Methods and devices for secure authentication to a compute device

US 10,306,052 B1
Filed: 06/26/2017
Issued: 05/28/2019
Est. Priority Date: 05/20/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a memory of a mobile compute device; and

a hardware processor of the mobile compute device, the hardware processor configured to implement an operating system and a native authentication application that is not part of the operating system,the operating system configured to receive a first authentication identifier, the operating system configured to authorize use of the mobile compute device based on the first authentication identifier meeting a first criterion,the native authentication application configured to receive, in response to the first authentication identifier meeting the first criterion, an indication from the operating system that the operating system has authorized use of the mobile compute device,the native authentication application configured to, in response to receiving the indication, disable at least one function of the mobile compute device and transmit a request for at least a portion of a second authentication identifier to an authentication entity associated with a user and powered by the mobile compute device,the native authentication application configured to receive the at least the portion of the second authentication identifier from the authentication entity, the at least the portion of the second authentication identifier comprising a cryptographic signature, the native authentication application configured to enable the at least one function in response to the second authentication identifier meeting a second criterion.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus includes a memory of a mobile compute device, and a hardware processor of the mobile compute device. The hardware processor is configured to implement an operating system and an authentication module. The operating system is configured to receive a first authentication identifier, and is also configured to authorize use of the mobile compute device based on the first authentication identifier meeting a first criterion. The authentication module is configured to, in response to the operating system authorizing use of the mobile compute device, disable at least one function of the mobile compute device and request a second authentication identifier. The authentication module is also configured to receive the second authentication identifier. The authentication module is also configured to enable the at least one function in response to the second authentication identifier meeting a second criterion.

Citations

18 Claims

1. An apparatus, comprising:
- a memory of a mobile compute device; and
  
  a hardware processor of the mobile compute device, the hardware processor configured to implement an operating system and a native authentication application that is not part of the operating system,the operating system configured to receive a first authentication identifier, the operating system configured to authorize use of the mobile compute device based on the first authentication identifier meeting a first criterion,the native authentication application configured to receive, in response to the first authentication identifier meeting the first criterion, an indication from the operating system that the operating system has authorized use of the mobile compute device,the native authentication application configured to, in response to receiving the indication, disable at least one function of the mobile compute device and transmit a request for at least a portion of a second authentication identifier to an authentication entity associated with a user and powered by the mobile compute device,the native authentication application configured to receive the at least the portion of the second authentication identifier from the authentication entity, the at least the portion of the second authentication identifier comprising a cryptographic signature, the native authentication application configured to enable the at least one function in response to the second authentication identifier meeting a second criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein the first authentication identifier is associated with an operating system-based authentication mode and the second authentication identifier is associated with a non-operating system-based authentication mode.
  - 3. The apparatus of claim 1, wherein the authentication entity is a Near Field Communication (NFC) device, the native authentication application configured to receive the at least the portion of the second authentication identifier from the NFC device via an NFC communication channel.
  - 4. The apparatus of claim 1, wherein a timeout time period associated with the operating system periodically requesting the first authentication identifier is different than a timeout time period associated with the native authentication application periodically requesting the second authentication identifier.
  - 5. The apparatus of claim 1, wherein the native authentication application is configured to receive a public key from the authentication entity, the native authentication application is configured to use the public key to verify the cryptographic signature in response to receiving the at least the portion of the second authentication identifier.
  - 6. The apparatus of claim 1, wherein the native authentication application that is not part of the operating system is executed by the operating system but not integrated with the operating system.
  - 7. The apparatus of claim 1, wherein the native authentication application is configured to register with the operating system to receive the indication.
  - 8. The apparatus of claim 1, wherein the native authentication application is configured to monitor for the indication broadcast by the operating system.
  - 9. The apparatus of claim 1, wherein the at least the portion of the second authentication identifier is a first portion of the second authentication identifier, the native authentication application configured to receive a second portion of the second authentication identifier from the memory of the mobile compute device, the native authentication application configured to enable the at least one function in response to the first portion of the second authentication identifier and the second portion of the second authentication identifier meeting the second criterion.

10. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
- receive, using a native application that is not part of an operating system on a mobile compute device, an indication that the operating system has authorized use of the mobile compute device;
  
  disable, at a first time using the native application and in response to receiving the indication, at least one function of the mobile compute device in response to the operating system of the mobile compute device authorizing use of the mobile compute device;
  
  request at least a portion of an authentication identifier from a Near Field Communication (NFC) device associated with a user and powered by the mobile compute device;
  
  receive, from the NFC device via an NFC communication channel and at a second time after the first time, the at least the portion of the authentication identifier; and
  
  enable the at least one function of the mobile compute device when the authentication identifier meets a predetermined criterion.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory processor-readable medium of claim 10, wherein the at least the portion of the authentication identifier includes a cryptographic signature.
  - 12. The non-transitory processor-readable medium of claim 10, wherein the authentication identifier is a first authentication identifier and the predetermined criterion is a first predetermined criterion,the code to cause the processor to disable includes code to cause the processor to disable the at least one function of the mobile compute device in response to the operating system of the mobile compute device authorizing use of the mobile compute device based on a second authentication identifier meeting a second predetermined criterion.
  - 13. The non-transitory processor-readable medium of claim 10, the code further comprising code to cause the processor to:
    - receive a public key from the NFC device prior to the first time; and
      
      verify, using the public key, a cryptographic signature of the at least the portion of the authentication identifier in response to receiving the at least the portion of the authentication identifier.
  - 14. The non-transitory processor-readable medium of claim 10, wherein the native application that is not part of the operating system on the mobile compute device is executed by the operating system of the mobile compute device.
  - 15. The non-transitory processor-readable medium of claim 10, wherein the code to cause the processor to enable includes code to cause the processor to enable the at least one function of the mobile compute device at a third time after the second time, the code further comprising code to cause the processor to:
    - disable the at least one function of the mobile compute device a predetermined time period after the third time.
  - 16. The non-transitory processor-readable medium of claim 10, the code further comprising code to cause the processor to:
    - register with the operating system to receive the indication at the native application.
  - 17. The non-transitory processor-readable medium of claim 10, the code further comprising code to cause the processor to:
    - monitor, using the native application, for the indication broadcast by the operating system.
  - 18. The non-transitory processor-readable medium of claim 10, wherein the at least the portion of the authentication identifier is a first portion of the authentication identifier, the code further comprising code to cause the processor to:
    - receive a second portion of the authentication identifier from a memory of the mobile compute device; and
      
      combine the first portion of the authentication identifier with the second portion of the authentication identifier to produce a combined authentication identifier,the code to cause the processor to enable includes code to cause the processor to enable the at least one function when the combined authentication identifier meets the predetermined criterion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Invincea, Inc. (Sophos Group Ltd.)
Original Assignee
Invincea, Inc. (Sophos Group Ltd.)
Inventors
Lack, Michael Nathan
Primary Examiner(s)
Lai, Daniel

Application Number

US15/632,808
Time in Patent Office

701 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 2221/2149   Restricted operating enviro...

H04B 5/72   for local intradevice commu...

H04L 63/08   for authentication of entit...

H04L 9/3247   involving digital signatures

H04M 1/67   by electronic means

H04M 1/724631   by limiting the access to t...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 4/80   Services using short range ...

Methods and devices for secure authentication to a compute device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and devices for secure authentication to a compute device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links