WO2017166264A1 - Apparatuses and methods for preboot voice authentication - Google Patents

Apparatuses and methods for preboot voice authentication Download PDF

Info

Publication number
WO2017166264A1
WO2017166264A1 PCT/CN2016/078253 CN2016078253W WO2017166264A1 WO 2017166264 A1 WO2017166264 A1 WO 2017166264A1 CN 2016078253 W CN2016078253 W CN 2016078253W WO 2017166264 A1 WO2017166264 A1 WO 2017166264A1
Authority
WO
WIPO (PCT)
Prior art keywords
voice
data
preboot
audio
passphrase
Prior art date
Application number
PCT/CN2016/078253
Other languages
French (fr)
Inventor
Jiewen Jacques YAO
Vincent J. Zimmer
Roy Hopkins
David Webb
Qian OUYANG
Hao Wu
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to PCT/CN2016/078253 priority Critical patent/WO2017166264A1/en
Publication of WO2017166264A1 publication Critical patent/WO2017166264A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • Computer security is an ongoing battle to protect unauthorized access to sensitive information.
  • One of the many forms of security employed to prevent unauthorized access is user authentication.
  • user authentication is used to verify a specific user and that the specific user is physically at a computing device.
  • Existing methods for authentication may include factors such as “what do you know” (e.g., a password) or “what do you have” (e.g., token on a smartcard or universal serial bus (USB) key) .
  • these types of authentication are commonly a focus of hackers and can be stolen and mimicked such that the secret or token is input with no user physically located at the computing device.
  • OS operating system
  • I/O input/output
  • Figure 1 illustrates components of a system for performing preboot voice authentication in accordance with some embodiments.
  • FIG. 2 illustrates components of system for performing preboot voice authentication in accordance with some embodiments.
  • Figure 3 illustrates a method for performing preboot voice authentication in accordance with some embodiments.
  • Figure 4 illustrates a method for performing preboot voice authentication in accordance with some embodiments.
  • Figure 5 illustrates components of a system for performing preboot voice authentication in accordance with some embodiments.
  • Described embodiments provide a way to use voice input authentication in a pre-OS environment as a new or additional authentication “what you are” factor.
  • the voice input may be difficult to mimic without a user being physically present at a computer.
  • a voice fingerprint is unique to a user and is not something that can be stolen directly from the user, it may be more difficult to emulate this voice fingerprint.
  • adding a voice authentication capability to a preboot (e.g., pre-OS) environment may fill a gap of preboot readiness for disabilities. While voice control is employed in OS environments, voice control is not currently employed in pre-OS environments due to access to necessary I/O components and computing complexity.
  • Figure 1 illustrates components of a system 100 for performing preboot voice authentication in accordance with some embodiments. Illustration of the embodiments present just those components necessary for appreciating the depicted embodiments, such that other components are foreseeable without departing from the teachings herein.
  • the system 100 may include boot services 110 and an operating system 120.
  • the boot services 110 and the operating system 120 may include instructions and data retrieved from a memory 130 and executed on a processor unit (not shown in Figure 1) .
  • the boot services 110 may be stored as an image at a boot image memory 132 of the memory 130.
  • the operating system 120 may be stored at an OS image memory 134 of the memory 130.
  • the memory 130 may be a non-volatile memory, such as a flash memory, hard drive disk, non-volatile random access memory (NVRAM) , etc.
  • the boot services 110 may include firmware that interfaces with I/O hardware (e.g., now shown) of the system 100 and a unified extensible firmware interface (UEFI) that defines a software interface between the firmware and an operating system.
  • the boot services 110 may include a preboot manager 112 that manages a preboot process, such as managing pre-boot authentication via a preboot authentication 114, data encryption and decryption via an encryption block I/O filter 116, and a boot of the operating system 120 via an OS bootloader 118.
  • the preboot manager 112 may include a UEFI boot manager.
  • the preboot manager 112 may initiate the preboot authentication 114.
  • the preboot authentication 114 may employ password authentication, a token authentication, and/or a multifactor authentication that includes passwords, tokens, and/or biometric data (e.g., fingerprint, retinal scam voice data, etc. ) . Further, the preboot authentication 114 may employ voice boot authentication.
  • the preboot manager 112 may use a simple audio input protocol to communicate with selected hardware to receive the voice data, such as a local/auxiliary audio controller/device or a network card to receive audio data from a remote user. In some examples, the preboot manager 112 may also provide audio output to the user, such as a request for a user to say a known password, repeat a selected phrase, repeat a random phrase, etc.
  • Examples of hardware used to provide or capture the audio input or output, respectively, may include a local audio device (e.g., a HD Audio controller) , auxiliary device (e.g., a universal serial bus (USB) audio device) , a mobile audio device (amobile industry processor interface device) , etc.
  • a local audio device e.g., a HD Audio controller
  • auxiliary device e.g., a universal serial bus (USB) audio device
  • USB universal serial bus
  • mobile audio device a mobile industry processor interface device
  • the preboot manager 112 may provide the voice data to the preboot authentication 114.
  • the preboot authentication 114 may call the voice recognition module 115 to analyze the voice data.
  • the voice recognition module 115 may exist in firmware or may be stored in a data access layer.
  • the voice recognition module 115 may parse the received voice data to provide voice sample data and may determine whether the voice sample data matches a voice fingerprint.
  • the voice recognition module 115 may provide an indication of the determination back to the preboot authentication 114.
  • the preboot authentication 114 may provide a policy associated with the user.
  • the policy may include booting a particular operating system with specified permissions.
  • the preboot authentication 114 may generate a private key (e.g., a disk key) from the voice fingerprint data and may provide a start command and the disk key to the encryption block I/O filter 116 for the encryption block I/O filter 116 to read encrypted data from the boot image memory 132 and decrypt the encrypted data based on the disk key to provide decrypted data.
  • the decrypted data may be read by the OS bootloader 118 to locate the operating system 120 stored at the OS image memory 134 for loading.
  • the OS bootloader 118 may send a load command to an encryption disk filter driver 126 of the operating system 120 to identify a location of the operating system 120 from the OS image memory 134, as well as the disk key.
  • the authentication information from the preboot authentication 114 may be passed to the OS bootloader 118, and onto the operating system 120 for use by the operating system 120 to authenticate a user.
  • a single user authentication may be shared by the boot services 110 and the operating system 120.
  • the operating system 120 may include an OS kernel startup 122 that sends a start command to the encryption disk filter driver 126 to begin reading encrypted data from the OS image memory 134 and decrypting the encrypted data as part of the OS boot process.
  • the OS kernel startup 122 may present a logon screen 124 to authenticate the user.
  • the logon screen 124 may include password authentication, voice authentication, biometric authentication, or combinations thereof. Responsive to a successful authentication, the OS desktop 128 may be loaded.
  • the preboot manager 112 may be loaded (e.g., read) from the boot image memory 132.
  • the preboot manager 112 may manage the preboot process, which may include the preboot authentication 114.
  • the preboot manager 112 may initiate the preboot authentication 114.
  • the preboot authentication 114 may include voice boot authentication.
  • the voice boot authentication may include parsing voice data to provide voice sample data and comparing the voice sample data to a voice fingerprint.
  • the voice fingerprint may be voice characteristics derived from a user’s voice.
  • the voice data may be a spoken password, a spoken passphrase, a spoken instruction.
  • the voice fingerprint may be stored as a waveform template.
  • the preboot manager 112 may call an audio input protocol to engage hardware to receive and capture the voice data from the user.
  • the preboot manager 112 may further call an output protocol, such as an audio output or a video output protocol to prompt the user (e.g., and provide instructions) to provide the voice data.
  • the output protocol including posing questions for the user to answer via an audio communication platform or via a video communication platform.
  • the voice data received by the preboot manager 112 may include answers provided by the user.
  • the preboot manager 112 may call a network protocol to request the voice data from the user that is remote (e.g., not in the same proximate location) to the system 100.
  • the network protocol may be a wireless cloud stack (e.g., Wi-Fi, +HTTP, etc. ) or a cellular communication device driver.
  • the voice recognition module 115 may parse the voice data to provide the voice sample data, and may compare the voice sample data to a voice fingerprint. Parsing the voice data may include applying signal processing techniques to modify the voice data waveform to isolate certain features.
  • the voice fingerprint may be stored at the OS image memory 134, in some examples.
  • the voice recognition module 115 may be stored and executed at a cloud computing device (not shown in Figure 1) (e.g., a server, mobile device, or other device connected via a network) , and the preboot manager 112 may provide the voice data over a network to the cloud computing device.
  • the cloud-computing device may perform the comparison analysis between the voice data and the voice fingerprint and provide results of the comparison back to the preboot manager 112, which may provide the results to the preboot authentication 114.
  • the voice recognition module 115 may be local to the system 100
  • the voice fingerprint may be received from a cloud-computing device, in some examples.
  • the cloud-computing device may store the voice fingerprint or the preboot manager 112 may, in addition to provision of the voice data, provide the voice fingerprint data.
  • the voice data may include a voice passphrase or an instruction.
  • the voice recognition module 115 may process the voice data using a natural language recognition algorithm to recover the voice passphrase or the instruction. As another layer of security beyond the voice fingerprint, the voice recognition module 115 may also compare the voice passphrase to a known passphrase to add another level of authentication for the user, in some examples.
  • the voice recognition module 115 may process the voice data using the natural language recognition algorithm to recover the voice instruction, and may compare the recovered instruction to known instructions in order to carry out the instruction.
  • the instruction may be provided from the voice recognition module 115 to the preboot manager 112.
  • the preboot manager 112 may initiate an audio output protocol to prompt the user to provide confirmation of the instruction, and may initiate an audio input protocol to receive the confirmation prior to carrying out the instruction.
  • the recovery and comparison of the voice passphrase, the voice instruction, and/or the confirmation may be performed locally to the system 100, or remotely at the cloud-computing device.
  • the preboot authentication 114 may return a policy based on the voice data, which may include specification of an operating system to load.
  • the preboot authentication 114 may provide of the start command and the disk key to the encryption block I/O filter 116 to begin loading the specified operating system.
  • the disk key may be derived from the voice fingerprint, in some examples.
  • the encryption block I/O filter 116 may read encrypted data from the boot image memory 132 and decrypt the encrypted data based on the disk key to provide decrypted data.
  • the decrypted data may be read by the OS bootloader 118 to locate the operating system 120 stored at the OS image memory 134 for loading.
  • the OS bootloader 118 may send a load command to an encryption disk filter driver 126 of the operating system 120 to load the operating system 120 from the OS image memory 134.
  • the load command may include a disk key and a location of the operating system 120 at the OS image memory 134.
  • the authentication information from the preboot authentication 114 may be provided to the OS bootloader 118, and onto the operating system 120 for use by the operating system 120 to authenticate the user. Thus, a single user authentication may be shared by the boot services 110 and the operating system 120.
  • the OS kernel startup 122 may send a start command to the encryption disk filter driver 126 to begin reading encrypted data from the OS image memory 134 and decrypting the encrypted data as part of the OS boot process.
  • the OS kernel startup 122 may present a logon screen 124 to authenticate the user.
  • the logon screen 124 may include password authentication, voice authentication, token authentication, biometric authentication, or combinations thereof. Responsive to a successful authentication, the OS desktop 128 may be presented to the user.
  • the preboot authentication 114 may be part of the preboot manager 112. In other examples, the preboot authentication 114 may be an extension of the preboot manager 112. Offering a voice boot option to a preboot process may provide accessibility for persons with disabilities. Further, using the voice boot authentication during the preboot process may provide an added layer of security. For example, the voice data received from the user is an indication that the user is physically present. Further, a voice boot authentication platform configuration register (PCR) may be added as a user configuration by hashing the voice fingerprint waveform, which may add another level of security that is used to recover the disk key.
  • PCR voice boot authentication platform configuration register
  • Running the voice boot authentication during preboot may reduce opportunities for attacks to steal secrets, as the trusted computing base (TCB) may be limited to an audio channel and code, rather having platforms with larger attack surfaces, such as through human interface devices (HIDs) like Bluetooth Low Energy (BLE) .
  • boot services 110 may store an encrypted variable and may use the voice data to decrypt the encrypted variable, which adds a level of security to the preboot process.
  • Figure 2 illustrates components of as system 200 for performing preboot voice authentication in accordance with some embodiments. Illustration of the embodiments present just those components necessary for appreciating the depicted embodiments, such that other components are foreseeable without departing from the teachings herein.
  • the system 200 may include a preboot manager 210 that manages a preboot process including a preboot authentication process.
  • the preboot manager 210 may include a UEFI boot manager.
  • the preboot manager 210 may call a voice recognition module 270, an audio input protocol 220, and/or an audio output protocol 230.
  • the voice recognition module 270 may parse the voice data to provide voice sample data and may compare the voice sample data to a voice fingerprint to authenticate the user as part of the preboot authentication process.
  • the voice recognition module 270 may use a natural language algorithm to analyze voice data.
  • the voice recognition module 270 may use signal processing techniques to modify the voice data waveform to isolate certain features for comparison to a voice fingerprint.
  • the audio input protocol 220 and audio output protocol 230 may communicate with audio I/O devices 216 to provide voice prompts to a user and capture voice data from a user.
  • the audio input protocol 220 may include a microphone capability 222 that defines a protocol for receive the voice data.
  • the audio input protocol 220 may use a simple audio input protocol to communicate with selected drivers/hardware of the audio I/O devices 216 to receive the voice data.
  • the audio output protocol 230 may include a speaker capability 232 that defines a protocol for providing the voice prompts to the user.
  • the audio output protocol 230 may use a simple audio output protocol to communicate with selected drivers/hardware of the audio I/O devices 216 to provide the voice prompts to the user.
  • the audio I/O devices 216 may include a first audio communication platform 240 that includes a high definition (HD) audio driver 242, a peripheral component interconnect (PCI) I/O protocol 244, and a HD audio controller 246 for providing voice prompts and receiving voice data.
  • the audio I/O devices 216 may also include a second audio communication platform 250 that includes a USB audio driver 252, and USB I/O protocol 254, and a USB audio device 256 for providing voice prompts and receiving voice data.
  • the audio I/O devices 216 may further include a third audio communication platform 260 that includes an other audio driver 262, a audio protocol 264, and a device 266 for providing voice prompts and receiving voice data.
  • first, second, and third audio communication platforms 240, 250, and 260 are intended to convey three different audio communication platforms, and is not intended to specify an order or preference for any one of the three audio communication platforms 240, 250, and 260.
  • the first, second, and third audio communication platforms 240, 250, and 260 are exemplary and one of skill in the art would recognize that other audio communication platforms may be included in the audio I/O devices 216 in lieu of or in addition to any of the first, second, and third audio communication platforms 240, 250, and 260.
  • the audio I/O devices 216 may include a subset of the first, second, and third audio communication platforms 240, 250, and 260.
  • the preboot manager 210 may manage the preboot process, which may include preboot authentication using voice boot authentication using the voice recognition module 270.
  • the voice boot authentication may include parsing voice data to provide voice sample data and comparing voice sample data to a voice fingerprint data at the voice recognition module 270.
  • the stored voice fingerprint may be a spoken password, phrase, instruction, or other sounds from a user.
  • the voice fingerprint may be stored as a waveform template.
  • the preboot manager 210 may initiate the audio input protocol 220 to receive the voice data.
  • the audio input protocol 220 may retrieve the microphone capability 222, and may communicate with an audio communication platform of the audio I/O devices 216 based on the microphone capability 222, such as one of the first, second, and third audio communication platforms 240, 250, and 260, to receive the voice data from the user. For example, if the audio input protocol 220 connects to the first audio communication platform 240, the audio input protocol 220 may provide instructions to the HD audio driver 242, which may use the PCI I/O protocol 244 to communicate with the HD audio controller 246 to receive and capture the voice data, which may be provided back to the audio input protocol 220.
  • the audio input protocol 220 may provide instructions to the USB audio driver 252, which may use the USB I/O protocol 254 to communicate with the USB audio device 256 to receive and capture the voice data, which may be provided back to the audio input protocol 220. If the audio input protocol 220 connects to third audio communication platform 260, the audio input protocol 220 may provide instructions to the other (e.g., ) audio driver 262, which may use the audio protocol 264 to communicate with the device 266 to receive and capture the voice data, which may be provided back to the audio input protocol 220.
  • the other audio driver 262 may use the audio protocol 264 to communicate with the device 266 to receive and capture the voice data, which may be provided back to the audio input protocol 220.
  • the preboot manager 210 may initiate the audio output protocol 230 to provide prompts to the user to provide the voice data.
  • the audio output protocol 230 may retrieve the speaker capability 232, and may communicate with an audio communication platform of the audio I/O devices 216 based on the speaker capability 232, such as one of the first, second, and third audio communication platforms 240, 250, and 260, to provide the prompts to the user.
  • the audio input protocol 220 may provide instructions to the HD audio driver 242, which may use the PCI I/O protocol 244 to communicate with the HD audio controller 246 to provide the user prompts to provide the voice data, which may be played for the user.
  • the audio input protocol 220 may provide instructions to the USB audio driver 252, which may use the USB I/O protocol 254 to communicate with the USB audio device 256 to provide the user prompts to provide the voice data, which may be played for the user. If the audio input protocol 220 connects to third audio communication platform 260, the audio input protocol 220 may provide instructions to the other audio driver 262, which may use the audio protocol 264 to communicate with the device 266 to provide the user prompts to provide the voice data, which may be played for the user.
  • the audio input protocol 220 and/or the audio output protocol 230 may include calling a network protocol to request the voice data from an audio communication device that is remote (e.g., not in the same proximate location) to the system 200.
  • the network protocol may be a wireless cloud stack (e.g., Wi-Fi, +HTTP, etc. ) or a cellular communication device driver.
  • the audio input protocol 220 may provide the received voice data to the preboot manager 210.
  • the preboot manager 210 Responsive to receipt of the voice data, the preboot manager 210 provide the voice data to the voice recognition module 270 for processing.
  • the voice recognition module 270 may parse the voice data to provide the voice sample data, and may compare the voice sample data to a voice fingerprint. Parsing the voice data may include applying signal processing techniques to modify the voice data waveform to isolate certain features.
  • the voice recognition module 270 may be stored and executed at a cloud computing device (not shown in Figure 2) , and the preboot manager 210 may provide the voice data over a network to the cloud computing device.
  • the cloud-computing device may perform the comparison analysis between the voice data and the voice fingerprint and provide results of the comparison back to the preboot manager 210.
  • the voice fingerprint may be received from the cloud-computing device, in some examples.
  • the cloud-computing device may store the voice fingerprint or the preboot manager 210 may, in addition to provision of the voice data, provide the voice fingerprint data.
  • the voice data may include a voice passphrase or an instruction.
  • the voice recognition module 270 may process the voice data using a natural language recognition algorithm to recover the voice passphrase or the instruction. As another layer of security beyond the voice fingerprint, the voice recognition module 270 may also compare the voice passphrase to a known passphrase to provide an additional level of authentication for the user, in some examples.
  • the voice recognition module 270 may process the voice data using the natural language recognition algorithm to recover the voice instruction, and may compare the recovered instruction to known instructions in order to carry out the instruction.
  • the instruction may be provided from the voice recognition module 270 to the preboot manager 210.
  • the preboot manager 210 may initiate an audio output protocol to prompt the user to provide confirmation of the instruction, and may initiate an audio input protocol to receive the confirmation prior to carrying out the instruction.
  • the recovery and comparison of the voice passphrase, the voice instruction, and/or the confirmation may be performed locally to the system 200, or remotely at the cloud-computing device.
  • the preboot manager 210 may initiate a load of an operating system bootloader, such as the OS bootloader 118 of Figure 1, to start a process of booting an operating system.
  • an operating system bootloader such as the OS bootloader 118 of Figure 1
  • the preboot manager 210 may provide a disk key, which may be used to decrypt data from memory for loading and starting the operating system bootloader.
  • the preboot authentication process may be an extension of the preboot manager 210. Offering a voice boot authentication option as part of the preboot manager 210 to a preboot process may provide accessibility for persons with disabilities. Further, the voice boot authentication during the preboot process may provide an added layer of security. For example, the voice data received from the user is an indication that the user is physically present. Further, a voice boot authentication PCR may be added as a user configuration by hashing the voice fingerprint waveform, which may add another level of security that is used to recover the disk key.
  • Running the voice boot authentication during preboot may also reduce opportunities for attacks to steal secrets, as the TCB may be limited to an audio channel and code, rather having platforms with larger attack surfaces, such as through human interface devices (HIDs) like Bluetooth Low Energy (BLE) .
  • preboot manager 210 may store an encrypted variable and may use the voice data to decrypt the encrypted variable, which adds a level of security to the preboot process.
  • Figure 3 illustrates a method 300 for voice boot authentication during a preboot process in accordance with some embodiments.
  • the method 300 may be implemented in the boot services 110 of Figure 1, the system 200 of Figure 2, or combinations thereof.
  • the method 300 may include calling an audio input protocol from a preboot manager, at 310.
  • the preboot manager may include the preboot manager 112 of Figure 1 or the preboot manager 210 of Figure 2.
  • the audio input protocol may include the audio input protocol 220 of Figure 2.
  • calling the audio input protocol from the preboot manager may include communicating with a driver of an audio communication platform, such as any of the first, second, and third audio communication platforms 240, 250, and 260 of Figure 2.
  • the method 300 may further include receiving voice data from the audio communication platform based on the audio input protocol, at 320.
  • Receiving the voice data from the audio communication platform may include receiving the voice data from a remote device via a network.
  • the voice data may be provided through the network from a remote device.
  • the method 300 may include providing user prompts requesting the voice data.
  • providing user prompts requesting the voice data may include calling an audio output protocol from the preboot manager, and providing the user prompts to a second audio communication platform based on the audio output protocol.
  • the second audio communication platform may include any of the first, second, and third audio communication platforms 240, 250, and 260 of Figure 2.
  • providing user prompts requesting the voice data may include calling a video output protocol from the preboot manager, and providing the user prompts to a video communication platform based on the video output protocol.
  • the method 300 may include parsing the voice data to retrieve voice sample data, at 330. Parsing of the voice data may be performed by a voice recognition module, such as the voice recognition module 115 of Figure 1 and/or the voice recognition module 270 of Figure 2. Parsing the voice data to retrieve the voice sample data comprises providing the voice data to the voice recognition module.
  • providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol.
  • the network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
  • the method 300 may further include determining whether the voice sample data matches voice fingerprint data, at 340. In some examples, the method 300 may further include receiving the voice fingerprint data from a remote device via a network.
  • the method 300 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, returning a policy based on the voice fingerprint data, at 350.
  • the policy may specify an operating system to load.
  • the voice data includes a voice passphrase.
  • the method 300 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, determining whether the voice passphrase matches a known voice passphrase.
  • determining whether the voice passphrase matches the known voice passphrase may include providing the voice passphrase to a remote device over a network, and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  • the received indication may include a token or key, which may be used to unlock a key or keychain to decrypt data in memory.
  • the method 300 may further include receiving the voice passphrase from a remote device via a network.
  • receiving the policy based on the voice fingerprint data may be further in response to the voice passphrase matching the known voice passphrase.
  • the method 300 may further include generating a disk key based on the voice fingerprint data, decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and reading the decrypted data to initiate loading of the operating system.
  • the generating the disk key may be performed by the preboot authentication 114 of Figure 1 and/or the preboot manager 210 of Figure 2.
  • the decrypting of the encrypted data may be performed by the encryption block I/O filter 116 of Figure 1.
  • the reading of the decrypted data may be performed by the OS bootloader 118 of Figure 1.
  • the voice data includes a voice instruction.
  • the method 300 may further include performing an action based on the voice instruction.
  • the method 300 may further include, prior to performing the action based on the voice instruction, providing a user prompt for a confirmation of the voice instruction, and receiving the confirmation of the voice instruction.
  • Providing the user prompt for the confirmation of the voice instruction may include calling an audio output protocol from the preboot manager, and providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Figure 4 illustrates a method 400 for voice boot authentication during a preboot process in accordance with some embodiments.
  • the method 400 may be implemented in the boot services 110 of Figure 1, the system 200 of Figure 2, or combinations thereof.
  • the method 400 may include entering a preboot manager, at 410.
  • the method 400 may further include calling an audio input protocol from a preboot manager, at 420.
  • the preboot manager may include the preboot manager 112 of Figure 1 or the preboot manager 210 of Figure 2.
  • the audio input protocol may include the audio input protocol 220 of Figure 2.
  • Calling the preboot manager may include calling a network protocol.
  • the network protocol may include a wireless cloud stack to communicate over the cloud 422 or a cellular communication device driver to communicate over the cellular network 424.
  • the method 400 may waiting for voice data, at 430.
  • the method 400 may further include providing the voice data to a voice recognition module, at 440.
  • the voice recognition module may include the voice recognition module 115 of Figure 1 and/or the voice recognition module 270 of Figure 2.
  • providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol.
  • the network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
  • the method 400 may include parsing the voice data to retrieve voice sample data, at 445. Parsing of the voice data may be performed by the voice recognition module. Parsing the voice data to retrieve the voice sample data comprises providing the voice data to the voice recognition module. In some examples, providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol.
  • the network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
  • the method 400 may further include determining whether the voice sample data matches voice fingerprint data, at 450.
  • determining whether the voice sample data matches voice fingerprint data may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol.
  • the network protocol may include a wireless cloud stack to communicate over the cloud 452 or a cellular communication device driver to communicate over the cellular network 454.
  • the voice data includes a voice passphrase.
  • the method 400 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, analyzing the voice passphrase, at 460.
  • the method 400 may further include checking whether the voice passphrase matches a known voice passphrase, at 470.
  • checking whether the voice passphrase matches the known voice passphrase may include providing the voice passphrase to a remote device over a network, such as the cloud 452 or the cellular communication network 454, and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  • the received indication may include a token or key, which may be used to unlock a key or keychain to decrypt data in memory.
  • the method 400 may further include continuing with a preboot process responsive to the voice passphrase matching a known passphrase, at 480.
  • FIG. 5 is a block diagram of a computer system 500 according to some embodiments.
  • the computer system may include a processor unit chip 510 coupled to a memory 520, an other I/O 530, an audio I/O 540, and a network interface 550.
  • the memory 520 may include the memory 130 of Figure 1.
  • the processor unit chip 510 may include one or more processor units and local memory, such as cache memory.
  • the processor unit chip 510 may retrieve a boot image 522 from the memory 520.
  • the boot image 522 may include a preboot authentication 524.
  • the boot image 522 may be include instructions for the boot services 110 of Figure 1, the preboot manager 210, the audio input protocol 220, the audio output protocol 230, and/or the voice recognition module 270 of Figure 2, or combinations thereof.
  • the processor unit chip 510 executing instructions contained in the boot image 522 may perform the methods 400 and/or 500.
  • the processor unit chip 510 executing instructions loaded from the boot image 522, may communicate with the other I/O 530, the audio I/O 540, and the network interface 550 to perform a preboot authentication process, including a voice boot process. Responsive to successful authentication and completion of the preboot process, the processor unit chip 510 may load the OS image 526 to initiate a boot of an OS.
  • the OS may include the operating system 120 of Figure 1.
  • the audio I/O 540 may include the audio I/O devices 216 of Figure 2.
  • the other I/O 530 may include video, keyboard, mouse, or other I/O input and output devices to communicate with the computer system 500.
  • the network interface 550 may include a capability to communicate over the cloud 422, the cellular network 424, the cloud 452, and/or the cellular network 454 of Figure 4.
  • Examples, as described herein, may include, or may operate on, logic or a number of components, modules, or mechanisms.
  • Modules are tangible entities (e.g., hardware) capable of performing specified operations and may be configured or arranged in a certain manner.
  • circuits may be arranged (e.g., internally or with respect to external entities such as other circuits) in a specified manner as a module.
  • the software may reside on at least one machine-readable medium
  • module is understood to encompass a tangible entity, be that an entity that is physically constructed, specifically configured (e.g., hardwired) , or temporarily (e.g., transitorily) configured (e.g., programmed) to operate in a specified manner or to perform at least part of any operation described herein.
  • a module need not be instantiated at any one moment in time.
  • the modules comprise a general-purpose hardware processor configured using software; the general-purpose hardware processor may be configured as respective different modules at different times.
  • Software may accordingly configure a hardware processor, for example, to constitute a particular module at one instance of time and to constitute a different module at a different instance of time.
  • application, process, or service or variants thereof, is used expansively herein to include routines, program modules, programs, components, and the like, and may be implemented on various system configurations, including single-processor or multiprocessor systems, microprocessor-based electronics, single-core or multi-core systems, combinations thereof, and the like.
  • application, process, or service may be used to refer to an embodiment of software or to hardware arranged to perform at least part of any operation described herein.
  • machine-readable medium may include a single medium
  • machine-readable medium may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) .
  • Example 1 includes subject matter (such as a device, apparatus, or machine) for voice boot authentication during preboot comprising: a preboot manager to call an audio input protocol, the preboot manager further to receive voice data from an audio communication platform, wherein, in response to a determination that voice sample data matches voice fingerprint data, the preboot manager to receive a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load; and a voice recognition module to receive the voice data from the preboot manager and to parse the voice data to retrieve the voice sample data, wherein the voice recognition module further to determine whether the voice sample data matches the voice fingerprint data.
  • a preboot manager to call an audio input protocol
  • the preboot manager further to receive voice data from an audio communication platform, wherein, in response to a determination that voice sample data matches voice fingerprint data, the preboot manager to receive a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load
  • a voice recognition module to receive the voice data from the preboot manager and to parse the voice data to
  • Example 2 the subject matter of Example 1 may include, wherein the preboot manager further to provide user prompts requesting the voice data.
  • Example 3 the subject matter of any one of Examples 1 to 2 may include, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call an audio output protocol from the preboot manager and to provide the user prompts to a second audio communication platform.
  • Example 4 the subject matter of any one of Examples 1 to 3 may include, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call a video output protocol from the preboot manager and to providing the user prompts to a video communication platform.
  • Example 5 the subject matter of any one of Examples 1 to 4 may include, a preboot authenticator to, after receiving the policy, generate a disk key based on the voice fingerprint data; an encryption block input/output filter to decrypt encrypted data retrieved from memory using the disk key to provide decrypted data; and an operating system bootloader to read the decrypted data to initiate loading of the operating system.
  • Example 6 the subject matter of any one of Examples 1 to 5 may include, wherein the preboot manager to receive the voice data from the audio communication platform comprises receipt of the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
  • Example 7 the subject matter of any one of Examples 1 to 6 may include, wherein the preboot manager to call the audio input protocol from the preboot manager comprises communication with a driver of the audio communication platform.
  • Example 8 the subject matter of any one of Examples 1 to 7 may include, wherein the voice data includes a voice passphrase, wherein the voice recognition module further to, in response to a determination that the voice sample data matches the voice fingerprint data, determine whether the voice passphrase matches a known voice passphrase; wherein reception of the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
  • Example 9 the subject matter of any one of Examples 1 to 8 may include, where the voice recognition module is further configured to receive the voice passphrase from a remote device via a network.
  • Example 10 the subject matter of any one of Examples 1 to 9 may include, wherein the voice recognition module to determine whether the voice passphrase matches the known voice passphrase comprises the voice recognition module to provide the voice passphrase to a remote device over a network and to receive an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  • Example 11 the subject matter of any one of Examples 1 to 10 may include, wherein the indication as to whether the voice passphrase matches the known voice passphrase is one of a key or a token.
  • Example 12 the subject matter of any one of Examples 1 to 11 may include, wherein the voice recognition module further to receive the voice fingerprint data from a remote device via a network.
  • Example 13 the subject matter of any one of Examples 1 to 12 may include, wherein the voice data includes a voice instruction; wherein the voice recognition module further to perform an action based on the voice instruction.
  • Example 14 the subject matter of any one of Examples 1 to 13 may include, wherein the preboot manager, prior to performance of the action based on the voice instruction, to provide a user prompt for a confirmation of the voice instruction and to receive the confirmation of the voice instruction.
  • Example 15 the subject matter of any one of Examples 1 to 14 may include, wherein the preboot manager to provide the user prompt for the confirmation of the voice instruction comprises the preboot manager to call an audio output protocol from the preboot manager and to provide the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 16 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) for voice boot authentication during preboot comprising: calling an audio input protocol from a preboot manager; receiving voice data from an audio communication platform based on the audio input protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load.
  • voice boot authentication during preboot comprising: calling an audio input protocol from a preboot manager; receiving voice data from an audio communication platform based on the audio input protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load.
  • Example 17 the subject matter of Example 16 may include, providing user prompts requesting the voice data.
  • Example 18 the subject matter of any one of Examples 16 to 17 may include, wherein providing the user prompts requesting the voice data comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 19 the subject matter of any one of Examples 16 to 18 may include, wherein providing the user prompts requesting the voice data comprises: calling a video output protocol from the preboot manager; and providing the user prompts to a video communication platform based on the video output protocol.
  • Example 20 the subject matter of any one of Examples 16 to 19 may include, after receiving the policy: generating a disk key based on the voice fingerprint data; decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and reading the decrypted data to initiate loading of the operating system.
  • Example 21 the subject matter of any one of Examples 16 to 20 may include, wherein receiving the voice data from the audio communication platform comprises receiving the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
  • Example 22 the subject matter of any one of Examples 16 to 21 may include, wherein parsing the voice data to retrieve the voice sample data comprises providing the voice data to a voice recognition module.
  • Example 23 the subject matter of any one of Examples 16 to 22 may include, wherein providing the voice data to a voice recognition module comprises: calling a network protocol; and providing the voice data to the voice recognition module over a network using the network protocol.
  • Example 24 the subject matter of any one of Examples 16 to 23 may include, wherein the network protocol comprises a wireless cloud stack or a cellular communication device driver.
  • the network protocol comprises a wireless cloud stack or a cellular communication device driver.
  • Example 25 the subject matter of any one of Examples 16 to 24 may include, wherein calling the audio input protocol from the preboot manager comprises communicating with a driver of the audio communication platform.
  • Example 26 the subject matter of any one of Examples 16 to 25 may include, wherein the voice data includes a voice passphrase, the method in response to a determination that the voice sample data matches the voice fingerprint data, determining whether the voice passphrase matches a known voice passphrase; wherein receiving the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
  • Example 27 the subject matter of any one of Examples 16 to 26 may include, receiving the voice passphrase from a remote device via a network.
  • Example 28 the subject matter of any one of Examples 16 to 27 may include, wherein determining whether the voice passphrase matches the known voice passphrase comprises: providing the voice passphrase to a remote device over a network; and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  • Example 29 the subject matter of any one of Examples 16 to 28 may include, receiving the voice fingerprint data from a remote device via a network.
  • Example 30 the subject matter of any one of Examples 16 to 29 may include, wherein the voice data includes a voice instruction; the method performing an action based on the voice instruction.
  • Example 31 the subject matter of any one of Examples 16 to 30 may include, prior to performing the action based on the voice instruction: providing a user prompt for a confirmation of the voice instruction; and receiving the confirmation of the voice instruction.
  • Example 32 the subject matter of any one of Examples 16 to 31 may include, wherein providing the user prompt for the confirmation of the voice instruction comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 32 the subject matter of any one of Examples 16 to 31 may include, wherein providing the user prompt for the confirmation of the voice instruction comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 33 includes at least one medium including instructions that, when executed on a machine cause the machine to perform any of the Examples 16-32.
  • Example 34 includes an apparatus comprising means for performing any of the Examples 16-32.
  • Example 35 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) for voice boot authentication comprising: during a preboot process: calling an audio input protocol that includes a network protocol; receiving voice data via a network using the network protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving the voice passphrase; checking whether the voice passphrase matches a known voice passphrase; and continuing with a preboot process responsive to the voice passphrase matching a known passphrase.
  • voice boot authentication comprising: during a preboot process: calling an audio input protocol that includes a network protocol; receiving voice data via a network using the network protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving the voice passphrase; checking whether
  • Example 36 the subject matter of Example 35 may include, entering a boot manager.
  • Example 37 the subject matter of any one of Examples 35 to 36 may include, providing the voice data to a voice recognition module.
  • Example 38 the subject matter of any one of Examples 35 to 37 may include, wherein providing the voice data to a voice recognition module comprises: calling a network protocol; and providing the voice data to the voice recognition module over a network using the network protocol.
  • Example 39 the subject matter of any one of Examples 35 to 38 may include, wherein the network protocol includes a wireless cloud stack or a cellular communication device driver.
  • Example 40 includes at least one medium including instructions that, when executed on a machine cause the machine to perform any of the Examples 35-39.
  • Example 41 includes an apparatus comprising means for performing any of the Examples 35-39.
  • Example 42 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) comprising: means for calling an audio input protocol from a preboot manager; means for receiving voice data from an audio communication platform based on the audio input protocol; means for parsing the voice data to retrieve voice sample data; means for determining whether the voice sample data matches voice fingerprint data; and means for receiving a policy based on the voice fingerprint data in response to a determination that the voice sample data matches the voice fingerprint data, wherein the policy specifies an operating system to load.
  • subject matter such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform
  • means for calling an audio input protocol from a preboot manager comprising: means for calling an audio input protocol from a preboot manager; means for receiving voice data from an audio communication platform based on the audio input protocol; means for parsing the voice data to retrieve voice sample data
  • Example 43 the subject matter of Example 42 may include, means for providing user prompts requesting the voice data.
  • Example 44 the subject matter of any one of Examples 42 to 43 may include, wherein the means for providing the user prompts requesting the voice data comprise: means for calling an audio output protocol from the preboot manager; and means for providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 45 the subject matter of any one of Examples 42 to 44 may include, wherein the means for providing the user prompts requesting the voice data comprise: means for calling a video output protocol from the preboot manager; and means for providing the user prompts to a video communication platform based on the video output protocol.
  • Example 46 the subject matter of any one of Examples 42 to 45 may include, after receiving the policy: means for generating a disk key based on the voice fingerprint data; means for decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and means for reading the decrypted data to initiate loading of the operating system.
  • Example 47 the subject matter of any one of Examples 42 to 46 may include, wherein the means for receiving the voice data from the audio communication platform comprise means for receiving the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
  • Example 48 the subject matter of any one of Examples 42 to 47 may include, wherein the means for parsing the voice data to retrieve the voice sample data comprise means for providing the voice data to a voice recognition module.
  • Example 49 the subject matter of any one of Examples 42 to 48 may include, wherein the means for providing the voice data to a voice recognition module comprise: means for calling a network protocol; and means for providing the voice data to the voice recognition module over a network using the network protocol.
  • Example 50 the subject matter of any one of Examples 42 to 49 may include, wherein the network protocol comprises a wireless cloud stack or a cellular communication device driver.
  • Example 51 the subject matter of any one of Examples 42 to 50 may include, wherein the means for calling the audio input protocol from the preboot manager comprise means for communicating with a driver of the audio communication platform.
  • Example 52 the subject matter of any one of Examples 42 to 51 may include, wherein the voice data includes a voice passphrase, the apparatus means for determining whether the voice passphrase matches a known voice passphrase in response to a determination that the voice sample data matches the voice fingerprint data; wherein the means for receiving the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
  • Example 53 the subject matter of any one of Examples 42 to 52 may include, means for receiving the voice passphrase from a remote device via a network.
  • Example 54 the subject matter of any one of Examples 42 to 53 may include, wherein the means for determining whether the voice passphrase matches the known voice passphrase comprise: means for providing the voice passphrase to a remote device over a network; and means for receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  • Example 55 the subject matter of any one of Examples 42 to 54 may include, means for receiving the voice fingerprint data from a remote device via a network.
  • Example 56 the subject matter of any one of Examples 42 to 55 may include, wherein the voice data includes a voice instruction; the apparatus means for performing an action based on the voice instruction.
  • Example 57 the subject matter of any one of Examples 42 to 56 may include, prior to performing the action based on the voice instruction: means for providing a user prompt for a confirmation of the voice instruction; and means for receiving the confirmation of the voice instruction.
  • Example 58 the subject matter of any one of Examples 42 to 57 may include, wherein the means for providing the user prompt for the confirmation of the voice instruction comprise: means for calling an audio output protocol from the preboot manager; and means for providing the user prompts to a second audio communication platform based on the audio output protocol.
  • Example 59 includes subject matter (such as a device, apparatus, or machine) comprising: means for during a preboot process: calling an audio input protocol that includes a network protocol; receiving voice data via a network using the network protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving the voice passphrase; checking whether the voice passphrase matches a known voice passphrase; and continuing with a preboot process responsive to the voice passphrase matching a known passphrase.
  • Example 60 the subject matter of Example 59 may include, means for entering a boot manager.
  • Example 61 the subject matter of any one of Examples 59 to 60 may include, means for providing the voice data to a voice recognition module.
  • Example 62 the subject matter of any one of Examples 59 to 61 may include, wherein the means for providing the voice data to a voice recognition module comprise: means for calling a network protocol; and means for providing the voice data to the voice recognition module over a network using the network protocol.
  • Example 63 the subject matter of any one of Examples 59 to 62 may include, wherein the network protocol includes a wireless cloud stack or a cellular communication device driver.
  • the terms “a” or “an” are used, as is common in patent documents, to include one or more than one, independent of any other instances or usages of “at least one” or “one or more. ”
  • the term “or” is used to refer to a nonexclusive or, such that “A or B” includes “A but not B, ” “B but not A, ” and “A and B, ” unless otherwise indicated.
  • the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Apparatuses and methods for preboot voice authentication are described herein. An example system for voice boot authentication during preboot may include a preboot manager to call an audio input protocol. The preboot manager further to receive voice data from an audio communication platform. In response to a determination that voice sample data matches voice fingerprint data the preboot manager to receive a policy based on the voice fingerprint data. The policy specifies an operating system to load. The example system further including a voice recognition module to receive the voice data from the preboot manager and to parse the voice data to retrieve the voice sample data. The voice recognition module further to determine whether the voice sample data matches the voice fingerprint data.

Description

APPARATUSES AND METHODS FOR PREBOOT VOICE AUTHENTICATION BACKGROUND
Computer security is an ongoing battle to protect unauthorized access to sensitive information. One of the many forms of security employed to prevent unauthorized access is user authentication. Ideally, user authentication is used to verify a specific user and that the specific user is physically at a computing device. Existing methods for authentication may include factors such as “what do you know” (e.g., a password) or “what do you have” (e.g., token on a smartcard or universal serial bus (USB) key) . However, these types of authentication are commonly a focus of hackers and can be stolen and mimicked such that the secret or token is input with no user physically located at the computing device. In some operating system (OS) environments, more advanced/complex authentication methods may be employed, but pre-OS environments are constrained by limitations in image size and input/output (I/O) complexity. Thus, computing devices may be vulnerable to unauthorized accesses in the pre-OS environments.
BRIEF DESCRIPTION OF THE DRAWINGS
In the drawings, which are not necessarily drawn to scale, like numerals may describe similar components in different views. Like numerals having different letter suffixes may represent different instances of similar components. The drawings illustrate generally, by way of example, but not by way of limitation, various embodiments discussed in the present document.
Figure 1 illustrates components of a system for performing preboot voice authentication in accordance with some embodiments.
Figure 2 illustrates components of system for performing preboot voice authentication in accordance with some embodiments.
Figure 3 illustrates a method for performing preboot voice authentication in accordance with some embodiments.
Figure 4 illustrates a method for performing preboot voice authentication in accordance with some embodiments.
Figure 5 illustrates components of a system for performing preboot voice authentication in accordance with some embodiments.
DETAILED DESCRIPTION
Described embodiments provide a way to use voice input authentication in a pre-OS environment as a new or additional authentication “what you are” factor. When different words are spoken during each authentication, the voice input may be difficult to mimic without a user being physically present at a computer. Further, because a voice fingerprint is unique to a user and is not something that can be stolen directly from the user, it may be more difficult to emulate this voice fingerprint. Further, adding a voice authentication capability to a preboot (e.g., pre-OS) environment may fill a gap of preboot readiness for disabilities. While voice control is employed in OS environments, voice control is not currently employed in pre-OS environments due to access to necessary I/O components and computing complexity.
Figure 1 illustrates components of a system 100 for performing preboot voice authentication in accordance with some embodiments. Illustration of the embodiments present just those components necessary for appreciating the depicted embodiments, such that other components are foreseeable without departing from the teachings herein.
The system 100 may include boot services 110 and an operating system 120. The boot services 110 and the operating system 120 may include instructions and data retrieved from a memory 130 and executed on a processor unit (not shown in Figure 1) . The boot services 110 may be stored as an image at a boot image memory 132 of the memory 130. The operating system 120 may be stored at an OS image memory 134 of the memory 130. The memory 130 may be a non-volatile memory, such as a flash memory, hard drive disk, non-volatile random access memory (NVRAM) , etc.
The boot services 110 may include firmware that interfaces with I/O hardware (e.g., now shown) of the system 100 and a unified extensible firmware interface (UEFI) that defines a software interface between the firmware and an operating system. The boot services 110 may include a preboot manager 112 that manages a preboot process, such as managing pre-boot authentication via a  preboot authentication 114, data encryption and decryption via an encryption block I/O filter 116, and a boot of the operating system 120 via an OS bootloader 118. The preboot manager 112 may include a UEFI boot manager.
The preboot manager 112 may initiate the preboot authentication 114. The preboot authentication 114 may employ password authentication, a token authentication, and/or a multifactor authentication that includes passwords, tokens, and/or biometric data (e.g., fingerprint, retinal scam voice data, etc. ) . Further, the preboot authentication 114 may employ voice boot authentication. The preboot manager 112 may use a simple audio input protocol to communicate with selected hardware to receive the voice data, such as a local/auxiliary audio controller/device or a network card to receive audio data from a remote user. In some examples, the preboot manager 112 may also provide audio output to the user, such as a request for a user to say a known password, repeat a selected phrase, repeat a random phrase, etc. Examples of hardware used to provide or capture the audio input or output, respectively, may include a local audio device (e.g., a HD Audio controller) , auxiliary device (e.g., a universal serial bus (USB) audio device) , a mobile audio device (amobile industry processor interface
Figure PCTCN2016078253-appb-000001
device) , etc.
The preboot manager 112 may provide the voice data to the preboot authentication 114. The preboot authentication 114 may call the voice recognition module 115 to analyze the voice data. The voice recognition module 115 may exist in firmware or may be stored in a data access layer. The voice recognition module 115 may parse the received voice data to provide voice sample data and may determine whether the voice sample data matches a voice fingerprint. The voice recognition module 115 may provide an indication of the determination back to the preboot authentication 114. Responsive to the voice fingerprint matching the voice sample data, the preboot authentication 114 may provide a policy associated with the user. The policy may include booting a particular operating system with specified permissions. For example, the preboot authentication 114 may generate a private key (e.g., a disk key) from the voice fingerprint data and may provide a start command and the disk key to the encryption block I/O filter 116 for the encryption block I/O filter 116 to read encrypted data from the boot image memory 132 and decrypt the encrypted data based on the disk key to provide  decrypted data. The decrypted data may be read by the OS bootloader 118 to locate the operating system 120 stored at the OS image memory 134 for loading. The OS bootloader 118 may send a load command to an encryption disk filter driver 126 of the operating system 120 to identify a location of the operating system 120 from the OS image memory 134, as well as the disk key. In some examples, the authentication information from the preboot authentication 114 may be passed to the OS bootloader 118, and onto the operating system 120 for use by the operating system 120 to authenticate a user. Thus, a single user authentication may be shared by the boot services 110 and the operating system 120.
The operating system 120 may include an OS kernel startup 122 that sends a start command to the encryption disk filter driver 126 to begin reading encrypted data from the OS image memory 134 and decrypting the encrypted data as part of the OS boot process. The OS kernel startup 122 may present a logon screen 124 to authenticate the user. In some examples, the logon screen 124 may include password authentication, voice authentication, biometric authentication, or combinations thereof. Responsive to a successful authentication, the OS desktop 128 may be loaded.
In operation, responsive to initiation of a boot process of the system 100, the preboot manager 112 may be loaded (e.g., read) from the boot image memory 132. The preboot manager 112 may manage the preboot process, which may include the preboot authentication 114. The preboot manager 112 may initiate the preboot authentication 114. The preboot authentication 114 may include voice boot authentication. The voice boot authentication may include parsing voice data to provide voice sample data and comparing the voice sample data to a voice fingerprint. The voice fingerprint may be voice characteristics derived from a user’s voice. In some examples, the voice data may be a spoken password, a spoken passphrase, a spoken instruction. The voice fingerprint may be stored as a waveform template.
The preboot manager 112 may call an audio input protocol to engage hardware to receive and capture the voice data from the user. The preboot manager 112 may further call an output protocol, such as an audio output or a video output protocol to prompt the user (e.g., and provide instructions) to provide the voice data. For example, the output protocol including posing questions for the user to  answer via an audio communication platform or via a video communication platform. The voice data received by the preboot manager 112 may include answers provided by the user.
In some examples, the preboot manager 112 may call a network protocol to request the voice data from the user that is remote (e.g., not in the same proximate location) to the system 100. The network protocol may be a wireless cloud stack (e.g., Wi-Fi, 
Figure PCTCN2016078253-appb-000002
+HTTP, etc. ) or a cellular communication device driver. The voice recognition module 115 may parse the voice data to provide the voice sample data, and may compare the voice sample data to a voice fingerprint. Parsing the voice data may include applying signal processing techniques to modify the voice data waveform to isolate certain features. The voice fingerprint may be stored at the OS image memory 134, in some examples. In other examples, the voice recognition module 115 may be stored and executed at a cloud computing device (not shown in Figure 1) (e.g., a server, mobile device, or other device connected via a network) , and the preboot manager 112 may provide the voice data over a network to the cloud computing device. The cloud-computing device may perform the comparison analysis between the voice data and the voice fingerprint and provide results of the comparison back to the preboot manager 112, which may provide the results to the preboot authentication 114. In some examples where the voice recognition module 115 may be local to the system 100, the voice fingerprint may be received from a cloud-computing device, in some examples. In examples where the voice recognition module 115 is remote to the system 100, the cloud-computing device may store the voice fingerprint or the preboot manager 112 may, in addition to provision of the voice data, provide the voice fingerprint data.
In some examples, the voice data may include a voice passphrase or an instruction. The voice recognition module 115 may process the voice data using a natural language recognition algorithm to recover the voice passphrase or the instruction. As another layer of security beyond the voice fingerprint, the voice recognition module 115 may also compare the voice passphrase to a known passphrase to add another level of authentication for the user, in some examples. In addition, if the voice data includes a voice instruction, the voice recognition module 115 may process the voice data using the natural language recognition  algorithm to recover the voice instruction, and may compare the recovered instruction to known instructions in order to carry out the instruction. The instruction may be provided from the voice recognition module 115 to the preboot manager 112. In some examples, the preboot manager 112 may initiate an audio output protocol to prompt the user to provide confirmation of the instruction, and may initiate an audio input protocol to receive the confirmation prior to carrying out the instruction. The recovery and comparison of the voice passphrase, the voice instruction, and/or the confirmation may be performed locally to the system 100, or remotely at the cloud-computing device.
Responsive to the voice data matching a voice fingerprint, the preboot authentication 114 may return a policy based on the voice data, which may include specification of an operating system to load. The preboot authentication 114 may provide of the start command and the disk key to the encryption block I/O filter 116 to begin loading the specified operating system. The disk key may be derived from the voice fingerprint, in some examples. Responsive to the start command, the encryption block I/O filter 116 may read encrypted data from the boot image memory 132 and decrypt the encrypted data based on the disk key to provide decrypted data. The decrypted data may be read by the OS bootloader 118 to locate the operating system 120 stored at the OS image memory 134 for loading. The OS bootloader 118 may send a load command to an encryption disk filter driver 126 of the operating system 120 to load the operating system 120 from the OS image memory 134. The load command may include a disk key and a location of the operating system 120 at the OS image memory 134. In some examples, the authentication information from the preboot authentication 114 may be provided to the OS bootloader 118, and onto the operating system 120 for use by the operating system 120 to authenticate the user. Thus, a single user authentication may be shared by the boot services 110 and the operating system 120.
The OS kernel startup 122 may send a start command to the encryption disk filter driver 126 to begin reading encrypted data from the OS image memory 134 and decrypting the encrypted data as part of the OS boot process. The OS kernel startup 122 may present a logon screen 124 to authenticate the user. In some examples, the logon screen 124 may include password authentication, voice authentication, token authentication, biometric authentication, or combinations  thereof. Responsive to a successful authentication, the OS desktop 128 may be presented to the user.
In some examples, the preboot authentication 114 may be part of the preboot manager 112. In other examples, the preboot authentication 114 may be an extension of the preboot manager 112. Offering a voice boot option to a preboot process may provide accessibility for persons with disabilities. Further, using the voice boot authentication during the preboot process may provide an added layer of security. For example, the voice data received from the user is an indication that the user is physically present. Further, a voice boot authentication platform configuration register (PCR) may be added as a user configuration by hashing the voice fingerprint waveform, which may add another level of security that is used to recover the disk key. Running the voice boot authentication during preboot may reduce opportunities for attacks to steal secrets, as the trusted computing base (TCB) may be limited to an audio channel and code, rather having platforms with larger attack surfaces, such as through human interface devices (HIDs) like Bluetooth Low Energy (BLE) . In another example, boot services 110 may store an encrypted variable and may use the voice data to decrypt the encrypted variable, which adds a level of security to the preboot process.
Figure 2 illustrates components of as system 200 for performing preboot voice authentication in accordance with some embodiments. Illustration of the embodiments present just those components necessary for appreciating the depicted embodiments, such that other components are foreseeable without departing from the teachings herein.
The system 200 may include a preboot manager 210 that manages a preboot process including a preboot authentication process. The preboot manager 210 may include a UEFI boot manager. The preboot manager 210 may call a voice recognition module 270, an audio input protocol 220, and/or an audio output protocol 230. The voice recognition module 270 may parse the voice data to provide voice sample data and may compare the voice sample data to a voice fingerprint to authenticate the user as part of the preboot authentication process. In some examples, the voice recognition module 270 may use a natural language algorithm to analyze voice data. In other examples, the voice recognition module 270 may use signal processing techniques to modify the voice data waveform to  isolate certain features for comparison to a voice fingerprint.
The audio input protocol 220 and audio output protocol 230 may communicate with audio I/O devices 216 to provide voice prompts to a user and capture voice data from a user. The audio input protocol 220 may include a microphone capability 222 that defines a protocol for receive the voice data. The audio input protocol 220 may use a simple audio input protocol to communicate with selected drivers/hardware of the audio I/O devices 216 to receive the voice data. The audio output protocol 230 may include a speaker capability 232 that defines a protocol for providing the voice prompts to the user. The audio output protocol 230 may use a simple audio output protocol to communicate with selected drivers/hardware of the audio I/O devices 216 to provide the voice prompts to the user.
The audio I/O devices 216 may include a first audio communication platform 240 that includes a high definition (HD) audio driver 242, a peripheral component interconnect (PCI) I/O protocol 244, and a HD audio controller 246 for providing voice prompts and receiving voice data. The audio I/O devices 216 may also include a second audio communication platform 250 that includes a USB audio driver 252, and USB I/O protocol 254, and a USB audio device 256 for providing voice prompts and receiving voice data. The audio I/O devices 216 may further include a third audio communication platform 260 that includes an other 
Figure PCTCN2016078253-appb-000003
audio driver 262, a
Figure PCTCN2016078253-appb-000004
audio protocol 264, and a
Figure PCTCN2016078253-appb-000005
device 266 for providing voice prompts and receiving voice data. The use of first, second, and third  audio communication platforms  240, 250, and 260 is intended to convey three different audio communication platforms, and is not intended to specify an order or preference for any one of the three  audio communication platforms  240, 250, and 260. Additionally, the first, second, and third  audio communication platforms  240, 250, and 260 are exemplary and one of skill in the art would recognize that other audio communication platforms may be included in the audio I/O devices 216 in lieu of or in addition to any of the first, second, and third  audio communication platforms  240, 250, and 260. Further, one of skill in the art would also appreciate that the audio I/O devices 216 may include a subset of the first, second, and third  audio communication platforms  240, 250, and 260.
In operation, responsive to initiation of a boot process of the preboot  manager 210 may be loaded (e.g., read) from memory. The preboot manager 210 may manage the preboot process, which may include preboot authentication using voice boot authentication using the voice recognition module 270. The voice boot authentication may include parsing voice data to provide voice sample data and comparing voice sample data to a voice fingerprint data at the voice recognition module 270. The stored voice fingerprint may be a spoken password, phrase, instruction, or other sounds from a user. The voice fingerprint may be stored as a waveform template.
As part of the voice boot authentication, the preboot manager 210 may initiate the audio input protocol 220 to receive the voice data. The audio input protocol 220 may retrieve the microphone capability 222, and may communicate with an audio communication platform of the audio I/O devices 216 based on the microphone capability 222, such as one of the first, second, and third audio communication platforms 240, 250, and 260, to receive the voice data from the user. For example, if the audio input protocol 220 connects to the first audio communication platform 240, the audio input protocol 220 may provide instructions to the HD audio driver 242, which may use the PCI I/O protocol 244 to communicate with the HD audio controller 246 to receive and capture the voice data, which may be provided back to the audio input protocol 220. If the audio input protocol 220 connects to the second audio communication platform 250, the audio input protocol 220 may provide instructions to the USB audio driver 252, which may use the USB I/O protocol 254 to communicate with the USB audio device 256 to receive and capture the voice data, which may be provided back to the audio input protocol 220. If the audio input protocol 220 connects to third audio communication platform 260, the audio input protocol 220 may provide instructions to the other (e.g.,
Figure PCTCN2016078253-appb-000006
audio driver 262, which may use the
Figure PCTCN2016078253-appb-000007
audio protocol 264 to communicate with the
Figure PCTCN2016078253-appb-000008
device 266 to receive and capture the voice data, which may be provided back to the audio input protocol 220.
In some examples, as part of the voice boot authentication, the preboot manager 210 may initiate the audio output protocol 230 to provide prompts to the user to provide the voice data. The audio output protocol 230 may retrieve the speaker capability 232, and may communicate with an audio communication  platform of the audio I/O devices 216 based on the speaker capability 232, such as one of the first, second, and third  audio communication platforms  240, 250, and 260, to provide the prompts to the user. For example, if the audio input protocol 220 connects to the first audio communication platform 240, the audio input protocol 220 may provide instructions to the HD audio driver 242, which may use the PCI I/O protocol 244 to communicate with the HD audio controller 246 to provide the user prompts to provide the voice data, which may be played for the user. If the audio input protocol 220 connects to the second audio communication platform 250, the audio input protocol 220 may provide instructions to the USB audio driver 252, which may use the USB I/O protocol 254 to communicate with the USB audio device 256 to provide the user prompts to provide the voice data, which may be played for the user. If the audio input protocol 220 connects to third audio communication platform 260, the audio input protocol 220 may provide instructions to the other
Figure PCTCN2016078253-appb-000009
audio driver 262, which may use the
Figure PCTCN2016078253-appb-000010
audio protocol 264 to communicate with the
Figure PCTCN2016078253-appb-000011
device 266 to provide the user prompts to provide the voice data, which may be played for the user.
In some examples, the audio input protocol 220 and/or the audio output protocol 230 may include calling a network protocol to request the voice data from an audio communication device that is remote (e.g., not in the same proximate location) to the system 200. The network protocol may be a wireless cloud stack (e.g., Wi-Fi, 
Figure PCTCN2016078253-appb-000012
+HTTP, etc. ) or a cellular communication device driver. The audio input protocol 220 may provide the received voice data to the preboot manager 210.
Responsive to receipt of the voice data, the preboot manager 210 provide the voice data to the voice recognition module 270 for processing. The voice recognition module 270 may parse the voice data to provide the voice sample data, and may compare the voice sample data to a voice fingerprint. Parsing the voice data may include applying signal processing techniques to modify the voice data waveform to isolate certain features. In some examples, the voice recognition module 270 may be stored and executed at a cloud computing device (not shown in Figure 2) , and the preboot manager 210 may provide the voice data over a network to the cloud computing device. The cloud-computing device may perform the comparison analysis between the voice data and the voice fingerprint and  provide results of the comparison back to the preboot manager 210. In some examples where the voice recognition module 270 may be local to the system 200, the voice fingerprint may be received from the cloud-computing device, in some examples. In examples where the voice recognition module 270 is remote to the system 200, the cloud-computing device may store the voice fingerprint or the preboot manager 210 may, in addition to provision of the voice data, provide the voice fingerprint data.
In some examples, the voice data may include a voice passphrase or an instruction. The voice recognition module 270 may process the voice data using a natural language recognition algorithm to recover the voice passphrase or the instruction. As another layer of security beyond the voice fingerprint, the voice recognition module 270 may also compare the voice passphrase to a known passphrase to provide an additional level of authentication for the user, in some examples. In addition, if the voice data includes a voice instruction, the voice recognition module 270 may process the voice data using the natural language recognition algorithm to recover the voice instruction, and may compare the recovered instruction to known instructions in order to carry out the instruction. The instruction may be provided from the voice recognition module 270 to the preboot manager 210. In some examples, the preboot manager 210 may initiate an audio output protocol to prompt the user to provide confirmation of the instruction, and may initiate an audio input protocol to receive the confirmation prior to carrying out the instruction. The recovery and comparison of the voice passphrase, the voice instruction, and/or the confirmation may be performed locally to the system 200, or remotely at the cloud-computing device.
In response to the voice data matching a voice fingerprint, the preboot manager 210 may initiate a load of an operating system bootloader, such as the OS bootloader 118 of Figure 1, to start a process of booting an operating system. For example, the preboot manager 210 may provide a disk key, which may be used to decrypt data from memory for loading and starting the operating system bootloader.
In some examples, rather than being included in the preboot manager 210, the preboot authentication process may be an extension of the preboot manager 210. Offering a voice boot authentication option as part of the preboot  manager 210 to a preboot process may provide accessibility for persons with disabilities. Further, the voice boot authentication during the preboot process may provide an added layer of security. For example, the voice data received from the user is an indication that the user is physically present. Further, a voice boot authentication PCR may be added as a user configuration by hashing the voice fingerprint waveform, which may add another level of security that is used to recover the disk key. Running the voice boot authentication during preboot may also reduce opportunities for attacks to steal secrets, as the TCB may be limited to an audio channel and code, rather having platforms with larger attack surfaces, such as through human interface devices (HIDs) like Bluetooth Low Energy (BLE) . In another example, preboot manager 210 may store an encrypted variable and may use the voice data to decrypt the encrypted variable, which adds a level of security to the preboot process.
Figure 3 illustrates a method 300 for voice boot authentication during a preboot process in accordance with some embodiments. The method 300 may be implemented in the boot services 110 of Figure 1, the system 200 of Figure 2, or combinations thereof.
The method 300 may include calling an audio input protocol from a preboot manager, at 310. The preboot manager may include the preboot manager 112 of Figure 1 or the preboot manager 210 of Figure 2. The audio input protocol may include the audio input protocol 220 of Figure 2. In some examples, calling the audio input protocol from the preboot manager may include communicating with a driver of an audio communication platform, such as any of the first, second, and third  audio communication platforms  240, 250, and 260 of Figure 2.
The method 300 may further include receiving voice data from the audio communication platform based on the audio input protocol, at 320. Receiving the voice data from the audio communication platform may include receiving the voice data from a remote device via a network. The voice data may be provided through the network from a remote device.
In some examples, the method 300 may include providing user prompts requesting the voice data. In some examples, providing user prompts requesting the voice data may include calling an audio output protocol from the preboot manager, and providing the user prompts to a second audio communication  platform based on the audio output protocol. The second audio communication platform may include any of the first, second, and third  audio communication platforms  240, 250, and 260 of Figure 2. The audio communication audio communication device. In other examples, providing user prompts requesting the voice data may include calling a video output protocol from the preboot manager, and providing the user prompts to a video communication platform based on the video output protocol.
The method 300 may include parsing the voice data to retrieve voice sample data, at 330. Parsing of the voice data may be performed by a voice recognition module, such as the voice recognition module 115 of Figure 1 and/or the voice recognition module 270 of Figure 2. Parsing the voice data to retrieve the voice sample data comprises providing the voice data to the voice recognition module. In some examples, providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol. The network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
The method 300 may further include determining whether the voice sample data matches voice fingerprint data, at 340. In some examples, the method 300 may further include receiving the voice fingerprint data from a remote device via a network.
The method 300 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, returning a policy based on the voice fingerprint data, at 350. The policy may specify an operating system to load. In some examples, the voice data includes a voice passphrase. The method 300 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, determining whether the voice passphrase matches a known voice passphrase. In some examples, determining whether the voice passphrase matches the known voice passphrase may include providing the voice passphrase to a remote device over a network, and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network. In some examples, the received indication may include a token or key, which may be used to unlock a key or keychain to decrypt  data in memory. In some examples, the method 300 may further include receiving the voice passphrase from a remote device via a network. In some examples, receiving the policy based on the voice fingerprint data may be further in response to the voice passphrase matching the known voice passphrase.
In some examples, the method 300 may further include generating a disk key based on the voice fingerprint data, decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and reading the decrypted data to initiate loading of the operating system. The generating the disk key may be performed by the preboot authentication 114 of Figure 1 and/or the preboot manager 210 of Figure 2. The decrypting of the encrypted data may be performed by the encryption block I/O filter 116 of Figure 1. The reading of the decrypted data may be performed by the OS bootloader 118 of Figure 1.
In some examples, the voice data includes a voice instruction. The method 300 may further include performing an action based on the voice instruction. In some examples, the method 300 may further include, prior to performing the action based on the voice instruction, providing a user prompt for a confirmation of the voice instruction, and receiving the confirmation of the voice instruction. Providing the user prompt for the confirmation of the voice instruction may include calling an audio output protocol from the preboot manager, and providing the user prompts to a second audio communication platform based on the audio output protocol.
Figure 4 illustrates a method 400 for voice boot authentication during a preboot process in accordance with some embodiments. The method 400 may be implemented in the boot services 110 of Figure 1, the system 200 of Figure 2, or combinations thereof.
The method 400 may include entering a preboot manager, at 410. The method 400 may further include calling an audio input protocol from a preboot manager, at 420. The preboot manager may include the preboot manager 112 of Figure 1 or the preboot manager 210 of Figure 2. The audio input protocol may include the audio input protocol 220 of Figure 2. Calling the preboot manager may include calling a network protocol. In some examples, the network protocol may include a wireless cloud stack to communicate over the cloud 422 or a cellular communication device driver to communicate over the cellular network 424.
The method 400 may waiting for voice data, at 430. The method 400 may further include providing the voice data to a voice recognition module, at 440. The voice recognition module may include the voice recognition module 115 of Figure 1 and/or the voice recognition module 270 of Figure 2. In some examples, providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol. The network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
The method 400 may include parsing the voice data to retrieve voice sample data, at 445. Parsing of the voice data may be performed by the voice recognition module. Parsing the voice data to retrieve the voice sample data comprises providing the voice data to the voice recognition module. In some examples, providing the voice data to a voice recognition module may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol. The network protocol may include a wireless cloud stack or a cellular communication device driver, in some examples.
The method 400 may further include determining whether the voice sample data matches voice fingerprint data, at 450. In some examples, determining whether the voice sample data matches voice fingerprint data may include calling a network protocol, and providing the voice data to the voice recognition module over a network using the network protocol. In some examples, the network protocol may include a wireless cloud stack to communicate over the cloud 452 or a cellular communication device driver to communicate over the cellular network 454.
In some examples, the voice data includes a voice passphrase. The method 400 may further include, in response to a determination that the voice sample data matches the voice fingerprint data, analyzing the voice passphrase, at 460. The method 400 may further include checking whether the voice passphrase matches a known voice passphrase, at 470. In some examples, checking whether the voice passphrase matches the known voice passphrase may include providing the voice passphrase to a remote device over a network, such as the cloud 452 or  the cellular communication network 454, and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network. In some examples, the received indication may include a token or key, which may be used to unlock a key or keychain to decrypt data in memory. The method 400 may further include continuing with a preboot process responsive to the voice passphrase matching a known passphrase, at 480.
Figure 5 is a block diagram of a computer system 500 according to some embodiments. The computer system may include a processor unit chip 510 coupled to a memory 520, an other I/O 530, an audio I/O 540, and a network interface 550. The memory 520 may include the memory 130 of Figure 1. The processor unit chip 510 may include one or more processor units and local memory, such as cache memory. During a preboot process, the processor unit chip 510 may retrieve a boot image 522 from the memory 520. The boot image 522 may include a preboot authentication 524. The boot image 522 may be include instructions for the boot services 110 of Figure 1, the preboot manager 210, the audio input protocol 220, the audio output protocol 230, and/or the voice recognition module 270 of Figure 2, or combinations thereof. The processor unit chip 510 executing instructions contained in the boot image 522 may perform the methods 400 and/or 500. During the preboot process, the processor unit chip 510, executing instructions loaded from the boot image 522, may communicate with the other I/O 530, the audio I/O 540, and the network interface 550 to perform a preboot authentication process, including a voice boot process. Responsive to successful authentication and completion of the preboot process, the processor unit chip 510 may load the OS image 526 to initiate a boot of an OS. The OS may include the operating system 120 of Figure 1. The audio I/O 540 may include the audio I/O devices 216 of Figure 2. The other I/O 530 may include video, keyboard, mouse, or other I/O input and output devices to communicate with the computer system 500. The network interface 550 may include a capability to communicate over the cloud 422, the cellular network 424, the cloud 452, and/or the cellular network 454 of Figure 4.
Examples, as described herein, may include, or may operate on, logic or a number of components, modules, or mechanisms. Modules are tangible entities (e.g., hardware) capable of performing specified operations and may be  configured or arranged in a certain manner. In an example, circuits may be arranged (e.g., internally or with respect to external entities such as other circuits) in a specified manner as a module. In an example, the software may reside on at least one machine-readable medium
The term “module” is understood to encompass a tangible entity, be that an entity that is physically constructed, specifically configured (e.g., hardwired) , or temporarily (e.g., transitorily) configured (e.g., programmed) to operate in a specified manner or to perform at least part of any operation described herein. Considering examples in which modules are temporarily configured, a module need not be instantiated at any one moment in time. For example, where the modules comprise a general-purpose hardware processor configured using software; the general-purpose hardware processor may be configured as respective different modules at different times. Software may accordingly configure a hardware processor, for example, to constitute a particular module at one instance of time and to constitute a different module at a different instance of time. The terms “application, process, or service, ” or variants thereof, is used expansively herein to include routines, program modules, programs, components, and the like, and may be implemented on various system configurations, including single-processor or multiprocessor systems, microprocessor-based electronics, single-core or multi-core systems, combinations thereof, and the like. Thus, the terms “application, process, or service” may be used to refer to an embodiment of software or to hardware arranged to perform at least part of any operation described herein.
While a machine-readable medium may include a single medium, the term "machine-readable medium" may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) .
Additional Notes &Examples:
Example 1 includes subject matter (such as a device, apparatus, or machine) for voice boot authentication during preboot comprising: a preboot manager to call an audio input protocol, the preboot manager further to receive voice data from an audio communication platform, wherein, in response to a determination that voice sample data matches voice fingerprint data, the preboot manager to receive a policy based on the voice fingerprint data, wherein the policy  specifies an operating system to load; and a voice recognition module to receive the voice data from the preboot manager and to parse the voice data to retrieve the voice sample data, wherein the voice recognition module further to determine whether the voice sample data matches the voice fingerprint data.
In Example 2, the subject matter of Example 1 may include, wherein the preboot manager further to provide user prompts requesting the voice data.
In Example 3, the subject matter of any one of Examples 1 to 2 may include, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call an audio output protocol from the preboot manager and to provide the user prompts to a second audio communication platform.
In Example 4, the subject matter of any one of Examples 1 to 3 may include, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call a video output protocol from the preboot manager and to providing the user prompts to a video communication platform.
In Example 5, the subject matter of any one of Examples 1 to 4 may include, a preboot authenticator to, after receiving the policy, generate a disk key based on the voice fingerprint data; an encryption block input/output filter to decrypt encrypted data retrieved from memory using the disk key to provide decrypted data; and an operating system bootloader to read the decrypted data to initiate loading of the operating system.
In Example 6, the subject matter of any one of Examples 1 to 5 may include, wherein the preboot manager to receive the voice data from the audio communication platform comprises receipt of the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
In Example 7, the subject matter of any one of Examples 1 to 6 may include, wherein the preboot manager to call the audio input protocol from the preboot manager comprises communication with a driver of the audio communication platform.
In Example 8, the subject matter of any one of Examples 1 to 7 may include, wherein the voice data includes a voice passphrase, wherein the voice  recognition module further to, in response to a determination that the voice sample data matches the voice fingerprint data, determine whether the voice passphrase matches a known voice passphrase; wherein reception of the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
In Example 9, the subject matter of any one of Examples 1 to 8 may include, where the voice recognition module is further configured to receive the voice passphrase from a remote device via a network.
In Example 10, the subject matter of any one of Examples 1 to 9 may include, wherein the voice recognition module to determine whether the voice passphrase matches the known voice passphrase comprises the voice recognition module to provide the voice passphrase to a remote device over a network and to receive an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
In Example 11, the subject matter of any one of Examples 1 to 10 may include, wherein the indication as to whether the voice passphrase matches the known voice passphrase is one of a key or a token.
In Example 12, the subject matter of any one of Examples 1 to 11 may include, wherein the voice recognition module further to receive the voice fingerprint data from a remote device via a network.
In Example 13, the subject matter of any one of Examples 1 to 12 may include, wherein the voice data includes a voice instruction; wherein the voice recognition module further to perform an action based on the voice instruction. 
In Example 14, the subject matter of any one of Examples 1 to 13 may include, wherein the preboot manager, prior to performance of the action based on the voice instruction, to provide a user prompt for a confirmation of the voice instruction and to receive the confirmation of the voice instruction.
In Example 15, the subject matter of any one of Examples 1 to 14 may include, wherein the preboot manager to provide the user prompt for the confirmation of the voice instruction comprises the preboot manager to call an audio output protocol from the preboot manager and to provide the user prompts to a second audio communication platform based on the audio output protocol.
Example 16 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) for voice boot authentication during preboot comprising: calling an audio input protocol from a preboot manager; receiving voice data from an audio communication platform based on the audio input protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load.
In Example 17, the subject matter of Example 16 may include, providing user prompts requesting the voice data.
In Example 18, the subject matter of any one of Examples 16 to 17 may include, wherein providing the user prompts requesting the voice data comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
In Example 19, the subject matter of any one of Examples 16 to 18 may include, wherein providing the user prompts requesting the voice data comprises: calling a video output protocol from the preboot manager; and providing the user prompts to a video communication platform based on the video output protocol. 
In Example 20, the subject matter of any one of Examples 16 to 19 may include, after receiving the policy: generating a disk key based on the voice fingerprint data; decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and reading the decrypted data to initiate loading of the operating system.
In Example 21, the subject matter of any one of Examples 16 to 20 may include, wherein receiving the voice data from the audio communication platform comprises receiving the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
In Example 22, the subject matter of any one of Examples 16 to 21 may include, wherein parsing the voice data to retrieve the voice sample data comprises providing the voice data to a voice recognition module.
In Example 23, the subject matter of any one of Examples 16 to 22 may include, wherein providing the voice data to a voice recognition module comprises: calling a network protocol; and providing the voice data to the voice recognition module over a network using the network protocol.
In Example 24, the subject matter of any one of Examples 16 to 23 may include, wherein the network protocol comprises a wireless cloud stack or a cellular communication device driver.
In Example 25, the subject matter of any one of Examples 16 to 24 may include, wherein calling the audio input protocol from the preboot manager comprises communicating with a driver of the audio communication platform.
In Example 26, the subject matter of any one of Examples 16 to 25 may include, wherein the voice data includes a voice passphrase, the method in response to a determination that the voice sample data matches the voice fingerprint data, determining whether the voice passphrase matches a known voice passphrase; wherein receiving the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
In Example 27, the subject matter of any one of Examples 16 to 26 may include, receiving the voice passphrase from a remote device via a network.
In Example 28, the subject matter of any one of Examples 16 to 27 may include, wherein determining whether the voice passphrase matches the known voice passphrase comprises: providing the voice passphrase to a remote device over a network; and receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
In Example 29, the subject matter of any one of Examples 16 to 28 may include, receiving the voice fingerprint data from a remote device via a network. 
In Example 30, the subject matter of any one of Examples 16 to 29 may include, wherein the voice data includes a voice instruction; the method performing an action based on the voice instruction.
In Example 31, the subject matter of any one of Examples 16 to 30 may include, prior to performing the action based on the voice instruction: providing a user prompt for a confirmation of the voice instruction; and receiving the confirmation of the voice instruction.
In Example 32, the subject matter of any one of Examples 16 to 31 may include, wherein providing the user prompt for the confirmation of the voice instruction comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
In Example 32, the subject matter of any one of Examples 16 to 31 may include, wherein providing the user prompt for the confirmation of the voice instruction comprises: calling an audio output protocol from the preboot manager; and providing the user prompts to a second audio communication platform based on the audio output protocol.
Example 33 includes at least one medium including instructions that, when executed on a machine cause the machine to perform any of the Examples 16-32.
Example 34 includes an apparatus comprising means for performing any of the Examples 16-32.
Example 35 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) for voice boot authentication comprising: during a preboot process: calling an audio input protocol that includes a network protocol; receiving voice data via a network using the network protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving the voice passphrase; checking whether the voice passphrase matches a known voice passphrase; and continuing with a preboot process responsive to the voice passphrase matching a known passphrase.
In Example 36, the subject matter of Example 35 may include, entering a boot manager.
In Example 37, the subject matter of any one of Examples 35 to 36 may include, providing the voice data to a voice recognition module.
In Example 38, the subject matter of any one of Examples 35 to 37 may include, wherein providing the voice data to a voice recognition module  comprises: calling a network protocol; and providing the voice data to the voice recognition module over a network using the network protocol.
In Example 39, the subject matter of any one of Examples 35 to 38 may include, wherein the network protocol includes a wireless cloud stack or a cellular communication device driver.
Example 40 includes at least one medium including instructions that, when executed on a machine cause the machine to perform any of the Examples 35-39.
Example 41 includes an apparatus comprising means for performing any of the Examples 35-39.
Example 42 includes subject matter (such as a method, means for performing acts, machine readable medium including instructions that when performed by a machine cause the machine to performs acts, or an apparatus to perform) comprising: means for calling an audio input protocol from a preboot manager; means for receiving voice data from an audio communication platform based on the audio input protocol; means for parsing the voice data to retrieve voice sample data; means for determining whether the voice sample data matches voice fingerprint data; and means for receiving a policy based on the voice fingerprint data in response to a determination that the voice sample data matches the voice fingerprint data, wherein the policy specifies an operating system to load. 
In Example 43, the subject matter of Example 42 may include, means for providing user prompts requesting the voice data.
In Example 44, the subject matter of any one of Examples 42 to 43 may include, wherein the means for providing the user prompts requesting the voice data comprise: means for calling an audio output protocol from the preboot manager; and means for providing the user prompts to a second audio communication platform based on the audio output protocol.
In Example 45, the subject matter of any one of Examples 42 to 44 may include, wherein the means for providing the user prompts requesting the voice data comprise: means for calling a video output protocol from the preboot manager; and means for providing the user prompts to a video communication platform based on the video output protocol.
In Example 46, the subject matter of any one of Examples 42 to 45 may include, after receiving the policy: means for generating a disk key based on the voice fingerprint data; means for decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and means for reading the decrypted data to initiate loading of the operating system.
In Example 47, the subject matter of any one of Examples 42 to 46 may include, wherein the means for receiving the voice data from the audio communication platform comprise means for receiving the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
In Example 48, the subject matter of any one of Examples 42 to 47 may include, wherein the means for parsing the voice data to retrieve the voice sample data comprise means for providing the voice data to a voice recognition module.
In Example 49, the subject matter of any one of Examples 42 to 48 may include, wherein the means for providing the voice data to a voice recognition module comprise: means for calling a network protocol; and means for providing the voice data to the voice recognition module over a network using the network protocol.
In Example 50, the subject matter of any one of Examples 42 to 49 may include, wherein the network protocol comprises a wireless cloud stack or a cellular communication device driver.
In Example 51, the subject matter of any one of Examples 42 to 50 may include, wherein the means for calling the audio input protocol from the preboot manager comprise means for communicating with a driver of the audio communication platform.
In Example 52, the subject matter of any one of Examples 42 to 51 may include, wherein the voice data includes a voice passphrase, the apparatus means for determining whether the voice passphrase matches a known voice passphrase in response to a determination that the voice sample data matches the voice fingerprint data; wherein the means for receiving the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
In Example 53, the subject matter of any one of Examples 42 to 52 may include, means for receiving the voice passphrase from a remote device via a network.
In Example 54, the subject matter of any one of Examples 42 to 53 may include, wherein the means for determining whether the voice passphrase matches the known voice passphrase comprise: means for providing the voice passphrase to a remote device over a network; and means for receiving an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
In Example 55, the subject matter of any one of Examples 42 to 54 may include, means for receiving the voice fingerprint data from a remote device via a network.
In Example 56, the subject matter of any one of Examples 42 to 55 may include, wherein the voice data includes a voice instruction; the apparatus means for performing an action based on the voice instruction.
In Example 57, the subject matter of any one of Examples 42 to 56 may include, prior to performing the action based on the voice instruction: means for providing a user prompt for a confirmation of the voice instruction; and means for receiving the confirmation of the voice instruction.
In Example 58, the subject matter of any one of Examples 42 to 57 may include, wherein the means for providing the user prompt for the confirmation of the voice instruction comprise: means for calling an audio output protocol from the preboot manager; and means for providing the user prompts to a second audio communication platform based on the audio output protocol.
Example 59 includes subject matter (such as a device, apparatus, or machine) comprising: means for during a preboot process: calling an audio input protocol that includes a network protocol; receiving voice data via a network using the network protocol; parsing the voice data to retrieve voice sample data; determining whether the voice sample data matches voice fingerprint data; and in response to a determination that the voice sample data matches the voice fingerprint data, receiving the voice passphrase; checking whether the voice passphrase matches a known voice passphrase; and continuing with a preboot process responsive to the voice passphrase matching a known passphrase.
In Example 60, the subject matter of Example 59 may include, means for entering a boot manager.
In Example 61, the subject matter of any one of Examples 59 to 60 may include, means for providing the voice data to a voice recognition module.
In Example 62, the subject matter of any one of Examples 59 to 61 may include, wherein the means for providing the voice data to a voice recognition module comprise: means for calling a network protocol; and means for providing the voice data to the voice recognition module over a network using the network protocol.
In Example 63, the subject matter of any one of Examples 59 to 62 may include, wherein the network protocol includes a wireless cloud stack or a cellular communication device driver.
The above detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show, by way of illustration, specific embodiments that may be practiced. These embodiments are also referred to herein as “examples. ” Such examples may include elements in addition to those shown or described. However, also contemplated are examples that include the elements shown or described. Moreover, also contemplate are examples using any combination or permutation of those elements shown or described (or one or more aspects thereof) , either with respect to a particular example (or one or more aspects thereof) , or with respect to other examples (or one or more aspects thereof) shown or described herein.
Publications, patents, and patent documents referred to in this document are incorporated by reference herein in their entirety, as though individually incorporated by reference. In the event of inconsistent usages between this document and those documents so incorporated by reference, the usage in the incorporated reference (s) are supplementary to that of this document; for irreconcilable inconsistencies, the usage in this document controls.
In this document, the terms “a” or “an” are used, as is common in patent documents, to include one or more than one, independent of any other instances or usages of “at least one” or “one or more. ” In this document, the term “or” is used to refer to a nonexclusive or, such that “A or B” includes “A but not B, ” “B but not A, ” and “A and B, ” unless otherwise indicated. In the appended claims,  the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein. ” Also, in the following claims, the terms “including” and “comprising” are open-ended, that is, a system, device, article, or process that includes elements in addition to those listed after such a term in a claim are still deemed to fall within the scope of that claim. Moreover, in the following claims, the terms “first, ” “second, ” and “third, ” etc. are used merely as labels, and are not intended to suggest a numerical order for their objects.
The above description is intended to be illustrative, and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with others. Other embodiments may be used, such as by one of ordinary skill in the art upon reviewing the above description. The Abstract is to allow the reader to quickly ascertain the nature of the technical disclosure and is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Also, in the above Detailed Description, various features may be grouped together to streamline the disclosure. However, the claims may not set forth features disclosed herein because embodiments may include a subset of said features. Further, embodiments may include fewer features than those disclosed in a particular example. Thus, the following claims are hereby incorporated into the Detailed Description, with a claim standing on its own as a separate embodiment. The scope of the embodiments disclosed herein is to be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.

Claims (25)

  1. A system for voice boot authentication during preboot comprising:
    a preboot manager to call an audio input protocol, the preboot manager further to receive voice data from an audio communication platform, wherein, in response to a determination that voice sample data matches voice fingerprint data, the preboot manager to receive a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load; and
    a voice recognition module to receive the voice data from the preboot manager and to parse the voice data to retrieve the voice sample data, wherein the voice recognition module further to determine whether the voice sample data matches the voice fingerprint data.
  2. The system of claim 1, wherein the preboot manager further to provide user prompts requesting the voice data.
  3. The system of claim 2, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call an audio output protocol from the preboot manager and to provide the user prompts to a second audio communication platform.
  4. The system of claim 2, wherein the preboot manager to provide the user prompts requesting the voice data comprises the preboot manager to call a video output protocol from the preboot manager and to providing the user prompts to a video communication platform.
  5. The system of claim 1, further comprising:
    a preboot authenticator to, after receiving the policy, generate a disk key based on the voice fingerprint data;
    an encryption block input/output filter to decrypt encrypted data retrieved from memory using the disk key to provide decrypted data; and
    an operating system bootloader to read the decrypted data to initiate loading of the operating system.
  6. The system of claim 1, wherein the preboot manager to receive the voice data from the audio communication platform comprises receipt of the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
  7. The system of claim 1, wherein the preboot manager to call the audio input protocol from the preboot manager comprises communication with a driver of the audio communication platform.
  8. The system of claim 1, wherein the voice data includes a voice passphrase, wherein the voice recognition module further to, in response to a determination that the voice sample data matches the voice fingerprint data, determine whether the voice passphrase matches a known voice passphrase; wherein reception of the policy based on the voice fingerprint data is further in response to the voice passphrase matching the known voice passphrase.
  9. The system of claim 8, where the voice recognition module is further configured to receive the voice passphrase from a remote device via a network.
  10. The system of claim 9, wherein the voice recognition module to determine whether the voice passphrase matches the known voice passphrase comprises the voice recognition module to provide the voice passphrase to a remote device over a network and to receive an indication as to whether the voice passphrase matches the known voice passphrase from the remote device via the network.
  11. The system of claim 10, wherein the indication as to whether the voice passphrase matches the known voice passphrase is one of a key or a token.
  12. The system of claim 1, wherein the voice recognition module further to receive the voice fingerprint data from a remote device via a network.
  13. A method for voice boot authentication during a preboot process, the method comprising:
    calling an audio input protocol from a preboot manager;
    receiving voice data from an audio communication platform based on the audio input protocol;
    parsing the voice data to retrieve voice sample data;
    determining whether the voice sample data matches voice fingerprint data; and
    in response to a determination that the voice sample data matches the voice fingerprint data, receiving a policy based on the voice fingerprint data, wherein the policy specifies an operating system to load.
  14. The method of claim 13, further comprising providing user prompts requesting the voice data.
  15. The method of claim 14, wherein providing the user prompts requesting the voice data comprises:
    calling an audio output protocol from the preboot manager; and
    providing the user prompts to a second audio communication platform based on the audio output protocol.
  16. The method of claim 14, wherein providing the user prompts requesting the voice data comprises:
    calling a video output protocol from the preboot manager; and
    providing the user prompts to a video communication platform based on the video output protocol.
  17. The method of claim 13, further comprising, after receiving the policy:
    generating a disk key based on the voice fingerprint data;
    decrypting encrypted data retrieved from memory using the disk key to provide decrypted data; and
    reading the decrypted data to initiate loading of the operating system.
  18. The method of claim 13, wherein receiving the voice data from the audio communication platform comprises receiving the voice data from a remote device via a network, wherein the voice data is provided through the network from a remote device.
  19. The method of claim 13, wherein parsing the voice data to retrieve the voice sample data comprises providing the voice data to a voice recognition module.
  20. The method of claim 19, wherein providing the voice data to a voice recognition module comprises:
    calling a network protocol; and
    providing the voice data to the voice recognition module over a network using the network protocol.
  21. The method of claim 13, wherein the voice data includes a voice instruction; the method further comprising performing an action based on the voice instruction.
  22. The method of claim 13, further comprising, prior to performing the action based on the voice instruction:
    providing a user prompt for a confirmation of the voice instruction; and
    receiving the confirmation of the voice instruction.
  23. The method of claim 22, wherein providing the user prompt for the confirmation of the voice instruction comprises:
    calling an audio output protocol from the preboot manager; and
    providing the user prompts to a second audio communication platform based on the audio output protocol.
  24. At least one medium including instructions that, when executed on a machine cause the machine to perform any of the methods of claims 13-23.
  25. An apparatus comprising means for performing any of the methods of claims 13-23.
PCT/CN2016/078253 2016-04-01 2016-04-01 Apparatuses and methods for preboot voice authentication WO2017166264A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/078253 WO2017166264A1 (en) 2016-04-01 2016-04-01 Apparatuses and methods for preboot voice authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/078253 WO2017166264A1 (en) 2016-04-01 2016-04-01 Apparatuses and methods for preboot voice authentication

Publications (1)

Publication Number Publication Date
WO2017166264A1 true WO2017166264A1 (en) 2017-10-05

Family

ID=59962382

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/078253 WO2017166264A1 (en) 2016-04-01 2016-04-01 Apparatuses and methods for preboot voice authentication

Country Status (1)

Country Link
WO (1) WO2017166264A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294359A1 (en) * 2005-06-22 2006-12-28 Lightuning Tech. Inc. Biometrics signal input device, computer system having the biometrics signal input device, and control method thereof
US20070055517A1 (en) * 2005-08-30 2007-03-08 Brian Spector Multi-factor biometric authentication
US20090249079A1 (en) * 2006-09-20 2009-10-01 Fujitsu Limited Information processing apparatus and start-up method
US20090327678A1 (en) * 2007-04-10 2009-12-31 Dutton Drew J Enhancing Security of a System Via Access by an Embedded Controller to A Secure Storage Device
CN102646077A (en) * 2012-03-28 2012-08-22 山东超越数控电子有限公司 Method for full-disk encryption based on trusted cryptography module
WO2014063330A1 (en) * 2012-10-25 2014-05-01 Intel Corporation Anti-theft in firmware

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294359A1 (en) * 2005-06-22 2006-12-28 Lightuning Tech. Inc. Biometrics signal input device, computer system having the biometrics signal input device, and control method thereof
US20070055517A1 (en) * 2005-08-30 2007-03-08 Brian Spector Multi-factor biometric authentication
US20090249079A1 (en) * 2006-09-20 2009-10-01 Fujitsu Limited Information processing apparatus and start-up method
US20090327678A1 (en) * 2007-04-10 2009-12-31 Dutton Drew J Enhancing Security of a System Via Access by an Embedded Controller to A Secure Storage Device
CN102646077A (en) * 2012-03-28 2012-08-22 山东超越数控电子有限公司 Method for full-disk encryption based on trusted cryptography module
WO2014063330A1 (en) * 2012-10-25 2014-05-01 Intel Corporation Anti-theft in firmware

Similar Documents

Publication Publication Date Title
US7711942B2 (en) Computer security system and method
US8549317B2 (en) Authentication method, authentication apparatus and authentication program storage medium
US9755830B2 (en) Dynamic seed and key generation from biometric indicia
JP5996804B2 (en) Device, method and system for controlling access to web objects of web pages or web browser applications
EP2017765B1 (en) System and method for out-of-band assisted biometric secure boot
EP3065074A1 (en) Fingerprint authentication method and device, intelligent terminal, and computer storage medium
US20170185806A1 (en) Password Protection Under Close Input Observation Based on Dynamic Multi-value Keyboard Mapping
US9582656B2 (en) Systems for validating hardware devices
US9626495B2 (en) Authenticating a device based on availability of other authentication methods
US11212283B2 (en) Method for authentication and authorization and authentication server using the same for providing user management mechanism required by multiple applications
US10216937B2 (en) Secure BIOS password method in server computer
US11269984B2 (en) Method and apparatus for securing user operation of and access to a computer system
US10037418B2 (en) Pre-boot authentication credential sharing system
US20180285578A1 (en) Temporally isolating data accessed by a computing device
US20120179915A1 (en) System and method for full disk encryption authentication
US20170289153A1 (en) Secure archival and recovery of multifactor authentication templates
KR20150034196A (en) Hardware-enforced access protection
US20080172750A1 (en) Self validation of user authentication requests
CN113630253A (en) Login method, device, computer system and readable storage medium
US20070198844A1 (en) Method and control device for controlling access of a computer to user data
US8473747B2 (en) Secure boot with minimum number of re-boots
US20180203988A1 (en) System and Method for Multiple Sequential Factor Authentication for Display Devices
US11875605B2 (en) User authentication for an information handling system using a secured stylus
CA3058242A1 (en) Managing cryptographic keys based on identity information
JP2011192154A (en) Usb storage device

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16896044

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16896044

Country of ref document: EP

Kind code of ref document: A1