Technical Field
This disclosure relates generally to securing data on mobile devices that include touchscreens.
Background of the Related Art
Biometrics refers to the field of technology where an individual is identified using biological traits. Biometrics has been utilized to verify or otherwise authenticate the identity of a user for security purposes, such as for controlling access to devices or information. Many types of biometrics may be utilized, such as facial recognition, voice recognition, retinal and iris recognition, and fingerprints.
Mobile devices, including tablets and smart phones, are commonplace and increasingly being used over networks and the wider Internet. These devices are being used frequently to transfer secure data such as personal details, credit card transactions, voice-over-IP calls, and the like. As a consequence, there is an increasing need to make such mobile devices more secure. Conventionally, mobile devices enforce security by providing a screen lock function that locks the display screen after a configurable idle time-out. To re-use the device, the user must re-enter his or her password, typically a four digit numerical code. More sophisticated approaches include fingerprint sensors, which typically are hardware-based and are programmed to recognize the user's fingerprint before un-locking the device for use.
In an era when bring-your-own device policies are expanding and corporate security is less tethered to physical security, effective measures to identify users and manage access to protected resources are essential. Unfortunately, many current standard practices reduce user productivity and increase user frustration. As noted above, the most common technique for enforcing mobile device security is the idle time-out, forcing the user to re-authenticate after a short period of idle time. This requirement causes the user to frequently waste time re-authenticating to his or her device, and it can lead to usability problems, e.g., in the case of showing a video or presentation that is longer than the time-out period. Other approaches, such as keystroke analysis, are highly-effective in cases where a physical keyboard exists, and where interactions use the keyboard. In many touch-screen environments, however, there is no physical keyboard, and the interactions with a virtual keyboard are less frequent than other interaction types. Thus, keystroke analysis is not practical.
One way to address the problem of requiring a user to re-authenticate to his or her device repeatedly (after screen locks) is to perform so-called “continuous authentication.” Continuous authentication refers to the notion of continuously detecting, monitoring and analyzing some biometric through the course of a user's interaction with a system. One such known technique suggests the use of a fingerprint biometric, but it requires the user to specifically re-scan his or her finger on a device that is separate from the system in use. This is impractical for a device-specific approach.
While fingerprint scanning for device-based access control is known, the techniques typically are based on guided software biometric identification and, thus, are not useful for continuous authentication. This is because such techniques require for their efficacy high quality samples, as well as sample and interaction equality, which are conditions that cannot be guaranteed in a typical usage situation wherein the user performs frequent multi-touch operations or otherwise interacts with the touchscreen in a manner that does not enable capture of useful sample data.
There remains a need to provide techniques to continuously monitor fingerprint signatures on a mobile capacitive touchscreen to facilitate continuous user authentication.