This relates generally to user authentication and in particular to authentication based on fingerprint gestures.
Mobile computing and communication devices, such as smart phones and tablets, can provide users with easy access to information, including personal information (e.g., contacts, email, other personal communications) and general reference information (e.g., stock prices, maps, World Wide Web content, etc.). Because such devices tend to be small and highly portable, they are easily lost or stolen. Once a device is out of its owner's hands, an unauthorized party may be able to access personal information or operate other functions of the device to the owner's detriment.
Various security measures have been implemented to try to make it more difficult for unauthorized parties to access information or operate other functions of a mobile device. For example, many mobile devices allow the user to set a passcode (typically a sequence of digits and/or letters and/or other symbols). The device can enter a locked state in response to various events, such as the user operating a lock control or user inactivity over some period of time. In the locked state, access to functions of the device can be limited (e.g., a subset of device functions that do not expose personal data may be accessible) or disabled entirely. Once in the locked state, the user can be required to enter the passcode in order to unlock the device and thereby obtain access to its functions. Entry of the passcode can be said to authenticate the user (i.e., verify that the person attempting to use the device is authorized to do so), and such authentication can be reliable as long as the passcode is not known to (or guessed by) anyone else.
Secure (i.e., difficult to guess) passcodes, however, are generally at odds with ease of use. For example, some devices provide an option to set a four-digit numeric passcode. Most users select a four-digit number that they find easy to remember and enter. However, because there are only 10,000 possible four-digit passcodes (not all of which are equally easy to remember), such passcodes are not particularly secure. More secure passcodes can be created, for instance, by requiring the user to include a mix of letters, numbers, and/or other symbols in the passcode. Such passcodes can be harder to guess than four-digit codes, but they can also be harder for the user to remember or enter, making them less appealing. Thus, tradeoffs are often required between securing the device and making it easy to use.