阅读说明：本技术 无密码软件系统用户认证 (Password-free software system user authentication ) 是由 G·F·吉拉杰克 J·罗 H·V·斯特朗 戴吾伦 于 2018-11-05 设计创作，主要内容包括：作为用以标识用户的认证过程的一部分来接收数据。这样的数据表征由用户根据期望的生物特征序列与至少一个输入设备交互而产生的用户生成的生物特征序列。此后,如果至少一个机器学习模型的输出高于阈值,则使用所接收的数据和该至少一个机器学习模型来认证用户,其中该至少一个机器学习模型是使用由多个用户生成的生物特征序列(例如,根据期望的生物特征序列的历史上的用户生成的生物特征序列等)生成的经验导出的历史数据而被训练的。可以提供表征该认证的数据。还描述了相关的装置、系统、技术和物品。(The data is received as part of an authentication process to identify the user. Such data characterizes a user-generated biometric sequence produced by a user interacting with at least one input device according to a desired biometric sequence. Thereafter, if an output of at least one machine learning model is above a threshold, the user is authenticated using the received data and the at least one machine learning model, wherein the at least one machine learning model is trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., user-generated biometric sequences over a history of expected biometric sequences, etc.). Data characterizing the authentication may be provided. Related apparatus, systems, techniques, and articles are also described.)

1. A computer-implemented method, comprising:

receiving, as part of an authentication process to identify a user, data characterizing a user-generated biometric sequence generated by the user interacting with at least one input device according to a desired biometric sequence;

authenticating the user using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user generated biometric sequences if an output of the at least one machine learning model is above a threshold; and

providing data characterizing the authentication.

2. The method of claim 1, wherein the desired biometric sequence is predefined.

3. The method of claim 1, wherein the desired biometric sequence is dynamically generated using at least one biometric sequence generation machine learning model.

4. The method of any preceding claim, further comprising:

receiving training data forming at least a portion of the empirically derived historical data as part of a training process prior to the authentication process.

5. The method of any of the preceding claims, wherein the authenticating further comprises: an initial determination is made as to whether the user has correctly completed the desired biometric sequence.

6. The method of any preceding claim, wherein the at least one machine learning model comprises a model that utilizes at least one of: supervised learning, unsupervised learning, semi-supervised learning or reinforcement learning.

7. The method of any preceding claim, wherein the at least one machine learning model comprises one or more of: random forests, nearest neighbor models, naive Bayes, decision trees, linear regression models, Support Vector Machines (SVM), neural networks, k-means clustering, Bayesian methods, statistical methods, bootstrap models, Q-learning models, Time Difference (TD) models, or deep confrontation networks.

8. The method of any preceding claim, wherein providing data comprises: providing access to a biometric cryptographic key if the received data is successfully authenticated.

9. The method of claim 8, further comprising:

providing a prompt in a graphical user interface presented to the user to provide an alphanumeric password;

receiving, via the graphical user interface, a user-generated input comprising an entered password;

the password is locally encrypted using the biometric password key.

10. The method of claim 8, further comprising:

decrypting a locally stored domain password using the biometric password key.

11. The method of any of claims 8-10, wherein the biometric cryptographic key is programmatically generated based on one or more attributes of a computing device used to execute the desired biometric sequence.

12. A method according to any preceding claim, wherein the received data comprises the vectorisation of various action values in a vector forming part of the user-generated biometric sequence.

13. The method of claim 12, wherein the authenticating comprises:

separately determining, using each portion of the at least one machine learning model: each action value forming part of the vector indicates that the user-generated biometric sequence was performed by the desired user.

14. The method of claim 13, further comprising:

providing a corresponding portion of the biometric cryptographic key for each successfully authenticated action value; and

concatenating portions of the biometric cryptographic key to generate a final biometric cryptographic key.

15. The method of any preceding claim, wherein the threshold is static and predefined.

16. The method of any one of claims 1 to 14, wherein the threshold corresponds to a confidence level.

17. The method of claim 16, wherein the confidence level dynamically changes.

18. The method according to any of the preceding claims, wherein providing data characterizing the authentication comprises at least one of: causing the data to be displayed in an electronic visual display; loading the data into a memory; storing the data in a physically persistent manner; transmitting the data to a remote computing device.

19. A system, comprising:

at least one data processor; and

memory storing instructions which, when executed by the at least one data processor, cause operations for implementing the method according to any one of the preceding claims.

20. A non-transitory computer program product storing instructions that, when executed by at least one data processor forming part of at least one computing device, cause operations for implementing a method according to any one of claims 1 to 18.

Technical Field

The subject matter described herein relates to authenticating a user to a software system using a password-less technique that includes biometric-based authentication.

Background

To access Information Technology (IT) resources (e.g., software application(s), data, etc.), users often need to authenticate to the system that provides the IT resources. For example, if a user wishes to access their personal checking account through an online banking application, the user may need to enter a username, password, etc., and/or provide an additional authentication code (e.g., a temporary code that the bank provides to a known device associated with the user). While these authentication measures can generally improve security and reduce the likelihood that the user's personal information may be compromised, often circumvention schemes for these measures are planned and utilized.

Disclosure of Invention

The data is received as part of an authentication process to identify a user. Such data characterizes a user-generated biometric sequence that is generated by a user interacting with at least one input device according to a desired biometric sequence. Thereafter, if an output of at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., user-generated biometric sequences over a history of desired biometric sequences, etc.) is above a threshold, the user is authenticated using the received data and the at least one machine learning model. Data characterizing the authentication may be provided.

The desired biometric sequence may be predefined or, alternatively, may be dynamically selected or generated. For example, the desired biometric sequence may be dynamically generated using at least one biometric sequence generation machine learning model.

As part of the training process prior to the authentication process, training data may be used. Such training data may form at least part of empirically derived historical data. The training of the at least one machine learning model may be static or continuous (i.e., the at least one machine learning model may be adaptive and continuously refine itself, etc.).

Authentication may include initially determining whether the user correctly completed the biometric sequence.

The at least one machine learning model may include a model that utilizes at least one of: supervised learning, unsupervised learning, semi-supervised learning or reinforcement learning. For example, the at least one machine learning model may utilize one or more of: random forests, nearest neighbor models, naive Bayes, decision trees, linear regression models, Support Vector Machines (SVM), neural networks, k-means clustering, Bayesian methods, statistical methods, bootstrap models, Q-learning models, Time Difference (TD) models, or deep confrontation networks.

Provisioning of data (provisioning) may include providing access to the biometric cryptographic key if the received data is successfully authenticated. In some variations, a prompt may be provided in a graphical user interface presented to the user to prompt the user to provide an alphanumeric password. Thereafter, a user-generated input including the entered password may be received via the graphical user interface. The password may then be locally encrypted using the biometric password key. In addition, the biometric cryptographic key may be used to decrypt a locally stored domain password.

The biometric cryptographic key may be programmatically generated based on one or more attributes of the computing device used to perform the desired biometric sequence.

The received data may include the vectorization of various motion values in a vector that form part of a user-generated biometric sequence. In this case, the authentication includes: determining, using each portion of the at least one machine learning model, that each action value forming part of the vector indicates that the user-generated biometric sequence was performed by the intended user. Further, for each successfully authenticated action value, a corresponding portion of the biometric cryptographic key may be provided, and the portions of the biometric cryptographic key may be concatenated to produce a final biometric cryptographic key.

In some variations, the threshold may be static and predefined. Further, the threshold corresponds to a confidence level. Such confidence levels may change dynamically.

Providing data characterizing the authentication may include one or more of: causing such data to be displayed in an electronic visual display; loading such data into memory; storing such data in a physically persistent manner; such data is transmitted to a remote computing device.

Also described are non-transitory computer program products (i.e., physically embodied computer program products) storing instructions that, when executed by one or more data processors of one or more computing systems, cause the at least one data processor to perform operations herein. Similarly, computer systems are also described, which may include one or more data processors and memory coupled to the one or more data processors. The memory may temporarily or permanently store instructions that cause the at least one processor to perform one or more of the operations described herein. In addition, the methods may be implemented by one or more data processors within a single computing system or distributed between two or more computing systems. Such computing systems may be connected and may exchange data and/or commands or other instructions or the like via one or more connections, including, but not limited to, a connection over a network (e.g., the internet, a wireless wide area network, a local area network, a wide area network, a wired network, etc.), via a direct connection between one or more of the multiple computing systems, and the like.

The subject matter described herein provides a number of technical advantages. For example, the present subject matter provides enhanced techniques for biometric authentication of a user, thereby reducing the likelihood of unauthorized users accessing a software system. Moreover, the present subject matter is advantageous in that it provides a higher level of security while, in some implementations, avoiding the need to use alphanumeric passwords, which are generally simple in nature and easy to crack.

The details of one or more variations of the subject matter described herein are set forth in the accompanying drawings and the description below. Other features and advantages of the subject matter described herein will be apparent from the description and drawings, and from the claims.

Drawings

FIG. 1 is a diagram showing a user performing a predefined biometric sequence during a machine learning model training session;

FIG. 2 is a diagram showing a user performing a unique biometric sequence during a machine learning model training session;

FIG. 3 is a process flow diagram illustrating a first authentication workflow;

FIG. 4 is a process flow diagram illustrating a second authentication workflow;

FIG. 5 is a process flow diagram illustrating a third authentication workflow;

FIG. 6 is a process flow diagram illustrating authentication of a user performing a biometric sequence; and

FIG. 7 is a diagram illustrating a computing device for implementing aspects described herein.

Detailed Description

The present subject matter relates to systems, apparatuses, methods, and computer program products for password-less authentication techniques for accessing software systems/computing resources. These techniques may be independent or may be used in combination with other techniques, such as conventional username/password login prompts and the like. Furthermore, these techniques utilize machine learning to more accurately characterize a user's actions as true actions, as opposed to malicious actors who attempt to mimic the user's actions.

The authentication techniques herein may utilize a biometric sequence that involves a user taking a series of movements/actions using one or more input devices of a computing device (e.g., tablet, mobile phone, laptop, desktop, IoT device, etc.).

In particular, machine learning models are used to characterize and distinguish how a particular user handles input devices such as a touch screen, keyboard, touch pad, and/or mouse during an authentication process. An authentication sequence as used herein may include a biometric sequence in which an input device is used to perform a sequence of actions. These actions may be movements (e.g., a grid or other pattern that moves individually as much as desired), activation of a Graphical User Interface (GUI) element, activation of an input device element (e.g., clicking a button, moving a track pad or scroll wheel, etc.).

In some variations, in order to adapt machine learning models to a particular user, these machine learning models must first be trained. The training session requires the user to repeat the biometric sequence multiple times. The authentication application may, for example, prompt the user to perform the sequence multiple times, perhaps taking consecutive days (considered a "training period"), so that the machine learning model may continually fine-tune itself. In some other variations, the training is continuous (i.e., the model is adaptive, etc.), as the model may be "fine-tuned" based on user actions for each subsequent execution of the biometric sequence.

In some variations, two factors may be used to analyze the biometric sequence. First, it may be determined whether the user has completed the biometric sequence. The determination does not necessarily require the use of a machine learning model. Second, it may be determined whether a user behavior at the time of completing the biometric sequence may have been performed by the corresponding user. The second determination may use at least one machine learning model trained during a training period.

In some cases, the biometric sequence is predefined such that the user repeats the known sequence multiple times and each action of a portion of the live sequence is characterized. For example, referring to diagram 100 of fig. 1, a GUI of a computing device (e.g., mobile phone, etc.) may include a grid of points, and with the user activating an input device at each point of "Z," the predefined biometric sequence requires the user to enter a backward "Z" across the points of the grid. In other cases, referring to diagram 200 of fig. 2, the biometric sequence is generated by the user during a training period. For example, a user may choose to create a spiral shape via an input device of a computing device, and repeat such shape multiple times over a training period. Optionally, the user may also activate the input device at various points along the spiral (e.g., press a touch screen at the beginning and end of the spiral, etc.).

In another variant, the biometric sequence is not predefined, but is dynamically generated, or randomly selected from a large number of available biometric sequences. In either case, machine learning may be used to generate/modify "rules" or "sequence types" of user input to maximize the ability of the model to identify a particular user. The biometric sequence may be dynamically modified according to a machine learning algorithm to reduce the likelihood of a third party successfully executing the biometric sequence (as determined by the machine learning model). In other words, the machine learning model (with respect to biometric sequence generation) can constantly try out which actions/sequences constitute a biometric sequence.

Various attributes characterizing the biometric sequence are recorded during each execution of the biometric sequence during a training period. For example, for the fig. 1 example, the velocity of each line forming part of the backward "Z", the amount of time at rest at each end of the backward "Z", the XY coordinate deviation of each line, the pressure applied to each line and/or at each end, etc. are plotted.

In one example, the values of the attributes may populate a 20-dimensional vector that characterizes:

time of left click or drag and drop

Time of right click

Double click time 1

Double click time 2

Double click time 3

Direction of mouse movement or drag and drop

Lines formed by mouse movement or drag-and-drop

Linear velocity of mouse movement or drag and drop

Curves formed by mouse movements or drag-and-drops

Curve speed of mouse movement or drag and drop

Curvilinear acceleration of mouse movement or drag and drop

Curve ratio for mouse movement or drag and drop

Offset of mouse movement or drag-and-drop

Errors in mouse movement or drag-and-drop

Variability of mouse movement or drag-and-drop

Curvature of mouse movement or drag-and-drop

Bending rate of mouse movement or drag and drop

Speed of bending of mouse movement or drag-and-drop

Bending acceleration of mouse movement or drag and drop

Angular velocity of mouse movement or drag and drop

Various attributes in the vector may be used to generate a user-unique biometric cryptographic key. The biometric cryptographic key may be generated by encrypting the vector using, for example, the AES 256 algorithm or the like. In other variations, the biometric cryptographic key may be programmatically generated by the product based on one or more computing device-specific attributes, and the key is then associated with the vector.

In some variations, the biometric cryptographic key may be a concatenation of key portions, each key portion corresponding to one of the attributes in the vector. For example, the biometric cryptographic key may be stored as part of different key portions, and each key portion is returned only if the condition (determined by the machine learning model) deems the attribute value to indicate that the correct user performed that portion of the biometric sequence.

During runtime (i.e., after a training period, etc.), the user is prompted or otherwise caused to enter a biometric sequence via an interface of the computing device (either directly through the touch screen and attached buttons, or via an external input device, such as a mouse, keyboard, touchpad, roller ball, etc.). Initially, the biometric sequence is analyzed to ensure that it is properly completed (e.g., the input device is properly moved, etc.). If the analysis indicates that the sequence has been properly completed, the user-generated biometric sequence is input (either directly or after vectorization based on predefined attributes) into at least one machine learning model that is trained using at least the biometric sequence generated during a training period.

In some cases, the at least one machine learning model may also be trained using data generated from other users (e.g., data characterizing the behavior of other users when performing the same or similar biometric sequences).

The output of the at least one machine learning model may, for example, be a score (e.g., a confidence score, etc.) that characterizes a likelihood that a user has generated a biometric sequence input via the computing device (either directly or via a peripheral device). In some cases, a score threshold (which may vary by user, or may adaptively vary based on user behavior) may be utilized that, when exceeded, indicates that the input biometric sequence was performed by the user. When the score indicates that the action is an action of the desired user, some or all of the biometric cryptographic keys may be made available. In some cases, each attribute of the biometric sequence may have a different key portion that is returned when it is successfully determined that such attribute indicates that the corresponding user behavior is that of the user.

Various types of machine learning models may be used, including models based on supervised learning, unsupervised learning, semi-supervised learning, and/or reinforcement learning. Further, as described above, multiple machine learning models may be used in parallel or in a cascaded arrangement in which the output of the model is used as an input (or part of an input) to other models. Supervised learning models that may be used include: random forests, nearest neighbor models, naive bayes, decision trees, linear regression models, Support Vector Machines (SVMs), and/or neural networks. Unsupervised learning models that may be used include k-means clustering, bayesian methods (including semi-parametric and non-parametric methods), statistical methods (such as bootstrap), and the like. Semi-supervised learning may combine elements in both supervised and unsupervised learning models. The reinforcement learning model may include a Q learning model, a Time Difference (TD) model, a deep confrontation network, and the like.

There are different types of authentication workflows that can be used in conjunction with the password-less techniques described herein.

In one workflow, the agent may be used to generate a biometric cryptographic key based on the biometric sequence, and may be used to obtain a domain password to create a stored encrypted password (based on a combination of the generated biometric cryptographic key generated during the training period and the user-provided domain password) that may be used for subsequent authentication once the user enters the same or similar (within a predefined score threshold, etc.) biometric sequence. Referring to process flow diagram 300 of FIG. 3, initially, at 310, a user attempts to log into an operating system (e.g., WINDOWS, etc.) of a client device and is presented with a login screen in a graphical user interface. Thereafter, at 320, via the graphical user interface and input device(s), the user passes the authentication workflow by executing the biometric sequence specified during the training period. The biometric sequence may be verified (i.e., it may be confirmed that the biometric sequence has been properly executed) and, in addition, other user behavior attribute data (which characterizes how the biometric sequence was properly executed). After successful authentication, at 330, it may be determined that the user needs real-time (in-line) encryption of the user's current domain password. Next, at 340, an additional screen may be presented in the graphical user interface to prompt the user to enter the domain password and then optionally confirm the domain password a second time. Upon successful validation of the domain password, the domain password is then securely provisioned on the client device based on the determination of the secure container(s) available for subsequent reuse, at 350. For example, the encrypted password value corresponding to the domain password may be stored locally in a secure container such as a Trusted Platform Module (TPM), or alternatively, if the TPM is unavailable, the encrypted password value may be stored in the HKLM registry.

Another authentication workflow involves subsequent logins where the encrypted password is decrypted using a biometric password key (derived from a user-generated biometric sequence in the computing device) collected in real-time. Referring to process flow diagram 400 of FIG. 4, initially, at 410, a user attempts to log into an operating system (e.g., WINDOWS, etc.) and domain of a client device. Thereafter, the user is presented via the graphical user interface with a login screen having an authentication workflow that prompts the user to enter a biometric sequence. Next, at 420, a user-generated input is received and it is determined that the user properly performed a predetermined biometric sequence forming part of the authentication workflow. Thereafter, at 430, it may be determined whether the user behavior when properly performing the biometric sequence indicates that the biometric sequence was performed by the intended user. For example, based on a set of predefined features (e.g., vectorized attributes, etc.) that can distinguish one user behavior from another to represent one user behavior, a confidence score can be generated for each feature by at least one model. When the confidence score is above an acceptable threshold (which may be fixed or variable), a portion of the biometric cryptographic key will be returned. This iterative process may be repeated until each input/action is scored, which results in all returned key portions being concatenated to become the final biometric cryptographic key. The locally stored encrypted value may then be decrypted (e.g., using the AES 256 algorithm, etc.) using the final biometric cryptographic key to produce a domain cipher at 440. Later, at 450, the operating system credential provider can log the user into the operating system and domain using the decrypted domain password.

Another authentication workflow involves scenarios in which a password has expired and/or an invalid password is repeatedly entered (causing the system to lock the user). Referring to diagram 500 of FIG. 5, at 510, a graphical user interface is presented to a user to allow him or her to attempt to log into an operating system and domain. Thereafter, the user performs the biometric sequence described above. Next, at 520, after the biometric sequence (in terms of sequence and user behavior) is successfully completed, the set domain password is extracted. The operating system then indicates that the password has expired or otherwise been invalid at 530. Then, at 540, it is determined that the user needs to re-provision the domain password online. Next, at 550, another screen is shown in the graphical user interface that prompts the user to enter a domain password and optionally then confirm the domain password a second time.

The domain password is then securely re-provisioned based on the determination of the available security containers at 560. The re-provisioning may include generating a confidence score for each feature based on a set of predefined features (i.e., vectorized attributes, etc.) that may identify one user behavior from another using at least one model. When the confidence score is above an acceptable threshold, a portion of the biometric cryptographic key will be returned. This process may be repeated until each input is scored and all returned key portions are concatenated to become the final biometric cryptographic key. The domain cipher is then encrypted using the biometric cipher key using, for example, the AES 256 algorithm. The encrypted cryptographic value may then be stored locally in a secure container, such as a Trusted Platform Module (TPM), if present. Alternatively, if the TPM is unavailable, the encrypted password value may be stored in the HKLM registry.

The operating system credential provider can log the user into the operating system and domain using the provided domain password.

FIG. 6 is a process flow diagram in which data characterizing a user-generated biometric sequence is received at 610 as part of an authentication process for identifying a user. The user-generated biometric sequence is generated by a user interacting with at least one input device according to a desired biometric sequence. Thereafter, at 620, if an output of at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., user-generated biometric sequences over a history of expected biometric sequences, etc.) is above a threshold, the user is authenticated using the received data and the at least one machine learning model. In some cases, the threshold is predefined (e.g., based on a confidence level). In other cases, the threshold may be based on another mapping from the output of the at least one machine learning model to the confidence level, and such mapping may change dynamically. Subsequently, at 630, data characterizing the authentication is provided (e.g., loaded into memory, stored, displayed, transmitted, etc.).

One or more aspects or features of the subject matter described herein can be implemented in digital electronic circuitry, integrated circuitry, a specially designed Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) computer hardware, firmware, software, and/or combinations thereof. These various aspects or features may include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device. A programmable or computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client server relationship to each other.

These computer programs (which may also be referred to as programs, software applications, components, or code) may include machine instructions for a programmable processor and/or may be implemented in a high-level procedural, object-oriented, functional, logical, and/or assembly/machine language. As used herein, the term "machine-readable medium" refers to any computer program product, apparatus and/or device, such as magnetic disks, optical disks, memory, and Programmable Logic Devices (PLDs), used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable data processor. A machine-readable medium may store such machine instructions non-transitory, such as a non-transitory solid-state memory or a magnetic hard drive or any equivalent storage medium. A machine-readable medium may alternatively or additionally store such machine instructions in a transient manner, such as a processor cache or other random access memory associated with one or more physical processor cores.

The computer components, software modules, functions, data stores, and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data required for their operation. It should also be noted that a module or processor includes, but is not limited to, a code unit that performs software operations and may be implemented, for example, as a subroutine unit of code, or as a software function unit of code, or as an object (such as an object-oriented paradigm), or as an applet, or in a computer script language, or as another computer code. Depending on the circumstances, software components and/or functions may be located on one computer or may be distributed across multiple computers.

FIG. 7 is a diagram illustrating an example computing device architecture for implementing various aspects described herein. Bus 704 may serve as an information highway interconnecting the other illustrated components of the hardware. A processing system 708 (e.g., one or more computer processors/data processors at a given computer or computers) labeled as a CPU (central processing unit) may perform the computations and logical operations needed to execute the program. Non-transitory processor-readable storage media, such as Read Only Memory (ROM)712 and Random Access Memory (RAM)716, may be in communication with processing system 708 and may include one or more programming instructions for the operations specified herein. Alternatively, the program instructions may be stored on a non-transitory computer readable storage medium such as a magnetic disk, optical disk, recordable storage device, flash memory, or other physical storage medium.

In one example, the disk controller 748 may interface one or more optional disk drives to the system bus 704. These disk drives may be external or internal floppy disk drives such as 760, external or internal CD-ROM, CD-R, CD-RW or DVD or solid state drives such as 752, or external or internal hard disk drives 756. As previously mentioned, these various disk drives 752, 756, 760 and disk controllers are optional devices. The system bus 704 may also include at least one communication port 720 to allow communication with external devices that are physically connected to the computing system or that are externally accessible via a wired or wireless network. In some cases, communication port 720 includes (include) or otherwise includes (comprise) a network interface.

To provide for interaction with a user, the subject matter described herein can be implemented on a computing device having a display device 740 (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) for displaying information retrieved from bus 704 to the user, and an input device 732 (such as a keyboard and/or a pointing device (e.g., a mouse or a trackball) and/or a touch screen) that the user can use to provide input to the computer Other computing devices such as a server may omit one or more of display 740 and display interface 724, input device 732, microphone 736, and input device interface 728.

In the description above and in the claims, a phrase such as "at least one" or "one or more" may be followed by a combined list of elements or features. The term "and/or" may also appear in a list of two or more elements or features. Unless implicitly or explicitly contrary to the context of its use, the phrase is intended to mean that any element or feature recited is listed alone or in combination with any other recited element or feature. For example, the phrases "at least one of a and B", "one or more of a and B", and "a and/or B" are all intended to mean "a only, B only, or a and B together". Similar explanations apply to lists containing three or more items. For example, the phrases "at least one of A, B and C," one or more of A, B and C, "and" A, B and/or C "are all intended to mean" a only, B only, C, A and B together, a and C together, B and C together, or a and B and C together. In addition, the use of the term "based on" above and in the claims is intended to mean "based at least in part on", thus also allowing functional features or elements not referenced.

The subject matter described herein may be implemented in systems, apparatuses, methods, and/or articles of manufacture according to a desired configuration. The implementations set forth in the foregoing description do not represent all implementations consistent with the subject matter described herein. Rather, they are merely a few examples consistent with aspects related to the described subject matter. Although some variations have been described in detail above, other modifications or additions are possible. In particular, other features and/or variations may be provided in addition to those set forth herein. For example, the implementations described above may be directed to various combinations and subcombinations of the disclosed features and/or combinations and subcombinations of several other features disclosed above. In addition, the logic flows depicted in the figures and/or described herein do not necessarily require the particular order shown, or sequential order, to achieve desirable results. Other implementations may be within the scope of the following claims.