Technique for continuous user authentication
First Claim
1. A system for providing continuous authentication of a user of a computing device, comprising:
- a security component which provides security functions, such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
securely-stored biometric information which identifies an owner of the computing device;
means for repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device; and
means for comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, computer program product, and method of doing business by improving security of a computing device. Continuous authentication of a user of the computing device, which may be (for example) a portable or personal computing device (also known as a “pervasive computing device”), is performed. The disclosed techniques also improve the security of operations or transactions carried out with such computing devices. Biometric sensors are preferably used for obtaining identifying information from users of computing devices, and this obtained information is compared to previously-stored biometric information which identifies the legitimate owner of the device. If the information matches, then it can be assumed that this user is the device owner, and a security-sensitive transaction is allowed to proceed so long as the biometric input is uninterrupted. Otherwise, when the obtained information does not match, or when there is an interruption in the biometric input, then the device may be in the wrongful possession of an impostor. A transaction may therefore be prevented or aborted, or in other cases perhaps simply marked as suspect or not authenticated; or, it may be desirable to completely deactivate the computing device.
351 Citations
105 Claims
-
1. A system for providing continuous authentication of a user of a computing device, comprising:
-
a security component which provides security functions, such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
securely-stored biometric information which identifies an owner of the computing device;
means for repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device; and
means for comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102)
-
-
35. A method for providing continuous authentication of a user of a computing device, comprising steps of:
-
operating a security component which provides security functions, such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
providing a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
providing securely-stored biometric information which identifies an owner of the computing device;
repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device; and
comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user.
-
-
69. A computer program product for providing continuous authentication of a user of a computing device, the computer program product embodied on one or more computer-readable media and comprising:
-
computer-readable program code means for operating a security component which provides security functions, such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
computer-readable program code means for accessing a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
computer-readable program code means for accessing securely-stored biometric information which identifies an owner of the computing device;
computer-readable program code means for repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device; and
computer-readable program code means for comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user.
-
-
103. A method of doing business by continually authenticating a user of a computing device, comprising steps of:
-
operating a security component for the computing device, wherein the security component provides security functions such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
providing a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
providing securely-stored biometric information which identifies an owner of the computing device;
performing a security-sensitive operation using the computing device;
repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device over a duration of the security-sensitive operation;
comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user; and
aborting the security-sensitive operation if the comparing step fails at any time over the duration of the security-sensitive operation.
-
-
104. A method of improving security of a computing device, comprising steps of:
-
operating a security component for the computing device, wherein the security component provides security functions such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
providing a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
providing securely-stored biometric information which identifies an owner of the computing device;
repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device; and
comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner.
-
-
105. A method of improving security of operations carried out with a computing device, comprising steps of:
-
operating a security component for the computing device, wherein the security component provides security functions such that the security component can vouch for authenticity of one or more other components with which it is securely operably connected;
providing a biometric sensor component that is securely operably connected, as one of the one or more other components, to the security component;
providing securely-stored biometric information which identifies an owner of the computing device;
performing a security-sensitive operation using the computing device;
repeatedly obtaining, from the biometric sensor component, biometric input of a user of the computing device over a duration of the security-sensitive operation;
comparing the repeatedly obtained biometric input to the securely-stored biometric information of the owner, wherein each of the comparisons comprises an authentication of the user; and
aborting the security-sensitive operation if the comparing step fails at any time over the duration of the security-sensitive operation.
-
Specification