mathematical operation corresponding to the rotational angle, and modify a value which contained in the PIN digit counter referenced by the PIN digit pointer, responsive to the mathematical operation.
The operations to determine the mathematical operation corresponding to the rotational angle, can include selecting the mathematical operator from among a set of mathematical operators responsive to the rotational angle, wherein each of the mathematical operators in the set is associated with a different defined range of rotational angles.
For example, when the fourth finger 400d is scanned and determined to have an angle between 30 and 60 degrees relative to a longitudinal axis of the device 100, the operations may select an mathematical operator of multiply by two, which is applied to multiply the value in the fourth PIN digit counter. In this manner, the user may scan finger 400d initially with an angle around 0 degrees and then rescan finger 400d with an angle between 30 and 60 degrees, so that the accumulated value 2 in the fourth PIN digit counter is multiplied by two which results in a PIN digit counter value of 4 corresponding to the fourth digit of the registered PIN. These operations may be useful to allow the user to perform less finger scans in order to reach a higher value number corresponding to that digit of the PIN (e.g., to reach values 6-9).
The operations to receive from the fingerprint detector sensor a digital fingerprint scan of a finger, can include receiving from the digital fingerprint scan an array of capacitance values measured by the array of capacitive sensor elements based on capacitive coupling to fingerprint ridges and valleys of a finger, and measuring a rotational angle between a pattern of the capacitance values in the array and a pattern of capacitance values that have been earlier registered for the digit of the PIN which corresponds to the PIN digit counter.
In the above-description of various embodiments of the present disclosure, aspects of the present disclosure may be illustrated and described herein in any of a number of patentable classes or contexts including any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof. Accordingly, aspects of the present disclosure may be implemented in entirely hardware, entirely software (including firmware, resident software, micro-code, etc.) or combining software and hardware implementation that may all generally be referred to herein as a “circuit,” “module,” “component,” or “system.” Furthermore, aspects of the present disclosure may take the form of a computer program product comprising one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer readable media may be used. The computer readable media may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an appropriate optical fiber with a repeater, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable signal medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C #, VB.NET, Python or the like, conventional procedural programming languages, such as the “C” programming language, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider) or in a cloud computing environment or offered as a service such as a Software as a Service (SaaS).
Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable instruction execution apparatus, create a mechanism for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that when executed can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions when stored in the computer readable medium produce an article of manufacture including instructions which when executed, cause a computer to implement the function/act specified in the flowchart and/or block diagram block or blocks. The computer program instructions may also be loaded onto a computer, other programmable instruction execution apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatuses or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various aspects of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The terminology used herein is for the purpose of describing particular aspects only and is not intended to be limiting of the disclosure. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Like reference numbers signify like elements throughout the description of the figures.
The corresponding structures, materials, acts, and equivalents of any means or step plus function elements in the claims below are intended to include any disclosed structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the disclosure. The aspects of the disclosure herein were chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure with various modifications as are suited to the particular use contemplated.
