[go: up one dir, main page]

WO2014209273A1 - Secure, uninterrupted operation of mobile devices - Google Patents

Secure, uninterrupted operation of mobile devices Download PDF

Info

Publication number
WO2014209273A1
WO2014209273A1 PCT/US2013/047474 US2013047474W WO2014209273A1 WO 2014209273 A1 WO2014209273 A1 WO 2014209273A1 US 2013047474 W US2013047474 W US 2013047474W WO 2014209273 A1 WO2014209273 A1 WO 2014209273A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
user
authorized user
operator
face
Prior art date
Application number
PCT/US2013/047474
Other languages
French (fr)
Inventor
Fabian SCHLUMBERGER
Magdy Megeid
Stefan DUBACH
André SCHLATTER
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Priority to PCT/US2013/047474 priority Critical patent/WO2014209273A1/en
Publication of WO2014209273A1 publication Critical patent/WO2014209273A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/065Continuous authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • H04W12/64Location-dependent; Proximity-dependent using geofenced areas
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/67Risk-dependent, e.g. selecting a security level depending on risk profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present disclosure relates generally to mobile devices. More specifically, the present disclosure relates to a system for secure, uninterrupted operation of mobile devices.
  • Mobile devices contain sensitive data, and as such, enable users to protect this data, and associated functions, from unauthorized users.
  • One approach to securing mobile devices is to periodically check for the presence of an authorized user, and to deny access to the device unless an authorized user is present.
  • Typical mobile phones for example, use a lock timer which prevents the activation of functions, and access to data, after a predetermined time has elapsed.
  • the lock timer starts to count down when the device becomes idle, i.e., when the user stops operating the device. If a user operates or touches the device, the lock timer is reset. Then, only after the predetermined time of not operating, does the device switch into the locked state. When in the locked state, getting access to functions and data is prevented until the user provides a pass code.
  • the pass code may be spoken or typed into the device. However, such entry methods may be observed by someone close to the user. In such a scenario, an unauthorized user may use the stolen pass code to access data and functionalities on the mobile device. A method for secure, uninterrupted operation of a mobile device is therefore desirable.
  • Embodiments relate to a system and method for secure
  • the method includes identifying, at repeated intervals, a face of a device operator. The method also includes determining if the device operator is an authorized user of the mobile device based on the face. Additionally, the method includes continuing an operation of the mobile device if the device operator is an authorized user. The method further includes interrupting operation of the mobile device if the device operator is not an authorized user.
  • FIG. 1 is a block diagram of an exemplary mobile device in accordance with embodiments of the present disclosure
  • FIG. 2 is a flow chart illustrating an exemplary mobile device operating in accordance with embodiments of the present disclosure
  • FIGs. 3A-3B are block diagrams of an exemplary user interface, in accordance with embodiments of the present disclosure.
  • FIG. 4 is a flow chart illustrating operation of an exemplary mobile device in accordance with embodiments of the present disclosure.
  • biometric information recognition e.g. face recognition, iris recognition, and the like
  • face recognition e.g. face recognition, iris recognition, and the like
  • facial biometric information recognition can be performed much more frequently, because it does not interrupt the user from operating the device.
  • the following discussion uses facial recognition as one example of biometric information recognition that could be used to secure mobile devices.
  • biometric information recognition such as iris recognition.
  • the mobile device discussed with reference to the following figures includes a wide variety of mobile devices that store data, and enable various functionality for various users.
  • facial recognition is used for periodic
  • authorization of a user on a mobile device can be performed without having to interrupt the user from regular use of the device.
  • the device automatically switches into a locked state if the authorized user is not present, and switches into an active state when the authorized user appears in front of the camera.
  • FIG. 1 is a block diagram of an
  • the mobile device 100 is a computational device, such as a laptop computer, tablet, mobile telephone, global positioning system (GPS) device, and so on.
  • the mobile device 100 is a smartphone.
  • the smartphone typically has the ability to send and receive phone calls and text messages, interface with the Internet either through a cellular network or local wireless network, take pictures and videos, play back audio and video content, and run applications, such as text processing programs and video games.
  • Many smartphones include GPS
  • the smartphone includes a main processor 102 that is coupled to the other components shown.
  • the main processor 102 routes information from the various components, such as the Bluetooth interface 104, Wifi interface 106, and 3G/4G interface 108.
  • the main processor 102 also processes audio and video content for play back either directly on the device 100 or on an external device through the audio/video interface 1 10.
  • Communication with the smartphone may be controlled through a set of antennas connected to Bluetooth interface 104, wifi interface 106, and 3G/4G interface 108.
  • An additional antenna may be used for receiving GPS information through the GPS interface 112.
  • a camera sensor 1 14 may be coupled through a camera interface 116 to the main processor 102.
  • the camera sensor 114 and interface 116 create video content in either photo or video operational modes.
  • An inertial sensor 1 18, such as one or more accelerometers, gravity sensor, magnetic sensor or gyroscopes, may be included for determining device orientation and movement.
  • a memory 120 and storage device 122 may be coupled to the main processor 102.
  • the memory 120 may be used for storing specific information related to operation of the smartphone and needed by the main processor 102.
  • the storage device 122 may be used for storing audio, video, photos, or other data stored and retrieved by the user.
  • a battery 124 is included for powering the smartphone and may be interfaced through a power control circuit 126 that may include a battery charging interface (not shown).
  • the user interface includes a speaker/microphone 128 for use with phone calls, audio recording and playback, or voice activation control.
  • the smartphone may include a touch screen 130 coupled to the main processor 102 through a touch screen controller 132.
  • the touch screen 130 may be either a single touch or multi touch screen using one or more of a capacitive and resistive touch sensor.
  • the smartphone may also include additional user controls 134 such as but not limited to an on/off button, an activation button, volume controls, ringer controls, and a multi-button keypad or keyboard.
  • the memory 122 includes a security manager 136.
  • the security manager 136 is software for periodic authorization of the user of the mobile device 100. Periodic authorization may be performed whether or not the device 100 is being operated.
  • the device 100 automatically switches between active and locked states based on whether an authorized user's face is recognized in view of the camera 1 16.
  • an active state the device 100 operates without interruption.
  • further operation is limited to operations that facilitate placing the device 100 back in possession of an authorized user.
  • SMS Short- Message-Service
  • the device 100 may allow an unauthorized user to send a message to the owner or other authorized user.
  • Message types include, but are not limited to, Short- Message-Service (SMS), email, a voice call, and a voice mail.
  • SMS Short- Message-Service
  • the device 100 displays contact information, such as email- address, phone number, or the like. In this way, the unauthorized user may be enabled to call the owner's landline number, or a service provider's hotline to report the discovery.
  • another authorization method may also be performed, such as a pass code entry.
  • FIG. 2 is a flow chart of a method 200 for an exemplary mobile device operating in accordance with embodiments of the present disclosure.
  • the method 200 may be performed by begins at step 202, where the mobile device 100 powers up.
  • Embodiments of the present disclosure enable a user to register as an authorized user the device 100 is powered up.
  • a qualified picture or characteristic element of the face can be used from a certificated document or an existing face recognition database or server.
  • Certificated documents may include, for example, biometrical passports and electronic passports.
  • Facial recognition databases and servers are available, for example, on various social media, photographic, and other image websites.
  • step 204 periodic facial recognition is performed. If an
  • the device 100 either enters an active state from a locked state, or remains in the active state at step 208. Similarly, for an unauthorized user, the device either remains in a locked state, at step 210, or enters the locked state from an active state at step 210.
  • the mobile device 100 is enabled to indicate an alarm by a flash-light and an acoustic alarm signal. Additionally, the mobile device 100 may capture a picture of the current user to send together with time or location information to the main user, service provider, legal authorities, as the case may arise.
  • the mobile device 100 switches automatically into the locked state at the next periodic facial recognition.
  • an authorized user merely re-enters the view of the camera 1 16.
  • the user may configure the device 100 to start the camera 116 and the circuits for facial recognition by a trigger, such as a tapped button or position on the touch screen 130.
  • facial recognition may be triggered in response to the device 100 detecting an acceleration indicating movement.
  • the method 200 may be suspended while maintaining the active state.
  • the main user may deactivate the facial recognition security when showing the device 100 to some friends or colleagues, or allowing them to use the device 100.
  • the method 200 may be disabled entirely, or for a specified time, e.g., 3 minutes. During this period of time, the mobile device 100 does not enter the locked state because facial recognition is not performed while the method 200 is suspended.
  • the device 100 may also allow an unauthorized user to continue a current operation, such as, taking over an active call, or continuing viewing photos in the currently open photo album. In such an
  • the unauthorized user's permissions are limited to the current application or document. In this way, the unauthorized user is prohibited from switching applications, dialing another phone number, opening another photo album, changing security settings, accessing messages, and so on. Further, the mobile device 100 may prevent any user except an authorized user from accessing data or functions which have not been launched by the authorized user.
  • the user may authorize a spouse, or executive assistant to all features and data on the mobile device 100.
  • the device 100 may erase all sensitive data, such as emails, passwords, and locks the device 100.
  • all sensitive data may be encrypted using a private key that is issued by a trusted party, such as a service provider, and stored securely in the mobile device.
  • authorized user of the device could obtain the corresponding decryption key from the trusted party after regaining the access of the mobile device 100.
  • the checking of the facial recognition could be deactivated.
  • the checking of the facial recognition in a mobile phone is deactivated for the time when the user is in an active call, because the user's face is typically not in the viewing angle of the camera.
  • the device 100 may also determine profiles for authorized users whose pictures are stored in storage 120 or memory 122. The main user can set access rights to authorize users which have never been
  • the device 100 may recognize only persons stored in certain albums specified by the main user.
  • the security manager 136 may recognize authorized users from front, side, and perspective views of their faces, including a profile view, and from other angles of the face.
  • the device does not accidently enter the locked state just because the user does not look directly into the camera 1 16.
  • a face tracking or object tracking function may also be used to prevent
  • the face recognition functionality of the security manager 136 may be capable of being trained, optimizing identification characteristics, and adapting to changes of the authorized users' looks.
  • the security manager 136 may identify fake users, attempting to copy an authorized user's appearance. For example, if the user's face does not change for a specified time period, if the user does not appear to breathe, the recognized face may belong to a picture that is placed in front of the camera 1 16. Another example is when a fake user places the camera in front of a monitor playing a video showing an authorized user in a loop.
  • FIGs. 3A-3B are block diagrams of an exemplary user interface 300, in accordance with embodiments of the present disclosure.
  • the user may be notified when the facial recognition is taking place.
  • the user interface 300 includes input keys 302, a display 304, a countdown timer 306, and a camera 308.
  • the countdown timer 306 indicates the remaining time until the device 100 is switched into the locked state unless an authorized user is recognized before the countdown has elapsed.
  • the interface 300B shows an embodiment of the GUI display 304 including a preview 310 of the field of view of the face recognition camera, to enable the user to focus the camera 308 on the user's face.
  • the preview field may merely be displayed when the countdown timer reaches a threshold value, e.g., 10 seconds remaining before switching into the locked state.
  • the biometric recognition based user authorization can be combined with other user authorization mechanism such as a lock timer, password input, and voice recognition, to achieve various levels of security.
  • user authorization mechanism such as a lock timer, password input, and voice recognition
  • Security areas for the mobile device 100 may represent locations that have different levels of security, as designated by the main user.
  • locations can consist of a home, an office, a public location, and so on, as specified by the main user.
  • the frequency of facial recognition authorization is not as high as if the user is in a public location, e.g., a restaurant.
  • the main user may specify various areas, with varying levels of security. Based on the level of security, the frequency of the checking at other more or less trustable places can be set by the main user.
  • security levels can be determined based on the location of the mobile device 100, where the frequency of the facial recognition of the authorized user varies based on specified security levels, e.g. safe area at home, critical area in public, and intermediately safe area in the office.
  • the device 100 does not enter the locked state at home (safe area), but enters into a locked state in public if there is no facial recognition authorization within 3 seconds.
  • the device may remain in an active state for the first minute the device 100 is in an office area. After the first minute, the device 100 may begin checking again for the presence of the authorized user.
  • the time interval for re-authorization is lower (e.g., 30sec) than in areas with a lower level of security, where the interval is relatively higher, e.g., 2 minutes.
  • the time interval may be set infinite - to disable the periodic authorization.
  • Location can be determined by one of GPS-, A-GPS or WLAN- positioning methods from satellite, cell-tower or WLAN signals.
  • Locations may also be determined and derived from the network authentication result, such as a successful authentication in an
  • NFC Near-Field- Communication
  • Security levels may be also determined based on pre-determined schedules, e.g., intermediate security during work hours. For weekends, the security levels may be set manually.
  • FIG. 4 is a flow chart of a method 400 for operating an exemplary mobile device 100 in accordance with embodiments of the present disclosure.
  • the method 400 begins at step 402, where the face of the device operator, i.e., the current user, is recognized periodically.
  • the security manager 136 determines if the device operator is an authorized user of the mobile device 100 based on the recognized face. If the device operator is an authorized user, operation of the device continues at step 406. For an unauthorized user, the operation of the mobile device 100 is interrupted by entering the locked state. It is to be understood that the present disclosure may be
  • the present disclosure is implemented as a combination of hardware and software.
  • the software is preferably implemented as an application program tangibly embodied on a program storage device.
  • application program may be uploaded to, and executed by, a machine comprising any suitable architecture.
  • the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input/output (I/O) interface(s).
  • the computer platform also includes an operating system and microinstruction code.
  • the various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which is executed via the operating system.
  • various other suitable architecture Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input/output (I/O) interface(s).
  • CPU central processing units
  • RAM random access memory
  • I/O input/output
  • the computer platform also includes an operating system and microinstruction code.
  • the various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which
  • peripheral devices may be connected to the computer platform such as an additional data storage device and a printing device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)

Abstract

The disclosed embodiments relate to a system and method for secure, uninterrupted operation of a mobile device. The method includes identifying, at repeated intervals, a face of a device operator. The method also includes determining if the device operator is an authorized user of the mobile device based on the face. Additionally, the method includes continuing an operation of the mobile device if the device operator is an authorized user. The method further includes interrupting operation of the mobile device if the device operator is not an authorized user.

Description

SECURE, UNINTERRUPTED OPERATION OF MOBILE DEVICES
FIELD OF THE INVENTION
The present disclosure relates generally to mobile devices. More specifically, the present disclosure relates to a system for secure, uninterrupted operation of mobile devices.
BACKGROUND OF THE INVENTION
This section is intended to introduce the reader to various aspects of art, which may be related to various aspects of the present disclosure that are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to
facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it should be understood that these statements are to be read in this light, and not as admissions of prior art.
Mobile devices contain sensitive data, and as such, enable users to protect this data, and associated functions, from unauthorized users. One approach to securing mobile devices is to periodically check for the presence of an authorized user, and to deny access to the device unless an authorized user is present. Typical mobile phones, for example, use a lock timer which prevents the activation of functions, and access to data, after a predetermined time has elapsed. The lock timer starts to count down when the device becomes idle, i.e., when the user stops operating the device. If a user operates or touches the device, the lock timer is reset. Then, only after the predetermined time of not operating, does the device switch into the locked state. When in the locked state, getting access to functions and data is prevented until the user provides a pass code. The pass code may be spoken or typed into the device. However, such entry methods may be observed by someone close to the user. In such a scenario, an unauthorized user may use the stolen pass code to access data and functionalities on the mobile device. A method for secure, uninterrupted operation of a mobile device is therefore desirable.
SUMMARY OF THE INVENTION
Certain aspects commensurate in scope with the disclosed embodiments are set forth below. It should be understood that these aspects are presented merely to provide the reader with a brief summary of certain forms the disclosure might take and that these aspects are not intended to limit the scope of the disclosure. Indeed, the disclosure may encompass a variety of aspects that may not be set forth below.
Embodiments relate to a system and method for secure,
uninterrupted operation of a mobile device. The method includes identifying, at repeated intervals, a face of a device operator. The method also includes determining if the device operator is an authorized user of the mobile device based on the face. Additionally, the method includes continuing an operation of the mobile device if the device operator is an authorized user. The method further includes interrupting operation of the mobile device if the device operator is not an authorized user.
BRIEF DESCRIPTION OF THE DRAWINGS
Advantages of the disclosure may become apparent upon reading the following detailed description and upon reference to the drawings in which: FIG. 1 is a block diagram of an exemplary mobile device in accordance with embodiments of the present disclosure;
FIG. 2 is a flow chart illustrating an exemplary mobile device operating in accordance with embodiments of the present disclosure;
FIGs. 3A-3B are block diagrams of an exemplary user interface, in accordance with embodiments of the present disclosure; and FIG. 4 is a flow chart illustrating operation of an exemplary mobile device in accordance with embodiments of the present disclosure.
DETAILED DESCRIPTION
One or more specific embodiments of the present disclosure will be described below. In an effort to provide a concise description of these embodiments, not all features of an actual implementation are described in the specification. It should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. Moreover, it should be appreciated that such a development effort might be complex and time consuming, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of the present disclosure.
Mobile devices, such as mobile phones, are easy targets for theft because of their mobile nature. As such, there are numerous ways to secure these devices, typically through infrequent requests for pass codes. In one embodiment, instead of using a password to be typed on the keyboard or touch screen, biometric information recognition, e.g. face recognition, iris recognition, and the like, is used to ensure the current user is an authorized user. Advantageously, facial biometric information recognition can be performed much more frequently, because it does not interrupt the user from operating the device.
The following discussion uses facial recognition as one example of biometric information recognition that could be used to secure mobile devices. The same techniques also apply to other biometric information recognition methods, such as iris recognition. The mobile device discussed with reference to the following figures includes a wide variety of mobile devices that store data, and enable various functionality for various users.
In one embodiment, facial recognition is used for periodic
authorization of a user on a mobile device. As described herein, face recognition can be performed without having to interrupt the user from regular use of the device. The device automatically switches into a locked state if the authorized user is not present, and switches into an active state when the authorized user appears in front of the camera.
Turning initially to FIG. 1 , which is a block diagram of an
exemplary mobile device 100 in accordance with embodiments of the present disclosure. The mobile device 100 is a computational device, such as a laptop computer, tablet, mobile telephone, global positioning system (GPS) device, and so on. In one embodiment, the mobile device 100 is a smartphone. The smartphone typically has the ability to send and receive phone calls and text messages, interface with the Internet either through a cellular network or local wireless network, take pictures and videos, play back audio and video content, and run applications, such as text processing programs and video games. Many smartphones include GPS
capabilities, and include a touchscreen panel as part of the user interface. For example, the smartphone includes a main processor 102 that is coupled to the other components shown. The main processor 102 routes information from the various components, such as the Bluetooth interface 104, Wifi interface 106, and 3G/4G interface 108. The main processor 102 also processes audio and video content for play back either directly on the device 100 or on an external device through the audio/video interface 1 10. Communication with the smartphone may be controlled through a set of antennas connected to Bluetooth interface 104, wifi interface 106, and 3G/4G interface 108. An additional antenna may be used for receiving GPS information through the GPS interface 112. A camera sensor 1 14 may be coupled through a camera interface 116 to the main processor 102. The camera sensor 114 and interface 116 create video content in either photo or video operational modes. An inertial sensor 1 18, such as one or more accelerometers, gravity sensor, magnetic sensor or gyroscopes, may be included for determining device orientation and movement.
A memory 120 and storage device 122 may be coupled to the main processor 102. The memory 120 may be used for storing specific information related to operation of the smartphone and needed by the main processor 102. The storage device 122 may be used for storing audio, video, photos, or other data stored and retrieved by the user. A battery 124 is included for powering the smartphone and may be interfaced through a power control circuit 126 that may include a battery charging interface (not shown).
The user interface includes a speaker/microphone 128 for use with phone calls, audio recording and playback, or voice activation control. The smartphone may include a touch screen 130 coupled to the main processor 102 through a touch screen controller 132. The touch screen 130 may be either a single touch or multi touch screen using one or more of a capacitive and resistive touch sensor. The smartphone may also include additional user controls 134 such as but not limited to an on/off button, an activation button, volume controls, ringer controls, and a multi-button keypad or keyboard.
In one embodiment, the memory 122 includes a security manager 136. The security manager 136 is software for periodic authorization of the user of the mobile device 100. Periodic authorization may be performed whether or not the device 100 is being operated.
In such an embodiment, the device 100 automatically switches between active and locked states based on whether an authorized user's face is recognized in view of the camera 1 16. In an active state, the device 100 operates without interruption. However, in a locked state, further operation is limited to operations that facilitate placing the device 100 back in possession of an authorized user. For example, if the device 100 is lost or stolen, the device 100 may allow an unauthorized user to send a message to the owner or other authorized user. Message types include, but are not limited to, Short- Message-Service (SMS), email, a voice call, and a voice mail. In one embodiment, the device 100 displays contact information, such as email- address, phone number, or the like. In this way, the unauthorized user may be enabled to call the owner's landline number, or a service provider's hotline to report the discovery. In scenarios where face recognition cannot be performed, another authorization method may also be performed, such as a pass code entry.
Turning now to FIG. 2, which is a flow chart of a method 200 for an exemplary mobile device operating in accordance with embodiments of the present disclosure. The method 200 may be performed by begins at step 202, where the mobile device 100 powers up. Embodiments of the present disclosure enable a user to register as an authorized user the device 100 is powered up.
For an initial registration of the first authorized user, also referred to herein as the main user, a qualified picture or characteristic element of the face can be used from a certificated document or an existing face recognition database or server. Certificated documents may include, for example, biometrical passports and electronic passports. Facial recognition databases and servers are available, for example, on various social media, photographic, and other image websites.
At step 204, periodic facial recognition is performed. If an
authorized user is detected at step 206, the device 100 either enters an active state from a locked state, or remains in the active state at step 208. Similarly, for an unauthorized user, the device either remains in a locked state, at step 210, or enters the locked state from an active state at step 210. In case the user is not authorized, the mobile device 100 is enabled to indicate an alarm by a flash-light and an acoustic alarm signal. Additionally, the mobile device 100 may capture a picture of the current user to send together with time or location information to the main user, service provider, legal authorities, as the case may arise.
Additionally, once the user of the mobile device 100 is out of range of the camera 116, the mobile device 100 switches automatically into the locked state at the next periodic facial recognition. To return the mobile device 100 back to the active state, an authorized user merely re-enters the view of the camera 1 16. To preserve power consumption, the user may configure the device 100 to start the camera 116 and the circuits for facial recognition by a trigger, such as a tapped button or position on the touch screen 130. In one embodiment, facial recognition may be triggered in response to the device 100 detecting an acceleration indicating movement.
In one embodiment, the method 200 may be suspended while maintaining the active state. For example, the main user may deactivate the facial recognition security when showing the device 100 to some friends or colleagues, or allowing them to use the device 100. The method 200 may be disabled entirely, or for a specified time, e.g., 3 minutes. During this period of time, the mobile device 100 does not enter the locked state because facial recognition is not performed while the method 200 is suspended. The device 100 may also allow an unauthorized user to continue a current operation, such as, taking over an active call, or continuing viewing photos in the currently open photo album. In such an
embodiment, the unauthorized user's permissions are limited to the current application or document. In this way, the unauthorized user is prohibited from switching applications, dialing another phone number, opening another photo album, changing security settings, accessing messages, and so on. Further, the mobile device 100 may prevent any user except an authorized user from accessing data or functions which have not been launched by the authorized user.
It is also possible to sign up further authorized users to use specific, or all, features of the device. For example, the user may authorize a spouse, or executive assistant to all features and data on the mobile device 100.
In case an unauthorized user continuously fails to register, the device 100 may erase all sensitive data, such as emails, passwords, and locks the device 100. In one embodiment, all sensitive data may be encrypted using a private key that is issued by a trusted party, such as a service provider, and stored securely in the mobile device. The
authorized user of the device could obtain the corresponding decryption key from the trusted party after regaining the access of the mobile device 100.
In scenarios when user's the normal operation of the device 100 does not place or position the user's face to be fully viewable by the camera, the checking of the facial recognition could be deactivated. For example, the checking of the facial recognition in a mobile phone is deactivated for the time when the user is in an active call, because the user's face is typically not in the viewing angle of the camera. The device 100 may also determine profiles for authorized users whose pictures are stored in storage 120 or memory 122. The main user can set access rights to authorize users which have never been
recognized by the camera 116, but can be recognized when in the viewing angle of the camera 116. In one embodiment, the device 100 may recognize only persons stored in certain albums specified by the main user.
In one embodiment, the security manager 136 may recognize authorized users from front, side, and perspective views of their faces, including a profile view, and from other angles of the face.
Advantageously, the device does not accidently enter the locked state just because the user does not look directly into the camera 1 16. A face tracking or object tracking function may also be used to prevent
recognized users as being determined absent. Additionally, the face recognition functionality of the security manager 136 may be capable of being trained, optimizing identification characteristics, and adapting to changes of the authorized users' looks.
Additionally, the security manager 136 may identify fake users, attempting to copy an authorized user's appearance. For example, if the user's face does not change for a specified time period, if the user does not appear to breathe, the recognized face may belong to a picture that is placed in front of the camera 1 16. Another example is when a fake user places the camera in front of a monitor playing a video showing an authorized user in a loop.
FIGs. 3A-3B are block diagrams of an exemplary user interface 300, in accordance with embodiments of the present disclosure. In one embodiment, the user may be notified when the facial recognition is taking place. The user interface 300 includes input keys 302, a display 304, a countdown timer 306, and a camera 308. The countdown timer 306 indicates the remaining time until the device 100 is switched into the locked state unless an authorized user is recognized before the countdown has elapsed. The interface 300B shows an embodiment of the GUI display 304 including a preview 310 of the field of view of the face recognition camera, to enable the user to focus the camera 308 on the user's face. The preview field may merely be displayed when the countdown timer reaches a threshold value, e.g., 10 seconds remaining before switching into the locked state.
In one embodiment, the biometric recognition based user authorization can be combined with other user authorization mechanism such as a lock timer, password input, and voice recognition, to achieve various levels of security. For the highest security level, multiple authorization mechanisms may be used, whereas for lower security level, one or two security mechanisms may be used. Since face recognition is typically a high-performance application, this functionality tends to consume a lot of power. In this light, the frequency of authorization by facial recognition can be adapted
depending on the security area of the mobile device. Security areas for the mobile device 100 may represent locations that have different levels of security, as designated by the main user.
For example, locations can consist of a home, an office, a public location, and so on, as specified by the main user. If the mobile device 100 is at home, the frequency of facial recognition authorization is not as high as if the user is in a public location, e.g., a restaurant. The main user may specify various areas, with varying levels of security. Based on the level of security, the frequency of the checking at other more or less trustable places can be set by the main user.
In this way, security levels can be determined based on the location of the mobile device 100, where the frequency of the facial recognition of the authorized user varies based on specified security levels, e.g. safe area at home, critical area in public, and intermediately safe area in the office. In an exemplary implementation, the device 100 does not enter the locked state at home (safe area), but enters into a locked state in public if there is no facial recognition authorization within 3 seconds. In such an implementation, the device may remain in an active state for the first minute the device 100 is in an office area. After the first minute, the device 100 may begin checking again for the presence of the authorized user.
For higher levels of security, the time interval for re-authorization is lower (e.g., 30sec) than in areas with a lower level of security, where the interval is relatively higher, e.g., 2 minutes. The time interval may be set infinite - to disable the periodic authorization. Location can be determined by one of GPS-, A-GPS or WLAN- positioning methods from satellite, cell-tower or WLAN signals.
Locations may also be determined and derived from the network authentication result, such as a successful authentication in an
encrypted WLAN, or a login into a network by use of username and password.
Location can also be determined by reading Near-Field- Communication (NFC) tags attached to a particular location. If a user enters the work environment, the NFC tag is read at the door, or at the user's desk to change security levels, and to read the same tag before leaving an area to change security levels back according to the specified security areas. Security levels may be also determined based on pre-determined schedules, e.g., intermediate security during work hours. For weekends, the security levels may be set manually.
There have thus been described certain preferred embodiments of user authorization. While specific embodiments have been discussed and disclosed, it will be appreciated that other embodiments are covered by the disclosure.
FIG. 4 is a flow chart of a method 400 for operating an exemplary mobile device 100 in accordance with embodiments of the present disclosure. The method 400 begins at step 402, where the face of the device operator, i.e., the current user, is recognized periodically. At step 404, the security manager 136 determines if the device operator is an authorized user of the mobile device 100 based on the recognized face. If the device operator is an authorized user, operation of the device continues at step 406. For an unauthorized user, the operation of the mobile device 100 is interrupted by entering the locked state. It is to be understood that the present disclosure may be
implemented in various forms of hardware, software, firmware, special purpose processors, or a combination thereof. Preferably, the present disclosure is implemented as a combination of hardware and software. Moreover, the software is preferably implemented as an application program tangibly embodied on a program storage device. The
application program may be uploaded to, and executed by, a machine comprising any suitable architecture. Preferably, the machine is implemented on a computer platform having hardware such as one or more central processing units (CPU), a random access memory (RAM), and input/output (I/O) interface(s). The computer platform also includes an operating system and microinstruction code. The various processes and functions described herein may either be part of the microinstruction code or part of the application program (or a combination thereof), which is executed via the operating system. In addition, various other
peripheral devices may be connected to the computer platform such as an additional data storage device and a printing device.
It is to be further understood that, because some of the constituent system components and method steps depicted in the accompanying figures are preferably implemented in software, the actual connections between the system components (or the process steps) may differ depending upon the manner in which the present disclosure is
programmed. Given the teachings herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present disclosure.
While the disclosure may be susceptible to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and will be described in detail herein. However, it should be understood that the disclosure is not intended to be limited to the particular forms disclosed. Rather, the disclosure is to cover all modifications, equivalents and alternatives falling within the scope of the disclosure.

Claims

What is claimed is:
1. A method (400) for operating a mobile device (100), comprising: identifying, at repeated intervals, a face of a device operator;
determining if the device operator is an authorized user of the
mobile device (100) based on the face;
continuing an operation of the mobile device (100) if the device operator is the authorized user; and
interrupting operation of the mobile device (100) if the device
operator is the an authorized user.
2. The method (400) of claim 1 , comprising determining a security zone based on a location of the mobile device (100), the security zone being a home, the repeated intervals occurring subsequently when the mobile device (100) enters the home, and when the mobile device (100) leaves the home.
3. The method (400) of claim 2, wherein the security zone comprises a public space, wherein the repeated intervals occur more frequently than when the security zone comprises a secure space, wherein the repeated intervals occur more frequently than when the mobile device (100) is located in the home.
4. The method (400) of claim 1 , comprising determining a beginning and an end of a specific suspension period, such that the repeated intervals occur subsequently before the beginning of the specific suspension period, and after the end of the specific suspension period.
5. The method (400) of claim 1 , comprising: determining that a face of the device operator is not within a range of a facial recognition device for the mobile device (100); and interrupting the operation of the mobile device (100).
6. The method (400) of claim 1 , comprising identifying the face of the device operator in response to a facial recognition trigger, comprising a button, a tap on the mobile device (100), and a movement of the mobile device (100).
7. The method (400) of claim 1 , wherein interrupting the operation of the mobile device (100) comprises presenting contact information to contact an authorized user of the mobile device (100).
8. The method (400) of claim 1 , comprising authorizing an
unauthorized user to place a phone call to the authorized user of the mobile device (100).
9. A mobile device (100), comprising:
a processor (102); and
a memory (120) comprising instructions configured to cause the processor (102) to:
identifying, at repeated intervals, a face of a device operator;
determining if the device operator is an authorized user of the
mobile device (100) based on the face;
continuing an operation of the mobile device (100) if the device operator is an authorized user;
interrupt operation of the mobile device (100) if the device operator is not an authorized user; and determine a security zone based on a location of the mobile device (100), the security zone being a home, the repeated intervals occurring subsequently when the mobile device (100) enters the home, and when the mobile device (100) leaves the home.
10. The mobile device (100) of claim 9, wherein the security zone comprises a public space, wherein the repeated intervals occur more frequently than when the security zone comprises a secure space, wherein the repeated intervals occur more frequently than when the mobile device (100) is located in the home.
11. The mobile device (100) of claim 9, comprising determining a beginning and an end of a specific suspension period, such the repeated intervals occur subsequently before the beginning of the specific suspension period, and after the end of the specific suspension period.
The mobile device (100) of claim 9, comprising:
determining that a face of the device operator is not within a range of a facial recognition device for the mobile device (100); and interrupting the operation of the mobile device (100).
13. The mobile device (100) of claim 9, comprising identifying the face of the device operator in response to a facial recognition trigger, comprising a button, a tap on the mobile device (100), and a movement of the mobile device (100).
14. The mobile device (100) of claim 9, wherein interrupting the operation of the mobile device (100) comprises presenting contact information to contact an authorized user of the mobile device (100). 15 The mobile device (100) of claim 9, comprising authorizing an unauthorized user to place a phone call to an authorized user of the mobile device (100).
PCT/US2013/047474 2013-06-25 2013-06-25 Secure, uninterrupted operation of mobile devices WO2014209273A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2013/047474 WO2014209273A1 (en) 2013-06-25 2013-06-25 Secure, uninterrupted operation of mobile devices

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2013/047474 WO2014209273A1 (en) 2013-06-25 2013-06-25 Secure, uninterrupted operation of mobile devices

Publications (1)

Publication Number Publication Date
WO2014209273A1 true WO2014209273A1 (en) 2014-12-31

Family

ID=48783344

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2013/047474 WO2014209273A1 (en) 2013-06-25 2013-06-25 Secure, uninterrupted operation of mobile devices

Country Status (1)

Country Link
WO (1) WO2014209273A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3091767A1 (en) * 2015-05-07 2016-11-09 Atos SE Maintaining a secure access to a service in accordance with a biometric fingerprint acquired following the detection of an event

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1170969A1 (en) * 2000-07-06 2002-01-09 Nokia Mobile Phones Ltd. Method and apparatus for controlling and securing mobile phones that are lost, stolen or misused
EP1488655A1 (en) * 2002-03-27 2004-12-22 Nokia Corporation Multiple security level mobile telecommunications device, system and method
EP1521161A2 (en) * 2003-09-25 2005-04-06 Matsushita Electric Industrial Co., Ltd. An apparatus and a method for preventing unauthorized use and a device with a function of preventing unauthorized use
US20120235790A1 (en) * 2011-03-16 2012-09-20 Apple Inc. Locking and unlocking a mobile device using facial recognition
US20120252411A1 (en) * 2011-03-30 2012-10-04 Qualcomm Incorporated Continuous voice authentication for a mobile device
EP2605180A2 (en) * 2011-12-13 2013-06-19 Fujitsu Limited User detecting apparatus, user detecting method and a user detecting program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1170969A1 (en) * 2000-07-06 2002-01-09 Nokia Mobile Phones Ltd. Method and apparatus for controlling and securing mobile phones that are lost, stolen or misused
EP1488655A1 (en) * 2002-03-27 2004-12-22 Nokia Corporation Multiple security level mobile telecommunications device, system and method
EP1521161A2 (en) * 2003-09-25 2005-04-06 Matsushita Electric Industrial Co., Ltd. An apparatus and a method for preventing unauthorized use and a device with a function of preventing unauthorized use
US20120235790A1 (en) * 2011-03-16 2012-09-20 Apple Inc. Locking and unlocking a mobile device using facial recognition
US20120252411A1 (en) * 2011-03-30 2012-10-04 Qualcomm Incorporated Continuous voice authentication for a mobile device
EP2605180A2 (en) * 2011-12-13 2013-06-19 Fujitsu Limited User detecting apparatus, user detecting method and a user detecting program

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3091767A1 (en) * 2015-05-07 2016-11-09 Atos SE Maintaining a secure access to a service in accordance with a biometric fingerprint acquired following the detection of an event

Similar Documents

Publication Publication Date Title
US10064060B2 (en) Fingerprint activation of a panic mode of operation for a mobile device
RU2625425C1 (en) Method and device for authority management
US10498723B2 (en) Method, and apparatus for authenticating access
EP3242195B1 (en) Control implementation method and apparatus for intelligent hardware device
US10545660B2 (en) Multi touch combination for viewing sensitive information
EP3151117B1 (en) Method and device for delaying information broadcasting
KR20150046766A (en) Unlocking process mehtod, apparatus and device for terminal
US10610152B2 (en) Sleep state detection method, apparatus and system
US20140208447A1 (en) Always-available embedded theft reaction subsystem
US11562051B2 (en) Varying computing device behavior for different authenticators
WO2018053819A1 (en) Offline management method for application use time, and terminal device
US20180239915A1 (en) Methods, apparatuses, and storage mediums for protecting information
US11455411B2 (en) Controlling content visibility on a computing device based on computing device location
CN106506810A (en) Method and device for limiting usage time of terminal equipment
US10013537B1 (en) Varying the amount of time that a mobile device must be inactive before the mobile device re-locks access to a computerized resource
WO2018049609A1 (en) Permission control method and device
US9363673B2 (en) Subscriber identity module control in a portable communication device
CN106453257A (en) Security verification method, apparatus and system, terminal device and network server
WO2019196655A1 (en) Mode switching method and apparatus, and computer-readable storage medium, and terminal
CN106570381B (en) Fingerprint unlocking method and device
JP2007150650A (en) Portable communication terminal device and program
WO2014209273A1 (en) Secure, uninterrupted operation of mobile devices
JP7560524B2 (en) Portable information terminal and control method thereof
CN106250724A (en) A kind of application control method, device and mobile device
WO2018049611A1 (en) Permission control method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13736696

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13736696

Country of ref document: EP

Kind code of ref document: A1