Patent Grant
10169558
As users of processor-based systems place increasing reliance on their systems and the data stored in such systems, security concerns increase. To provide security for such systems, oftentimes passwords are established and used to protect access to the system generally. Additional passwords can be used to protect access to particular applications, files, and interaction with remote sources such as websites accessible by the system. Still further, security can be provided by encryption of files and data.
However, with the various uses of a system, a user can be faced with an increasing number of passwords, which can lead to loss or confusion. Accordingly, some users select a common password for many different types of applications, which can greatly compromise security.
Some systems provide additional security by way of some type of biometric sensor. For example, many processor-based devices are equipped with a fingerprint sensor that acts as an identification apparatus. However, a user simply places/slides (in any moving direction) a single finger one time on the sensor, and the device performs an identification process. For many purposes, however, this kind of security mechanism is not strong enough.
Embodiments provide an enhanced secure identification process, e.g., for systems having a biometric sensor such as a fingerprint sensor. To perform identification in accordance with an embodiment of the present invention, a user may place different digits (e.g., fingers or toes) in a predetermined sequence or order on a sensor. In some implementations, the user may slide a digit in different directions to make the scanning sequence different, even when using the same finger. In this way, identification is more robust than a single input style, as even if a malicious person sees which finger a user places on the sensor, he may not be aware of the order and the sliding direction for the specific finger, and thus will not learn the password.
In different implementations, an ordered sequence of different digits (with or without direction of movement) can form a password, also referred to herein as a password pattern. Note that in some implementations, the password pattern may not include any alphanumeric characters and instead corresponds solely to the sequence of digits/movements. In other implementations, different manners of mapping biometric information and/or user movements to elements (e.g., alphanumeric values) of a password can be realized. While the scope of the present invention is not limited in this regard, in some implementations a user's digits each may map to a numeric code such that the ten fingers map to the numbers 0-9.
In one embodiment, an ordered sequence of fingerprints of different digits may be used to represent a pure numerical password. In this way, existing numerical (and/or alphanumeric) passwords can be converted to a fingerprint sequence unique to a specific user. In this way, previously generated passwords can be converted into biometric-based passwords to improve security robustness. However, as described above in other implementations a sequence of fingers and movements may itself form a sequenced password without a separate mapping to keyboard characters.
In other implementations, a combination of digit and user movement may map to a corresponding element. For example, a thumb print and movement in a given direction (e.g., left to right or up to down) may map to a given number or other character. In some implementations, a user may select the desired mappings, while in other embodiments the mappings may be preset by the system. Using a combination of digits and movement directions (e.g., two directions per digit), 20 characters can be obtained.
In an implementation in which a combination of digit and movement maps to a value, one example mapping may be as follows: a thumb slide up to down and down to up may map to 0 and 1 (respectively); forefinger slide up to down and down to up may map to 2 and 3 (respectively); and a middle finger up to down and down to up represents 4 and 5 (respectively). Of course, a user could use different fingers to represent different elements.
In the implementation of
Referring now to
Referring still to
To enable a user to access a system in which he/she has one or more stored password patterns, a method such as described with regard to
Upon receipt of the fingerprint/directions, the scans/movements may be compared to tables in a database (block 130), where each table corresponds to a stored password pattern for a user. More specifically, in one implementation the first scan/movement direction input may be compared to the first entry in each table to determine if a match exists. The comparison/determination of block 130 and diamond 140 may proceed in seriatim until a full password pattern is detected that fully matches the scans/movements stored in a table. Next, control passes to diamond 140, where it may be determined whether the fingerprint sequence and direction matches a table in the database. If a complete match is identified, the identification process has been successfully completed, and user access is enabled (diamond 150). Otherwise, control passes to block 160, where the access can be denied. Note that the access may be to a system generally, or to a specific application, file or so forth While shown with this particular implementation in the embodiment of
As discussed above, in other implementations a user's entry of a fingerprint scan (with or without direction) may be mapped to characters, e.g., alphanumeric characters of a keyboard. Accordingly, the embodiments for password creation and authentication discussed above with regard to
Referring still to
In one embodiment, the system may then allow the user to enable selection of a password (block 260) such that each finger (with or without direction) maps to a different character element of a password. In one embodiment, this mapping may be via an index to a location of the entry of the database table for the user for the corresponding character, i.e., each entry of the password table may store a character and index to the location of the database table for this character. Accordingly, this password may be associated with the user mapping and stored, e.g., in a password table of the non-volatile storage (block 270). While shown with this particular implementation in the embodiment of
Similarly, an authentication method may take account of such mappings. Referring now to
If the translated characters do match a password at diamond 340, it may next be determined whether it is a match for a standard password or a duress password (diamond 350). That is, some embodiments may enable detection of an alternate password, namely a duress password entered when a user is under duress that may enable minimal access to a system and/or enable a signal to a third party to warn of the duress. In these embodiments, a user may enter a password with an altered pattern under duress, and the system responds differently. The system can recognize the entry as a panic password and may give limited (or no) access to the system, and/or cause a duress alert to be sent.
If the standard password matches in the determination at diamond 350, control passes to block 370, where the identification is a success and user access, i.e., normal user access is enabled. If instead the match is for a duress password, control may pass to block 360, where the identification success may lead to a possibly limited user access (or no access) and initiation of a duress alarm.
Note that the method of
Many variations are possible. For example, in some implementations biometric authentication can be used as a way to perform secure input of (e.g., alphanumeric) characters to enter information other than a password directly to a computer without having to use a keyboard. Thus for a user in a public place, information such as credit information can be entered without typing on a keyboard to thus enable a secure way to enter information.
As more discrete elements are included in a password, the strength of the authentication is increased. In some implementations, a differing number of password elements can be used to provide varying levels of access to a system or information/applications on the system. For example, for unlocking a mobile phone to make a phone call, a single slide of a single finger can unlock it to give access to the phone function. If however, for a financial transaction where access to personal information (e.g., credit card information) is desired, instead of using just a single digit, multiple digits/directions (e.g., three fingers) can be required. In this way, gradations of authentication can be realized.
In one example, a single password pattern may be a first number of elements (e.g., 20). Different portions of the password (e.g., beginning from the first element) may be used for different authentication levels. For example, only one element may be used to obtain access to the device, five elements used for accessing one type of application, and yet additional elements to access secure applications and so forth. Other embodiments may allow use of a N of M password. In such implementations, authentication requires at least N elements of an M element password, for example, three of ten or three of five, or so forth. When used with an embodiment, the N of M may be implemented by specifying a pattern swipe and number of fingers that must be used, and making the actual fingers used irrelevant. For example, an authentication policy may be to receive at least three different fingers each with a pattern of movements. Other implementations may require multiple fingers on both hands.
There are so many passwords in daily life, and some people always forget the passwords, causing much inconvenience. Using an embodiment of the invention, people could even write down their passwords in a notebook without concern for compromise, as without the physical combination of fingers and movements, the entry of a password alone will not allow access.
Embodiments may be incorporated in many different processing systems. For example, embodiments may be used in connection with computers ranging from notebooks, desktops, to server computers, as well as mobile Internet devices, smart phones and so forth. Any such processing system may include or be associated with a biometric sensor, which may be configured into the system or adapted to the system, e.g., as a peripheral device such as via a universal serial bus (USB) port. In some implementations, rather than a dedicated biometric sensor, a biometric sensing function can be realized via a combination of a touch screen (such as a capacitive sensing touch screen) and software, firmware and/or logic to convert actions on the touch screen to biometric scans.
A flash memory 460 may provide for non-volatile storage which may include a password table including biometric-based entries for one or more users of the system, and which can be used for comparison to receipt of biometric inputs from a user seeking access. In addition, a baseband processor 450 may control communications via a wireless interface 462, which may be used to communicate via cellular or other wireless networks.
Additionally, a biometric sensor 470 may be present in the system to enable fingerprint or other scanning to provide security for the system in accordance with an embodiment of the present invention. While shown as a separate component in the embodiment of
Embodiments may be implemented in code and may be stored on a storage medium having stored thereon instructions which can be used to program a system to perform the instructions. The storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, optical disks, solid state drives (SSDs), compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic random access memories (DRAMs), static random access memories (SRAMs), erasable programmable read-only memories (EPROMs), flash memories, electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions.
While the present invention has been described with respect to a limited number of embodiments, those skilled in the art will appreciate numerous modifications and variations therefrom. It is intended that the appended claims cover all such modifications and variations as fall within the true spirit and scope of this present invention.
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/CN2009/001114 | 9/30/2009 | WO | 00 | 3/19/2012 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2011/038533 | 4/7/2011 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 6393139 | Lin et al. | May 2002 | B1 |
| 20020035542 | Tumey et al. | Mar 2002 | A1 |
| 20020109677 | Taylor | Aug 2002 | A1 |
| 20020181747 | Topping | Dec 2002 | A1 |
| 20030152253 | Wong | Aug 2003 | A1 |
| 20040039998 | Lee | May 2004 | A1 |
| 20040091138 | Lee | May 2004 | A1 |
| 20050021960 | McKeeth | Jan 2005 | A1 |
| 20070140530 | Coogan et al. | Jun 2007 | A1 |
| 20070261118 | Lu | Nov 2007 | A1 |
| 20070276805 | Huang | Nov 2007 | A1 |
| 20080205714 | Benkley | Aug 2008 | A1 |
| 20080222422 | Cheng et al. | Sep 2008 | A1 |
| 20080229400 | Burke | Sep 2008 | A1 |
| 20090028395 | Riionheimo | Jan 2009 | A1 |
| 20090083850 | Fadell et al. | Mar 2009 | A1 |
| 20090143104 | Loh | Jun 2009 | A1 |
| 20100027045 | Moore | Feb 2010 | A1 |
| 20100169958 | Werner et al. | Jul 2010 | A1 |
| 20100185871 | Scherrer et al. | Jul 2010 | A1 |
| 20100222095 | Yamashita et al. | Sep 2010 | A1 |
| Number | Date | Country |
|---|---|---|
| 1392475 | Jan 2003 | CN |
| 1758265 | Apr 2006 | CN |
| 101261679 | Sep 2008 | CN |
| 101379458 | Mar 2009 | CN |
| 101436935 | May 2009 | CN |
| 101261679 | Oct 2009 | CN |
| 1418486 | May 2004 | EP |
| S63-000661 | May 1988 | JP |
| 10-154231 | Nov 1996 | JP |
| 2001-274897 | Oct 2001 | JP |
| 2003-323412 | Nov 2003 | JP |
| 2004-272892 | Sep 2004 | JP |
| 2007-026011 | Jul 2005 | JP |
| 2007-189395 | Jul 2007 | JP |
| 2007-193476 | Aug 2007 | JP |
| 2007-228562 | Sep 2007 | JP |
| 2007-304646 | Nov 2007 | JP |
| 2007-310639 | Nov 2007 | JP |
| 10-2004-0039998 | May 2004 | KR |
| 2338258 | Nov 2008 | RU |
| 2369025 | Sep 2009 | RU |
| WO 2007023756 | Mar 2007 | WO |
| Entry |
|---|
| Patent Cooperation Treaty, PCT International Search Report and Written Opinion of the International Searching Authority dated Jul. 1, 2010 in International application No. PCT/CN2009/001114, 10 pages. |
| U.S. Appl. No. 61/145,069, entitled “System and Method to Provide Secure Access to Personal Information”, filed Jan. 15, 2009 by Jeff Scherrer. |
| TechRepublic; “Screenshots: Google's Android Comes to Life”; May 29, 2008; 4 pages. |
| Japanese Patent and Trademark Office, Office Action dated Dec. 4, 2012 in Japanese application No. 2012-531205. |
| Japanese Patent and Trademark Office, Decision of Refusal dated May 14, 2013 in Japanese application No. 2012-531205. |
| Chinese Patent Office, Office Action dated Feb. 16, 2015, in Chinese Patent Application No. 200980161704.4. |
| Intellectual Property Office of Singapore, Examination Report dated Feb. 14, 2014 in Singapore application No. 201202081-4. |
| Japanese Patent Office, Office Action dated May 7, 2014 in Japanese Application No. 2013-190449. |
| Russian Patent Office, Official Decision of Grant dated May 13, 2014 in Russian application No. 2012117895. |
| Chinese Patent Office, Office Action dated Jul. 2, 2014, in Chinese Application No. 200980161704.4. |
| Korean Patent Office, Office Action dated Jul. 31, 2014, in Korean Application No. 2012-7011043. |
| Intellectual Property Office of Singapore, Written Opinion dated Jun. 13, 2013 in Singapore application No. 201202081-4. |
| Machine Translation of Chinese application No. 200810236804, filed on Dec. 10, 2008. |
| Machine Translation of Chinese application No. 200810068525, filed on Mar. 31, 2008. |
| Russian Patent Office, Official Action dated Oct. 24, 2013 in Russian application No. 2012117895. |
| Korean Patent Office, Office Action dated Dec. 27, 2013 in Korean application No. 2012-7011043. |
| Chinese Patent Office, Office Action dated Jun. 11, 2015, in Chinese Patent Application No. 200980161704.4. |
| China Patent Office, Fourth Office Action dated Sep. 14, 2015 in Chinese Patent Application No. 200980161704.4. |
| Japan Patent Office, Notice of Rejection dated Oct. 27, 2015 in Japanese Patent Application No. 2013-190449. |
| State Intellectual Property Office, P.R. China, Decision of Rejection dated Feb. 3, 2016, in Chinese Patent Application No. 200980161704.4. |
| State Intellectual Property of The People's Republic of China, Fifth Office Action dated Jan. 18, 2017 in Chinese Patent Application No. 200980161704.4. |
| Intellectual Property India, Examination Report dated May 22, 2018 in Indian Patent Application No. 2618/DELNP/2012. |
| European Patent Office, Extended European Search Report dated Oct. 28, 2013 in European Patent Application No. 09849941.1. |
| Number | Date | Country | |
|---|---|---|---|
| 20120174214 A1 | Jul 2012 | US |
