Authenticating a user of a system via an authentication image mechanism

US 8,973,095 B2
Filed: 06/25/2012
Issued: 03/03/2015
Est. Priority Date: 06/25/2012
Status: Active Grant

First Claim

Patent Images

1. A mobile system comprising:

a processor to execute instructions;

a manageability engine coupled to the processor and including a security processor to authenticate a user of the mobile system; and

a trusted storage associated with the manageability engine to store an authentication image and at least one authentication gesture associated with the authentication image, wherein the security processor is to generate a display frame image having the authentication image within a portion of the display frame image according to a set of random coordinates, provide the display frame image via a trusted channel to a display of the mobile system for display on the display, receive at least one gesture input value from the user based on the display frame image, and determine whether the user is authenticated based on the at least one gesture input value and the at least one authentication gesture, wherein the trusted channel is not visible to an operating system or an application executing on the mobile system.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, the present invention includes a method for receiving a request for user authentication of a system, displaying an authentication image on a display of the system using a set of random coordinates, receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values. Other embodiments are described and claimed.

40 Citations

View as Search Results

19 Claims

1. A mobile system comprising:
- a processor to execute instructions;
  
  a manageability engine coupled to the processor and including a security processor to authenticate a user of the mobile system; and
  
  a trusted storage associated with the manageability engine to store an authentication image and at least one authentication gesture associated with the authentication image, wherein the security processor is to generate a display frame image having the authentication image within a portion of the display frame image according to a set of random coordinates, provide the display frame image via a trusted channel to a display of the mobile system for display on the display, receive at least one gesture input value from the user based on the display frame image, and determine whether the user is authenticated based on the at least one gesture input value and the at least one authentication gesture, wherein the trusted channel is not visible to an operating system or an application executing on the mobile system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The mobile system of claim 1, wherein the manageability engine is to adjust the at least one gesture input value according to the set of random coordinates.
  - 3. The mobile system of claim 2, wherein the manageability engine is to compare the at least one adjusted gesture input value to the at least one authentication gesture.
  - 4. The mobile system of claim 3, wherein the manageability engine is to authenticate the user and allow the user to access the system if the at least one adjusted gesture input value is within a predetermined threshold of the at least one authentication gesture, and otherwise to not authenticate the user and to prevent the user from access to the mobile system.
  - 5. The mobile system of claim 4, wherein if the at least one adjusted gesture input value does not match the at least one authentication gesture within the predetermined threshold, the manageability engine is to display a second authentication image within a portion of a second display frame image to be displayed on the display according to a second set of random coordinates to enable the user to retry an authentication.
  - 6. The mobile system of claim 1, wherein the manageability engine is to cause the display to sequentially display a plurality of authentication images each associated with a different set of random coordinates, and to authenticate the user if at least a threshold number of at least one gesture input value received from the user for a corresponding one of the plurality of authentication images matches a corresponding at least one authentication gesture associated with the one of the plurality of authentication images.
  - 7. The mobile system of claim 1, wherein the mobile system is to create a secure channel with a remote system to receive the authentication image.
  - 8. The mobile system of claim 7, wherein the mobile system is to receive the authentication image via the secure channel responsive to a user selection of the authentication image.

9. A method comprising:
- receiving a request for user authentication of a system in a security engine of the system;
  
  preparing, in the security engine, a display frame image including an authentication image, the display frame image larger than the authentication image and the authentication image located with the display frame image using a set of random coordinates;
  
  providing the display frame image including the authentication image from the security engine to a display of the system via a trusted channel inaccessible to an operating system (OS) or an application executing on the system;
  
  displaying the display frame image on the display of the system; and
  
  receiving a plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the plurality of gesture input values.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, further comprising displaying the authentication image as a bitmap overlaid over the display frame image.
  - 11. The method of claim 9, further comprising receiving the plurality of gesture input values in the security engine via an untrusted channel of the system.
  - 12. The method of claim 9, further comprising displaying a sequence of authentication images, each using a corresponding set of random coordinates within the display frame image, and receiving a plurality of gesture input values from the user for each of the sequence of authentication images.
  - 13. The method of claim 9, further comprising authenticating the user if the plurality of gesture input values matches a stored set of authentication gestures associated with the authentication image, within a predetermined threshold.
  - 14. The method of claim 13, further comprising receiving the stored set of authentication gestures from the user during a security initialization procedure, in which the authentication image is located at an unrandomized set of coordinates.
  - 15. The method of claim 14, further comprising storing the stored set of authentication gestures in a trusted storage of the system.
  - 16. The method of claim 9, further comprising responsive to not authenticating the user for a first time, re-displaying the display frame image using a different set of random coordinates, and receiving a second plurality of gesture input values from the user, and determining whether to authenticate the user based at least in part on the second plurality of gesture input values.
  - 17. The method of claim 9, wherein the plurality of gesture input values are subject to access by malware executing on the system, and the authentication image within the display frame image is not subject to access by the malware.

18. At least one non-transitory machine-readable storage medium including instructions that when executed enable a computer to perform the following steps:
- create a secure channel between the computer and a remote system to receive an authentication image in the computer;
  
  prepare the authentication image according to a first set of coordinates for display of the authentication image on a display of the computer to obtain at least one authentication gesture from a user viewing the authentication image;
  
  store the authentication image and the at least one authentication gesture associated with the authentication image in a trusted storage of the computer, wherein the authentication image is to be displayed on the display during a plurality of authorization challenges each according to a random and different set of coordinates than the first set of coordinates; and
  
  generate, via a security processor, a display frame image having the authentication image within a portion of the display frame image according to a random and different set of coordinates, provide the display frame image via a trusted channel to the display of the computer for display on the display, receive at least one gesture input value from the user based on the display frame image, and determine whether the user is authenticated based on the at least one gesture input value and the at least one authentication gesture, wherein the trusted channel is not visible to an operating system or an application executing on the computer.
- View Dependent Claims (19)
- - 19. The at least one non-transitory machine-readable storage medium of claim 18, further comprising instructions that when executed enable the computer to perform the following steps:
    - adjust the at least one gesture input value according to the random and different set of coordinates and compare the at least one adjusted gesture input value to the at least one authentication gesture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tahoe Research Limited (f/k/a Learndale Limited) (Vector Capital Corporation)
Original Assignee
Intel Corporation
Inventors
Smith, Ned M.
Primary Examiner(s)
Chao, Michael
Assistant Examiner(s)
KU, SHIUH-HUEI P

Application Number

US13/531,878
Publication Number

US 20130347087A1
Time in Patent Office

981 Days
Field of Search

726/2, 726/26, 726/27, 726/28
US Class Current

726/2
CPC Class Codes

G06F 21/36 by graphic or iconic repres...

Authenticating a user of a system via an authentication image mechanism

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Authenticating a user of a system via an authentication image mechanism

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others