Patent Grant
10735412
The present invention relates to electronic devices, and more particularly to a biometric sensing device included in, or connected to an electronic device. Still more particularly, the present invention relates to the use of one or more biometric images to authorize or permit an action or task.
Passwords are a common security tool for applications, websites, and devices. A user-entered password must match a reference password before the user is given access or allowed to interact with an application, website, or device. But passwords can have a number of limitations. The number of characters that can be included in the password can be limited to a maximum number, such as eight or twelve characters. Additionally, a user can be prohibited from using certain types of characters in their password. For example, some passwords may not include symbols such as a pound or hash symbol (#), an exclamation sign (!), and a percent sign (%). Randomly generated passwords can be more secure than passwords selected by a user, but randomly generated passwords can be difficult to remember. Some users therefore select less secure passwords that are easier to remember. For example, a password that includes a complete word, the user's birthday, or a company name may be easier to remember but such passwords can be easier to guess or discover.
The use of biometric data can provide a greater level of security to a device or application compared to passwords. Biometric sensing devices can detect or image a unique physical or behavioral trait of a person and produce biometric data that can reliably identify the person. For example, a fingerprint includes a unique pattern of ridges and valleys that can be imaged by a fingerprint sensing device. The image of the fingerprint, or the unique characteristics of the fingerprint, is compared to previously captured reference data, such as a reference fingerprint image. The identity of the person is obtained or verified when the newly captured fingerprint image matches the reference fingerprint image.
In one aspect, a method for a first user to complete a purchase on an online store can include receiving a first biometric image from a second user and countersigning an online account token that is associated with an account of the first user on the online store. The account token can be countersigned with user identifier data. The account token can be countersigned when the first biometric image received from the second user matches a first reference biometric image associated with the second user. The countersigned online account token indicates the purchase on the online store can be completed. The countersigned account token can then be transmitted to the online store. In some embodiments, the user identifier data may include a universally unique identifier that is associated with the first biometric image, a directory services identification (DSID) that represents an account of the first user on the online store, and/or a universally unique identifier that is associated with the second biometric image. In one embodiment, authorization is needed when the purchase amount exceeds a specified monetary limit. In another embodiment, the authorization can also authorize the first user to spend a specified amount of money.
In another aspect, a system can include a processing device and a biometric sensing device operatively connected to the processing device. The processing device can be adapted to determine if authorization from a second user is needed before a first user can complete a purchase on an online store. The processing device can be adapted to countersign an account token when a first biometric image received from the second user matches a first reference biometric image associated with the second user, where the countersigned online account token indicates the purchase on the online store can be completed. The first biometric image can be obtained from the second user using the same electronic device as first user is using to submit the purchase. Alternatively, the first biometric image can be obtained remotely from the second user using a different electronic device. The countersigned account token can then be transmitted to the online store.
In another aspect, a method for a first user to complete a purchase on an online store may include receiving a first biometric image from the first user and determining if the purchase by the first user requires authorization from a second user. If authorization is needed, a notification can be provided to the second user. A second biometric image can be received from the second user based on the notification. An online account token that is associated with an account of the first user on the online store can be countersigned with user identifier data when an identity of the first user and/or an identity of the second user is confirmed based on the first and second biometric images, where the countersigned online account token indicates the purchase on the online store can be completed. In some embodiments, the notification can include an identity of the online store, a monetary amount of the purchase on the online store, an input that permits the second user to limit an amount of money the first user can spend in the purchase, and/or an input that permits the second user to limit an amount of time the first user can spend on the online store.
Embodiments of the invention are better understood with reference to the following drawings. The elements of the drawings are not necessarily to scale relative to each other. Identical reference numerals have been used, where possible, to designate identical features that are common to the figures.
Embodiments described herein can permit a second user to authorize a first user to take or complete an action through the use of biometric data. As one example, a second user can authorize a first user to complete a purchase on an online store. The authorization can also permit the user to spend a given amount of money in one or more transactions and/or over a prescribed period of time. The first user can submit one or more biometric images to initiate the purchase, and the online store can transmit an online account token to an electronic device and/or to a biometric sensing device after the user successfully enters his or her account password. The electronic device or the biometric sensing device can countersign the online account token when the one or more biometric images match reference biometric images and the account password matches user identifier data stored in the electronic device or in the biometric sensing device. The countersigned online account token can then be transmitted to the online store.
The second user can be required to submit his or her biometric image to authorize the purchase on the online store. In some embodiments, the biometric image must be received from the second user within a specified period of time after the first user submits his or her purchase request. In one embodiment, a countersigned online account token can be transmitted to the online store after the biometric image is received from the second user and the identity of the second user is verified. The first user may then be allowed to complete one or more purchases after the online store receives the countersigned online account token.
In some embodiments, the second user can provide authorization remotely. For example, a first user can initiate an action that requires authorization on a first device. A notification regarding the need for authorization can be provided to the first user on the first device and to the second user on a second device. The second user can submit one or more biometric images on the second device as part of the authorization process. If the identity of the second user is authenticated using the one or more biometric images, the first user may be allowed to complete the action on the first device.
In some embodiments, an owner of an electronic device can establish or enable a guest mode in the electronic device. Guest mode can permit a guest user to access certain functions and applications when the guest user is temporarily using the electronic device. For example, a person (i.e., guest user) can ask to use a friend's smart telephone to make a call, send a text, or check a website or email. When the device owner has enabled the guest mode, the guest user can access some, but not all of the functions and applications in the electronic device. An electronic device owner can specify which applications and functions a guest user can access and/or may specify the maximum amount of time the guest user has to use the electronic device.
In some embodiments, an owner of an electronic device can create a user profile. A user profile is similar to the guest mode, but can provide the guest user with access to a greater number of functions and applications, and/or can allow the device owner to customize the applications and functions accessible by each guest user. For example, a guest user A may be allowed to send text messages and access the web to view websites while a guest user B can access the web to view websites and make purchases on online stores, make telephone calls (when the electronic device is a smart telephone), and take photos. The ability to view photos, modify a Wi-Fi connection, activate airplane mode, set the alarm clock, and read texts and emails can be denied to one or both guest users.
Any suitable type of biometric sensing device can be included in, or connected to an electronic device. A person's fingerprint, eye, DNA, vein patterns, typing speed or patterns, gait, voice, face, and heart or brain signals are examples of a physical characteristic or a behavioral trait that can be detected or imaged by a biometric sensing device. A biometric sensing device can employ capacitance, ultrasonic, optical, resistive, thermal, or other sensing technologies to detect or image a biometric attribute. The term “biometric attribute” is meant to encompass a physical or behavioral trait that can be detected by a biometric sensing device.
Referring now to
The electronic device 100 includes an enclosure 102 at least partially surrounding a display 104 and one or more buttons 106 or input devices. The enclosure 102 can form an outer surface or partial outer surface and protective case for the internal components of the electronic device 100, and may at least partially surround the display 104. The enclosure 102 can be formed of one or more components operably connected together, such as a front piece and a back piece. Alternatively, the enclosure 102 can be formed of a single piece operably connected to the display 104.
The display 104 can be implemented with any suitable technology, including, but not limited to, a multi-touch sensing touchscreen that uses liquid crystal display (LCD) technology, light emitting diode (LED) technology, organic light-emitting display (OLED) technology, organic electroluminescence (OEL) technology, or another type of display technology. The button 106 can take the form of a home button, which may be a mechanical button, a soft button (e.g., a button that does not physically move but still accepts inputs), an icon or image on a display, and so on. Further, in some embodiments, the button 106 can be integrated as part of a cover glass of the electronic device.
The processing device 200 can control some or all of the operations of the electronic device 100. The processing device 200 can communicate, either directly or indirectly, with substantially all of the components of the electronic device 100. For example, a system bus or signal line 214 or other communication mechanisms can provide communication between the processing device 200, the memory 202, the I/O device 204, the sensor 206, the power source 208, the network communications interface 210, and/or the biometric sensing device 212. The processing device 200 can be implemented as any electronic device capable of processing, receiving, or transmitting data or instructions. For example, the processing device 200 can be a microprocessor, a central processing unit (CPU), an application-specific integrated circuit (ASIC), a digital signal processor (DSP), or combinations of such devices. As described herein, the term “processing device” is meant to encompass a single processor or processing unit, multiple processors, multiple processing units, or other suitably configured computing element or elements.
The memory 202 can store electronic data that can be used by the electronic device 100. For example, a memory can store electrical data or content such as, for example, audio and video files, documents and applications, device settings and user preferences, timing signals, biometric images, data structures or databases, and so on. The memory 202 can be configured as any type of memory. By way of example only, the memory can be implemented as random access memory, read-only memory, Flash memory, removable memory, or other types of storage elements, or combinations of such devices.
The I/O device 204 can transmit and/or receive data to and from a user or another electronic device. One example of an I/O device is button 106 in
The electronic device 100 may also include one or more sensors 206 positioned substantially anywhere on the electronic device 100. The sensor or sensors 206 may be configured to sense substantially any type of characteristic, such as but not limited to, images, pressure, light, touch, heat, movement, relative motion, biometric data, and so on. For example, the sensor(s) 206 may be an image sensor, a heat sensor, a light or optical sensor, an accelerometer, a pressure transducer, a gyroscope, a magnet, a health monitoring sensor, and so on.
The power source 208 can be implemented with any device capable of providing energy to the electronic device 100. For example, the power source 208 can be one or more batteries or rechargeable batteries, or a connection cable that connects the remote control device to another power source such as a wall outlet.
The network communication interface 210 can facilitate transmission of data to or from other electronic devices. For example, a network communication interface can transmit electronic signals via a wireless and/or wired network connection. Examples of wireless and wired network connections include, but are not limited to, cellular, Wi-Fi, Bluetooth, IR, and Ethernet.
The biometric sensing device 212 can be implemented as any suitable biometric sensor, scanner, and/or system. For example, the biometric sensing device can be a facial recognition device, an iris or retina scanner, a vein recognition device that can image the veins in a finger or palm, a facial biometrics scanner, and/or a thermal imaging scanner. Additionally, the biometric sensing device 212 can be implemented with any suitable sensing technology, including, but not limited to, capacitive, resistive, ultrasound, piezoelectric, and thermal sensing technology. A biometric sensing device can capture one or more biometric images of a biometric attribute.
The biometric sensing device 212 can be connected to a secure processing system 216. The secure processing system can be included in the electronic device or in the biometric sensing device. The secure processing system 216 can receive biometric images captured by the biometric sensing device. The secure processing system 216 generally can be used to store and manipulate secure data, including the biometric images, reference biometric images, and user identifier data associated with a user and his or her online account for an online store. The processing device 200 can be prohibited from accessing the secure data and the biometric images received from the biometric sensing device, which increases the security of the data and biometric images. For example, the secure data and biometric images are inaccessible or less accessible to other programs that may be running on the processing device 200.
In one embodiment, the secure processing system can include a secure processing device, a secure persistent memory, and a secure non-persistent memory. Any suitable processing device and memory can be used in the secure processing system 216. Other components can be included in the secure processing system in some embodiments. Additionally or alternatively, a secure processing system can include only one memory. The secure processing system 216 is described in more detail in conjunction with
It should be noted that
In embodiments described herein, the biometric sensing device includes one or more fingerprint sensing devices. A fingerprint sensing device can capture images one or more fingers, a portion of one or more fingers, and/or some or all of a palm or of a hand. In some embodiments, the fingerprint sensing device is positioned at a location that a user's finger, fingers and/or hands are naturally in contact with as the user interacts with the electronic device. For example, an electronic device can include a fingerprint sensing device in the display 104, the button 106, the enclosure 102, and/or as a separate electronic device that is connected to the electronic device 100.
The construction of an illustrative capacitive fingerprint sensing device and the operation of the capacitive fingerprint sensing device will now be described briefly.
The capacitive fingerprint sensing device 300 can capture a fingerprint image of at least a portion of the finger 302 by measuring capacitance differences between the finger 302 and the electrodes 314. A fingerprint is generally formed from ridges 304 and valleys 306 arranged in a unique pattern. Typically, the capacitance measured between a ridge 304 and one or more electrodes 314 varies from the capacitance measured between a valley 306 and one or more electrodes 314. The measured capacitance between a ridge and an electrode can be greater than the measured capacitance between a valley and an electrode because the ridge is closer to the electrode. The differences in the measured capacitances can be used to distinguish between ridges and valleys and produce a fingerprint image.
The skin on the finger 302 includes a dead skin layer 316 disposed over a live skin layer 318. The capacitive fingerprint sensing device 300 typically images the dead skin layer 316 to obtain an image of the fingerprint. However, if a portion of the dead skin layer 316 is damaged or missing, the capacitive fingerprint sensing device can obtain an image of the fingerprint by imaging the live skin layer 318 by itself, or by imaging both the remaining dead skin layer 316 and the exposed live skin layer 318.
Embodiments described herein can permit a second user to authorize a first user to take or complete an action. As one example, a second user can authorize a first user to complete a purchase on an online store.
When the entered account password matches the account password, the process continues at block 404 where an online account token is received from the online payment service (step 502 in
When the fingerprint sensing device is to be used, the method continues at block 408 where a user can set a passcode for the fingerprint sensing device. A fingerprint enrollment process can then be performed with the fingerprint sensing device at block 410. Generally, an enrollment process can include capturing one or more fingerprint images and storing at least one of the fingerprint images in memory. At least one of the fingerprint images entered during the enrollment process can be used as a reference fingerprint image.
A determination can then be made at block 412 as to whether or not the fingerprint sensing device is to be used for purchases from the online store. As one example, a user can be prompted to approve or reject the use of the fingerprint sensing device with a dialog box or menu. The method ends if the fingerprint sensing device will not be used to make purchases on the online store.
When the fingerprint sensing device will be used to make purchases, the process passes to block 414 where the online account token and user identifier data are transmitted to a secure processing system (e.g., 216 in
In some embodiments, the secure processing system 216 can include a non-persistent secure memory and a persistent secure memory. The online account token can be transmitted to the secure processing system 216 and stored in the non-persistent secure memory. Thus, the online account token may be cleared automatically from the non-persistent secure memory each time the non-persistent memory loses power, such as when the electronic device is turned off. The user identifier data can be transmitted to the secure processing system 216 and stored in the persistent secure memory. Additionally, reference fingerprint images can be stored in the persistent secure memory in some embodiments.
Referring now to
The method ends if the reference fingerprint image has expired. When the reference fingerprint image has not expired, the method passes to block 606 where a determination is made as to whether the fingerprint image received at block 602 matches the reference fingerprint image. The method ends if the entered fingerprint image does not match the reference fingerprint image. When the fingerprint image matches the reference fingerprint image, the process continues at block 608 where a user can now complete the purchase on the online store. A purchase can be completed by having a processing device (e.g., secure processing device) countersign the online account token stored in the first secure memory and transmit the countersigned online account token to the online store. The countersigned online account token can indicate the fingerprint image matched the reference fingerprint image. The countersigned online account token can indicate the user is permitted to make one or more purchases on the online store.
In one embodiment, the secure processing device can countersign the online account token with the hash of the DSID and transmit the countersigned online account token to the online store (step 702 in
In some embodiments, a window of time can be set in which a user can make purchases repeatedly without having to reenter a fingerprint image. The online account token can include a timestamp that indicates a start time for the window. As one example, when the fingerprint image matches the reference fingerprint image at block 606, a fifteen minute window can be created where a user can make multiple purchases. The window can then close after fifteen minutes and the user will have to re-enter his or her fingerprint image to complete any other purchases.
In some embodiments, the ability of a first user to complete a purchase can be constrained in some manner and authorization from a second user required to complete the purchase. For example, a first user can be limited in the amount of money he or she can spend, and/or a user can be limited in the online stores he or she can purchase from and/or in the type of content or product he or she can purchase. As one example, a parent can limit the amount of money a child can spend in each purchase, and/or a parent can limit a total amount of money a child may spend in a given period of time. As another example, a parent can limit purchases to only pre-approved online stores. Additionally or alternatively, a parent can control the type of content or products a child can purchase from an online store. The restrictions and/or approvals can be made via a preferences menu associated with an online account on the online store, and/or through a preferences menu associated with the fingerprint sensing device.
When a restricted first user initiates a purchase on an online store, a second user can be required to submit his or her fingerprint image to authorize the purchase. The second user can be designated as a second user who can authorize the purchases of the restricted first user through the preferences menu for the online account and/or the preferences menu for the fingerprint sensing device. In some embodiments, the fingerprint image must be received from the second user within a specified period of time. A countersigned online account token can be transmitted to the online store after the fingerprint image is received from the second user and the identity of the second user is verified. The first user can then complete one or more purchases after the online store receives the countersigned online account token.
Initially, as shown in block 800, a fingerprint image is received from the first user. The fingerprint image can be received by a processing device, such as a secure processing device. A determination can then be made as to whether or not the identity of the first user is authenticated using the fingerprint image. If not, the process passes to block 804 where an appropriate notification is provided to the first user. As one example, a notification regarding the failed authentication (e.g., a failed match) can be displayed to the first user. The method can then end after the notification is provided to the first user.
When the identity of the first user is authenticated, the method continues at block 806 where a determination can be made as to whether or not the action the first user is attempting to take or complete requires authorization from a second user. If authorization is not needed from a second user, the method passes to block 808 where the first user can complete the desired action. For example, the first user can complete a purchase or access an online store or application.
When authorization is needed from a second user, the method continues at block 810 where a notification can be provided to the first user and/or the second user regarding the need to obtain authorization from the second user. In one embodiment, the notification can be displayed to the first user and/or the second user. In another embodiment, the notification can be provided via a visual (e.g., text message) or audio alert. A determination can then be made at block 812 as to whether or not a fingerprint image is received from the second user. In some embodiments, the authorization fails if the fingerprint image is not received within a given time period.
When a fingerprint image is not received, the process passes to block 804 where an appropriate notification can be provided to the first user, and to the second user if desired. When a fingerprint image is obtained from the second user, the method can continue at block 814 where a determination is made as to whether or not the identity of the second user is authenticated based on the fingerprint image. If not, the process passes to block 804. When the identity of the second user is authenticated, the first user can complete the action at block 808 and the method ends.
Referring now to
Initially, a first fingerprint image can be received by a processing device at block 900 (step 1000 in
When the first fingerprint image matches the first reference fingerprint image, the method continues at block 906 where a determination is made as to whether the first user is a restricted user. By way of example only, a first online account token can indicate if the first user is a restricted user and the types of restrictions. If the first user is not a restricted user, the process passes to block 908 where the first user can complete the desired action. For example, the first user can purchase from the online store and/or access content or applications. In some embodiments, a purchase can be completed by having a processing device countersign the first online account token and transmit the countersigned online account token to the online store. The countersigned online account token can indicate the user is permitted to make one or more purchases on the online store. The method can end after block 908.
As described earlier, in one embodiment a secure processing device can countersign the first online account token associated with the first user with a hash of the DSID associated with the online store and transmit the countersigned first online account token to the online store (step 1002 in
When the first user is a restricted user at block 906, the method continues at block 910 where a determination is made as to whether the first user is purchasing from a permitted online store or is purchasing allowed content. As described earlier, a restricted user can be limited to purchasing only from select pre-approved online stores and/or approved content. If the first user is purchasing from a permitted online store or purchasing approved content, the method continues at block 912 where a determination can be made as to whether or not the amount of the purchase equals or exceeds a predetermined maximum amount of money. The predetermined maximum amount of money can apply to a single purchase in some embodiments. In other embodiments, the maximum amount can apply to a total amount of all purchases made within a specific time period. As one example, a user can be limited to a total amount of twenty dollars within a twenty-four hour period of time.
If the amount of the purchase does not equal or exceed the maximum amount, the process passes to block 908 where the first user can complete the purchase on the online store. The purchase can be completed by having a processing device transmit a countersigned online account token associated with the first user to the online store. The countersigned online account token can indicate the user is permitted to make one or more purchases on the online store. In one embodiment, the purchase can be completed as described previously with reference to block 908.
When the purchase amount equals or exceeds the predetermined maximum limit, or if the first user is attempting to purchase from a non-approved online store or trying to purchase non-approved content at block 910, the method continues at block 914 where a notification is displayed to the first user informing the first user of the need to obtain authorization for the purchase based on the purchase amount or purchase site and/or content. In one embodiment, the authorization can be provided by a second user specified in the first online account token associated with the first user.
In the illustrated embodiment, the second user can provide authorization by submitting his or her fingerprint image (step 1008 in
When the second fingerprint image associated with the second user is received within the given time period, the method continues at block 918 where a determination is made as to whether the second fingerprint image received at block 916 matches a second reference fingerprint image associated with the second user. If not, the process passes to block 904 where an appropriate notification is displayed to the user(s).
When the entered second fingerprint image matches the second reference fingerprint image, the method continues at block 908 where the first user can complete the purchase on the online store. In one embodiment, the purchase can be completed by having a processing device countersign the first online account token associated with the first user and transmit the countersigned online account token to the online store. The countersigned online account token can indicate the purchase has been authorized and the user may complete the purchase on the online store. In one embodiment, a secure processing device can countersign the first online account token associated with the first user with the hash of the DSID associated with the online store and transmit the countersigned first online account token to the online store (step 1002 in
In another embodiment, the purchase can be completed by having a secure processing device countersign both the first online account token associated with the first user and a second online account token associated with the second user with the hash of the DSID associated with the online store and transmit the countersigned first and second online account tokens to the online store (step 1010 in
The online store can then transmit the countersigned first online account token, or the countersigned first and second online account tokens, to the online payment service (step 1004). The online payment service can verify the appropriate online account token or tokens is countersigned, complete payment for the purchase, and then transmit a purchase confirmation notification to the online store (step 1006).
In some embodiments, the authorization provided by the second user can also limit the amount of time the first user can spend on the online store or website. A third window 1204 can be displayed that allows the second user to limit or not limit the amount of time using radio buttons. If the second user limits the amount of time, a drop-down menu can allow the user to specify the amount of time. Additionally or alternatively, at least one of the windows 1200, 1202, 1204, or a new window, can notify the second user of the need to submit one or more fingerprints to authorize the purchase.
Returning to block 1106 in
Referring now to
When authentication of the first user is successful, the process continues at block 1304 where a notification is provided to a second device requesting authorization for the action the first user wishes to complete. For example, a notification can be displayed on the second user's smart telephone. The notification can include a request for the second user to submit his or her fingerprint image. By way of example only, the notification can be configured similar to at least one of the notifications shown in
A determination can then be made at block 1306 as to whether or not a fingerprint image is received from the second user. The method ends if a fingerprint image is not received. When a fingerprint image is received, the method passes to block 1308 where a determination is made as to whether or not the identity of the second user is authenticated based on the fingerprint image. If not, the method ends. When the authentication is successful, the process continues at block 1310 where the first user can complete the desired action on the first device.
Initially, as shown in block 1400, a request for authentication is received from a guest user. As part of the request, the guest user submits his or her fingerprint image. A determination can then be made at block 1402 as to whether or not the owner of the device has enabled a guest mode. Guest mode can permit a guest user to access certain functions and applications when the guest user is temporarily using an electronic device that belongs to another person. For example, a person (i.e., guest user) can ask to use a friend's smart telephone to make a call, send a text, or check a website or email. When the device owner has enabled the guest mode, the guest user can access some, but not all of the functions and applications in the electronic device. A device owner can specify which applications and functions a guest user can access and/or may specify the maximum amount of time the guest user has to use the electronic device.
If guest mode is enabled, the process passes to block 1404 where a determination can be made as to whether or not the identity of the guest user can be authenticated. If not, the method ends. When the identity of the guest user can be authenticated, the method continues at block 1406 where the guest user can access the electronic device as specified by the owner. The method can then end, as shown in
Returning to block 1402, when the guest mode is not enabled, the process passes to block 1408 where a determination can be made as to whether or not the device owner has created a user profile for the guest user. A user profile is similar to the guest mode, but can allow the guest user to access a greater number of functions and applications, and/or allow a device owner to customize the applications and functions accessible by each guest user. For example, a guest user A may be allowed to send text messages and access the web to view websites, while a guest user B can access the web to view websites and make purchases on online stores, make telephone calls (when the electronic device is a smart telephone), and take photos. The ability to view photos, change Wi-Fi connections, activate airplane mode, set the alarm clock, and read texts and emails can be denied to one or both guest users through respective user profiles.
The method ends if a user profile has not been created. When an owner has created a user profile for the guest user, the method continues at block 1404 where a determination can be made as to whether or not the identity of the guest user can be authenticated. If not, the method ends. When the identity of the guest user can be authenticated, the method continues at block 1406 where the guest user can access the electronic device as specified by the owner.
An electronic device owner can enable guest mode and/or create a user profile in a variety of ways. In one embodiment, a control panel or menu can be used by a device owner to enable guest mode and/or to create a user profile.
A device owner can create a customized user profile for one or more guest users. For example, a device owner can create a user profile for close friends, children, or business associates. Alternatively, an employer can create user profiles that are specific to certain employees.
Additionally or alternatively, a device owner can create a guest mode profile that can be used for multiple guest users. In one embodiment, the guest mode profile can act as a generic user profile that applies to guest users temporarily using an electronic device.
The methods shown in
Additionally, a user can require a password be entered and matched to a reference password. Access to the online store is provided only when a fingerprint image or a sequence of fingerprint images matches respective reference fingerprint images and only after the password matches the reference password.
The embodiments herein have been described with reference to a fingerprint sensing device and fingerprint images. Other embodiments, however, are not limited to a fingerprint sensing device and fingerprint images. Any suitable type of biometric sensing device can be used to detect or acquire images of a biometric attribute.
Various embodiments have been described in detail with particular reference to certain features thereof, but it will be understood that variations and modifications can be effected within the spirit and scope of the disclosure. And even though specific embodiments have been described herein, it should be noted that the application is not limited to these embodiments. In particular, any features described with respect to one embodiment may also be used in other embodiments, where compatible. Likewise, the features of the different embodiments may be exchanged, where compatible.
This application is a continuation of U.S. patent application Ser. No. 14/170,360, filed Jan. 31, 2014, and entitled “Use of a Biometric Image for Authorization,” which is incorporated by reference in its entirety as if fully disclosed herein.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5872834 | Teitelbaum | Feb 1999 | A |
| 6256737 | Bianco et al. | Jul 2001 | B1 |
| 6400836 | Senior | Feb 2002 | B2 |
| 6795569 | Setlak | Sep 2004 | B1 |
| 6845453 | Scheidt et al. | Jan 2005 | B2 |
| 6892938 | Solomon | May 2005 | B2 |
| 6975202 | Rodriguez et al. | Dec 2005 | B1 |
| 7046139 | Kuhn | May 2006 | B2 |
| 7065184 | Vishik et al. | Jun 2006 | B2 |
| 7110987 | Engelhart | Sep 2006 | B2 |
| 7210620 | Jones | May 2007 | B2 |
| 7246244 | Nanavati et al. | Jul 2007 | B2 |
| 7269737 | Robinson | Sep 2007 | B2 |
| 7278025 | Saito et al. | Oct 2007 | B2 |
| 7373671 | Gudorf | May 2008 | B2 |
| 7502761 | Siegal et al. | Mar 2009 | B2 |
| 7617399 | Ebata | Nov 2009 | B2 |
| 7640336 | Lu | Dec 2009 | B1 |
| 7769845 | Baron | Aug 2010 | B2 |
| 7809954 | Miller et al. | Oct 2010 | B2 |
| 7849013 | Engelhart | Dec 2010 | B2 |
| 7855899 | Yang | Dec 2010 | B2 |
| 7864987 | Venkatanna et al. | Jan 2011 | B2 |
| 7865439 | Siefert et al. | Jan 2011 | B2 |
| 7941664 | Wheeler | May 2011 | B2 |
| 7953671 | Bishop et al. | May 2011 | B2 |
| 7980378 | Jones et al. | Jul 2011 | B2 |
| 8028896 | Carter et al. | Oct 2011 | B2 |
| 8060413 | Castell et al. | Nov 2011 | B2 |
| 8063889 | Anderson et al. | Nov 2011 | B2 |
| 8064658 | Iannone | Nov 2011 | B2 |
| 8065190 | Collas | Nov 2011 | B2 |
| 8072060 | Chou | Dec 2011 | B2 |
| 8145916 | Boshra et al. | Mar 2012 | B2 |
| 8171531 | Buer | May 2012 | B2 |
| 8185646 | Headley | May 2012 | B2 |
| 8190908 | Jazayeri et al. | May 2012 | B2 |
| 8219495 | Niwa | Jul 2012 | B2 |
| 8230232 | Ahmed et al. | Jul 2012 | B2 |
| 8320638 | Pitt et al. | Nov 2012 | B2 |
| 8336096 | Narusawa et al. | Dec 2012 | B2 |
| 8345931 | Jeronimus | Jan 2013 | B2 |
| 8346953 | Hew | Jan 2013 | B1 |
| 8369845 | Zou et al. | Feb 2013 | B2 |
| 8406736 | Das et al. | Mar 2013 | B2 |
| 8429760 | Tribble | Apr 2013 | B2 |
| 8473748 | Sampas | Jun 2013 | B2 |
| 8483659 | Mahajan et al. | Jul 2013 | B2 |
| 8548166 | Wasilewski et al. | Oct 2013 | B2 |
| 8566955 | Brosnan et al. | Oct 2013 | B2 |
| 8572707 | Tuchman et al. | Oct 2013 | B2 |
| 8621561 | Cross et al. | Dec 2013 | B2 |
| 8621642 | Bjorn et al. | Dec 2013 | B2 |
| 8627417 | Aoyama | Jan 2014 | B2 |
| 8627454 | Bolyukh | Jan 2014 | B2 |
| 8635165 | Beenau | Jan 2014 | B2 |
| 8660322 | Tsai et al. | Feb 2014 | B2 |
| 8682798 | Patterson | Mar 2014 | B2 |
| 8745490 | Kim | Jun 2014 | B2 |
| 8745716 | Brudnicki | Jun 2014 | B2 |
| 8762276 | Lepisto | Jun 2014 | B2 |
| 8799670 | Naccache | Aug 2014 | B2 |
| 8839371 | Ghosh | Sep 2014 | B2 |
| 8905303 | Ben Ayed | Dec 2014 | B1 |
| 8943326 | Tamkhane et al. | Jan 2015 | B2 |
| 8943580 | Fadell et al. | Jan 2015 | B2 |
| 8966076 | Kawana et al. | Feb 2015 | B2 |
| 9037869 | Avancha et al. | May 2015 | B2 |
| 9076027 | Miura et al. | Jul 2015 | B2 |
| 9098510 | Seryakov et al. | Aug 2015 | B2 |
| 9119067 | Santamaria et al. | Aug 2015 | B2 |
| 9203845 | Webber | Dec 2015 | B2 |
| 9208337 | Tayloe | Dec 2015 | B2 |
| 9294550 | Song et al. | Mar 2016 | B2 |
| 9390251 | Avancha et al. | Jul 2016 | B2 |
| 9411037 | Jamtgaard et al. | Aug 2016 | B2 |
| 9443097 | O'Hare et al. | Sep 2016 | B2 |
| 9576135 | Komandoor Elayavilli | Feb 2017 | B1 |
| 9665785 | Han et al. | May 2017 | B2 |
| 9699168 | Pieczul et al. | Jul 2017 | B2 |
| 9721086 | Shear et al. | Aug 2017 | B2 |
| 9723482 | Wang et al. | Aug 2017 | B2 |
| 9819676 | Han et al. | Nov 2017 | B2 |
| 9832189 | Han et al. | Nov 2017 | B2 |
| 9959539 | Han et al. | May 2018 | B2 |
| 10373241 | Khalsa | Aug 2019 | B2 |
| 20020018585 | Kim | Feb 2002 | A1 |
| 20020056043 | Glass | May 2002 | A1 |
| 20020073416 | Ramsey Catan | Jun 2002 | A1 |
| 20020095586 | Doyle et al. | Jul 2002 | A1 |
| 20020174345 | Patel | Nov 2002 | A1 |
| 20020178367 | Hamid | Nov 2002 | A1 |
| 20030040339 | Chang | Feb 2003 | A1 |
| 20030046237 | Uberti | Mar 2003 | A1 |
| 20030061111 | Dutta | Mar 2003 | A1 |
| 20030156740 | Siegel et al. | Aug 2003 | A1 |
| 20040044627 | Russell et al. | Mar 2004 | A1 |
| 20050116026 | Burger et al. | Jun 2005 | A1 |
| 20050154920 | Tartaglia et al. | Jul 2005 | A1 |
| 20050229006 | deMoura et al. | Oct 2005 | A1 |
| 20060064391 | Petrov et al. | Mar 2006 | A1 |
| 20060173793 | Glass | Aug 2006 | A1 |
| 20060202797 | Theis et al. | Sep 2006 | A1 |
| 20060204048 | Morrison et al. | Sep 2006 | A1 |
| 20060234764 | Gamo et al. | Oct 2006 | A1 |
| 20060293891 | Pathuel | Dec 2006 | A1 |
| 20060293892 | Pathuel | Dec 2006 | A1 |
| 20070078908 | Rohatgi | Apr 2007 | A1 |
| 20070198435 | Siegal | Aug 2007 | A1 |
| 20070267478 | Turek | Nov 2007 | A1 |
| 20080015948 | Fujimaki | Jan 2008 | A1 |
| 20080016371 | Jiang et al. | Jan 2008 | A1 |
| 20080097925 | King | Apr 2008 | A1 |
| 20080103984 | Choe et al. | May 2008 | A1 |
| 20080109871 | Jacobs | May 2008 | A1 |
| 20080140569 | Handel | Jun 2008 | A1 |
| 20080148393 | Wendt | Jun 2008 | A1 |
| 20080195506 | Koretz et al. | Aug 2008 | A1 |
| 20080267464 | Goda | Oct 2008 | A1 |
| 20090240622 | Zandonadi | Sep 2009 | A1 |
| 20100005509 | Peckover | Jan 2010 | A1 |
| 20100099383 | Yamagishi | Apr 2010 | A1 |
| 20100218012 | Joseph et al. | Aug 2010 | A1 |
| 20100241571 | McDonald | Sep 2010 | A1 |
| 20100321197 | Wong et al. | Dec 2010 | A1 |
| 20110035768 | Ling | Feb 2011 | A1 |
| 20110082791 | Baghdasaryan et al. | Apr 2011 | A1 |
| 20110119479 | Cowie et al. | May 2011 | A1 |
| 20110138450 | Kesanupalli | Jun 2011 | A1 |
| 20110166922 | Fuerstenberg | Jul 2011 | A1 |
| 20110238476 | Carr et al. | Sep 2011 | A1 |
| 20110291798 | Schibuk | Dec 2011 | A1 |
| 20110300829 | Nurmi et al. | Dec 2011 | A1 |
| 20120123841 | Taveau et al. | May 2012 | A1 |
| 20120237908 | Fitzgerald et al. | Sep 2012 | A1 |
| 20120262399 | Colley et al. | Oct 2012 | A1 |
| 20120290376 | Dryer | Nov 2012 | A1 |
| 20120330769 | Arceo | Dec 2012 | A1 |
| 20120330784 | Nahidipour | Dec 2012 | A1 |
| 20120331566 | Lection et al. | Dec 2012 | A1 |
| 20130067545 | Hanes | Mar 2013 | A1 |
| 20130124416 | Pawar et al. | May 2013 | A1 |
| 20130159699 | Torkkel | Jun 2013 | A1 |
| 20130246800 | Stewart | Sep 2013 | A1 |
| 20130254906 | Kessler et al. | Sep 2013 | A1 |
| 20130298224 | Heilpern | Nov 2013 | A1 |
| 20140006795 | Han | Jan 2014 | A1 |
| 20140007223 | Han et al. | Jan 2014 | A1 |
| 20140089261 | Aissi | Mar 2014 | A1 |
| 20140129843 | Shi et al. | May 2014 | A1 |
| 20140136419 | Kiyohara | May 2014 | A1 |
| 20140189807 | Cahill et al. | Jul 2014 | A1 |
| 20140279497 | Qaim-Maqami | Sep 2014 | A1 |
| 20140279498 | Qaim-Maqami | Sep 2014 | A1 |
| 20140279516 | Rellas et al. | Sep 2014 | A1 |
| 20140347479 | Givon | Nov 2014 | A1 |
| 20150026056 | Calman | Jan 2015 | A1 |
| 20150028996 | Agrafioti | Jan 2015 | A1 |
| 20150073998 | Alsina et al. | Mar 2015 | A1 |
| 20150074796 | Meir et al. | Mar 2015 | A1 |
| 20150081552 | Stewart | Mar 2015 | A1 |
| 20150101007 | Fujioka | Apr 2015 | A1 |
| 20150116086 | Kim | Apr 2015 | A1 |
| 20150186892 | Zhang | Jul 2015 | A1 |
| 20150199687 | Han et al. | Jul 2015 | A1 |
| 20150220931 | Alsina et al. | Aug 2015 | A1 |
| 20150294382 | Alsina et al. | Oct 2015 | A1 |
| 20150304323 | Alsina et al. | Oct 2015 | A1 |
| 20150379617 | Khalsa | Dec 2015 | A1 |
| 20160147987 | Jang | May 2016 | A1 |
| 20160182508 | Gresham et al. | Jun 2016 | A1 |
| 20160241542 | Kim et al. | Aug 2016 | A1 |
| 20160248769 | Han et al. | Aug 2016 | A1 |
| 20170364918 | Malhotra et al. | Dec 2017 | A1 |
| 20180041506 | Han et al. | Feb 2018 | A1 |
| 20180109520 | Han et al. | Apr 2018 | A1 |
| Number | Date | Country |
|---|---|---|
| 1268234 | Sep 2000 | CN |
| 1695163 | Nov 2005 | CN |
| 1783052 | Jun 2006 | CN |
| 1983336 | Jun 2007 | CN |
| 101075282 | Nov 2007 | CN |
| 101256700 | Sep 2008 | CN |
| 101261679 | Sep 2008 | CN |
| 101827148 | Sep 2010 | CN |
| 101933051 | Dec 2010 | CN |
| 102088353 | Jun 2011 | CN |
| 102609837 | Jul 2012 | CN |
| 102867250 | Jan 2013 | CN |
| 103037065 | Apr 2013 | CN |
| 103220637 | Jul 2013 | CN |
| 103221958 | Jul 2013 | CN |
| 103268550 | Aug 2013 | CN |
| 103269273 | Aug 2013 | CN |
| 103295129 | Sep 2013 | CN |
| 202005003042 | Nov 2006 | DE |
| 102009027682 | Jan 2011 | DE |
| 102012202731 | Aug 2013 | DE |
| 1857954 | Nov 2007 | EP |
| 2226741 | Sep 2010 | EP |
| 2114051 | Jun 2012 | EP |
| 2533172 | Dec 2012 | EP |
| 2597585 | May 2013 | EP |
| 2447752 | Sep 2008 | GB |
| A2010140174 | Jun 2010 | JP |
| A2010193110 | Sep 2010 | JP |
| A2011192288 | Sep 2011 | JP |
| 1020120122181 | Sep 2011 | KR |
| I236634 | Jul 2005 | TW |
| 200901724 | Jan 2009 | TW |
| 200919255 | May 2009 | TW |
| 201319817 | May 2013 | TW |
| WO 03062969 | Jul 2003 | WO |
| WO 08004312 | Jan 2008 | WO |
| WO 08030184 | Mar 2008 | WO |
| WO 13095434 | Jun 2013 | WO |
| Entry |
|---|
| Schwartz, Matthew J, “Apple Hackers rate iPhone5s security”, Informationweek—online; Monmouth Junction, Sep. 13, 2013, pp. 1-3 (Year: 2013). |
| Paterson et al., “Efficient Identity-based Signatures Secure in the Standard Model,” Information Security Group, Royal Holloway, University of London, Egham, Surrey, ACISP'06 Proceedings of the 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia, Jul. 3-5, 2006, 17 pages. |
| Islam et al., “A Biometrics-Based Secure Architecture for Mobile Computing,” systems, Applications and Technology Conference (LISAT), 2012 IEEE Long Island, May 4, 2012, pp. 1-5, XP032192493, Section III: Proposed Architecture. |
| Spencer et al., “iCaughtU Pro review [iPhone],” Publisher: knowyourmobile.com, Dec. 13, 2011, pp. 1-3. |
| POT, “What is Apple's 'Secure Enclave,” and How Does It Protect My iPhone or Mac? How-to-Geek, Oct. 23, 2018, https://www.howtogeek.com/339705/what-is-apples-secure-enclave-and-how-does-it-protect-my-iphone-or-mac/, 5 pages. |
| SOAP Web Service Development, Snell, China Electric Power Press, Sep. 2002, pp. 76-81. |
| Number | Date | Country | |
|---|---|---|---|
| 20180262494 A1 | Sep 2018 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 14170360 | Jan 2014 | US |
| Child | 15979251 | US |
