The present invention relates to computer security, and more particularly to authenticating a user of a mobile device.
In computer security, general access control includes authentication, which is the verification of the identity of a person attempting to access a computer system (e.g., a user supplying a user name and password). Access to the computer system is often approved based on successful authentication of a user.
Securing data and applications on a mobile device has become increasingly critical. Unlocking a lock screen of mobile device to gain access to the mobile device may use any combination of known unlocking techniques, including entering a password, using a predefined set of buttons, or performing a certain gesture on the mobile device's touchscreen. While a user is in transit, the user often operates a mobile device in a hands-free environment, (i.e., performs hands-free access of the mobile device to enhance the user's safety and/or because a law requires a hands-free operation of the mobile device by the user while the user is also operating a moving vehicle such as an automobile). In a hands-free environment, unlocking of a mobile device may be provided by known voice recognition or a combination of voice recognition and challenge-response authentication techniques that employ static lists of responses.
In computer security, a spoofing attack includes an attacker attempting to gain access to a mobile device or another computer system by masquerading as another person. For example, an attacker may replay a recording of a user's voice to circumvent a voice recognition feature that provides authentication.