The present invention relates to the field of mobile device security, and more particularly to mitigating mobile OS intrusions from user space applications using secure services and biometric identification.
Mobile devices have become a convenient and integral part of daily life to the point that many consider them a necessity. Devices like smartphones are capable of providing a wide variety of communication, entertainment, and business functions. As such, a variety of personal and/or financial information is handled and/or stored by the many applications operating on mobile devices. The sensitive nature of this information raises concerns about the overall security afforded by the mobile device and its operating system (OS).
It is no question that the majority of mobile devices on the market today and their software, including the OS, were designed for consumers with the goal of maximizing convenience and usability. In recent years, the frequent discovery and/or exploitation of mobile device and/or OS security vulnerabilities has become the norm. Even though mobile devices and their OSes were not designed to enable secure computing, enterprises and consumers are demanding that security be of more importance.
The OS of the mobile device is the typical source of security vulnerabilities, whether inherent or installed from an external source, such as malware embedded within a client software application. As shown in FIG. 1, the basic internal communication architecture of a conventional mobile device 100 is comprised of its fundamental hardware 105, an OS 110, and a user space 115. The hardware 105 represents a variety of electronic components and circuitry. The OS 110 is a software application that manages the resources provided by the hardware 105 like CPU cycles and memory.
The user space 115 is an abstraction that represents the memory area where user software applications execute. The software applications of the user space 115 are directly installed by the user (i.e., applications the user purchases and downloads from an app store) or the manufacturer/seller of the mobile device 100 (i.e., the phone feature that is immediately available on a smartphone). Further, the user space 115 includes auxiliary applications like drivers or libraries that a software application needs to function.
In this conventional architecture, the OS 110 and user space 115 are both able to interact with the hardware 105. Thus, malicious software applications installed in the user space 115 are able to compromise the mobile device 100 directly as well as indirectly through the OS 110.
Therefore, what is needed is an approach that prevents potentially-malicious intrusions originating in the user space 115 from reaching the OS 110 and hardware 105. Such a solution would utilize biometric identification of the user to prevent unauthorized access and secure highly-sensitive features and data.