SYSTEM AND METHOD FOR DEVICE SECURITY WITH A PLURALITY OF AUTHENTICATION MODES

US 20100115607A1
Filed: 11/06/2008
Published: 05/06/2010
Est. Priority Date: 11/06/2008
Status: Active Grant

First Claim

Patent Images

1. An authentication system for use in an electronic device comprising:

a plurality of input devices operable by a user;

a data storage structure to store reference data for authentication; and

an authentication processor configured to;

randomly select a first of a plurality of authentication modes,present the first selected authentication mode to a user,accept user input data from one of the plurality of input devices,compare the user input data with a portion of the stored reference data corresponding to the first selected authentication mode; and

if the comparison indicates a match between the user input data and the portion of the stored reference data corresponding to the first selected authentication mode, authenticating the user and authorizing use of the electronic device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security processing element stores authentication data corresponding to a plurality of possible authentication modes. At a time of activation, the security processing element randomly selects one of the authentication modes for presentation to the user. The user must successfully enter data corresponding to the randomly selected authentication mode. In an alternative embodiment, the security processing element can randomly select a plurality of authentication modes that are sequentially presented to the user. The user must successfully respond to each of the plurality of requested authentication modes. In another embodiment, for high security communications, the security processing element may select from a subset of authentication modes that are considered to be more robust. Conversely, the security processing element may select from a subset of randomly presented authentication modes that are considered less robust when used in a low security setting.

Citations

32 Claims

1. An authentication system for use in an electronic device comprising:
- a plurality of input devices operable by a user;
  
  a data storage structure to store reference data for authentication; and
  
  an authentication processor configured to;
  
  randomly select a first of a plurality of authentication modes,present the first selected authentication mode to a user,accept user input data from one of the plurality of input devices,compare the user input data with a portion of the stored reference data corresponding to the first selected authentication mode; and
  
  if the comparison indicates a match between the user input data and the portion of the stored reference data corresponding to the first selected authentication mode, authenticating the user and authorizing use of the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1 wherein the processor randomly selects a second authentication mode of the plurality of authentication modes if the comparison indicates a match between the user input data and the portion of the stored reference data corresponding to the first selected authentication mode, the processor being further configured to:
    - present the second selected authentication mode to a user,accept user input data from one of the plurality of input devices,compare the user input data with a portion of the stored reference data corresponding to the second selected authentication mode; and
      
      if the comparison indicates a match between the user input data with the portion of the stored reference data corresponding to the second selected authentication mode, authenticating the user and permitting access to the electronic device wherein the authentication processor is configured to authenticate the user and permit access to the electronic device only if there is a match between the user input data and the portion of the stored reference data corresponding to the first selected authentication mode and a match between the user input data and the portion of the stored reference data corresponding to the second selected authentication mode.
  - 3. The system of claim 2 wherein the second authentication mode is different from the first authentication mode.
  - 4. The system of claim 1 wherein the plurality of authentication modes comprise a Personal Identification Number (PIN) mode, a voice recognition mode, an image recognition mode, a biometric identification mode and an image identification mode.
  - 5. The system of claim 1 wherein the electronic device is used in a high security activity, and the authentication processor is configured to randomly select a first of a plurality of authentication modes from a set of high security authentication modes.
  - 6. The system of claim 1 wherein the authentication processor is configured to randomly select multiple ones of the plurality of authentication modes wherein each of the multiple ones of the plurality of authentication modes are presented sequentially to the user.
  - 7. The system of claim 1 wherein the authentication processor is configured to randomly select a number of the plurality of authentication modes for presentation to the user wherein the number of the plurality of authentication modes for presentation to the user is based on a security level of the activity associated with the electronic device.
  - 8. The system of claim 1 wherein the authentication processor is located remote from the electronic device.
  - 9. The system of claim 8 wherein the electronic device is a wireless communication device and communicates with the authentication processor via a wireless communication link.
  - 10. The system of claim 1 wherein the authentication processor is located coupled to the electronic device via a Wide Area Network (WAN) and the communication interface comprises a network interface controller configured to communicate with the authentication processor via the WAN.
  - 11. The system of claim 1 wherein the authentication processor is located coupled to the electronic device via a Local Area Network (LAN) and the communication interface comprises a network interface controller configured to communicate with the authentication processor via the LAN.
  - 12. The system of claim 1 wherein the authentication processor is part of the electronic device, the system further comprising a communication interface configured to transmit user input data from one of the plurality of input devices.
  - 13. The system of claim 1 wherein the data storage structure is configured to store the reference data in an encrypted form.

14. An electronic device authentication system comprising:
- a plurality of input devices coupled to the electronic device and operable by a user;
  
  a data storage structure within the electronic device to store reference data for authentication; and
  
  an authentication processor within the electronic device configured to;
  
  randomly select a first of a plurality of authentication modes,present the first selected authentication mode to a user,accept user input data from one of the plurality of input devices,compare the user input data with a portion of the stored reference data corresponding to the first selected authentication mode; and
  
  if the comparison indicates a match between the user input data and the portion of the stored reference data corresponding to the first selected authentication mode, authenticating the user and permitting access to the electronic device.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14 wherein the data storage structure is configured to store the reference data in an encrypted form.
  - 16. The system of claim 14 wherein the authentication processor is configured to randomly select multiple ones of the plurality of authentication modes wherein each of the multiple ones of the plurality of authentication modes are presented sequentially to the user.

17. A system for user authentication in an electronic device comprising:
- a plurality of input devices operable by the user;
  
  an authentication storage structure to store reference data for user authentication; and
  
  an authentication processor configured to;
  
  randomly select a plurality of authentication challenges from among a plurality of authentication modes,present each randomly selected authentication challenge to a user,for each randomly selected authentication challenge, accept user input data from one of the plurality of input devices,for each randomly selected authentication challenge, compare the user input data with a portion of the stored reference data corresponding to the respective randomly selected authentication challenge; and
  
  authorizing use of the electronic device if the comparison for each randomly selected authentication challenge indicates a match between the user input data and the portion of the stored reference data corresponding to the respective randomly selected authentication challenge.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17 wherein the data storage structure is configured to store the reference data in an encrypted form.
  - 19. The system of claim 17 wherein each of the randomly selected plurality of authentication challenges from among the plurality of authentication modes is used only a single time in a single user authentication process.
  - 20. The system of claim 17 wherein the authentication processor is located remote from the electronic device.
  - 21. The system of claim 20 wherein the electronic device is a wireless communication device and communicates with the authentication processor via a wireless communication link.
  - 22. The system of claim 17 wherein the authentication processor is part of the electronic device, the system further comprising a communication interface configured to transmit user input data from one of the plurality of input devices.

23. A method to provide security to one or more services comprising:
- storing a library of authentication methods;
  
  receiving a request from a user to access one of the services;
  
  randomly selecting a set of authentication methods from the library;
  
  executing the set of authentication methods; and
  
  allowing access to the requested service if the user is authenticated by each authentication method in the set.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method of claim 23 wherein randomly selecting authentication methods further comprises randomly selecting authentication methods with replacement after each selection.
  - 25. The method of claim 23 wherein randomly selecting authentication methods further comprises randomly selecting authentication methods without replacement after each selection.
  - 26. The method of claim 23 wherein the library of authentication methods includes a biometric category, a query-directed password category, and an alpha-numeric password category.
  - 27. The method of claim 23 wherein library of authentication methods includes a voice pattern recognition method.
  - 28. The method of claim 23 wherein library of authentication methods includes a face recognition method.
  - 29. The method of claim 23 wherein library of authentication methods includes a finger print recognition method.
  - 30. The method of claim 23 wherein library of authentication methods includes an alphanumeric password entry method.
  - 31. The method of claim 23 wherein selecting the set of authentication methods from the library further comprises selecting a number of authentication methods, the number based on a desired level of security for the requested service.
  - 32. The method of claim 23 wherein selecting the set of authentication methods from the library further comprises selecting authentication methods by category of authentication method, the category of the methods selected based on a desired level of security for the requested service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Pearson, Larry, Pratt, James, Sullivan, Marc

Granted Patent

US 8,595,804 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/18
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/74   operating in dual or compar...

G06F 2221/2105   Dual mode as a secondary as...

H04L 63/083   using passwords cryptograph...

SYSTEM AND METHOD FOR DEVICE SECURITY WITH A PLURALITY OF AUTHENTICATION MODES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DEVICE SECURITY WITH A PLURALITY OF AUTHENTICATION MODES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links