A typical computer terminal facilitates user input to a computer and computer output to the user. The terminal may take the form of one or more input devices, such as a keyboard and a mouse, and one or more output devices, such as a display and a loudspeaker. The terminal may be integrated with the computer, which is typically the case for notebook computers and smartphones, or may be separate from the computer, which is often the case for desktop computers and thin clients.
A computer typically includes at least one authentication mechanism for verifying the identity of a user of a computer terminal before allowing the user to access to the computer. Authentication mechanisms generally fall into at least one of three categories: something known, something possessed, or something inherent.
A “something known” authentication mechanism typically takes the form of a password, a passphrase, a personal identification number (PIN), or a challenge response. For example, if the terminal user identifies herself as a given authorized user, the computer may request that the user input a password known only by the given user. If the password provided by the terminal user does not match a password stored in the computer and associated with the given user, then the computer may determine that the terminal is not the respective authorized user, and may deny the terminal user access to the computer. However, if the provided password matches the stored password associated with the given user, then the computer may allow the terminal user to access the computer via the computer terminal.
A “something possessed” authentication mechanism typically requires the computer-terminal user to prove that he or she physically possesses a security token. The security token could take the form of a smart card, universal serial bus (USB) key, Bluetooth device, or a radio-frequency identification (RFID) tag, among other examples. In one form, the computer-terminal user must physically connect the security token to the computer to prove possession of the security token. In another form, the security token presents (on an integrated liquid crystal display (LCD)) an authentication code according to an algorithm unique to (and known only to) the security token and the computer. By requiring the computer-terminal user to enter the authentication code, the computer can ensure that the user possesses the security token. A new authentication code is generated at an interval (e.g., every sixty seconds) to ensure that any given authentication code is unknown to any person except the possessor of the security token.
A “something inherent” security mechanism typically requires the computer terminal to measure or otherwise determine a characteristic unique to the computer-terminal user. This unique characteristic is often a biometric measurement, which can typically be classified as a physiological measurement or a behavioral characteristic.
A behavioral biometric measurement is typically a measurement of a behavior that is unique to the computer-terminal user. Accordingly, the behavioral measurement might take the form of voice or smile recognition, lip movement, signature verification, keystroke dynamics, mouse dynamics, and/or gait, among numerous other possibilities. For example, the computer might allow access to a computer-terminal user upon measuring the user's gait and determining that the measurement is consistent with an authorized user's gait.
A physiological biometric measurement is typically a measurement of a physical characteristic that is unique to the computer-terminal user. Accordingly, the physiological characteristic might to the form of the computer-terminal user's iris structure, face or hand geometry, heartbeat, and/or electrical activity of the heart (perhaps as measured via an electrocardiogram (ECG)), among numerous other possibilities. For example, the computer might allow access to a computer-terminal user upon measuring the user's iris structure and determining that the measurement is consistent with an authorized user's iris structure.
An authentication mechanism may require a combination of something known, something possessed, and something inherent. For example, the security mechanism might require both a security token and a password. Accordingly, if a non-authorized user found a lost or misplaced security token, that user would still be unable to obtain access the computer without the password. Similarly, if a non-authorized user obtained the password, that user would be unable to obtain access without the security token.
Many of the above-described authentication mechanisms, while appropriate for use with a desktop or notebook computer, are not well suited for use with a smaller computer terminal such as a head-mountable device (HMD). An HMD can be as small as a pair of glasses or as large as a helmet, and generally includes a very small image display element close enough to a wearer's eye(s) such that the displayed image fills or nearly fills the field of view, and appears as a normal sized image, such as might be displayed on a traditional image display device.
The HMD may include an array of sensors to facilitate input, such as a microphone for speech recognition, a camera for image detection, and an accelerometer for vibration detection, among numerous other possibilities. However, because a typical HMD does not include a physical keyboard, the HMD may have to provide an alternative mechanism for allowing input of “something known,” such as a password. Though HMD could allow the user to speak his or her password, a bystander might overhear the password, which could then be used by the bystander to obtain access to the computer. Accordingly, HMD-appropriate authentication mechanisms are desired.