HK1248004A1

HK1248004A1 - Embedded authentication systems in an electronic device

Info

Publication number: HK1248004A1
Application number: HK18102291.2A
Authority: HK
Inventors: A‧法德尔; A‧霍德格; S‧斯科尔; R‧卡巴勒罗; J‧L‧多罗古斯克尔; S‧紮德斯基; E‧桑弗德
Original assignee: 苹果公司
Priority date: 2007-09-24
Filing date: 2018-02-13
Publication date: 2018-10-05

Abstract

This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Description

Embedded verification system in electronic device

Description of divisional applications

The application is a divisional application of a Chinese patent application with an application date of 9.2008, application number of 200880108306.1 and an invention name of 'embedded verification system in electronic equipment'. The application is a divisional application of a Chinese invention patent application with a divisional filing date of 2014, 8 and 14, an application number of 201410407626.4 and an invention name of 'embedded verification system in electronic equipment'.

Cross Reference to Related Applications

This application claims priority from U.S. provisional patent application No.60/995,200, filed 24/9/2007, which is incorporated herein by reference in its entirety.

Technical Field

The invention relates to an electronic device with an embedded authentication system.

Background

Electronic devices, particularly portable electronic devices, are used to store personal information. For example, a user may use a cell phone, PDA, smart phone, or other electronic device to save an address book, email, calendar information, documents, and other information used by the user. Although the information is not necessarily confidential, the user may wish that at least some of the information is not available to others. One way to prevent unauthorized persons from accessing and viewing a user's personal information is to require the user of the electronic device to provide a password or passcode before being able to initiate device functions or access device resources. For example, the electronic device may require the user to type a 4-digit number or a 4-letter personal identification number before displaying a home screen (e.g., springboard) or menu of the device. As another example, an accessory device that detects a user's fingerprint or scans the user's retina may be coupled with the electronic device such that the user must first display an approved fingerprint or retina before the electronic device can be accessed.

Although both methods may be useful, the method of restricting access based on a password or password is effective only when the password or password is not known to other users. Once the password or passcode is known, this restriction mechanism becomes ineffective. In addition, passwords or pass-throughs may be forgotten, thereby preventing authorized users from using the electronic device. In addition, requiring the user to provide a fingerprint or submit a retinal scan is time consuming and cumbersome for the user, requiring additional steps before the user can access the electronic device. While this approach is more secure than entering a password or passcode, it requires hardware (e.g., necessary scanner, detector or reader) and time-wise costs. Accordingly, there is a need to provide an electronic device in which a biometric (biometric) mechanism and other authentication mechanisms are implemented such that the electronic device quickly and seamlessly authenticates a user, for example, when the user turns on, unlocks, or wakes the electronic device.

Disclosure of Invention

Methods, electronic devices, and computer-readable media are provided for authenticating a user of an electronic device. In some embodiments, the electronic device may seamlessly authenticate the user. The electronic device may receive input from a user, the input being provided by an input mechanism of the electronic device. When the user provides input, the electronic device may detect the identification information from one or more sensors embedded in or adjacent to the input mechanism. The electronic device may authenticate the user by comparing the detected identification information with identification information stored in a library of devices. For example, the sensor may include a sensor that detects a skin feature of the user or a subcutaneous feature of the user. The sensor may be embedded in at least one of a touch screen, a button (e.g., of a keyboard or mouse), a device housing adjacent to the input mechanism (e.g., a laptop housing adjacent to a keyboard), or any other suitable location.

In some embodiments, the electronic device may determine that the user is aligned with a sensing component of the device without having to guide the user in aligning the sensing component. For example, the sensing component may be arranged such that the sensing region of the sensor comprises the expected position of the user when the user operates the electronic device. By utilizing the sensing component, the sensor can detect one or more biometric attributes of the user (e.g., facial or eye features). For example, the sensor may comprise a camera or optical sensor disposed proximate to a display of the device. The user may thus be authenticated by comparing the detected biometric attributes to a library of biometric attributes stored by the electronic device or accessible to the electronic device.

In some embodiments, the electronic device may authenticate the user based on the common attributes of the options selected by the user. The electronic device may display several selectable options for user selection and may receive a user selection of a subset of the options. The electronic device may then identify one or more attributes that are common to some or all of the selected options. For example, the attributes may include at least one of: size, color, outline, fill pattern, shape, alignment with other options, location of an option relative to other options, source of an option, or any other suitable attribute. The electronic device then authenticates the user based on the identified attribute. For example, if a user has selected all shapes that share attributes related to a particular user, the electronic device may authenticate the user.

In some embodiments, the electronic device may authenticate the user according to a pattern of inputs received by the device. The electronic device may include a sensor operative to detect several inputs provided by a user. For example, the sensor may include an input mechanism operative to receive input provided by a user. As another example, the sensor may include an accelerometer or a gyroscope operative to detect movement of or contact with the electronic device. The electronic device is operable to recognize a pattern of the detected input and compare the recognized pattern with patterns stored in memory to authenticate the user. The modes may include temporal modes (e.g., related to delays between successive inputs), visual modes (e.g., related to several options selected by the user, or attributes of the user-provided inputs), or combinations thereof. When authenticating a user, the electronic device may provide the user with access to restricted electronic device resources.

In some embodiments, a method is provided that includes, at an electronic device with a display and a fingerprint sensor: when the corresponding function of the device is in the locked state: displaying a graphical element on the display, the graphical element indicating a first direction of finger movement that enables unlocking of the respective function; and while displaying the graphical element, detecting an input, the input comprising a movement of a finger over the fingerprint sensor in a first direction; determining whether the input satisfies an unlocking criterion based at least in part on fingerprint information of a finger detected by a fingerprint sensor during the input; and in response to detecting the input, unlocking the respective function in accordance with a determination that the input satisfies the unlocking criteria, and maintaining the respective function in the locked state in accordance with a determination that the input does not satisfy the unlocking criteria.

In some embodiments, there is also provided an electronic device comprising: a display; a fingerprint sensor; one or more processors: a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for: when the respective function of the device is in the locked state: displaying a graphical element on the display, the graphical element indicating a first direction of finger movement that enables unlocking of the respective function; and while displaying the graphical element, detecting an input, the input comprising a movement of a finger over the fingerprint sensor in a first direction; determining whether the input satisfies an unlocking criterion based at least in part on fingerprint information of a finger detected by a fingerprint sensor during the input; and in response to detecting the input: unlocking the corresponding function according to the determination that the input meets the unlocking standard; and in accordance with a determination that the input does not satisfy the unlocking criteria, maintaining the corresponding function in the locked state.

According to some embodiments, there is also provided an electronic device comprising: a touch screen display; a fingerprint sensor at a first location on the device; one or more processors: a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs including instructions for: when the respective function of the device is in the locked state: displaying a user interface, the user interface including a displayed unlocking element; detecting a gesture, the gesture comprising movement of a finger contact on an unlock element on the touch screen display toward a first location on the device; identifying, by a fingerprint sensor, a fingerprint corresponding to a finger contact used to perform a gesture; and determining whether the gesture satisfies an unlocking criterion based on: movement of the finger contact toward the first position; a fingerprint corresponding to a finger contact used to perform a gesture; and in response to detecting the gesture: unlocking the corresponding function according to the determination that the posture meets the unlocking standard; and maintaining the respective function in the locked state in accordance with a determination that the gesture does not satisfy the unlocking criteria.

According to some embodiments, there is also provided a method comprising: at an electronic device with a fingerprint sensor and a touch screen display: when the corresponding function of the device is in the locked state: displaying a user interface, the user interface including a displayed unlocking element; detecting a gesture, the gesture comprising movement of a finger contact on an unlock element on the touch screen display toward a first location on the device; identifying, using a fingerprint sensor located at a first location of a device, a fingerprint corresponding to a finger contact used to perform a gesture; and determining whether the gesture satisfies an unlocking criterion based on: movement of the finger contact toward the first position; a fingerprint corresponding to a finger contact used to perform a gesture; and in response to detecting the gesture: unlocking the corresponding function according to the determination that the posture meets the unlocking standard; and maintaining the respective function in the locked state in accordance with a determination that the gesture does not satisfy the unlocking criteria.

In some embodiments, a method is provided. The method includes, at an electronic device having a touch-sensitive display and a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element includes an embedded biometric sensor and is centrally located along at least one axis of a surface of the device, the surface being parallel to the touch-sensitive display: displaying a lock screen on the touch-sensitive display; receiving input from a user using a physical input element having an embedded biometric sensor; detecting identity information of the user when the input is received using a biometric sensor; authenticating the user based on identity information detected using a biometric sensor embedded in the physical input element; and in response to authenticating the user based on the identity information detected with the biometric sensor embedded in the physical input element, replacing, on the touch-sensitive display, the display of the lock screen with a display of the unlocked user interface.

In some embodiments, there is provided an electronic device comprising: a touch-sensitive display; a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element comprises an embedded biometric sensor and the physical input element is centrally located along at least one axis of a surface of the device, the surface being parallel to the touch-sensitive display; one or more processors; memory comprising computer instructions that, when executed by one or more processors of a device, cause the device to: displaying a lock screen on the touch-sensitive display; receiving input from a user using a physical input element having an embedded biometric sensor; detecting identity information of the user when the input is received using a biometric sensor; authenticating the user based on identity information detected using a biometric sensor embedded in the physical input element; and in response to authenticating the user based on the identity information detected with the biometric sensor embedded in the physical input element, replace the display of the lock screen with the display of the unlocked user interface on the touch-sensitive display.

In some embodiments, an apparatus is provided having a touch-sensitive display and a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element comprises an embedded biometric sensor and is centrally located along at least one axis of a surface of the device, the surface being parallel to the touch-sensitive display. The device includes: means for displaying a lock screen on the touch-sensitive display; means for receiving input from a user using a physical input element having an embedded biometric sensor; means for detecting identity information of the user when the input is received using a biometric sensor; means for authenticating a user based on identity information detected using a biometric sensor embedded in a physical input element; and means for replacing, on the touch-sensitive display, the display of the lock screen with a display of an unlocked user interface in response to authenticating the user based on the identity information detected with the biometric sensor embedded in the physical input element.

In some embodiments, there is provided an electronic device comprising: a display; one or more image sensors; one or more processors; memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for: displaying a lock screen on the display; capturing image data from one or more image sensors; detecting one or more attributes of the user's face from the captured image data; authenticating a user based on one or more attributes from the captured image data; and in response to authenticating the user, replacing the display of the lock screen with the display of the unlocked user interface on the display.

In some embodiments, there is provided an apparatus having a display and one or more image sensors, comprising: means for displaying a lock screen on the display; means for capturing image data from one or more image sensors; means for detecting one or more attributes of a user's face from the captured image data; means for authenticating a user based on one or more attributes from the captured image data; and means for replacing the display of the lock screen with the unlocked user interface on the display in response to authenticating the user.

In some embodiments, there is provided a method comprising: at an electronic device having a display and one or more image sensors: displaying a lock screen on the display; capturing image data from one or more image sensors; detecting one or more attributes of the user's face from the captured image data; authenticating a user based on one or more attributes from the captured image data; and in response to authenticating the user, replacing the display of the lock screen with the display of the unlocked user interface on the display.

Drawings

The above and other objects and advantages of the present invention will be apparent from the following detailed description taken in conjunction with the accompanying drawings, in which like reference characters refer to like parts, and in which:

FIG. 1 is a schematic diagram of an exemplary electronic device for use with an authentication system in accordance with one embodiment of the present invention;

FIG. 2 is a schematic view of an exemplary display screen of an electronic device in accordance with one embodiment of the present invention;

FIG. 3 is a schematic diagram of an illustrative display screen that guides a user through authentication in accordance with one embodiment of the present invention;

FIG. 4 is a schematic diagram of an illustrative display screen that guides a user through authentication before accessing a device resource in accordance with one embodiment of the present invention;

FIGS. 5A-C are schematic diagrams of exemplary display screens associated with different users provided in response to authenticating the users, in accordance with one embodiment of the present invention;

FIG. 6 is a schematic view of an exemplary electronic device display screen that detects a user's fingerprint in accordance with one embodiment of the present invention;

FIG. 7 is a schematic diagram of another exemplary electronic device that detects a user's fingerprint in accordance with one embodiment of the present invention;

FIGS. 8A and 8B are schematic diagrams of an exemplary electronic device that detects a user's handprint, in accordance with one embodiment of the present invention;

FIG. 9 is a schematic diagram of an exemplary electronic device that detects a user's handprint, in accordance with one embodiment of the present invention;

FIG. 10 is a schematic diagram of an exemplary device having a sensor to detect subcutaneous features of a user in accordance with one embodiment of the present invention;

FIG. 11 is a schematic diagram of an exemplary electronic device having a sensor to detect facial features of a user, in accordance with one embodiment of the present invention;

FIG. 12 is a schematic diagram of an exemplary electronic device having a sensor to detect a characteristic of a user's eye, in accordance with one embodiment of the present invention;

FIGS. 13 and 14 are schematic diagrams of exemplary displays providing a visual mode in one embodiment of the present invention;

FIG. 15 is a flow diagram of an exemplary process for authenticating a user according to one embodiment of the invention.

Detailed Description

An electronic device having an authentication system that restricts access to resources of the electronic device is provided. Access to any suitable electronic device resource may be restricted, including for example access to files or data stored on or available to the electronic device. As yet another example, access to particular applications (e.g., applications purchased by a particular user, or applications associated with administrative tasks or privileges) may be restricted. As yet another example, access to personal settings (e.g., displayed options, background images, or icons for applications) may be restricted until the user is authenticated.

Any suitable authentication system may be implemented. In some embodiments, the authentication system may include a system that detects a biometric feature or attribute of the user. For example, the electronic device may include a system that operates to detect and authenticate the user based on characteristics or subcutaneous characteristics of the user's skin, such as fingerprints, palm prints, finger prints, blood vessel patterns (blood vessel patterns), or any other suitable or subcutaneous portion of the user's skin. As yet another example, the electronic device may include a system that operates to detect and authenticate the user based on characteristics of the user's eyes or face or movement of the user's eyes. As yet another example, the electronic device may include a system operative to detect characteristics of the user's ear canal, odors associated with the user, the user's DNA, or any other suitable biometric attribute or information associated with the user.

In some embodiments, the verification system may include a system that operates to identify the user according to a visual or temporal pattern provided by the user. For example, the electronic device may display several selectable options or shapes that form a visual pattern. The user may select any suitable predetermined subset of the displayed options for verification. For example, the user may select one or more options that collectively have a predetermined attribute (e.g., size, color, shape, or outline). As yet another example, the user may select one or more options located in a predetermined area of the display (e.g., independent of the attributes of the selected options). The user may select the options simultaneously, sequentially, or a combination of both.

As another example, a user may provide a series of inputs at a particular speed or in a particular pattern. For example, the user may select an option at a particular delay (e.g., a pause between two selections). On the other hand, the user may follow a predetermined time pattern, providing input that is detected by a sensor (e.g., an accelerometer or gyroscope) of the device. A device may detect an input based on vibrations caused by tapping the device or an area adjacent to the device, moving the device in a particular manner, or any other suitable method of detecting an input.

The electronic device may provide any suitable combination of authentication systems including, for example, a biometric authentication system and a pattern-based authentication system, several biometric authentication systems, or several pattern-based systems. In some embodiments, different authentication systems may be associated with different resources, such that a user may provide authentication information to several systems before eventually accessing a particular restricted resource (e.g., private or personal information). The electronic device may use any suitable method to select which authentication systems to combine. For example, a user may associate several authentication systems with a particular resource, or instead the electronic device automatically (e.g., by default) assigns a particular authentication system to a particular resource.

FIG. 1 is a schematic diagram of an exemplary electronic device for use with an authentication system, in accordance with one embodiment of the present invention. Electronic device 100 may include a processor 102, a storage 104, a memory 106, a communication circuit 108, an input/output circuit 110, an authentication system 112, and a power supply 114. In some embodiments, one or more electronic device components 100 may be combined or omitted (e.g., combining storage 104 and memory 106). In some embodiments, electronic device 100 may include other components (e.g., a display, a bus, or an input mechanism) not combined or included in those components shown in FIG. 1, or several instances of the components shown in FIG. 1. For simplicity, only one of each component is shown in FIG. 1.

Processor 102 may include any processing circuitry operative to control the operation and performance of electronic device 100. For example, the processor 102 may be used to run an operating system application, a firmware application, a media playback application, a media editing application, or any other application. In some embodiments, the processor may drive the display and process inputs received from the user interface.

Storage 104 may, for example, include one or more storage media including a hard disk drive, a solid state drive, flash memory, persistent memory such as ROM, any other suitable type of storage component, or any combination thereof. Storage 104 may, for example, store media data (e.g., music and video files), application data (e.g., for implementing functions on device 100), firmware, user preference information data (e.g., media playback preferences), authentication information (e.g., a library of data related to authorized users), lifestyle information data (e.g., food preferences), exercise information data (e.g., information obtained by exercise monitoring equipment), transaction information data (e.g., information such as credit card information), wireless connection information data (e.g., information that enables electronic device 100 to establish a wireless connection), subscription information data (e.g., information that records podcasts or television shows or other media subscribed to by a user), contact information data (e.g., telephone numbers and email addresses), calendar information data, and any other suitable data, Or any combination thereof.

Memory 106 may include cache memory, semi-permanent memory such as RAM, and/or one or more different types of memory for temporarily storing data. In some embodiments, memory 106 may also be used to store data used to operate electronic device applications, or any other type of data that may be stored in storage 104. In some embodiments, memory 106 and storage 104 may be combined into a single storage medium.

The communication circuitry 108 may allow the device 100 to communicate with one or more servers or other devices using any suitable communication protocol. Electronic device 100 may include one or more instances of communication circuitry 108 for performing several communication operations simultaneously using different communication networks, although to avoid overcomplicating fig. 1, only one instance of communication circuitry is shown. For example, the communication circuit 108 may support Wi-Fi (e.g., 802.11 protocol), Ethernet, Bluetooth^TM(Bluetooth Sig, a trademark owned by Inc.), a radio frequency system, a cellular network (e.g., GSM, AMPS, GPRS, CDMA, EV-DO, EDGE, 3GSM, DECT, IS-316/TDMA, iDen, LTE, or any other suitable cellular network or protocol), infrared, TCP/IP (e.g., any protocol used in each TCP/IP layer), HTTP, BitTorrent, FTP, RTP, RTSP, SSH, Voice Over IP (VOIP), any other communication protocol, or any combination thereof.

Input/output circuit 110 is operable to convert (and encode/decode, if necessary) analog and other signals into digital data. In some embodiments, the input/output circuitry is also capable of converting digital data into any other type of signal, and vice versa. For example, the input/output circuitry 110 may receive and convert physical contact input (e.g., from a multi-touch screen), physical motion (e.g., from a mouse or sensor), analog audio signals (e.g., from a microphone), or any other input. The digital data may be provided to or received from the sensor 102, the storage 104, the memory 106, or any other component of the electronic device 100. Although input/output circuit 110 is schematically represented in fig. 1 as a single component of electronic device 100, several examples of input/output circuits may be included in electronic device 100.

Electronic device 100 may include any suitable mechanism or component that allows a user to provide input to input/output circuitry 110. For example, the electronic device 100 may include any suitable input mechanism, such as a button, keypad, dial, click wheel, or touch screen. In some embodiments, electronic device 100 may include a capacitive sensing mechanism, or a multi-touch capacitive sensing mechanism. Sensing mechanisms are described in commonly owned U.S. patent application No.10/902,964 entitled "Gestures for Touch Sensitive Input Device" filed on 2004, 10.7.2005 and U.S. patent application No.11/028,590 filed on 2005, 18.1.2005, entitled "model-Based Graphical User Interfaces for Touch Sensitive Input Device", both of which are incorporated herein by reference in their entirety.

In some embodiments, electronic device 100 may include dedicated output circuitry associated with output devices, such as one or more audio outputs. The audio output may include one or more speakers (e.g., mono or stereo speakers) built into the electronic device 100, or audio components remotely coupled to the electronic device 100 (e.g., a headset, headphones, or earphones that may be coupled to the communication device via wires or wirelessly).

In some embodiments, the I/O circuitry 110 may include display circuitry (e.g., a screen or projection system) that provides a display viewable by a user. For example, the display circuitry may include a screen (e.g., an LCD screen) incorporated into the electronic device 100. As yet another example, the display circuitry may include a removable display or a projection system (e.g., a projector) that provides for the display of content on a plane remote from the electronic device 100. In some embodiments, the display circuitry may include an encoder/decoder (codec) that converts digital media data into an analog signal. For example, the display circuitry (or other suitable circuitry within electronic device 100) may include a video codec, an audio codec, or any other suitable type of codec.

The display circuitry may also include display driver circuitry, circuitry for driving the display driver, or both. The display circuitry may display content (e.g., media playback information, application screens for applications implemented on the electronic device, information regarding ongoing communication operations, information regarding incoming communication requests, or device operation screens) as instructed by the processor 102.

Authentication system 112 may include any suitable system or sensor operable to receive or detect input identifying a user of device 100. For example, authentication system 112 may include a skin-print sensing mechanism, an optical system that identifies the user based on the user's facial topography, eye features (e.g., retina), or vein patterns, or any other sensor that detects any other unique biometric feature or attribute of the user. As yet another example, the authentication system 112 may be operable to receive a secret or confidential input item identifying the user (e.g., a gesture on the device, or a special pattern of objects or colors on a touch display). As yet another example, the authentication system 112 may be operable to detect a particular movement or vibration of the device caused by the user. The verification system 112 may be combined or embedded into any other element of the electronic device 112 (e.g., a display or a camera), or use events detected by various sensors of the electronic device (e.g., an accelerometer or a proximity sensor). In some embodiments, several types of authentication systems may be incorporated or implemented in an electronic device.

In some embodiments, electronic device 100 may include a bus that operates to provide a data transfer path for transferring data to and from, or between, control processor 102, storage 104, memory 106, communication circuitry 108, input/output circuitry 110, authentication system 112, and any other components included in the electronic device.

To prevent unauthorized access to data or information stored in memory or storage, the electronic device may instruct the authentication system to identify the user and authorize access to the requested resource. The electronic device may require authorization before providing access to any electronic device resource. In some embodiments, the electronic device may require different levels of authorization before providing access to different applications or different data or files related to different applications. For example, the electronic device may require the user to satisfy several authentication systems before providing access to an application or data (e.g., require a secondary authentication, such as using biometric features, in addition to a first or initial authentication, such as a password to unlock the electronic device).

FIG. 2 is a schematic view of an exemplary display screen of an electronic device in accordance with one embodiment of the present invention. Display screen 200 may be displayed in response to a user unlocking the electronic device. Display screen 200 may include selectable options 210 for accessing various device functions. For example, each option 210 may be associated with a different application available on the electronic device. As yet another example, each option may be associated with a particular data or file that may be employed by the user. The electronic device may or may not require authentication in terms of accessing the display screen 200. For example, the display screen 200 may include a basic or default application that the user may use. As another example, display screen 200 may include default features that are available to all users.

In some embodiments, one or more applications may access or use one or more user-personal data or resources. For example, options 212 and 214 related to phone and mail applications, respectively, may relate to a personal account or address book that is not related to each user of the electronic device. The electronic device may require the user to authenticate before accessing such an application, or by means of personal or confidential features or resources available to such an application. In some embodiments, the default features of the application may be utilized without authentication (e.g., allowing the user to place a phone call, but not access the address book).

FIG. 3 is a schematic diagram of an illustrative display screen that guides a user through authentication in accordance with one embodiment of the present invention. Display screen 300 may be displayed in response to receiving an instruction from a user to access a resource (e.g., information or application) subject to an authentication protocol restriction. Display screen 300 may include information 310 related to the selected resource. To prevent unauthorized users from viewing the resource prior to authorization, the information 310 may be obscured or hidden (e.g., no entry in a particular field is available). In some embodiments, the display screen 300 may instead not include any information until the user is authenticated.

Display screen 300 may include a notification 320 that guides the user in authentication prior to accessing the requested resource. The notification 320 may include a pop-up notification, an overlay, a new display screen, or any other suitable type of display that provides an indication to the user. Notification 320 may include any suitable indication, including, for example, the manner in which the user authenticates (e.g., specifies the use of a particular authentication system). For example, notification 320 may direct the user to provide a fingerprint, or provide an input that matches a predetermined visual or temporal pattern. Once the user is properly authenticated, the electronic device displays the information 310 in a manner discernible by the user and enables selectable options or other functionality related to the selected resource.

In some embodiments, the user is required to authenticate before unlocking the electronic device (e.g., before accessing any resources of the electronic device). FIG. 4 is a schematic diagram of an illustrative display screen that guides a user through authentication before accessing a device resource in accordance with one embodiment of the present invention. Display screen 150 may include an option 410 for unlocking the display screen. For example, option 410 may include a slider that can be dragged across a portion of the screen. As another example, options 410 may include one option, or a series of options for the user to select (e.g., press several keys simultaneously or sequentially, or touch several areas of display screen 150).

Display screen 150 may include a notification 420 that guides the user in authentication prior to accessing device resources (e.g., a home screen for launching information and applications). The notification 420 may include any suitable type of notification, including, for example, a pop-up notification providing an indication to the user, an overlay, a new display screen, or any other suitable type of display. The electronic device may display the notification 420 at any suitable time, including for example when the user opens the electronic device (and views the display screen 150, for example), in response to an attempt by the user to access a device resource without first verifying (e.g., in the form of an error message), in response to a request for help from the user, or at any other suitable time. Notification 420 may include any suitable indication, including, for example, the manner in which the user authenticated, a list of authorized users, or any other suitable information.

Once the user has been properly authenticated, the electronic device may display options related to the authenticated user (e.g., options for applications purchased by the particular user). In some embodiments, the electronic device may provide access to previously unavailable resources or content (e.g., a list of contacts or previous messages in a phone or mail application). 5A-C are schematic diagrams of exemplary display screens associated with different users provided in response to authenticating the users, in accordance with one embodiment of the present invention. Display screen 500A may include several options 510A. The displayed options may include some options common to a default or basic display of the electronic device (e.g., display screen 500A shares options with display screen 200 of fig. 2). Display screen 500A may include several options 512A for additional applications or resources that can only be employed by a particular authenticated user. For example, the display screen 510A may include additional options 512A for games (games), systems, and media applications.

Display screen 500B may include options 510B regarding the resources or applications that the user may employ. In some embodiments, option 510B may be completely different from the options of the default screen (e.g., display screen 500B does not share any options with display screen 200 of fig. 2). Display screen 500 may also be customized to not include tabs identifying the application or resource associated with option 510B.

Display screen 500C may include options 510C regarding the resources or applications that the user may employ. In some embodiments, options 510C for the same resource as the other display screens have different appearances (e.g., different icons). For example, in FIG. 5C, the options displayed for the Mail, Clock, photo, YouTube, and Calculator applications may be different from those displayed in the display screen 500A of FIG. 5A. Additionally, the display screen 500C may include a customized or personal background 512C (e.g., a different background image). In some embodiments, display screen 500C may not include a docking station or other features to hold certain options 510C in a fixed position (e.g., different from options 510B located in docking station 512B).

In some embodiments, the electronic device may provide access to a different number of electronic device resources based on the identity of the authenticated user. For example, if the electronic device is used by several users (e.g., parents and children in the same family), the users may share some but not all resources (e.g., all users may access the family address book list, but may not access the emails of other family members). As another example, users of electronic devices may be organized by user group or user level. Instead of or in addition to a particular user, certain resources may be associated with groups or levels of users. When a particular user is authenticated and identified as a member of a group, the electronic device may provide the user with access to resources associated with the group (e.g., public or shared resources, shared communications, or shared documents), and to resources associated with the particular user (e.g., personal address book, email account, phone call list).

The electronic device can associate a particular resource with one or more authentication systems. For example, a user may identify a resource and provide protection or security instructions (e.g., by selecting an appropriate option). In addition, the user may select one or more authentication systems to satisfy before providing access to the resource. If the resource is not a public resource (e.g., a default application or file that may not be used by all users), or if the resource is created or purchased by the user, the electronic device may associate the selected resource with one or more selected authentication systems. On the other hand, if the user has sufficient privileges (e.g., administrator), then any resources may be protected using one or more selected authentication systems.

The electronic device may not require authentication each time the user unlocks or operates the electronic device. In some embodiments, the electronic device may allow the user's authentication to be valid for a particular time. For example, once authenticated, the electronic device may allow the user to access the restricted resource for 10 hours from the time the user was authenticated. As another example, the electronic device may maintain the user's authentication for a particular time after receiving the user's last instruction or entering a standby mode (e.g., maintain the authentication for 30 minutes after entry). The time that the electronic device holds the authentication information may be set by the device or by the user, and may be based on the particular type or resource protected by the authentication information (e.g., a longer authentication period may be allowed for access to a game purchased by a particular user as compared to the user's personal address book). The electronic device is not required to be verified each time a user operates the electronic device, energy consumption can be saved.

The electronic device may use any suitable type of authentication system to prevent unauthorized access to the device resources. In some embodiments, the electronic device may include an authentication system based on a unique skin print of the user. For example, the electronic device may include a verification system operative to detect a user's finger, hand, palm, knuckle imprints, or any other suitable imprint or skin feature unique to the user. The authentication system may include a sensor that detects a skin texture or characteristic unique to the user.

The sensor may comprise any suitable type of sensor for detecting a unique feature or texture of the skin of the user. For example, the sensor may comprise an optical scanner operative to detect a characteristic of the user's skin. The optical sensor may comprise a charge coupled device, or any other suitable array of photosensitive components (e.g., diodes) that operate to record light received by the sensor (e.g., charge coupled device). For example, if the charge coupled device includes an array of photosensitive elements, the optical sensor may be operable to record, for each photosensitive element in the array, a pixel representing light received by that particular photosensitive element. The value of each pixel may thus reflect the distance (e.g., ridge or valley) of a particular portion of the user's skin associated with that pixel from the sensor. The recorded pixels may form an image of a particular portion of the user's skin, for example, which the electronic device can compare to a library of images associated with authorized users.

As another example, the sensor may comprise a capacitive sensor operative to detect a characteristic of the user's skin. The capacitive sensor may comprise one or more chips containing an array of cells, each cell may comprise at least two conductive plates separated by an insulating layer. The sensor may be coupled with an inverting amplifier to vary the voltage between the at least two conductive plates of each cell in the chip. When a user's finger is placed on the array of cells, the sensor is able to distinguish between cells below a valley (e.g., fingerprint valley) and cells below a ridge (e.g., fingerprint ridge) according to the different capacitance values of each cell (i.e., cells below the valley have lower capacitance than cells below the ridge). By using the capacitance value of each cell in the chip being detected, the sensor can generate an image or representation of the skin placed on the sensor that can be compared to a library of images or representations that can be employed by the electronic device.

The authentication system may include any suitable countermeasures that prevent an unauthorized user from spoofing the skin lines of the authorized user by placing an image (e.g., a printed image) or three-dimensional structure (e.g., a polymer mold) in the vicinity of the authentication system sensor. For example, the verification system may include a combination of optical and capacitive sensors, sonar or radio frequency sensors, sensors that detect the user's pulse, sensors that determine the temperature of an object placed against the sensors (e.g., determine whether the temperature is within a predetermined range of human skin temperatures), or any other suitable countermeasures.

The sensor may be operable to detect a characteristic of the user's skin using any suitable method. In some embodiments, the sensor is operable to detect a characteristic of the user's skin as the user's skin moves over the sensor. For example, the sensor may comprise a one-dimensional sensor or a stationary (static) sensor (e.g., a row of sensing components) that operates to detect features of the user's finger as the user's finger slides or rolls across the sensor. The sensor may include a direction along which the user's skin moves to provide an accurate representation of the user's skin characteristics. For example, the sensor may require the user to move the finger along the axis of the finger or perpendicular to the axis of the finger.

In some embodiments, the sensor is operable to detect a characteristic of the user's skin while the user's skin remains stationary over the sensor. For example, the sensor may comprise a two-dimensional sensor or motion sensor operative to detect a characteristic of a user's finger when the finger is immobilized on the sensor. The sensor may be operable to detect a momentary or near-momentary two-dimensional representation of the user's finger moving in regular steps or speeds under the user's stationary finger, or at some point (e.g., as the user's finger moves over the sensor). Using a two-dimensional sensor may provide a more accurate two-dimensional representation of the user's skin features because, unlike a one-dimensional sensor, a two-dimensional sensor does not rely on the user moving their skin over the sensor in regular or uniform steps.

The sensor may be placed in any suitable location within the electronic device. In some embodiments, the sensor may be positioned such that when the user operates or begins to operate the electronic device, the sensor may detect the appropriate portion of the user's skin. The sensor position may vary depending on the portion of the user's skin to be detected (e.g., a finger, hand, or palm). FIG. 6 is a schematic diagram of an exemplary electronic device display screen that detects a user's fingerprint in accordance with one embodiment of the present invention. Display screen 600 includes a screen 602 that instructs a user to unlock the electronic device. For example, screen 602 may include box 610, box 610 having an arrow that guides the user to slide box 610 along track 612 to unlock the electronic device, e.g., by dropping a finger on box 610 and dragging the finger along track 612.

To authenticate the user during the unlocking process, the display 600 may include a sensor 620 in the display along the trajectory 612. For example, the sensor 620 may be embedded in a display screen stack (e.g., in a display screen stack that includes a capacitive sensing component, a light source, and a display screen surface). As another example, the sensor 620 may be placed under a display screen stack. As another example, the sensor 620 may comprise an existing component of a display screen stackup (e.g., a display screen stackup of a touch screen display may comprise a capacitive sensor). In this approach, the verification system may use the detection output of a capacitive sensing component of a display screen overlay (e.g., in a touch screen display) with sufficient resolution to distinguish ridges and valleys of the user's skin. In some embodiments, the capacitive sensing elements of the display screen stack may include several types or densities of capacitive sensing elements to facilitate verification with a particular portion of the display screen (e.g., using very fine sensing elements along at least a portion of the trace 612 in the display screen stack for verification and less fine sensing elements in the remaining area of the display screen 600).

In some embodiments, the sensor 620 may be embedded in the electronic device such that the sensor 620 is not visible in the display screen 600. For example, the sensor 620 may be mounted, printed, or etched directly on the display screen 600 (e.g., etched on glass) so that the user cannot see the fingerprint scanner. If it is difficult for the user to provide the sensor 620 with an appropriate fingerprint, the display 600 may highlight the outline of the sensor 620 (e.g., display an icon that guides the user to place a finger over the icon above the sensor 620) to assist the user in authentication.

FIG. 7 is a schematic diagram of another exemplary electronic device that detects a user's fingerprint according to one embodiment of the present invention. Electronic device 700 may include input mechanisms 710 and 712 that may be actuated by a user to provide input to electronic device 700. For example, input mechanism 710 may include a keyboard and input mechanism 712 may include a touchpad or trackpad. It is to be understood, however, that any other input mechanism, including input mechanisms remotely coupled to electronic device 700 (e.g., a wired or wireless mouse), may be used with electronic device 700.

To provide secure access to resources, the electronic device 700 may include at least one sensor 720 operative to detect characteristics of a user's fingerprint to identify the user. To provide a seamless user experience, sensor 720 may be embedded in or below at least one of input mechanisms 710 and 712. In some embodiments, an input mechanism 710 that includes several different keys that a user may press to provide input to the electronic device 700 may include a sensor 720 embedded in one or more keys. For example, an optical sensor or a capacitive sensor may be placed on the upper surface of the button such that when the user places a finger on the key (e.g., rests his index finger on the "F" or "J" key), the sensor may detect a characteristic of the user's finger in order to authenticate the user. A two-dimensional sensor or motion sensor may be used for this implementation to authenticate the user when the user's finger is placed over the key.

The sensor 720 may be placed in, near, or behind any button or other physical input in the electronic device that the user can press. For example, the sensor 720 may be placed behind a home button (e.g., button 812 in FIG. 8B) of a portable media player or cellular telephone. Sensor 720 may be placed between an outer cover plate or surface (e.g., a glass or plastic surface) and a mechanical component that operates to interact with a switch or electronic circuit. For example, the fingerprint sensing mechanism may be embedded beneath a transparent surface through which the sensing mechanism may detect fingerprint ridges and valleys of a user. In some embodiments, no additional transparent surface is required (e.g., if the sensing mechanism includes a surface on which a user can place a finger).

In some embodiments, input mechanism 712 may include a sensor 720 embedded under some or all of the touch pad, such that when a user places a finger on input mechanism 712 (e.g., to move an indicator on display screen 715), sensor 720 may detect a characteristic of the user's finger in order to authenticate the user. The sensor 720 may be a one-dimensional sensor that authenticates the user as the user moves their finger within the touch pad, or may be a two-dimensional sensor that authenticates the user as their finger is stationary on the touch pad (e.g., when the user initially places their finger on the touch pad). Sensor 720 may cover the entire surface of input mechanism 712 so that a user need not place their finger on a particular portion of input mechanism 712 in order to be authenticated. Using highlighting, indications on a display screen, or any other suitable method, electronic device 700 may be operable to identify the location of each sensor 720 to assist the user in providing the appropriate detectable input. In some embodiments, any other suitable input mechanism may include a sensor 720 (e.g., a button, wheel, key, or screen) that seamlessly detects a fingerprint feature of the user.

FIGS. 8A and 8B are schematic diagrams of an exemplary electronic device that detects a user's handprint, according to one embodiment of the invention. The electronic device 800 includes a housing 802 that operates to hold a display 810. The housing 802 may substantially constitute the back side of the electronic device 800 (e.g., the surface that does not include the display 810) to protect the components of the electronic device. When the user holds the electronic device 800, the user's hand 830 may hold the housing 802, leaving the display screen 810 visible such that at least the user's palm 832 is placed against the back 804, as shown in FIG. 8B. The electronic device 800 may include a sensor 820 embedded in the back 804 and operative to detect a characteristic of a palm or hand of a user. By placing the sensor 820 on the back side 802 (or any surface of the electronic device opposite the surface of the display screen 810), the sensor 820 can authenticate the user when the user holds the electronic device 800. The sensors 820 may include two-dimensional sensors such that the electronic device 800 may seamlessly authenticate a user without requiring the user to move or slide their hand against the back side 804.

FIG. 9 is a schematic diagram of an exemplary electronic device that detects a user's handprint, in accordance with one embodiment of the present invention. The electronic device 900 may include an input mechanism 910, and a user may provide input to the device using the input mechanism 910. The input mechanism 910 may be arranged such that when the palm and wrist of the user rest on the housing 912 or extend out of the housing 912, the fingers of the user rest on the input mechanism 910. Electronic device 900 can include one or more sensors 920 embedded or placed on housing 912 to authenticate a user of the device. The sensors 920 may be arranged such that when a user places their hands on the housing 912 to operate the input mechanism 910, the user's hands, palm or wrist are aligned with the sensors 920. By utilizing, for example, a two-dimensional sensor, the sensor 920 is operable to detect a characteristic of the user's skin when the user's hands are placed on the housing 912.

In some embodiments, the verification system may instead or additionally include a sensing mechanism that detects subcutaneous features of the user. For example, the verification system may include sensors that operate to detect patterns of veins, arteries, hair follicle distribution, or any other suitable subcutaneous features that may be detected, of the user. The sensor may comprise any suitable type of sensor, including, for example, an optical sensor (e.g., a camera) located on a surface of the electronic device. The sensor may be arranged such that, when the electronic device is used, subcutaneous features of any suitable part of the user are detected. For example, the sensor may be arranged to detect subcutaneous features in a user's finger, hand, wrist, arm, facial area, or any other suitable area.

FIG. 10 is a schematic diagram of an exemplary device having a sensor operative to detect subcutaneous features of a user in accordance with one embodiment of the present invention. The electronic device 1000 can include an input mechanism 1010 located on a portion of the housing 1012 or extending through a portion of the housing 1012. Input mechanism 1010 may be configured such that, when in use, a user's hands or wrists are placed on housing 1012 (rather than on input mechanism 1010). The electronic device 1000 may include a sensor 1020 operative to detect subcutaneous features of a user. For example, the sensors 1020 may include optical sensors that operate to detect vein patterns near the wrist of the user. The sensor 1020 may be located on any suitable surface of the electronic device 1000, such as included on the housing 1012 or embedded in the housing 1012, such that when the user's hands are positioned to provide input using the input mechanism 1010, the user's wrist may be proximate to the sensor 1020. Such an arrangement facilitates seamless authentication of a user by detecting subcutaneous features of the user (e.g., vein patterns near the user's wrist) as the user operates device 1000.

In some embodiments, the verification system may instead or additionally include a sensor operative to detect facial features of the user. For example, the authentication system may include a sensor operative to detect radiation emitted or reflected by one or more unique features of the user's face when the user's face is facing the sensor. The sensor is operable to detect any suitable type of radiation. For example, the sensors may include light sensors (e.g., cameras), infrared sensors, ultraviolet sensors, scanning lasers, ultrasonic sensors (e.g., sonar), or any other sensor that operates to detect a desired radiation (e.g., a particular range of radiation frequencies or periods).

The verification system may operate to detect any suitable element of the user's face. For example, the verification system may identify the face by analyzing the relative position and size of the user's head, nose, mouth, ears, cheekbones, jaws, or any other attribute of the user's face. As another example, the verification system may identify facial features of the user by capturing and analyzing a curved surface or depth of the facial features of the user (e.g., contours of the eye sockets, chin, or nose) using a three-dimensional verification system. As another example, the verification system may detect a unique line, texture, or spot of the user's skin (e.g., using skin texture analysis). Combinations of these approaches may be used in order to enhance or facilitate authentication.

The sensor that detects the facial features of the user may be located at any suitable location on the electronic device. In some embodiments, the sensors include cameras or other sensors provided with the electronic device for different purposes (e.g., an embedded webcam for chatting). FIG. 11 is a schematic diagram of an exemplary electronic device having a sensor to detect facial features of a user in accordance with one embodiment of the present invention. The electronic device 1100 may include a sensor 1120, the sensor 1120 being positioned near the display 1110 such that when a user is facing the display 1110 to view or access electronic device resources, the user's face, and facial features of the user of interest, are aligned with the sensor 1120 (e.g., in the field of view of the sensor 1120). In response to detecting that the user's face is facing the sensor 1120, the electronic device 1100 may direct the sensor 1120 to capture and analyze facial features of the user and compare the analyzed features to a library of features associated with authorized users. If an authorized user is detected, electronic device 1100 may display restricted content 1112 on display 1110 or provide access to restricted content 1112.

In some embodiments, the verification system may instead or additionally comprise a sensor operative to verify the user based on a property of the user's eyes. For example, the sensor may be operable to scan the retina, iris, or retinal blood vessels of the user to detect a unique pattern of the user. The sensor may include a light source operative to emit light, such as infrared light, that is reflected by the user's eye and detected by the lens or optical sensor. The sensor may analyze the received light to create a representation of the user's eyes that may be compared to a library of authorized user's eyes.

As another example, the sensor may instead or additionally be operative to detect movement of the user's eye, for example by tracking the position and movement of the user's retina, iris, blood vessels, or any other feature of the user's eye. Prior to providing the user with access to the electronic device resource, the electronic device may direct the sensor to detect a predetermined eye movement set by an authorized user. For example, each authorized user may create an eye movement trajectory by moving his eyes in a particular manner (e.g., up, down, left, right, blinking) while looking at the sensor. When the user of the electronic device moves his eyes in a manner that matches the predetermined eye movement, the electronic device may unlock, or provide access to, the restricted resource.

The sensor may be located at any suitable location of the device, including, for example, a location adjacent to a display screen or other portion of the electronic device that will face the user's eyes (e.g., a location similar to the location of sensor 1120 of FIG. 11 that may be used to authenticate the user based on characteristics of the user's eyes). FIG. 12 is a schematic diagram of an exemplary electronic device having a sensor to detect a characteristic of a user's eye in accordance with one embodiment of the present invention. Electronic device 1200 may include sensor 1220 located near display 1210 such that when a user faces display 1210 to view or access electronic device resources, the user's eye may be directed at sensor 1220 (e.g., in the field of view of sensor 1220). With the sensor 1220, the electronic device 1200 may detect features or movement of the user's eyes to authenticate the user and provide access to restricted device resources. In some embodiments, sensor 1220 may be implemented to authenticate a user based on characteristics of the user's face (similar to sensor 1120 in FIG. 11).

In some embodiments, the authentication system is operable to authenticate the user based on an attribute or quality of the user's voice. For example, the verification system may be operable to detect a particular voice tone or voice tag (signature). The verification system may be text-dependent (e.g., the user must speak a particular phrase to verify, such as "my voice is my passport"), or text-independent (e.g., may speak any suitable word to verify the user). In some embodiments, the authentication system may require the user to speak a password for authentication, thereby requiring knowledge of both the user's password and the user's voice tone for proper authentication. The authentication system may include any suitable component that authenticates the user, including, for example, a microphone. In some embodiments, the microphone may be used primarily for other purposes (e.g., telephone communication or video conferencing).

In some embodiments, other types of verification systems may be used. In some embodiments, the verification system is operable to identify and verify the user based on the shape of the user's ear canal. For example, the verification system may include a sensor (e.g., optical, radar, or sonar) that detects a unique characteristic (e.g., shape and length) of the user's ear canal. For example, the sensor may be located near a speaker of the device (e.g., if the device is a telephone). In some embodiments, the authentication system is operable to identify the user based on a scent specific to the user. For example, the verification system may include a sensor that detects a unique property of the user's skin or sweat gland scent. The sensor may be located at any suitable location on the device, including for example at or near the input mechanism (e.g., in the case of a user touching the electronic device).

In some embodiments, the verification system is operable to identify the user from the DNA sequence. For example, the verification system may include a sensor coupled to the processor for receiving cells having the user's DNA (e.g., from the user's skin or mouth) and determining whether a particular DNA sequence is present. The length or variation of the DNA sequence may be selected to ensure that correct verification is provided and that the verification process is sufficiently fast (e.g., without the need to analyze the entire DNA strand). The sensor may be disposed at any suitable location on the device, including on or near an input mechanism or other component touchable by the user, for example.

The electronic device may receive biometric information reflecting the authorized user using any suitable method. For example, when a user selects an authentication system to use with a particular device resource, the electronic device may direct the user to provide biometric information (e.g., a fingerprint, eye scan, or DNA sequence) to be saved in the library. The electronic device may direct the user to provide biometric input using any suitable method, including, for example, using visual cues, audio cues, and highlighting or identifying the location of the verification system sensor. When the user attempts authentication, the received biometric information stored in the repository may be retrieved and compared to the biometric information provided by the user. If the provided biometric verification information matches information stored in the repository (e.g., information related to the requested resource), the electronic device may provide access to the restricted resource. In some embodiments, a similar method may be used to receive non-biometric verification information.

In some embodiments, the authentication system may instead or additionally not require biometric parameters in terms of providing the user access to the electronic device resource. In some cases, non-biometric authentication systems are still very effective and secure, although they are more easily handled than biometric authentication systems. In some embodiments, the authentication system may provide access to a resource of the electronic device in response to detecting that a certain key or token is within a certain distance of the electronic device. For example, a user may have a cellular telephone and a computer. One or both devices may include circuitry that detects that the devices are within a certain range of each other (e.g., 5 feet, so that a user sits at a desk with a cell phone in a pocket and uses a computer and performs authentication). When devices determine to be in proximity to each other, resources of one or both devices become available. This approach may be particularly beneficial for securing access to stationary devices while taking advantage of the fact that users may carry portable devices with them. This and other embodiments are described in more detail in commonly owned U.S. patent application No.11/823,656, on 2007, 27.6 (attorney docket No. 104677-.

In some embodiments, the electronic device may authenticate the user based on a particular sequence of inputs provided by the user. For example, the electronic device may require the user to provide input corresponding to a visual mode provided by the electronic device. Fig. 13 and 14 are schematic diagrams of exemplary displays providing a visual mode in one embodiment of the present invention. The display screen 1300 may include a distribution 1310 of options or shapes 1312. The display screen 1150 may include a distribution 1410 of options or shapes 1412. Each shape 1312 and 1412 may have a different fill pattern (e.g., different line directions), color, shape or outline, size (e.g., perimeter or area), proximity or position relative to other display shapes, alignment with other shapes (e.g., selecting four yellow shapes that make up a straight line), origin (e.g., a shape representing a photograph in a particular album or library), or any other suitable characteristic. The distributions 1310 and 1410 may include any suitable number of shapes and distributions, including, for example, a number of uniformly distributed shapes (e.g., 20 uniformly distributed shapes 1310), or any distribution of shapes (e.g., any distribution of shapes 1410).

For verification, the user may select (e.g., as detected by an input mechanism or other sensor) any suitable subset of the displayed shapes or options. The subset may include shapes that share some or all of the one or more attributes. For example, the user may select some or all of the shapes with a particular color (e.g., all shapes that include a few yellows). As another example, the user may select some or all of the shapes (e.g., all squares) having the same outline. As another example, the user may select some or all of the shapes that have particular attributes in common (e.g., all pentagons, or all shapes representing photos related to a particular album saved by the device). As another example, the user may select a shape that includes some or all of a particular distribution of colors (e.g., a shape that includes a red portion adjacent to a blue portion). Any suitable criteria or attributes (including combinations of the examples listed above, such as selecting the top two blue shapes and the bottom two square shapes) may be used to select a particular subset of the displayed shapes.

Any suitable number of shapes or options may be associated with the subset selected for verification. For example, the number of shapes may be associated with the total number of displayed shapes (e.g., 20% of the displayed shapes are selected). As another example, the number of shapes may be a fixed number, such as less than 5 (e.g., enabling a user to select all shapes simultaneously with one hand), or 10 (enabling a user to select all shapes simultaneously with both hands). The number of shapes may be chosen to optimize security (e.g., requiring enough shapes to make it difficult to guess simply which shapes to choose).

The user may select the subset of shapes using any suitable method. If a multi-touch display screen is provided, the authentication system may require the user to select all shapes for authentication at the same time. As another example, the verification system may allow the user to sequentially select shapes for verification. The shapes may be selected in any order or in a particular order (e.g., top to bottom, or left to right). As another example, the authentication system may require the user to provide a single motion input (e.g., dragging a finger within the display screen) that selects only the shapes of the authorized subset. Any other suitable method of selecting a subset of shapes may be used.

To avoid having the user always select the same relative position of shapes displayed on the display screen (e.g., entering a numeric password using a displayed keypad), the electronic device may change the distribution of shapes for selection for authentication. So that for authentication, the user can identify the shapes that share attributes associated with the authentication protocol. Since the location of the shapes used for authentication changes each time the user accesses the device resource, someone looking behind the user to notice the general distribution of the selected shapes cannot select shapes with the same distribution for authentication (e.g., striped shapes will not be distributed in the same area of the device).

Each time after the failure of an attempt to select a shape for verification, the electronic device may change the distribution of the displayed shapes, or even change the shapes (e.g., using a different color or outline), to prevent an unauthorized user from guessing the correct subset of shapes. After a particular number of failed attempts to select the correct subset of shapes, the electronic device may lock the device resource. Once locked, the user needs to couple the device to the host in order to re-enable the device (e.g., couple the mobile device to a fixed device) or use another authentication system (e.g., a biometric system) to re-enable the device.

In some embodiments, the user may simply select a shape located in a predetermined portion of the screen, rather than selecting a particular shape. For example, a user may place one or more fingers on several shape locations, regardless of the actual display shape. As another example, a user may place one or more fingers on a particular shape displayed by the electronic device and move the one or more fingers in a predetermined manner (e.g., slide the one or more fingers) regardless of the displayed shape. As another example, the user may select several shapes located at predetermined locations on the display screen in succession (e.g., selecting shapes located at particular locations to form a predetermined pattern). In some embodiments, the electronic device may provide a blank or uniform display on which the user may trace one or more patterns with one or more fingers. By creating a visual distracter by means of the displayed shape, this approach can confuse or distract unauthorized users.

In some embodiments, the electronic device may instead or additionally authenticate the user according to a temporal pattern of received user inputs. For example, a user may provide a certain number of inputs at a certain rate for verification. The electronic device may detect the input using any suitable method. For example, the electronic device can detect input provided with an input mechanism of the device (e.g., input received by a touch screen). As another example, the electronic device may detect an input based on motion, contact, vibration, or other impact detected by a suitable sensor (e.g., an accelerometer) of the device. In this approach, the user may tap any part of the device (or an object in contact with the device, such as a table on which the electronic device is placed) such that a sensor in the device detects the tap and determines whether it corresponds to an authorized time pattern. As another example, the electronic device may utilize a sensor (e.g., an accelerometer or gyroscope) in the device to detect that it has been moved in a particular manner (e.g., shaken twice and then rotated). In response to detecting the correct temporal pattern, the electronic device may provide access to the restricted resource.

In some embodiments, the verification system may combine temporal and visual modes for verification. For example, the user may be required to select a particular display shape at a certain rate (e.g., quickly select the first two shapes, then pause, then select the last two shapes simultaneously). As another example, the user may be required to first select the correct shape and then provide a time-mode input. As another example, the user may be required to select one or more shapes and then move the device (e.g., shake the device). Any other suitable combination of inputs may be required for verification.

The electronic device may set the visual or temporal mode for the authorized user using any suitable method. In some embodiments, when a user selects to use a time or visual mode to restrict access to a particular device resource, the electronic device may guide the user in providing or selecting the time or visual mode. For example, the electronic device may provide a list of shape attributes that the user may select to form a pattern (e.g., color or outline). As another example, the electronic device may direct the user to select a displayed shape, or provide a temporal pattern, and extract or identify the pattern from the received input. Before accepting the mode, the electronic device may instruct the user to provide the mode several times to ensure that the user wants to use the selected mode and remember the selected mode.

The electronic device may include any suitable number and type of authentication systems. For example, the electronic device may include one, more or all of the above-described authentication systems or authentication methods. Access to different resources may be restricted by utilizing one or more authentication systems that a user may select or set. In some embodiments, several authentication systems may be used sequentially before providing access to a particular restricted resource.

FIG. 15 is a flow diagram of an exemplary process for authenticating a user according to one embodiment of the invention. Process 1500 begins at step 1502. At step 1504, the electronic device may identify a user of the device. For example, the electronic device may receive a username or password associated with the user. As another example, the electronic device may receive authentication information using an authentication system and identify the user based on the received authentication information. The electronic device may automatically receive the authentication information without requiring explicit input from the user, for example, by arranging the sensors of the authentication system in such a way that the authentication information is seamlessly captured as the user operates the device. For another example, once the user is within the field of view or sensing region of the sensor, the sensor may detect attribute features of the user. In some embodiments, process 1500 may proceed directly from step 1502 to step 1506.

At step 1506, the electronic device can determine whether a request to access a restricted resource is received. For example, the electronic device can determine whether the user provided instructions to access data (e.g., a list of contacts or other personal information) associated with the particular user. As another example, the electronic device can determine whether the user provided instructions to access a restricted application (e.g., a user restricted to a particular level, such as an administrator's application, or an application purchased by a particular user). If the electronic device determines that no instruction to access the restricted resource has been received, process 1500 returns to step 1506 and continues to monitor for input received from the user.

At step 1506, if the electronic device determines that an instruction to access a restricted resource has been received, process 1500 may proceed to step 1508. At step 1508, the electronic device can determine whether the identified user is authorized to access the resource. For example, the electronic device can determine whether the user provided appropriate authentication information for accessing the restricted resource. The electronic device may receive appropriate authentication information without the user's knowledge, for example by embedding an authentication sensor in the device so that the authentication information is received during normal use. If the electronic device determines that the identified user is not authorized, process 1500 proceeds to step 1510. At step 1510, the electronic device can instruct the user to authenticate. For example, the electronic device may direct the user to provide authentication information to an authentication system (e.g., any of the authentication systems described above). In some embodiments, the electronic device may detect several inputs by the user and determine whether the inputs have a pattern associated with an authorized user or share attributes associated with an authorized user (e.g., determine whether the user provided correct inputs corresponding to the attributes or pattern of the authorized user or determine whether the attributes or pattern of the inputs match the attributes or pattern associated with the authorized user). Process 1500 then returns to step 1508, where a determination is made as to whether the user provided the appropriate authentication information.

At step 1508, if the electronic device determines that the user is authorized, process 1500 may proceed to step 1512. At step 1512, the electronic device may provide the user with access to the requested restricted resource. For example, the electronic device may provide the user with access to personal data, or access to applications specific to the user. Process 1500 then ends at step 1514.

The above-described embodiments of the present invention are presented for purposes of illustration and not of limitation, and the present invention is limited only by the claims which follow.

Claims

1. A method, comprising:

at an electronic device having a touch-sensitive display and a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element comprises an embedded biometric sensor and the physical input element is centrally located along at least one axis of a surface of the device, the surface being parallel to the touch-sensitive display:

displaying a lock screen on the touch-sensitive display;

receiving input from a user using the physical input element with the embedded biometric sensor;

detecting, using the biometric sensor, identity information of the user when the input is received;

authenticating the user based on the identity information detected using the biometric sensor embedded in the physical input element; and

in response to authenticating the user based on the identity information detected with the biometric sensor embedded in the physical input element, replace, on the touch-sensitive display, display of the lock screen with display of an unlocked user interface.

2. The method of claim 1, wherein the physical input element is configured to be pressed by the user.

3. The method of claim 1, wherein the physical input element is physically distinct from a housing of the device.

4. The method of claim 1, wherein the unlocked user interface is an application launch user interface that includes a plurality of application icons for launching different applications.

5. The method of claim 1, comprising, after replacing the display of the lock screen with the display of the unlocked user interface:

displaying, on the touch-sensitive display, a respective user interface that includes an obscured version of first information;

while displaying the obscured version of the first information on the touch-sensitive display, detecting a finger input on the biometric sensor; and is

In response to detecting a finger input on the biometric sensor:

in accordance with a determination that the finger input includes a fingerprint that matches a fingerprint of an authorized user, replace display of the obscured version of the first information with an uncovered version of the first information; and is

In accordance with a determination that the finger input does not include a fingerprint that matches a fingerprint of an authorized user, maintaining a display of the obscured version of the first information on the touch-sensitive display.

6. The method of claim 1, wherein the lock screen includes instructions to place a finger on the physical input element to unlock the device.

7. The method of claim 1, wherein receiving the input comprises receiving an input to unlock the electronic device.

8. The method of claim 1, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger while the finger is stationary over the biometric sensor.

9. The method of claim 1, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger as the finger is moved over the biometric sensor.

10. The method of claim 1, wherein the physical input element is usable by the user to provide input to the electronic device that is not related to authentication.

11. The method of claim 1, wherein the physical input element is a primary button.

12. The method of claim 1, wherein the physical input element has a circular shape.

13. The method of claim 1, wherein a camera is positioned along at least a second axis on the surface of the device.

14. The method of claim 1, wherein camera is positioned along at least a second axis on the surface of the device, the second axis being above the touch-sensitive display, and the physical input element is centered along the at least one axis on the surface of the device, the one axis being below the touch-sensitive display.

15. An electronic device, comprising:

a touch-sensitive display;

a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element comprises an embedded biometric sensor and the physical input element is centrally located along at least one axis of a surface of the device, the surface being parallel to the touch-sensitive display;

one or more processors;

memory comprising computer instructions that, when executed by the one or more processors of the apparatus, cause the apparatus to:

displaying a lock screen on the touch-sensitive display;

authenticating the user based on the identity information detected using the biometric sensor embedded in the physical input element; and is

16. The device of claim 15, wherein the physical input element is configured to be pressed by the user.

17. The device of claim 15, wherein the physical input element is physically distinct from a housing of the device.

18. The device of claim 15, wherein the unlocked user interface is an application launch user interface that includes a plurality of application icons for launching different applications.

19. The device of claim 15, wherein the lock screen includes instructions to place a finger on the physical input element to unlock the device.

20. The apparatus of claim 15, wherein receiving the input comprises receiving an input to unlock the electronic device.

21. The device of claim 15, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger while the finger is stationary over the biometric sensor.

22. The device of claim 15, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger as the finger is moved over the biometric sensor.

23. The apparatus of claim 15, wherein the computer instructions, when executed by the one or more processors, further cause the apparatus to:

after replacing the display of the lock screen with the display of the unlocked user interface:

In response to detecting a finger input on the biometric sensor:

24. The device of claim 15, wherein the physical input element is usable by the user to provide input to the electronic device that is not related to authentication.

25. The device of claim 15, wherein the physical input element is a primary button.

26. The apparatus of claim 15, wherein the physical input element has a circular shape.

27. The apparatus of claim 15, wherein a camera is positioned along at least a second axis on the surface of the apparatus.

28. The device of claim 15, wherein camera is positioned along at least a second axis on the surface of the device, the second axis being above the touch-sensitive display, and the physical input element is centered along the at least one axis on the surface of the device, the one axis being below the touch-sensitive display.

29. An apparatus having a touch-sensitive display and a physical input element distinct from the touch-sensitive display and designated for user input, wherein the physical input element comprises an embedded biometric sensor and is centrally located along at least one axis of a surface of a device, the surface being parallel to the touch-sensitive display, the apparatus comprising:

means for displaying a lock screen on the touch-sensitive display;

means for receiving input from a user using the physical input element with the embedded biometric sensor;

means for detecting identity information of the user using the biometric sensor when the input is received;

means for authenticating the user based on the identity information detected using the biometric sensor embedded in the physical input element; and

means for replacing, on the touch-sensitive display, display of the lock screen with display of an unlocked user interface in response to authenticating the user based on the identity information detected with the biometric sensor embedded in the physical input element.

30. The apparatus of claim 29, wherein the physical input element is configured to be pressed by the user.

31. The apparatus of claim 29, wherein the physical input element is physically distinct from a housing of the device.

32. The apparatus of claim 29, wherein the unlocked user interface is an application launch user interface comprising a plurality of application icons for launching different applications.

33. The apparatus of claim 29, wherein the lock screen includes instructions to place a finger on the physical input element to unlock the device.

34. The apparatus of claim 29, wherein receiving the input comprises receiving an input to unlock the electronic device.

35. The device of claim 29, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger while the finger is stationary over the biometric sensor.

36. The device of claim 29, wherein the biometric sensor comprises a fingerprint sensor configured to detect a characteristic of the user's finger as the finger is moved over the biometric sensor.

37. The apparatus of claim 29, further comprising:

means for displaying, on the touch-sensitive display, a respective user interface that includes an obscured version of first information;

means for detecting a finger input on the biometric sensor while the masked version of the first information is displayed on the touch-sensitive display; and

in response to detecting a finger input on the biometric sensor:

means for replacing the display of the obscured version of the first information with an uncovered version of the first information in accordance with a determination that the finger input comprises a fingerprint matching a fingerprint of an authorized user; and

means for maintaining, in accordance with a determination that the finger input does not include a fingerprint that matches a fingerprint of an authorized user, a display of the obscured version of the first information on the touch-sensitive display.

38. The apparatus of claim 29, wherein the physical input element is usable by the user to provide input to the electronic device that is not related to authentication.

39. The device of claim 29, wherein the physical input element is a primary button.

40. The device of claim 29, wherein the physical input element has a circular shape.

41. The apparatus of claim 29, wherein a camera is positioned along at least a second axis on the surface of the device.

42. The apparatus of claim 29, wherein camera is positioned along at least a second axis on the surface of the device, the second axis being above the touch-sensitive display, and the physical input element is centered along the at least one axis on the surface of the device, the one axis being below the touch-sensitive display.

43. An electronic device, comprising:

a display;

one or more image sensors;

one or more processors;

memory storing one or more programs configured to be executed by the one or more processors, the one or more programs including instructions for:

displaying a lock screen on the display;

capturing image data from the one or more image sensors;

detecting one or more attributes of a user's face from the captured image data;

authenticating the user based on the one or more attributes from the captured image data; and

in response to authenticating the user, replacing display of the lock screen with display of an unlocked user interface on the display.

44. The apparatus of claim 43, wherein the one or more image sensors comprise visible light image sensors.

45. The device of claim 43, wherein the one or more image sensors comprise an image sensor that detects light outside the visible spectrum.

46. The apparatus of claim 45, wherein the one or more image sensors comprise infrared image sensors.

47. The device of claim 43, wherein the one or more image sensors comprise a visible light image sensor and an infrared image sensor.

48. The apparatus of claim 47, wherein:

the captured image data includes data from the visible light image sensor and data from the infrared image sensor;

detecting one or more attributes includes detecting a first attribute from the visible light image sensor and a second attribute from the infrared image sensor; and is

Authenticating the user based on the one or more attributes includes authenticating the user based on the first attribute and the second attribute.

49. The device of claim 43, wherein the one or more image sensors comprise a three-dimensional capture device for capturing a depth of facial features of the user.

50. The apparatus of claim 43, wherein the captured image data comprises depth data for a face of the user.

51. The apparatus of claim 50, wherein:

detecting one or more attributes comprises detecting a third attribute from the depth data; and is

Authenticating the user based on the one or more attributes includes authenticating the user based on the third attribute.

52. The device of claim 43, the one or more programs further comprising instructions for:

detecting that a face of a user is across from the one or more image sensors, wherein the capturing image data occurs in response to detecting the face of the user.

53. The apparatus of claim 43, wherein authenticating the user based on the one or more attributes comprises comparing the one or more attributes to attributes in a library associated with authorized users.

54. The apparatus of claim 43, wherein the one or more sensors comprise an ultraviolet sensor, a scanning laser, an ultrasonic sensor, or a combination thereof.

55. The device of claim 43, wherein the one or more attributes comprise a three-dimensional contour of the user's eye socket, chin, nose, or a combination thereof.

56. The apparatus of claim 43, further comprising a light source operable to emit infrared light to be reflected by the user's eye and captured by the one or more sensors.

57. The device of claim 43, wherein the unlocked user interface is an application launch user interface that includes a plurality of application icons for launching different applications.

58. An apparatus having a display and one or more image sensors, comprising:

means for displaying a lock screen on the display;

means for capturing image data from the one or more image sensors;

means for detecting one or more attributes of a user's face from the captured image data;

means for authenticating the user based on the one or more attributes from the captured image data; and

means for replacing display of the lock screen with an unlocked user interface on the display in response to authenticating the user.

59. The device of claim 58, wherein the one or more image sensors comprise visible light image sensors.

60. The device of claim 58, wherein the one or more image sensors comprise an image sensor that detects light outside the visible spectrum.

61. The device of claim 60, wherein the one or more image sensors comprise infrared image sensors.

62. The device of claim 58, wherein the one or more image sensors comprise a visible light image sensor and an infrared image sensor.

63. The apparatus of claim 62, wherein:

64. The apparatus of claim 58, wherein the one or more image sensors comprise a three-dimensional capture device for capturing a depth of facial features of the user.

65. The apparatus of claim 58, wherein the captured image data comprises depth data for a face of the user.

66. The apparatus of claim 65, wherein:

67. The apparatus of claim 58, the one or more programs further comprising instructions for:

68. The apparatus of claim 58, wherein authenticating the user based on the one or more attributes comprises comparing the one or more attributes to attributes in a library associated with authorized users.

69. The device of claim 58, wherein the one or more sensors comprise an ultraviolet sensor, a scanning laser, an ultrasonic sensor, or a combination thereof.

70. The device of claim 58, wherein the one or more attributes comprise a three-dimensional contour of the user's eye socket, chin, nose, or a combination thereof.

71. The apparatus of claim 58, further comprising a light source operable to emit infrared light to be reflected by the user's eye and captured by the one or more sensors.

72. The apparatus of claim 58, wherein the unlocked user interface is an application launch user interface comprising a plurality of application icons for launching different applications.

73. A method, comprising:

at an electronic device having a display and one or more image sensors:

displaying a lock screen on the display;

capturing image data from the one or more image sensors;

detecting one or more attributes of a user's face from the captured image data;

74. The method of claim 73, wherein the one or more image sensors comprise visible light image sensors.

75. The method of claim 73, wherein the one or more image sensors comprise image sensors that detect light outside the visible spectrum.

76. The method of claim 75, wherein the one or more image sensors comprise infrared image sensors.

77. The method of claim 73, wherein the one or more image sensors comprise a visible light image sensor and an infrared image sensor.

78. The method of claim 77, wherein:

79. The method of claim 73, wherein the one or more image sensors comprise a three-dimensional capture device for capturing a depth of facial features of the user.

80. The method of claim 73, wherein the captured image data comprises depth data for a face of the user.

81. The method of claim 80, wherein:

82. The method of claim 73, the one or more programs further comprising instructions for:

83. The method of claim 73, wherein authenticating the user based on the one or more attributes comprises comparing the one or more attributes to attributes in a library associated with authorized users.

84. The method of claim 73, wherein the one or more sensors comprise an ultraviolet sensor, a scanning laser, an ultrasonic sensor, or a combination thereof.

85. The method of claim 73, wherein the one or more attributes comprise a three-dimensional contour of the user's eye socket, chin, nose, or a combination thereof.

86. The method of claim 73, further comprising a light source operable to emit infrared light to be reflected by the user's eye and captured by the one or more sensors.

87. The method of claim 73, wherein the unlocked user interface is an application launch user interface comprising a plurality of application icons for launching different applications.