Mobile touch authentication refresh
地域:
UT
UT Provo
摘要
Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.
說明書
This application is a continuation of U.S. patent application Ser. No. 13/781,383, filed Feb. 28, 2013, now issued as U.S. Pat. No. 9,288,669 which is incorporated herein by reference in its entirety.
As the industry increases the use of mobile devices, security is becoming a growing concern because mobile devices are now used to store secure information (such as passwords, credit cards, and the like) and because mobile devices are now being used to access remote secure enterprise assets. Moreover, individuals desire to do more and more with their phones electing to eliminate or do less and less with convention computing devices. Still further, as processing migrates to mobile devices, viruses targeted to mobile platforms are on the rise.
Users have a variety of mechanisms that they use to ensure security is enforced on their mobile devices, such as their phones or tablets. One technique is to force a time out when there is inactivity on the device; the user must authenticate to unlock the timed out mobile device. This is generally done via a password or personal identification number (PIN).
Another approach is to password protect specific apps on the mobile device; but, in this case, it is usually the apps that must provide such a functionality as the operating system of the mobile device rarely provides such app-specific security. Additionally, users are less likely to implement security on a per-app bases, instead preferring security for the entire device via the traditional time out and re-authentication approach. There is usability issues associated with time outs.
權(quán)利要求
The invention claimed is:1. A method, comprising:capturing touch attributes as capacitance and inductance readings when a user is authenticating to a touchscreen of a mobile device with authentication credentials from touches of a finger of the user when the user provides the authentication credentials through the touchscreen; comparing the touch attributes to last saved touch attributes that were last saved in a previous authentication performed by the user to access the mobile device and updating the last saved touch attributes as the touch attributes; setting a duration for a time until the authentication credentials are to be re-entered by the user through the touchscreen based on the comparing; periodically updating the last saved touch attributes for the user as the user touches the touchscreen during operation of the mobile device; and variably adjusting the duration for the time based on the periodically updating by increasing the duration or decreasing the duration. 2. The method of claim 1 , wherein capturing further includes capturing multiple simultaneous touches from the user through the touchscreen as the authentication credentials are entered. 3. The method of claim 1 , wherein comparing further includes scoring the touch attributes and comparing the scored touch attributes against a computed score for the last saved touch attributes. 4. The method of claim 3 , wherein scoring further includes comparing a difference between the scored touch attributes and the computed score against a threshold and setting the duration based on the comparison of the difference to the threshold. 5. The method of claim 1 , wherein setting further includes setting the duration to a longer period of time as a difference between the touch attributes and the last saved touched attributes grows smaller. 6. The method of claim 1 , wherein setting further includes setting the duration to a shorter period of time as a difference between the touch attributes and the last saved touched attributes grows larger. 7. The method of claim 1 , wherein setting further includes varying the duration based on a difference between the touch attributes and the last saved touch attributes. 8. The method of claim 1 further comprising, providing access to the mobile device after a lock touchscreen occurs on the mobile device without requiring entry of the authentication credentials when the duration has not yet elapsed. 9. The method of claim 1 further comprising, locking the mobile device when the duration has passed and requiring re-entry of the authentication credentials for access to the mobile device. 10. The method of claim 1 further comprising, extending the duration while the user interacts with the touchscreen based on new touch attributes obtained while the user interacts with the touchscreen and compared against the last saved touch attributes. 11. A method, comprising:establishing and periodically updating a time out period for providing authentication credentials for accessing a mobile device based on current touch interactions of a user touching a touchscreen of the mobile device and based on comparisons between the current touch interactions with a touch profile maintained for the user, wherein the touch interactions and the touch profile include capacitance and inductance measures for a finger of the user touching the touchscreen, wherein establishing and periodically updating further includes variably increasing or decreasing the time out period; periodically updating the touch profile based on the current touch interactions; wherein establishing further includes setting a shorter period of time for the time out period when a difference between a comparison of the current touch interactions and the touch profile grows larger; and wherein establishing further includes setting a longer period of time for the time out period when a difference between a comparison of the current touch interactions and the touch profile grows smaller. 12. The method of claim 11 further comprising, forcing a time out before the timeout period when a particular touch interaction is outside a range associated with the touch profile. 13. The method of claim 11 further comprising, locking the mobile device and requesting that the user enter the authentication credentials when the time out period is reached. 14. The method of claim 11 , wherein establishing further includes varying the time out period to an extended period of time the longer a user continues to interact with the touchscreen through the current touch interactions. 15. The method of claim 11 , wherein periodically updating further includes using the current touch interactions to continually update the touch profile. 16. A mobile device, comprising:a processor; and a touch profile manager configured to: i) execute on the processor, ii) set a time out for which a user has to enter authentication credentials to unlock the mobile device for access, iii) determine the time out period based on comparisons between current touch interactions of the user with a touchscreen of the mobile device and a touch profile maintained for the user, wherein the current touch interactions and the touch profile include capacitance and inductance measures for a finger of the user touching the touchscreen, iv) update the touch profile based on the current touch interactions, v) continuously update the touch profile based on subsequent touch interactions of the user during operation of the mobile device, and vi periodically update the time out period based on updates to the touch profile by increasing or decreasing the time out period, vii) setting a duration for a time until the authentication credentials are to be re-entered by the user through the touchscreen based on the comparing, and viii) variably adjusting the duration for the time based on the periodically updating by increasing the duration or decreasing the duration. 17. The system of claim 16 , wherein the touch profile manager is further configured, in iii), to:extend the time out period as a difference between the current touch interactions and the touch profile grows smaller. 18. The system of claim 16 , wherein the touch profile manager is further configured, in iii), to:shorten the time out period as a difference between the current touch interactions and the touch profile grows larger.
意見反饋
使用該功能遇到問題