`Apple Inc. v. Firstface Co., Ltd.
`IPR2019-00613
`Page 00001
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 1 of 6
`
`US 2010/0138914 Al
`
`>100
` Lu
`
`
`Q x.
`Fo wo
`a 11
`Lu
`—
`Fe Lu
`za
`i
`
`so
`tw
`205
`Qas
`>=>~
`oc
`22
`Oo ©
`
`Lu
`
`=
`SMARTCARD
`
`
`LL.
`
`IPR2019-00613 Page 00002
`
`©>L
`
`LaL
`
`u =c
`
`o
`Oo
`
`IPR2019-00613 Page 00002
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 2 of 6
`
`US 2010/0138914 Al
`
`p0¢WALSASENs
`
`ASNVY-LYOHS
`
`
`
`JIIAIOYAHLO
`
`
`NOILVIINNWAOD|
`022SIWILSASENS
`
`|902O/1AYVITIXNV
`
`
`
`LuOd1VId3S
`
`912AUOWSAN
`
`HSV14
`
`bccGYVOSAIY
`YOSSAIOUdOYIIW
`
`822
`
`81WW|Noe
`
`Cl¢INOHdOYIIN
`
`4VLdsd+eY3AI993Y
`1200WALSASENSIiNOILVIINNWIODTA
`
`IPR2019-00613 Page 00003
`
`IPR2019-00613 Page 00003
`
`
`
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 3 of 6
`
`US 2010/0138914 Al
`
`|||||||
`
`|||||||||02waLsasans
`|)NOLLWOINNWWO9!JONVY-LHOHS
`INIdd¥S9NI4
`:
`pc&NOLLNG
`
`GeeY0VIY
`
`YOSSAIOYUdOYIINPLEAMOWSIN
`
`peeGUVIAYOWSAW
`2EJOVINSLNI
`ININOdIWO09
`
`JNVYOLS
`
`1YOdTvIuas
`
`Ble
`
`OLE
`
`woLeWVY“82ESNOILVINddVoJYVMLIOS
`
`
`
`HSV14_Og
`
`
`
`YAAINOGYVIAYOWIN
`
`IPR2019-00613 Page 00004
`
`IPR2019-00613 Page 00004
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 4 of 6
`
`US 2010/0138914 Al
`
`pepéqnvaA
`
`
`
`JOIAIDAIDINN
`
`
`
`JUMIVdILVOIGNI
`
`ASIHSAOL
`
`“YA9NIJ
`
`INIYd
`
`
`
`-Y3ONISLNSSIYd
`
`
`
`SO1VIdLNIYd
`
`JAMSAI30354
`
`HOSWOYSNVIS
`
`QYOMSSVd
`
`Zan.
`
`SJA
`
`
`
`auvaQYOMSSVdGYVO
`
`
`
`
`
`ylyyYVINSLYVINSJAIZ034Y
`
`ON
`
`
`
`AAIYSAOLSdAdYOMSSVWd
`
`clv
`
`
`
`JHNTIVSSLVOIONI3DIA303AI393¥Y
`
`
`
`
`
`ON
`
`JIIAIG
`
`OYOMSSVd
`
`éghnva
`
`
`AIOINALNASIYdAIOINN
`
`
`
`ANFIAYOlZ0b
`
`v0v
`
`LYVLS
`
`
`
`901VIdONVWIWOD
`
`907.
`
`80b
`
`OlP
`
`81
`
`IPR2019-00613 Page 00005
`
`IPR2019-00613 Page 00005
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 5 of 6
`
`US 2010/0138914 Al
`
`
`
`JYNTIVAILVOIONI
`
`AAIHIAOL
`
`ves
`
`ON
`
`ON
`
`JOIAIG
`
`dyOMSSVd
`
`cQllvA
`
`91S
`
`
`
`ASIMSAOL49SWOudNVOS
`
`
`
`
`
`JUNTIVAILVOIGNIJANSAIZ935Y
`
`LYVLS
`
`0S
`
`QYOMSSVd
`
`901vId
`
`
`
`YOOINNLNaS3udSdA
`
`
`
`“IddV¥VHONNVI
`
`HLIM“30SSV
`
`eS
`
`INIddY39NI$9
`
`02%
`
`JIIAIMHIOINA
`
`S3A
`
`8LS
`
`
`
`391N303A13934
`
`quomssvd
`
`ZLS
`
`pis
`
`
`
`LUVWS3AI3934
`
`
`
`GYOMSSVdaHuv2|
`
`IPR2019-00613 Page 00006
`
`S3A
`
`
`
`SOWIGLNI¥d
`
`
`
`“YAONISLNASIYd0S
`
`“YONI
`
`OLS
`
`LNIYd
`
`éQhva
`
`IPR2019-00613 Page 00006
`
`
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`Jun. 3, 2010 Sheet 6 of 6
`
`US 2010/0138914 Al
`
`
`
`JYUNTIVAALVOIGNI
`
`AAIWAAOL
`
`
`
`“Y3ONI4FLN3SSYd
`
`SOICLNIYd
`
`LYVLS
`
`JANA199
`
`YSWO'dNVOS
`
`“YSONIJ
`
`INIYd
`
`éQhnva
`
`cL9
`
`v9
`
`HLIM‘I0SSV
`
`INIdYS9NI4
`
`
`
`TddVHONAVI019
`
`IPR2019-00613 Page 00007
`
`IPR2019-00613 Page 00007
`
`
`
`
`
`US 2010/0138914 Al
`
`Jun. 3, 2010
`
`SYSTEM AND METHOD OF PROVIDING
`BIOMETRIC QUICK LAUNCH
`
`FIELD
`
`[0001] The present application relates generally to launch-
`ing applications on a device and, moreparticularly, to a sys-
`tem and methodof launching applications, access to which is
`controlled, at least in part, by biometric authentication.
`
`BACKGROUND
`
`[0002] As an increasing volumeofsensitive personalinfor-
`mation is stored on computers, personal and otherwise, it is
`increasingly important that access to these computers is con-
`trolled. Even the most basic user of computersis familiar with
`a requirement to provide a password to gain access to a
`computer and execute various software application on the
`processor of the computer. Such a one-factor authentication
`scheme is based solely on what the user knows, i.e., the
`password. Should the password become knownto those other
`than the user whose account access to which is controlled by
`the password,the others can use the password to gain access
`to the user’s account.
`
`To increase security, some computers have been
`[0003]
`configured to implement a two-factor authentication scheme.
`Theuseris provided with a smart card and a smart card reader
`that may connect to the computerofinterest either by wired
`meansor wireless means. The smart card may have an asso-
`ciated passwordpreviously revealed to the user. Now,to gain
`access to the computer of interest, the user providesa first
`password, which may be called a device password, and a
`second password, which may be called a smart card pass-
`word. The user will only gain access to the computer of
`interest by submitting correct values for both the device pass-
`word and the smart card password. The computer generally
`determines whetherthe provided smart card is a correct value
`by passing the provided smart card passwordto the smart card
`reader and receiving a yes or no answer. Such a two-factor
`authentication scheme is based on what the user knows,i.e.,
`the device password and the smart card password, and what
`the userhas,i.e., the smart card, since the computer ofinterest
`can not confirm the validity of the provided smart card pass-
`word in the absence of the smart card.
`
`To increase security even further, some computers
`[0004]
`have been configured to implement an additional authentica-
`tion scheme. The additional factor is biometric information.
`
`Biometric information includes fingerprints, retinal scans,
`face geometry scans, hand geometry scans, voice or speech
`prints, etc. In one particular implementation, the smart card
`reader can also have a biometric input device. Now,to gain
`access to the computerofinterest, the user provides a device
`password and a smart card password. If the passwords are
`determinedto be valid, the user is prompted to provide bio-
`metric information. The user will only gain access to the
`computer of interest if the biometric information submitted
`responsive to the prompt properly matches a previously
`established and stored version of the biometric information.
`Incorporating the above-described factors, a three-factor
`authentication scheme may be based on whatthe user knows,
`i.e., the device password and the smart card password, what
`the userhas, i.e., the smart card, and something that is unique
`to the user, e.g., a fingerprint. Accordingly, even if the smart
`card falls into the hands ofa nefarious person whoalso gains
`knowledge of the device password and the smart card pass-
`
`word, the lack of the correct biometric data should keep the
`nefarious person from gaining access to the computer of
`interest.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0005] Reference will now be madeto the drawings, which
`show by way of example, embodimentsofthe present disclo-
`sure, and in which:
`[0006]
`FIG. 1 showsin block diagram form a communica-
`tion system suitable for a smart card reader and mobile com-
`munication device in accordance with one embodiment;
`[0007]
`FIG. 2 showsan operational block representation of
`the mobile communication device of FIG. 1 according to one
`embodiment;
`[0008]
`FIG. 3 showsan operational block representation of
`an embodimentof the smart card reader of FIG.1;
`[0009]
`FIG. 4 illustrates steps in an example method of
`maintaining secure access to the mobile communication
`device of FIG.1;
`[0010]
`FIG. 5 illustrates steps in an example method of
`launching execution of an application on the mobile commu-
`nication device of FIG. 1 through the provision of biometric
`data and passwords according to an embodiment; and
`[0011]
`FIG. 6 illustrates steps in an example method of
`launching execution of an application on the mobile commu-
`nication device of FIG. 1 through the provision of biometric
`data according to another embodiment.
`
`DETAILED DESCRIPTION
`
`[0012] While three-factor authentication is secure, three-
`factor authentication may be considered time consuming to
`employ every time access to the computer of interest is
`desired.It is clear that any gains in efficiency in accomplish-
`ing the task for which access to the computeris desired would
`be welcome.
`
`[0013] By providing a biometric candidate to a biometric
`input device, a user may cause a computing device to be
`unlocked and cause a specific application to be launched on
`the computing device. The biometric input device may be on
`the computing device or on a peripheral security device that is
`in communication with the computing device. Indeed, the
`specific application may be launchedpre-loaded with certain
`data, selection of which data is controlled by the particular
`biometric provided to the biometric input device.
`[0014] According to one aspect described herein, there is
`provided a method of launching applications on a computing
`apparatus. The methodincludes receiving a biometric candi-
`date, determining that the biometric candidate matches a
`stored biometric template and that the stored biometric tem-
`plate is associated with an application, determining that the
`stored biometric template is associated with unlocking the
`computing apparatus, unlocking said computing apparatus
`and launching execution ofthe application. In other aspects of
`the present application, an apparatus is provided for carrying
`out this method and a computer readable medium is provided
`for adapting a processorto carry out this method.
`[0015] Other aspects and features of the present disclosure
`will become apparentto those of ordinary skill in the art upon
`review ofthe following description of specific embodiments
`of the present disclosure in conjunction with the accompany-
`ing figures.
`[0016] Reference is first made to FIG. 1, which shows an
`illustrative communication system 100 to which embodi-
`IPR2019-00613 Page 00008
`
`IPR2019-00613 Page 00008
`
`
`
`US 2010/0138914 Al
`
`Jun. 3, 2010
`
`ments described herein can be applied. The system 100
`includes one or more mobile communication devices 102
`
`(only one of which is shown in FIG.1) that are enabled to
`communicate with one or more wireless networks 104 (only
`one of which is shownin FIG.1). In other embodiments,the
`mobile communication devices 102 may be replaced by or
`augmented with desktop personal computers, notebook com-
`puters, palmtop computers, etc. The wireless network 104
`may be implemented as a packet-based cellular wide area
`wireless network that includes a numberofbase stations each
`
`providing wireless Radio Frequency (RF) coverage to a cor-
`respondingarea or cell. In some embodiments, instead of, or
`in addition to, a wide area wireless network, the wireless
`network 104 mayincludea local wireless area network, such
`as for example a wireless local area network that conforms to
`Institute of Electrical and Electronics Engineers (IEEE) 802.
`11 standards such as 802.11b and/or 802.11g. In at least some
`example embodiments, the wireless network 104 is con-
`nected to one or more enterprise networks 106 (only one of
`which is shownin FIG. 1). The connection betweenthe wire-
`less network 104 andthe enterprise network 106 may involve
`an intermediate communications link 108, which may pass
`through additional networks including, for example,
`the
`Internet. The enterprise network 106 maybe associated with
`the illustrated mobile device 102, such that the mobile device
`102 is enabled to exchange electronic messages and other
`information with the enterprise network 106. Optionally, the
`mobile device 102 may be associated with a secondary
`mobile device in the form of a smart card reader 110. Addi-
`
`tionally, a user of the mobile device 102 and the smart card
`reader 110 is likely to have access to a personal computer 112
`that is connected to the enterprise network 106 over a com-
`munications link 114. In one embodiment, the communica-
`tions link 114 is a local area network or wide area network
`providing organizational connectivity with the enterprise net-
`work 106. The smart card reader 110 may also be used with
`the personal computer 112, througheither a wired or wireless
`connection.
`
`FIG.2 illustrates the mobile communication device
`[0017]
`102 as an example of a device that may be employedin the
`illustrative communication system 100 of FIG. 1. The mobile
`communication device 102 includes a housing, an input
`device (e.g., a keyboard 224 having a plurality ofkeys) and an
`output device (a display 226), which may be a full graphic, or
`full color, Liquid Crystal Display (LCD). Other types of
`output devices may alternatively be utilized. A processing
`device (a microprocessor 228) is shown schematically in FIG.
`2 as coupled between the keyboard 224 andthe display 226.
`The microprocessor 228 controls the operation ofthe display
`226, as well as the overall operation of the mobile communi-
`cation device 102, in part, responsive to actuation of the keys
`on the keyboard 224 by auser. Notably,the keyboard 224 may
`comprise physical buttons (keys) or, where the display 226 is
`a touchscreen device, the keyboard 224 may be implemented,
`at leastin part, as “soft keys”. Actuation of a so-called soft key
`involveseither touching the display 226 wherethe soft key is
`displayed or actuating a physical button in proximity to an
`indication, on the display 226, of a temporary action associ-
`ated with the physical button.
`[0018] The housing may be elongated vertically, or may
`take on other sizes and shapes (including clamshell housing
`structures). Where the keyboard 224 includes keys that are
`associated with at least one alphabetic character andat least
`one numeric character, the keyboard 224 may include a mode
`
`selection key, or other hardware or software, for switching
`between alphabetic entry and numeric entry.
`[0019]
`Inaddition to the microprocessor 228, other parts of
`the mobile communication device 102 are shown schemati-
`cally in FIG. 2. These include: a communications subsystem
`202; a short-range communications subsystem 204; the key-
`board 224 andthe display 226, along with other input/output
`devices including a set of auxiliary I/O devices 206, a serial
`port 208, a speaker 210 and a microphone 212; as well as
`memory devices including a flash memory 216 and a Random
`Access Memory (RAM)218; and various other device sub-
`systems 220. The mobile communication device 102 may be
`a two-wayradio frequency (RF) communication device hav-
`ing voice and data communication capabilities. In addition,
`the mobile communication device 102 may havethe capabil-
`ity to communicate with other computer systems via the
`Internet.
`
`[0020] Operating system software executed by the micro-
`processor 228 maybestored in a computer readable medium,
`suchasthe flash memory 216, but maybestoredin other types
`of memory devices, such as a read only memory (ROM) or
`similar storage element. In addition, system software, spe-
`cific device applications, or parts thereof, may be temporarily
`loaded into a volatile store, such as the RAM 218. Commu-
`nication signals received by the mobile device may also be
`stored to the RAM 218.
`
`[0021] The microprocessor 228, in additionto its operating
`system functions, enables execution of software applications
`on the mobile communication device 102. Executable code
`
`for a predeterminedset of software applications that control
`basic device operations, such as a voice communications
`module 230A and a data communications module 230B, may
`be installed on the mobile communication device 102 during
`manufacture. A security module 230C mayalso beinstalled
`on the mobile communication device 102 during manufac-
`ture, to implementaspects ofthe present application. As well,
`additional software modules, illustrated as an other software
`module 230N, which maybe,for instance, a PIM application,
`may beinstalled during manufacture. The PIM application
`may be capable of organizing and managing data items, such
`as e-mail messages, calendar events, voice mail messages,
`appointments and task items. The PIM application mayalso
`be capable of sending and receiving data items via the wire-
`less network 104 represented by a radio tower. The data items
`managed by the PIM application may be seamlessly inte-
`grated, synchronized and updated via the wireless network
`104 with the device user’s corresponding data items stored or
`associated with a host computer system.
`[0022] Communication functions, including data and voice
`communications, are performed through the communication
`subsystem 202 and, possibly, through the short-range com-
`munications subsystem 204. The communication subsystem
`202 includes a receiver 250, a transmitter 252 and one or more
`antennas, illustrated as a receive antenna 254 and a transmit
`antenna 256. In addition, the communication subsystem 202
`also includes a processing module, such as a digital signal
`processor (DSP) 258, and local oscillators (LOs) 260. The
`specific design and implementation of the communication
`subsystem 202 is dependent upon the communication net-
`work in which the mobile communication device 102 is
`
`intended to operate. For example, the communication sub-
`system 202 of the mobile communication device 102 may be
`designed to operate with the Mobitex™, DataTAC™or Gen-
`eral Packet Radio Service (GPRS) mobile data communica-
`IPR2019-00613 Page 00009
`
`IPR2019-00613 Page 00009
`
`
`
`US 2010/0138914 Al
`
`Jun. 3, 2010
`
`tion networks and also designed to operate with any of a
`variety of voice communication networks, such as Advanced
`Mobile Phone Service (AMPS), Time Division Multiple
`Access (TDMA), Code Division Multiple Access (CDMA),
`Personal Communications Service (PCS), Global System for
`Mobile Communications (GSM), Enhanced Data rates for
`GSMEvolution (EDGE), Universal Mobile Telecommunica-
`tions System (UMTS), Wideband Code Division Multiple
`Access (W-CDMA), etc. Other types of data and voice net-
`works, both separate and integrated, may also be utilized with
`the mobile communication device 102.
`
`[0023] Network access requirements vary depending upon
`the type of communication system. Typically, an identifieris
`associated with each mobile device that uniquely identifies
`the mobile device or subscriber to which the mobile device
`has been assigned. The identifier is unique within a specific
`network or network technology. For example, in Mobitex™
`networks, mobile devices are registered on the network using
`a Mobitex Access Number (MAN) associated with each
`device and in DataTAC™networks, mobile devices are reg-
`istered on the network using a Logical Link Identifier (LLI)
`associated with each device. In GPRS networks, however,
`network access is associated with a subscriber or user of a
`
`device. A GPRS device therefore uses a subscriber identity
`module, commonlyreferred to as a Subscriber Identity Mod-
`ule (SIM) card, in order to operate on a GPRS network.
`Despite identifying a subscriber by SIM, mobile devices
`within GSM/GPRSnetworksare uniquely identified using an
`International Mobile Equipment Identity (MEI) number.
`[0024] When required network registration or activation
`procedures have been completed, the mobile communication
`device 102 may send and receive communication signals over
`the wireless network 104. Signals received from the wireless
`network 104 by the receive antenna 254 are routed to the
`receiver 250, which provides for signal amplification, fre-
`quency down conversion,filtering, channel selection, etc.,
`and may also provide analog to digital conversion. Analog-
`to-digital conversion of the received signal allows the DSP
`258 to perform more complex communication functions,
`such as demodulation and decoding. In a similar manner,
`signals to be transmitted to the wireless network 104 are
`processed(e.g., modulated and encoded) by the DSP 258 and
`are then providedto the transmitter 252 for digital to analog
`conversion, frequency up conversion, filtering, amplification
`and transmission to the wireless network 104 (or networks)
`via the transmit antenna 256.
`
`In addition to processing communication signals,
`[0025]
`the DSP 258 provides for control of the receiver 250 and the
`transmitter 252. For example, gains applied to communica-
`tion signals in the receiver 250 and the transmitter 252 may be
`adaptively controlled through automatic gain control algo-
`rithms implemented in the DSP 258.
`[0026]
`In a data communication mode, a received signal,
`such as a text message or web page download,is processed by
`the communication subsystem 202 andis input to the micro-
`processor 228. The received signal is then further processed
`by the microprocessor 228 for output to the display 226, or
`alternatively to some auxiliary I/O devices 206. A device user
`mayalso composedata items, such as e-mail messages, using
`the keyboard 224 and/or someother auxiliary I/O device 206,
`such as a touchpad, a rocker switch, a thumb-wheel,a track-
`ball, a touchscreen, or some other type of input device. The
`composed data items may then be transmitted over the wire-
`less network 104 via the communication subsystem 202.
`
`Ina voice communication mode, overall operation
`[0027]
`ofthe device is substantially similar to the data communica-
`tion mode, exceptthat received signals are output to a speaker
`210, and signals for transmission are generated by a micro-
`phone 212. Alternative voice or audio I/O subsystems, such as
`a voice message recording subsystem, may also be imple-
`mented on the mobile communication device 102. In addi-
`
`tion, the display 226 mayalso beutilized in voice communi-
`cation mode, for example, to display the identity of a calling
`party, the duration of a voice call, or other voice call related
`information.
`
`[0028] The short-range communications subsystem 204
`enables communication between the mobile communication
`device 102 and other proximate systems or devices, which
`need not necessarily be similar devices. For example, the
`short-range communications subsystem 204 may include an
`infrared device and associated circuits and components, or a
`Bluetooth™ communication module to provide for commu-
`nication with similarly-enabled systems and devices. For
`example, the smart card reader 110 may be enabled to com-
`municate with the mobile device 102 by way of the short-
`range communications subsystem 204.
`[0029] Reference is next made to FIG. 3, which shows, in
`greater detail, an example embodiment ofa secondary mobile
`device, namely the smart card reader 11 0. The smart card
`reader 11 0 includes a controller including at least one micro-
`processor 310, which is suitably programmedto control the
`overall operation and functions of the smart card reader 110,
`and an output device (e.g., a display module 312). The smart
`card reader 110 further includes peripheral devices or sub-
`systems such as a flash memory 314, a random access
`memory (RAM) 316, a serial port 318 (e.g., a USB port), a
`short-range communications subsystem 320 (e.g., an infrared
`transceiver, wireless bus protocol such as a Bluetooth system
`or any other meansof local communications), a storage com-
`ponent interface 322 (e.g., for a memory card or any other
`data storage device), a user input device 324 (e.g., a push
`button), and a biometric information input device 325 (e.g., a
`fingerprint sensor).
`[0030] A fingerprint sensor generally comprises an elec-
`tronic device used to capture a digital imageof a fingerprint
`pattern. The captured digital image is called a live scan. As
`part of configuring a fingerprint access system, a live scan
`maybe digitally processed to create a biometric template,
`whichis stored and used for later matching. A future live scan
`may be similarly digitally processed to create a biometric
`candidate in a format that facilitates matching with the pre-
`viously captured and stored biometric template. Someof the
`more commonly used fingerprint
`sensor
`technologies
`include: optical; ultrasonic; and capacitance.
`[0031] One example fingerprint sensor has a bar shape. A
`silicon sensor constructs a fingerprint as a user swipes a finger
`across the bar. Another example fingerprint sensor has a pad
`shape. A sensor constructsa fingerprint as a user holds a finger
`on the pad, which is designed with a size to accommodate an
`entire fingerprint.
`[0032] The microprocessor 310 operates under stored pro-
`gram control with code or firmware being stored in the flash
`memory 314 (orothertype of non-volatile memory device or
`devices). As depicted in FIG.3, the stored programs include
`an operating system program or code module 326 and other
`programsor software applications indicated generally by ref-
`erence 328. The operating system 326 ofthe smart card reader
`110 further includes a memory card driver component 330.
`IPR2019-00613 Page 00010
`
`IPR2019-00613 Page 00010
`
`
`
`US 2010/0138914 Al
`
`Jun. 3, 2010
`
`The memory card driver 330 is responsible for coordinating
`communications between the smart card reader 110 and a
`
`memory card 334 and/or between the smart card reader 110
`and related drivers of a device to be used in conjunction with
`the smart card reader 110, such as the drivers 244 of the
`personal computer 112. The operating system code 326, code
`for specific software applications 328, code for the memory
`card driver 330, or code components thereof, may be tempo-
`rarily loadedinto a volatile storage medium such as the RAM
`316. Received communication signals and other data with
`information may also be stored in the RAM 316. Addition-
`ally, the storage componentinterface 322 receives the remov-
`able memory card 334, providing additional storage space for
`the smart card reader 110. In one embodiment, the memory
`card 334 may bea smart card similar to the smart cards known
`to those skilled in the art. The memory card 334 may include
`fingerprint authentication data, password or pin code related
`data, or other security related data. While operation of the
`smart card reader 110 is described using a smart card,it will
`be understood by those skilled in the art that the smart card
`reader 110 may be designed using any suitable form of
`removable media without departing from the intended scope
`of the smart card reader 110.
`
`[0033] The stored program control(e.g., operating system
`326, software applications 328) for the microprocessor 310
`also includes a predetermined set of applications or code
`components or software modules that control basic device
`operations, for example, management and security related
`control of the data of the smart card reader 110 and may be
`installed on the smart card reader 110 as a componentof the
`software applications 328 during the manufacturing process.
`Further applications may also be loaded (i.e., downloaded)
`onto the smart card reader 110 through the operation of the
`serial port 318, the operation of the short-range communica-
`tions subsystem 320 or from the smart card 334. The down-
`loaded code module or components are then installed by the
`user (or automatically) in the non-volatile program memory
`(e.g., the flash memory 314) or the RAM 316.
`[0034]
`Theserial port 318 may comprise a USB-typeinter-
`face port for interfacing or synchronizing with another
`device, such as the personal computer 112 or the mobile
`device 102. The serial port 318 is used to exchange data with
`a device such as the personal computer 112 to be stored on the
`smart card 334 that is plugged into the storage component
`interface 322 ofthe smart card reader 110. Theserial port 318
`is also used to extend the capabilities of the smart card reader
`110 by providing for information or software downloads,
`including any user interface information, to the smart card
`reader 110.
`
`In various example embodiments, the short-range
`[0035]
`communications subsystem 320 provides an interface for
`communication between the smart card reader 110 and the
`personal computer 112 or the mobile device 102. In one
`embodiment,
`the short-range communications subsystem
`320 includes an infrared communication link or channel. In
`another embodiment, the subsystem 320 comprises a wireless
`RFbusprotocol such as a Bluetooth™ communications sub-
`system. However,
`the short-range communications sub-
`system 320 may comprise any suitable local wireless means
`of communication, so long as the short range communica-
`tions subsystem 232 of the personal computer 112 is chosen
`to operate using the same protocol, which may for example
`facilitate wireless communication between the personal com-
`puter 112 and the smart card reader 110. Any suitable com-
`
`munications mechanism and/or protocol may be imple-
`mented for the short range communications subsystems 320
`and 204.
`
`Ininformation technology, biometric authentication
`[0036]
`refers to technologies that measure and analyze human physi-
`cal and behavioral characteristics for authentication pur-
`poses. Examples of physical characteristics include finger-
`prints, eye retinas and irises,
`facial patterns and hand
`measurements, while examples of mostly behavioral charac-
`teristics include signature, gait and typing patterns. Voice is
`considered a mix of both physical and behavioral character-
`istics. However, it can be arguedthatall biometric traits share
`physical and behavioral aspects.
`[0037] The use ofa biometric authentication system begins
`with the collection and storage of template biometrics from
`potential users of the biometric authentication system. At the
`time of desired authentication, the user inputs,to a device (or
`to a peripheral to the device), a “candidate” biometric. Match-
`ing algorithms are then used to compare previously stored
`template biometrics against the candidate biometric. In the
`case where the biometric is an image, an original image
`(template) may be directly compared with a candidate image.
`Alternatively, formation of the template involves identifying
`certain features of an original image. Once the features are
`identified, the template may be formedof location and orien-
`tation information for each of the features. Similarly, a can-
`didate is formed by identifying certain features of a candidate
`image and, subsequently, the template is compared to the
`candidate.
`
`In one application, biometric authentication may be
`[0038]
`used for authenticating the user of a mobile communication
`device.
`
`In some enhanced security embodiments, in order
`[0039]
`for a user to use someorall of the functionality of the mobile
`device 102, the mobile device 102 must bein at least periodic
`communication with its associated smart card reader 110
`
`through the mobile device short-range communications sys-
`tem 204 to receive authorization information stored on the
`memory card 334. The authorization information stored on
`the memory card 334 will typically include unique authenti-
`cation information for a designated user of the mobile device
`102, such as biometric templates and/or further authentica-
`tion information such as passwords, etc. Such a configuration
`mitigates against unauthorized use when the mobile device
`102 becomes separated (i.e., out of communications range)
`from the smart card reader 110 with which the mobile device
`
`102 has been paired. According to example embodiments, in
`addition to providing enhanced security functionality, the
`smart card reader 110 is also used to backup data from the
`mobile device 100.
`
`[0040] The auxiliary I/O devices 206 of the mobile device
`102 mayinclude “convenience keys”. Such convenience keys
`maybe positioned at specific locations about the housing of
`the mobile device 102. In operation, the convenience keys
`mayeach be mappedto a function. For instance, actuation of
`one convenience key may launch a web browsing application
`on the mobile device 102. Actuation of another convenience
`key may cause a menuto appear on the display 226, where the
`menu allowsthe userto select a notification profile different
`from the notification profile currently in use. As is known, a
`notification profile may be used to define a manner in which
`the mobile device 102 notifies the user of various events. The
`events may include an incoming telephonecall, a recently
`received e-mail message, a recently received Short Messag-
`IPR2019-00613 Page 00011
`
`IPR2019-00613 Page 00011
`
`
`
`US 2010/0138914 Al
`
`Jun. 3, 2010
`
`the dialog that is displayed on the mobile device 102 when
`locked. Responsive to receiving the unlock command, the
`microprocessor 228 arranges for the presentation of an
`unlock dialog (step 404) onthe display 226 to promptthe user
`to enter authentication factors, such as a device password
`and/or a smart card password. Optionally, responsive to being
`presented with the unlock dialog, the user may enter a device
`password in a device passwordfield of the unlock dialog and
`mayenter a smart card password in a smart cardfield of the
`unlock dialog. The user may, for example, submit the entered
`information by, for example, actuating an “enter” key on the
`keyboard 224 or by actuating one ofthe auxiliary I/O devices
`206 to cause a menuto appear on the display 226 and further
`indicating using the auxiliary I/O device 206 selection of a
`submit menu item.
`
`ing Service message, a recently received Instant Messaging
`message, an alert that an appointment time is imminent, a
`reminderof a due task, etc. One profile may be used in noisy
`environments and maybe defined suchthat the useris alerted
`using a combination of loud noises and vibrations. Addition-
`ally, another profile may be used in quiet environments and
`may be defined such that a user is notalertedat all.
`[0041] Through the use of convenience keys, execution of
`specific applications can be launchedbya single action,e.g.,
`a key press o