Method and system for managing delayed user authentication
First Claim
1. A method for unlocking a mobile electronic device, the device having a host operating system and a client operating system layer, the method comprising:
- initiating start-up of the device which triggers launch of a virtual machine on the client operating system layer,after the initiation of start-up and before completion of the launch of the virtual machine,a host security module running on the host operating system receiving user authentication input;
passing user authentication input from the host security module to the client operating system layer with a validation request;
the client operating system layer authenticating the user authentication input and notifying the host security module of a successful authentication;
the host security module unlocking access to an at least one host application running on the host operating, system to enable access to the at least one host application;
the client operating system layer sending a message to the virtual machine regarding the authenticated user input; and
on completion of the launch of the virtual machine, the virtual machine unlocking the protected client data stored in memory on the device in response to the message to enable access to the protected client data.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, on start-up of the device, the host security module obtains user authorization input from a user and passes the input to a client operating system for validation. Once validated, the host security module unlocks the host-side of the device. At the same time, the client operating system sends a notice or request to the client-side virtual machine requesting that the client-side be unlocked. Once the virtual machine is initialized and available it launches the client security module and unlocks the client-side. During the delay while the virtual machine loads, the user is given access only to the host applications.
-
Citations
20 Claims
-
1. A method for unlocking a mobile electronic device, the device having a host operating system and a client operating system layer, the method comprising:
-
initiating start-up of the device which triggers launch of a virtual machine on the client operating system layer, after the initiation of start-up and before completion of the launch of the virtual machine, a host security module running on the host operating system receiving user authentication input;
passing user authentication input from the host security module to the client operating system layer with a validation request;
the client operating system layer authenticating the user authentication input and notifying the host security module of a successful authentication;
the host security module unlocking access to an at least one host application running on the host operating, system to enable access to the at least one host application;
the client operating system layer sending a message to the virtual machine regarding the authenticated user input; andon completion of the launch of the virtual machine, the virtual machine unlocking the protected client data stored in memory on the device in response to the message to enable access to the protected client data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A mobile electronic device, comprising:
-
memory storing protected client data; a processor; memory having stored therein to cause the processor to control the device; a host operating system supporting at least one host application; a host security module, wherein the host operating system and the host security module are resident on a host-side of the device, and wherein the host security module includes a component for receiving user authorization input from a user after initiation of start-up of the device; a client entity, the client entity including a client operating system layer and a virtual machine, wherein the client entity is resident on a client-side of the device, and wherein the client operating system layer includes a password validator for authenticating the user authorization input, and wherein the start-up of the device triggers the launch of the virtual machine; and an abstraction interface layer between the client-side and the host-side, said abstraction layer including a plurality of application programming interfaces (APIs) for exchanging communications between the client operating system layer and the host security module, and wherein said APIs include a validation request callable by said host security module for passing the user authentication input to the client operating system layer, wherein, the client operating system layer includes a component for notifying the host security module of a successful authentication, the host security module having a host unlocking component for unlocking access to the at least one host application prior to completion of the launch of the virtual machine in response to the notification of the successful authentication, and wherein the client operating system layer includes a request component for sending a message to the virtual machine regarding the successful authentication, and wherein, the virtual machine includes a client unlocking component for unlocking the protected client data in response to the message after completion of the launch of the virtual machine, thereby enabling user access to the protected client data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising:
-
a computer readable medium storing computer executable instructions for unlocking a mobile electronic device, the device having a host operating system and a client operating system layer, the host operating system running a host security module, the device including a virtual machine running on the client operating system layer, the device including memory storing protected client data, the host operating system supporting at least one host application, the computer executable instructions implementing an unlocking process initiated on start-up of the device, which triggers the launch of the virtual machine, the computer executable instructions comprising; computer executable instructions for execution after the initiation of start-up and before completion of the launch of the virtual machine, including; instructions for receiving user authentication input and passing the user authentication input from the host security module to the client operating system layer with a validation request, instructions for authenticating the user authentication input at the client operating system layer and notifying the host security module of a successful authentication, instructions for unlocking access to the at least one host application, thereby enabling user access to the at least one host application, instructions for sending a message from the client operating system layer to the virtual machine regarding the authenticated user input; and computer executable instructions for execution on completion of the launch of the virtual machine, including instructions for unlocking the protected client data in response to the message, thereby enabling user access to the protected client data.
-
Specification