`McKeeth
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,766,456 Bl
`Jul. 20, 2004
`
`I 1111111111111111 11111 111111111111111 IIIII IIIII IIIII IIIII 1111111111 11111111
`
`
`
`
`US006766456Bl
`
`(54) METHOD AND SYSTEM FOR
`AUTHENTICATING A USER OF A
`COMPUTER SYSTEM
`
`(75)
`
`Inventor: James McKeeth, Nampa, ID (US)
`
`(73) Assignee: Micron Technology, Inc., Boise, ID
`(US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by O days.
`
`(21) Appl. No.: 09/511,092
`
`(22) Filed:
`
`Feb. 23, 2000
`
`Int. Cl.7 .................................................. H04K 1/00
`(51)
`(52) U.S. Cl. ....................... 713/200; 713/201; 713/202;
`713/183; 713/186; 713/168
`(58) Field of Search ................................. 713/200, 202,
`713/201, 183, 184, 186; 345/168, 156,
`158
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`4,759,063 A * 7/1988 Chaum
`380/30
`........................
`5,229,764 A * 7/1993 Matchett et al. ........... 340/5.52
`5,465,084 A
`11/1995 Cottrell
`.................
`340/825.31
`5,559,961 A
`9/1996 Blonder .................
`395/188.01
`5,608,387 A
`3/1997 Davies
`..................
`340/825.34
`5,821,933 A
`10/1998 Keller et al. ................ 345/348
`5,838,306 A
`11/1998 O'Connor et al.
`6,006,328 A * 12/1999 Drake
`713/200
`........................
`6,035,406 A * 3/2000 Moussa et al.
`............. 713/202
`6,091,835 A * 7/2000 Smithies et al. ............ 382/115
`
`6,298,447 Bl * 10/2001 Wang .........................
`713/202
`6,418,424 Bl * 7/2002 Hoffberg et al. .............. 706/21
`
`FOREIGN PATENT DOCUMENTS
`
`JP
`JP
`
`60 171560 A
`61 142835 A
`
`9/1985
`6/1986
`
`........... G06F/15/00
`............. H04L/9/00
`
`OTHER PUBLICATIONS
`
`Knowledge Adventure, Inc., User's Guide, pp. 1-18, 1996,
`"Jump Start Toddlers".
`Micron Electronics, Inc.-Assignee, U.S. App. SIN 09/033,
`943, filed Mar. 2, 1998, "securing Restricted Operations of
`a Computer Program Using a Visual Key Feature."
`
`* cited by examiner
`
`Primary Examiner~y
`V. Hua
`(74) Attorney, Agent, or Firm-Knobbe, Martens, Olson &
`Bear, LLP.
`
`(57)
`
`ABSTRACT
`
`A method and system for authenticating a user to access a
`computer system. The method comprises communicating
`security information to the computer system, and providing
`the computer system with an implicit input. The method
`further comprises determining whether the security infor(cid:173)
`mation and implicit input match corresponding information
`associated with the user. The method further comprises
`granting the user access to the computer system in the event
`of a satisfactory match. When authenticating the user, the
`method and system consider the possibility of the user being
`legitimate but subject to duress or force by a computer
`hacker.
`
`15 Claims, 4 Drawing Sheets
`
`USER ENTERS SECURITY
`INFORMATION
`
`410
`
`No
`
`SEARCH FOR PATTERN IN
`INPUT
`
`420
`
`IPR2022-00602
`Apple EX1005 Page 1
`
`
`
`U.S. Patent
`
`Jul. 20, 2004
`
`Sheet 1 of 4
`
`US 6,766,456 Bl
`
`V 130
`
`TIMER
`
`·~
`
`110 -"- '
`
`I'
`
`V 120
`
`USER
`INTERFACE
`
`PROCESS
`- CIRCUIT
`
`'"
`
`,,
`
`MEMORY
`
`I'\ 140
`
`FIG.
`
`I
`
`;J
`
`100
`
`/ 150
`
`I-+
`
`c----+
`
`COMPARE
`CIRCUIT
`
`. - PASS
`
`1---+
`
`FLAG
`
`IPR2022-00602
`Apple EX1005 Page 2
`
`
`
`U.S. Patent
`
`Jul. 20, 2004
`
`Sheet 2 of 4
`
`US 6,766,456 Bl
`
`230
`
`200
`
`FIG.2
`
`IPR2022-00602
`Apple EX1005 Page 3
`
`
`
`U.S. Patent
`
`Jul. 20, 2004
`
`Sheet 3 of 4
`
`US 6,766,456 Bl
`
`310/
`
`330/
`
`FIG.3A
`
`FIG.3B
`
`/340
`✓
`
`FIG.3C
`
`FIG.SD
`
`IPR2022-00602
`Apple EX1005 Page 4
`
`
`
`U.S. Patent
`
`Jul. 20, 2004
`
`Sheet 4 of 4
`
`US 6,766,456 Bl
`
`400
`
`BEGIN
`
`USER ENTERS SECURITY
`INFORMATION
`
`410
`
`No
`
`416
`
`FIG.4
`
`SEARCH FOR PATTERN IN
`INPUT
`
`420
`
`Yes
`
`440
`
`ISSUE ALERT TO
`SECURITY
`ADMINISTRATOR
`
`Yes
`
`450
`
`DOWNGRADE
`SECURITY CLEARANCE
`TO "LIMITED"
`
`Yes
`
`460
`
`14-----,
`
`490
`
`GRANT
`ACCESS
`
`END
`
`470
`
`IPR2022-00602
`Apple EX1005 Page 5
`
`
`
`US 6,766,456 Bl
`
`1
`METHOD AND SYSTEM FOR
`AUTHENTICATING A USER OF A
`COMPUTER SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`5
`
`2
`to the computer system,
`municating security information
`and providing the computer system with an implicit input.
`The method further comprises determining whether
`the
`security information and implicit input match corresponding
`information associated with the user. The method further
`comprises granting the user access to the computer system
`in the event of a satisfactory match.
`to
`The system comprises a user interface configured
`communicate security information and an implicit input to
`10 the computer. The system further comprises a compare
`circuit that is operationally coupled to the user interface. The
`compare circuit is configured
`to determine whether
`the
`security information and implicit input match corresponding
`information associated'with
`the user. The system further
`15 comprises a process circuit that is operationally coupled to
`the compare circuit. The process circuit is configured to
`grant the user access to the computer in the event of a
`satisfactory match. In another embodiment, the system com(cid:173)
`prises means for interfacing the user with the computer. The
`20 interfacing means is configured to communicate security
`information and an implicit input to the computer. The
`system further comprises means, operationally coupled to
`the interfacing means, for comparing the security informa(cid:173)
`tion and implicit input with corresponding information asso-
`25 ciated with the user. The system further comprises means,
`operationally coupled to the comparing means, for process(cid:173)
`ing the compared information and granting the user access
`to the computer in the event of a satisfactory match.
`
`30
`
`40
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The above and other aspects, features, and advantages of
`the invention will be better understood by referring to the
`following detailed description, which should be read in
`conjunction with the accompanying drawings, in which:
`FIG. 1 is a block diagram showing one embodiment of a
`computer system in accordance with the invention.
`FIG. 2 is a perspective view of a peripheral device that
`may be used with the invention.
`FIGS. 3A, 3B, 3C, and 3D illustrate exemplary patterns
`that are recognized by the computer system of FIG. 1.
`FIG. 4 is a flowchart describing one embodiment of the
`method of authenticating a user in accordance with the
`invention.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`1. Field of the Invention
`The invention relates generally to methods of accessing a
`secure computer system. More particularly, this invention
`relates to a method and system for authenticating identity of
`a user before accessing a computer system.
`2. Description of the Related Art
`In today's information age, a user is generally required to
`execute or pass some form of a security step, such as
`entering a private identification code or password, to access
`a computer system. As the computer stored information or
`application becomes more sensitive or valuable, greater
`security measures are desired to verify the identity and
`legitimacy of the user before allowing access to the com(cid:173)
`puter system that contains such information or application.
`The use of a password alone, however, has become less
`reliable to authenticate the user. The reduced reliability of
`using a password alone has been due to a computer hacker's
`ability to locate, copy, or electronically identify or track the
`required password using specialized software programs. In
`some cases, computer hackers are simply able to obtain the
`user's password by exercising duress or force. Accordingly,
`the use of a password alone to authenticate the user for
`access to the computer system has not been very reliable.
`Instead of or in combination with entering a password,
`some computer systems are designed to authenticate the user
`by requiring the user to turn a conventional key or swipe a
`machine readable card. These techniques, however, are still
`subject to the same weaknesses as those identified for using 35
`a password. Recently, some computer makers considered
`using the user's fingerprint to authenticate and grant access
`to the computer system. In such a system, a peripheral
`device, such as a mouse, includes a fingerprint acquisition
`module that provides to the computer a signal representative
`of the fingerprint of the user. The computer compares the
`user's fingerprint signal to a list of signals stored in its
`memory. If the user's fingerprint signal matches a signal that
`is stored in the computer memory, the user is granted access
`to the computer system, otherwise access is denied. For 45
`further details about such computer system, reference is
`made to U.S. Pat. No. 5,838,306 issued to O'Connor et al.
`on Nov. 17, 1998, which is incorporated in its entirety by
`reference. Using a fingerprint is still not immune to the
`computer hacker's ability to force the user to place his/her 50
`finger on the acquisition device. Moreover, a sophisticated
`computer hacker may be able to copy the user's fingerprint
`and provide a simulated signal to the computer system to
`obtain access.
`Therefore, the above-described authentication techniques
`do not overcome a computer hacker's ability to access the
`computer by forcing the user to enter a password, turn a key,
`swipe a card, or place the user's finger on a fingerprint
`acquisition device. There is a need in the computer technol-
`ogy to provide an implicit authentication technique that is
`immune to force or theft by computer hackers.
`
`55
`
`The following description is not to be taken in a limiting
`sense, but is made merely for the purpose of describing the
`general principles of the invention. The scope of the inven(cid:173)
`tion should be determined with reference to the claims.
`FIG. 1 is a block diagram showing one embodiment of a
`computer system 100 in accordance with the invention. As
`shown in FIG. 1, the computer system 100 comprises a user
`interface 110 that is operationally connected to a process
`circuit 120. The user interface 110 may be any input device
`that is used to enter or communicate
`information
`to the
`computer system 100, such as a keyboard, mouse, trackball,
`pointer, touch-screen, remote terminal, audio sensor, optical
`scanner, telephone, or any similar user interface. The user
`interface may provide input signals to the computer system
`100 in an analog form, which typically requires conversion
`to digital form by the computer system 100, or in a digital
`65 form. For example, when using a keyboard, a computer user
`(not shown in this figure) may enter a password representing
`a unique series of keys. When using a mouse or trackball, the
`
`60
`
`SUMMARY OF THE INVENTION
`
`To overcome the above-mentioned limitations, the inven(cid:173)
`tion provides a method and system for authenticating a user
`to access a computer system. The method comprises com-
`
`IPR2022-00602
`Apple EX1005 Page 6
`
`
`
`US 6,766,456 Bl
`
`3
`user may enter a unique series of clicks using left, center,
`and/or right buttons of the mouse. Alternatively, the user
`may enter a unique geometric pattern (see FIGS. 3A-3D)
`concurrently with or shortly after entering the password.
`When using an audio sensor, such as a microphone, the user 5
`may enter audio information, such the user's voice, which
`may be uniquely identified by the computer system 100.
`When using an optical scanner, the user may scan his/her
`fingerprint or other physical feature such as the retina into
`the computer system 100 for authentication.
`Any, a combination, or all of the above-described types of
`input signals may be used to authenticate a user. For
`example, the computer system 100 may be designed to
`receive a combination of input signals in a form of a
`password from a keyboard, in a form of a fingerprint scan 15
`from an optical scanner (e.g., placed on the keyboard or
`mouse), and in a form of a geometric pattern from a mouse
`or trackball. The user may input these signals substantially
`concurrently, or in any agreed upon sequence. For example,
`the user may enter a password through the keyboard and, 20
`within a predetermined duration of time (e.g., 5 seconds),
`place his/her finger on the mouse to be scanned while
`moving the mouse in a specified pattern, e.g., clockwise
`circle. As further described below, before granting the user's
`request for access, the computer system 100 may be con- 25
`figured
`to recognize
`the combination of a password,
`fingerprint, and a particular pattern that is unique to each
`user.
`The process circuit 120 is configured to receive input
`signals from the user interface 110 for processing.
`If the 30
`input signals are in analog form, the process circuit 120
`converts the input signals to digital form for further pro(cid:173)
`cessing. If desired or necessary, the process circuit 120 filters
`undesired components of the input signals, so that only
`components that are necessary for identification are passed 35
`on. The process circuit is operationally connected with a
`timer 130 that measures time duration between the various
`input signals. As noted above, the computer system 100 may
`be configured to recognize and accept for processing input
`signals (e.g., password) that occur within a predetermined
`duration of time from other input signals ( e.g., fingerprint
`scan or pattern). Accordingly, the process circuit 120 may
`instruct the timer 130 to measure time between input signals
`to determine whether the user is an authorized user. For
`example, the duration between entering a password and
`performing a fingerprint scan and/or pattern may be set to a
`maximum of 10 seconds. If, after entering a legitimate
`password,
`the user takes too long (i.e., greater than 10
`seconds) to perform a fingerprint scan and/or pattern, the
`process circuit 120 may deny access to the computer system
`100, as described for the method of FIG. 4.
`If, on the other hand, the user performs a fingerprint scan
`and/or pattern within the designated time, the process circuit
`120 communicates the input signals to a compare circuit 150
`for authentication. The compare circuit 150 is operationally 55
`coupled to a memory 140, which stores a list of legitimate
`user
`identifications
`(ID's) with respective passwords,
`fingerprint, pattern, or any other
`type of information
`("security
`information")
`for recognition by the computer
`system 100. The process circuit 120 may instruct
`the 60
`memory 140 to communicate security information
`to the
`compare circuit 150 for authentication. The compare circuit
`150 also receives and compares input information from the
`process circuit 120 with the security information received
`from the memory 140. If there is a match between the input 65
`and security information, the compare circuit 150 issues a
`"pass" signal to the computer system 100 (e.g., a host
`
`4
`processor) indicating acceptance of and authorizing access
`by the user. If the input and security information do not
`match, the compare circuit issues a "flag" signal indicating
`denial of access by the user.
`In one embodiment, the user is always required to perform
`an implicit, invisible, or non-apparent act (the "implicit" act
`or input). The implicit input may include an active and/or a
`passive act. For instance, in performing the active act, the
`user may generate a geometric pattern (e.g., using a mouse)
`10 when requesting access to the computer system 100. The
`computer system 100 may be configured to recognize a
`particular geometric pattern under the condition that the user
`performs such pattern concurrently with, or after a prede-
`termined duration from, scanning his/her fingerprint. In
`performing the passive act, the user may wait a predeter(cid:173)
`mined time intervals between entry of various components
`of the security information or, for instance, may skip a
`predetermined
`letter of each component of the security
`information. In heightened security applications, it may be
`desirable to configure the computer system 100 to issue a
`security alert to the responsible authority ( e.g., security
`guards or law enforcement personnel) if the user fails to
`perform
`the geometric pattern. Accordingly, even if the
`compare circuit 150 determines
`that
`the
`input
`(e.g.,
`fingerprint) and security information do match, the compare
`circuit 150 may still issue the flag signal because of the
`user's failure to perform the geometric pattern.
`In such a scenario, the computer system 150 recognizes
`that while the user may be legitimate, the user's failure to
`perform the geometric pattern may be an indication that the
`user is experiencing duress or force to access the computer
`system 100, as described for the method of FIG. 4. In some
`applications, it may be desirable to grant a limited access to
`the user to give the false impression
`that access to the
`computer system 100 is granted as usual. As used herein,
`"limited access" is any access that provides a user or intruder
`access that is less than complete access to the computer
`system 100. However, concurrently with the limited access,
`a silent security alert may be issued to security personnel,
`40 without allowing the user or intruder to know. Using the
`silent security alert mode silent alert minimizes risk to the
`user under duress.
`Any of the structural components of the computer system
`45 100, e.g., the process circuit 120 and compare circuit 150,
`may be implemented using commonly known hardware,
`such as one or more digital circuits, to perform the authen(cid:173)
`tication functions of the computer system 100. Alternatively,
`the functions of such structural components may be imple-
`50 mented using a dedicated signal processor, such as a digital
`signal processor (DSP), that is programmed with instruc(cid:173)
`tions to perform the authentication functions of the computer
`system 100.
`FIG. 2 is a perspective view of a peripheral device 200
`that may be used with the invention. The peripheral device
`200 may comprise a mouse that communicates signals with
`the computer system 100 (see FIG. 1) via a cable 230, or via
`a wireless link (not shown in this figure) such as a radio
`frequency (RF) or infrared (IR) link. In one embodiment, the
`user interface 110 (see FIG. 1) may comprise the peripheral
`device 200 through which a user may send user security
`information (e.g., a user ID, password, fingerprint scan, and
`a specified pattern) to the computer system 100 to obtain
`access thereto.
`As shown in FIG. 2, the peripheral device 200 comprises
`one or more buttons 210, 212, 214, and 216, which, when
`pressed by the user, send various signals that are recognized
`
`IPR2022-00602
`Apple EX1005 Page 7
`
`
`
`US 6,766,456 Bl
`
`5
`
`10
`
`5
`by the computer system 100. As described above, in addition
`to a password and fingerprint scan, the computer system 100
`may be configured to require the user to enter a pattern
`comprising a unique sequence of button pressings to authen(cid:173)
`ticate the user. Accordingly, concurrently with or shortly
`after the fingerprint scan, the user may press one or more of
`the buttons 210---216 to generate a unique sequence of
`signals before the computer system 100 may grant access.
`For example, the sequence of signals may be generated by
`pressing the button sequence 214, 212, 216, and 212. In
`response
`to the user security
`information,
`the computer
`system 100 determines if the user may be granted access as
`described above.
`The peripheral device 200 may optionally comprise a
`trackball (not shown in this figure) that allows the user to 15
`manipulate the position of a pointer on a visual display, such
`as a display monitor, in response and proportionally to the
`motion of the trackball on a surface, such as a pad. The
`characteristics and operation of such a trackball are well
`known in the art. The peripheral device 200 may also 20
`comprise one or more optical scanner windows 220, 222,
`224, and 226. If the authentication process requires a fin(cid:173)
`gerprint scan, one or more of the scanner windows 220---226
`may scan the fingerprint of the user and form an electronic
`image of the fingerprint. The peripheral device 200 sends the 25
`electronic image to the computer system 100 for authenti(cid:173)
`cating the user as described above. The characteristics and
`operation of the optical scanner windows 220---226 are well
`known in the art.
`As noted above, in addition to entering a password and
`fingerprint scan, the computer system 100 may be config(cid:173)
`ured to require the user to enter a unique geometric pattern
`via the peripheral device 200 to authenticate
`the user.
`Accordingly, concurrently with or shortly after the finger(cid:173)
`print scan, the user may move the peripheral device 200 on
`a flat surface in a predetermined geometric pattern to gen(cid:173)
`erate the unique geometric pattern, as outlined by the
`trackball of the peripheral device 200. FIGS. 3A, 3B, 3C,
`and 3D illustrate exemplary patterns that are recognized by
`the computer system 100. As shown in FIG. 3A, the user
`may move the peripheral device 200 to generate a triangle
`310 in a specified direction on the flat surface. The periph(cid:173)
`eral device 200 sends the generated pattern in a form of
`electrical signals to the computer system 100 for authenti(cid:173)
`cation. As described above, if the computer system 100
`determines
`that the generated pattern matches a pattern
`stored in the memory 140 (see FIG. 1), the computer system
`100 grants the access. If, on the other hand, the computer
`system 100 determines that the generated pattern does not
`match a stored pattern, the computer system 100 may deny
`access or, if configured to do so, lock up the computer
`system 100 and generate a security alert to the responsible
`authorities.
`FIG. 3B shows another exemplary pattern in a form of a
`rectangle 320 that may be generated by the user via the
`peripheral device 200. FIG. 3C shows another exemplary
`pattern in a form of a straight line 330 that may be generated
`by the user via the peripheral device 200. Finally, FIG. 3D
`shows still another exemplary pattern in a form of a circle
`340 that may be generated by the user in a clockwise
`direction via the peripheral device 200.
`FIG. 4 is a flowchart describing one embodiment of the
`method of authenticating a user in accordance with the
`invention. The method of the invention commences at block
`400 when the computer system 100 (FIG. 1) is first powered
`up. At block 410, the user enters the user's security infor(cid:173)
`mation such as a user identification, password, and/or fin-
`
`6
`gerprint scan, pursuant to system access instructions. At a
`decision block 416, the computer system 100 determines
`whether
`the entered security information matches corre(cid:173)
`sponding information in the memory 140. If the security
`information does not match, the method proceeds to block
`470 where the computer system 100 denies access to the
`user. If, on the other hand, the security information matches
`corresponding information in the memory 140, the method
`proceeds to block 420.
`In this embodiment, the computer system 100 is config(cid:173)
`ured to recognize the implicit input that the user enters
`concurrently with, or within a predetermined duration of,
`entering
`the security
`information. As noted above, the
`implicit input may be a geometric pattern that the user
`generates via the user interface 110. Accordingly, at block
`420, the computer system 100 waits and searches for a
`predetermined pattern signal from the user interface 110.
`The pattern signal may be in analog or digital form that
`represents the pattern that the user generates, e.g., the circle
`340. At a decision block 424, the computer system 100
`determines
`if a pattern signal is received from the user
`interface 110 within the predetermined duration. If a pattern
`signal is not received or found, the method proceeds to block
`436. If, on the other hand, a pattern signal is received from
`the user interface 110, the method proceeds to a decision
`block 428, where the computer system 100 determines
`whether the pattern signal matches a corresponding pattern
`signal stored in memory 140. If the entered pattern signal
`matches the stored pattern signal, the method proceeds to
`30 block 460 where the computer system 100 grants the user's
`request for access. If, on the other hand, the entered signal
`pattern does not match the stored pattern signal, the method
`proceeds to the decision block 436.
`As indicated above, the computer system 100 may be
`35 configured to operate in an alert mode if desired by the
`system administrator. The alert mode represents a mode of
`operation wherein the computer system 100 responds to an
`access request using an authentication process that is more
`stringent than when operating
`in a non-alert ("normal")
`40 mode. For instance, upon receiving instructions to heighten
`security measures ( e.g., in response to an overt threat or
`intelligence
`information),
`the system administrator may
`configure the computer system 100 to operate in the alert
`mode. Alternatively, the system administrator may configure
`45 the computer system 100 to operate in the alert mode based
`on any desired criteria, such as geographic location of the
`computer system 100, content or sensitivity of stored
`information, and/or other factors. In the alert mode, the
`computer system 100 alerts security personnel if it is deter-
`so mined
`that there is a possibility of a security breach.
`Accordingly, at block 436, the computer system 100 deter(cid:173)
`mines if the alert mode is activated. If the alert mode is not
`activated, the method proceeds to block 470, where the
`computer system 100 denies the user's request to access the
`ss computer system 100. If, on the other hand, the alert mode
`is activated, the method proceeds to block 440. Thus, in the
`event of an absent or incorrect pattern signal, the computer
`system 100 avoids issuing unwarranted security alerts when
`operating in the normal mode. However, if it is operating in
`60 the alert mode, the computer system 100 applies a stringent
`authentication process and issues security alerts in the event
`of an absent or incorrect pattern signal.
`As noted above, the computer system 100 may represent
`at least a portion of a computer network that is accessible via
`65 multiple user terminals, including security and supervisory
`personnel
`terminals. Accordingly,
`if the alert mode
`is
`activated, then at block 440 the computer system 100 is
`
`IPR2022-00602
`Apple EX1005 Page 8
`
`
`
`US 6,766,456 Bl
`
`5
`
`10
`
`7
`to a predetermined
`to issue an alert signal
`configured
`destination, e.g., a security terminal that is accessible by
`security personnel. The alert signal may be a text message
`indicating that a potential security breach or unauthorized
`attempt to access the network has occurred at a particular
`location, e.g., electronic or physical address of the computer
`system 100. At block 446, the computer system 100 deter(cid:173)
`mines whether the silent alert mode is activated. As noted
`above, the silent alert mode allows a limited access to a user
`that is potentially under the influence of duress or force.
`Hence, the system administrator may selectively activate or
`deactivate the silent alert mode based on any desired criteria,
`such as the level of safety necessary for users at a particular
`location.
`Accordingly, if the silent alert mode is not activated, the
`method proceeds to block 470 where the computer system 15
`100 denies the user access to the computer system 100. If,
`on the other hand, the silent alert mode is activated, the
`method proceeds to block 450 where the computer system
`100 downgrades or limits the scope of access for the user
`information. As noted above, 20
`who entered
`the security
`limited access is any access that provides a user or intruder
`access that is less than complete access to the computer
`system 100. For example, the limited access may allow the
`user to read or view only a particular list of files that do not
`contain sensitive information. The limited access may also 25
`include preventing the user from printing or copying any
`files that are stored in the computer system 100. After
`downgrading the scope of access for the user, the method
`to block 460 where the computer system 100
`proceeds
`provides the user with limited access to the computer system 30
`100. As noted above, while the computer system 100 grants
`the user with the limited access, the computer system issues
`the alert signal to security personnel without notifying the
`user or intruder that any such signal was issued. The method
`terminates at block 490 after. either granting the user's 35
`request at block 460 or denying the user's request at block
`470 to access the computer system 100.
`In view of the foregoing, it will be appreciated that the
`invention overcomes the long-standing need for a method
`and system for correctly authenticating a user despite the
`presence of duress and force by a computer hacker. The
`invention may be embodied in other specific forms without
`departing from its spirit or essential characteristics. The
`described embodiment is to be considered in all respects
`only illustrative and not restrictive. The scope of the inven(cid:173)
`tion is, therefore, indicated by the appended claims rather by
`the foregoing description. All changes that fall within the
`meaning and range of equivalency of the claims are to
`embraced within their scope.
`What is claimed is:
`1. A method of authenticating a user of an electronic
`device, the method comprising:
`receiving security information from a user,
`receiving in the electronic device an authorization pattern 55
`provided by a mouse, wherein the authorization pattern
`identifies a particular movement made by the mouse;
`determining whether the authorization pattern matches a
`stored pattern;
`measuring a duration of time between the receipt of the 60
`security information and the authorization; and
`granting the user access to the electronic device in the
`event of a satisfactory match and the duration of time
`is less than a threshold.
`2. The method of claim 1, further comprising denying the 65
`user access to the electronic device in the event of an
`unsatisfactory match.
`
`50
`
`40
`
`45
`
`8
`3. The method of claim 2, further comprising issuing a
`security alert to security personnel
`in the event of an
`unsatisfactory match between the authorization pattern and
`the stored pattern.
`4. The method of claim 2, further comprising issuing a
`silent security alert to security personnel in event of an
`unsatisfactory match.
`5. The method of claim 1, further comprising limiting the
`scope of access in the event of an unsatisfactory match.
`6. A system for authenticating a user of an electronic
`device, the system comprising:
`a mouse configured
`to communicate an authorization
`pattern to the electronic device, wherein the authoriza(cid:173)
`tion pattern identifies a particular movement made by
`the mouse;
`a user interface configured to receive security informa(cid:173)
`tion;
`a compare circuit that is operationally coupled to the
`mouse, and configured to determine whether authori(cid:173)
`zation pattern matches a stored pattern;
`a process circuit that is operationally coupled to the
`compare circuit, and configured to grant the user access
`to the the electronic device in the event of a satisfactory
`match; and
`a timer that is operationally connected to the process
`circuit the timer being configured to measure duration
`of time between entry of the security information and
`entry of the authorization pattern, the process circuit
`determining whether the measured duration exceeds a
`threshold, access to the electronic device being denied
`if the measured duration exceeds the threshold.
`7. The system as defined in claim 6, wherein the security
`information comprises a user identification and timer that is
`operationally connected
`to the process circuit, the timer
`being configured to measure duration of time between entry
`of security
`information and entry of the authorization
`pattern, the process circuit determining whether the mea-
`sured duration exceeds a threshold, access to the electronic
`device being denied if the measured duration exceeds the
`threshold password.
`8. The system as defined in claim 6, wherein the process
`circuit is configured to generate an alert signal in the event
`an unsatisfactory match between the authorization pattern
`and the stored pattern.
`9. The system as defined in