Patent Application
20200125705
The present disclosure relates to electronic devices and systems and, more particularly, to secure access to electronic devices and systems.
Electronic devices and systems can control users' access to many different types of secure programs responsive to security numbers or codes that are entered by the users. Example electronic devices and systems can include mobile phones, tablet computers, laptop computers, building entrances, room entrances, Automatic Teller Machines (ATMs), etc. Example secure programs can include any program which requires the user to correctly enter a personal identification number or other security number or code to obtain access to a protected operation, such as to unlock a user interface, login to a user account, access confidential information, gain entrance to a secure space, etc. Maintaining confidentiality of the security number or code may, therefore, be important. Passwords or security codes may be prone to spying and hacking in public spaces, such when using an ATM, for example. Moreover, the proliferation of mobile electronic devices has increased the likelihood that a user will enter a security number in a public setting where the security number may become compromised by another person. The other person may directly observe numeric digits that the user touch-types on a display of the device or may infer the user's selections based on observing movement of the user's finger relative to a known keypad layout. Some authentication or authorization systems may use biometric information, such as fingerprint information, instead of alphanumeric codes as a security mechanism. Biometric based security systems, however, may also be prone to data leaks and forgery and have less flexibility as they cannot be changed.
Some embodiments of the inventive concept are directed to a method comprising obtaining a plurality of biometric indicia that are associated with a user, establishing a programmatic association between the plurality of biometric indicia and a plurality of characters, receiving, from the user, a sequence of at least a portion of the plurality of characters, and providing the sequence and the programmatic association to a biometric authentication interface of an electronic device, wherein the biometric authentication interface is configured to authenticate the user responsive to input of ones of the plurality of biometric indicia associated with the at least the portion of the plurality of characters comprising the sequence based on the programmatic association.
Other embodiments of the inventive concept are directed to a method comprising receiving sequential input, from a user, of ones of a plurality of biometric indicia, determining a sequence of a plurality of characters based on the sequential input of the ones of the plurality of biometric indicia and a programmatic association between the plurality of biometric indicia and the plurality of characters, comparing the sequence with a stored sequence, determining that the sequence matches the stored sequence, and authenticating the user responsive to determining that the sequence matches the stored sequence
Further embodiments of the inventive concept are directed to an electronic device comprising a processor and a memory coupled to the processor and comprising computer readable program code embodied in the memory that is executable by the processor to perform operations comprising: obtaining a plurality of biometric indicia that are associated with a user, establishing a programmatic association between the plurality of biometric indicia and a plurality of characters, receiving, from the user, a sequence of at least a portion of the plurality of characters, and providing the sequence and the programmatic association to a biometric authentication interface of an electronic device, wherein the biometric authentication interface is configured to authenticate the user responsive to input of ones of the plurality of biometric indicia associated with the at least the portion of the plurality of characters comprising the sequence based on the programmatic association.
Other methods, computer program products, systems, and/or electronic devices according to embodiments of the present inventive concept will be or become apparent to one with skill in the art upon review of the following drawings and detailed description. It is intended that all such methods, computer program products, systems, and/or electronic devices be included within this description, be within the scope of the present inventive subject matter, and be protected by the accompanying claims. Moreover, it is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
Other features of embodiments will be more readily understood from the following detailed description of specific embodiments thereof when read in conjunction with the accompanying drawings, in which:
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention. It is intended that all embodiments disclosed herein can be implemented separately or combined in any way and/or combination.
A typical authentication system may rely on biometric information, e.g., fingerprints, retinal scans, and the like, or alphanumeric passwords or codes to authenticate users. Biometric based systems, however, may be prone to data leaks and forgery and lack the flexibility of changing over time as biometric information is permanently associated with a user. Password based systems have greater flexibility in that they can be periodically changed, but are prone to spying and hacking, particularly in public places. Some embodiments of the inventive concept stem from a realization that authentication devices or systems may base biometric based or password based, but not both. Embodiments of the inventive concept may provide an authentication methodology that combines the strength of biometric information with the flexibility of a character-based password, which may make it difficult for a hostile party to gain access to a protected device, system, area, or the like.
The password entry/biometric association region 102 may be a keypad by which a user may programmatically associate biometric indicia, such as the fingerprints obtained through the biometric information capture region 101, with alphanumeric and/or other types of characters. In the example embodiments described herein, the password entry region 102 may be used to programmatically associate numerical digits of a base ten numeral system with fingerprints captured via the biometric information capture region 101. These programmatic associations between the biometric indicia, e.g., fingerprints, and the characters, e.g., the numerical digits, may be stored in a secure location represented as the biometric programmatic associations module 104. One or more users may also interact with the password entry/biometric association region 102 to create one or more password character sequences, e.g., sequences of numerical digits, which may be used to authenticate the user(s). These sequences may be stored in a secure location represented as the user security sequences module 105.
The biometric information capture region 101 may also be used to authenticate a user for access to the electronic device or system 100 or another device, system, secure area, or the like for which the electronic device or system 100 is used to validate the authenticity of users before allowing access or entry. A user may provide biometric indicia in the form of fingerprints, for example, via the biometric information capture region 101. The biometric authentication module 103 may serve as a biometric authentication interface for authenticating a user based on the sequence of fingerprints entered by the user and obtained via the biometric capture region 101, the biometric programmatic associations previously generated by the user, which are stored in the biometric programmatic associations module 104, and the user password or security code or sequence previously generated by the user, which is stored in the user security sequences 105.
In accordance with various embodiments of the inventive concept, the biometric programmatic associations 104 and the user security sequences 105 may be stored locally to the electronic device or system 100 and, thus, the biometric programmatic associations 104 and the user security sequences 105 may be provided to the biometric authentication module 103 in response to requests for the information contained therein. Moreover, the biometric programmatic associations 104 and the user security sequences 105 may be provided to a biometric authentication interface on another device or system for use in controlling access thereto or provided to a common secure storage repository, such as a secure cloud storage location, where multiple devices and systems for which user access is controlled and/or which are used to control access to other devices, systems, areas, and the like may have access to the information contained within the biometric programmatic associations module 104 and the user security sequences module 105.
Returning to
Embodiments of the inventive concept may provide a secure user authentication system with flexibility to modify the programmatic associations between the biometric indicia and the characters that may be used, for example, as a password sequence and/or the password sequence itself Referring to
In some embodiments of the inventive concept, the user may provide a new sequence of characters, e.g., numerical digits for use as a new password sequence to replace a previously generated password sequence. Referring to
Operations for authenticating a user based on an association of biometric information with a character-based password, in accordance with some embodiments of the inventive concept, will now be described with reference to
The processor 710 may include one or more data processing circuits, such as a general purpose and/or special purpose processor (e.g., microprocessor and/or digital signal processor) that may be collocated or distributed across one or more networks. The processor 710 is configured to execute computer readable program code in the memory 720, described below as a non-transitory computer readable medium, to perform at least some of the operations described herein with respect to
In the above-description of various embodiments of the present disclosure, aspects of the present disclosure may be illustrated and described herein in any of a number of patentable classes or contexts including any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof. Accordingly, aspects of the present disclosure may be implemented in entirely hardware, entirely software (including firmware, resident software, micro-code, etc.) or combining software and hardware implementation that may all generally be referred to herein as a “circuit,” “module,” “component,” or “system.” Furthermore, aspects of the present disclosure may take the form of a computer program product comprising one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer readable media may be used. The computer readable media may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an appropriate optical fiber with a repeater, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable signal medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET, Python or the like, conventional procedural programming languages, such as the “C” programming language, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, dynamic programming languages such as Python, Ruby and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider) or in a cloud computing environment or offered as a service such as a Software as a Service (SaaS).
Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable instruction execution apparatus, create a mechanism for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that when executed can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions when stored in the computer readable medium produce an article of manufacture including instructions which when executed, cause a computer to implement the function/act specified in the flowchart and/or block diagram block or blocks. The computer program instructions may also be loaded onto a computer, other programmable instruction execution apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatuses or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various aspects of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The terminology used herein is for the purpose of describing particular aspects only and is not intended to be limiting of the disclosure. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items. Like reference numbers signify like elements throughout the description of the figures.
The corresponding structures, materials, acts, and equivalents of any means or step plus function elements in the claims below are intended to include any disclosed structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the disclosure. The aspects of the disclosure herein were chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure with various modifications as are suited to the particular use contemplated.
