What technology area does this patent fall under?

Primary CPC classification H04L9/3231. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Continuous monitoring of fingerprint signature on a mobile touchscreen for identity management

US9705676B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9705676-B2
Application number	US-201314104690-A
Country	US
Kind code	B2
Filing date	Dec 12, 2013
Priority date	Dec 12, 2013
Publication date	Jul 11, 2017
Grant date	Jul 11, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A mobile device implements a state machine with full authentication, continuous authentication, and invalidation states. To access the device, the full authentication state requires the user to confirm his or her identity using some robust authentication technique. Upon success, the state machine transitions to the continuous authentication state wherein data samples are captured as the user interacts with the device and compared with stored exemplary fingerprints. Preferably, the state machine enforces a negative identification technique to determine whether the individual currently interacting with the touchscreen is not the user from which the exemplary fingerprints were generated. Upon such negative authentication, the state machine transitions to the invalidation state. In this state, operations (e.g., screen lock) are performed to secure the device against an unauthenticated use. On a next interaction, the state machine transitions to full authentication requiring robust authentication to continue operating in a normal mode.

First claim

Opening claim text (preview).

Having described our invention, what we now claim is as follows: 1. An apparatus associated with a mobile device, the mobile device having a touchscreen, comprising: a processor; computer memory comprising a data store, and computer program instructions comprising a state machine having a set of states, the computer program instructions operative to restrict access to the mobile device except to a user whose identity has been authenticated using a first authentication scheme, wherein authentication using the first authentication scheme is a first state, the computer program instructions comprising: first program code operative as the mobile device is being used to monitor interactions with the touchscreen against fingerprint data associated with the user whose identity has been authenticated; second program code that determines, within a given threshold, and based on the monitored interactions, whether an individual currently interacting with the mobile device, as represented by the interactions, could be the user whose identity has been authenticated using the first authentication scheme, wherein the first and second program code are operative in a second state, the state machine transitioning from the first state to the second state upon authentication using the first authentication scheme; and third program code that transitions the mobile device to a restricted mode of operation, the restricted mode being a third state, the state machine transitioning from the second state to the third state when it cannot be assured that the individual currently interacting with the mobile device could be the user whose identity has been authenticated; the second program code operative in the second state to continue evaluating the monitored interactions upon a determination that the individual currently interacting with the mobile device could be the user whose identity has been authenticated and until the state machine transitions from the second state to the third state such that the third program code transitions the mobile device to the restricted mode. 2. The apparatus as described in claim 1 wherein the computer program instructions further include fourth program code that is further operative to restrict access to the mobile device in the restricted mode of operation until an identity of the user is re-authenticated using the first authentication scheme. 3. The apparatus as described in claim 2 wherein the restricted mode of operation is one of: a screen lock, placing the mobile device in a degraded operating state, and restricting access to at least one function of the mobile device. 4. The apparatus as described in claim 1 wherein the first authentication scheme is one of: pass-phrase entry, hardware authentication, and software-based biometric identification. 5. The apparatus as described in claim 1 wherein the first program code that is operative to monitor interactions further includes: sixth program code to determine whether given interaction data collected during the monitoring step represents a multi-touch interaction with the touchscreen; and seventh program code operative when the given interaction data collected represents a multi-touch interaction with the touchscreen to determine whether the multi-touch interaction represents more than one finger. 6. The apparatus as described in claim 5 wherein the first program code further includes: eighth program code operative when the multi-touch interaction represents more than one finger to disambiguate the given interaction data to identify at least first and second fingers. 7. The apparatus as described in claim 6 wherein the eighth program code operative to disambiguate the given interaction data includes: program code to fit the given interaction data into a convex hull polygon; program code to determine a centroid of an area bounded by the convex hull polygon; program code to identify at least first and second minimum paths to a boundary of the convex hull polygon to generate first and second regions; and program code to designate the first and second regions as distinct fingerprints. 8. A computer program product in a non-transitory computer readable medium for use in a mobile device, the mobile device having a touchscreen, the computer program product holding computer program instructions comprising a state machine having a set of states, the computer program instructions operative to restrict access to the mobile device except to a user whose identity has been authenticated using a first authentication scheme, wherein authentication using the first authentication scheme is a first state, the computer program instructions comprising: first program code operative as the mobile device is being used to monitor interactions with the touchscreen against fingerprint data associated with the user whose identity has been authenticated; second program code that determines, within a given threshold, and based on the monitored interactions, whether an individual currently interacting with the mobile device, as represented by the interactions, could be the user whose identity has been authenticated using the first authentication scheme, wherein the first and second program code are operative in a second state, the state machine transitioning from the first state to the second state upon authentication using the first authentication scheme; and third program code that transitions the mobile device to a restricted mode of operation, the restricted mode being a third state, the state machine transitioning from the second state to the third state when it cannot be assured that the individual currently interacting with the mobile device could be the user whose identity has been authenticated; the second program code in the second state operative to continue evaluating the monitored interactions upon a determination that the individual currently interacting with the mobile device could be the user whose identity has been authenticated and until the state machine transitions from the second state to the third state such that the third program code transitions the mobile device to the restricted mode. 9. The computer program product as described in claim 8 wherein the computer program instructions further include fourth program code is further operative to restrict access to the mobile device in the restricted mode of operation until an identity of the user is re-authenticated using the first authentication scheme. 10. The computer program product as described in claim 9 wherein the restricted mode of operation is one of: a screen lock, placing the mobile device in a degraded operating state, and restricting access to at least one function of the mobile device. 11. The computer program product as described in claim 8 wherein the program code that is operative to monitor interactions further includes: sixth program code to determine whether given interaction data collected during the monitoring step represents a multi-touch interaction with the touchscreen; and seventh program code operative when the given interaction data collected represents a multi-touch interaction with the touchscreen to determine whether the multi-touch interaction represents more than one finger. 12. The computer program product as described in claim 11 wherein the first program code further includes: eighth program code operative when the multi-touch interaction represents more than one finger to disambiguate the given interaction data to identify at least first and second fingers. 13. The computer program product as described in claim 12 wherein the eighth program code operative to disambiguate the given interaction da

Assignees

Inventors

Classifications

H04L9/3231Primary
Biological data, e.g. fingerprint, voice or retina (network architectures or network communication protocols for supporting authentication of entities using biometrical features in a packet data network H04L63/0861) · CPC title
G06F21/32Primary
using biometric data, e.g. fingerprints, iris scans or voiceprints · CPC title
G06V40/28
Recognition of hand or arm movements, e.g. recognition of deaf sign language (static hand signs G06V40/113) · CPC title
G06V40/1347
Preprocessing; Feature extraction · CPC title
G06K9/00355
Physics · mapped topic

Patent family

Related publications grouped by family.

View patent family 54166334

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9705676B2 cover?: A mobile device implements a state machine with full authentication, continuous authentication, and invalidation states. To access the device, the full authentication state requires the user to confirm his or her identity using some robust authentication technique. Upon success, the state machine transitions to the continuous authentication state wherein data samples are captured as the user in…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L9/3231. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Jul 11 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).