Mitigating mobile OS intrusions from user space applications using secure services and biometric identification

摘要

A method for mitigating intrusions to a mobile operating system (OS) that begins with the instantiation of secure services and corresponding data in secure service partitions by a secure multivisor running on a mobile device running a secure real-time operating system (RTOS). One of the secure services can be a biometric security service having corresponding biometric data defining a user's identity. The secure multivisor can instantiate a user space partition running a virtual machine with a guest OS having installed client software applications. When the virtual machine, a client software application, or a user requests interaction with the secure RTOS that meets a predefined privilege threshold, the biometric security service can determine the biometric identity of the user. When the determined biometric identity of the user matches a required biometric identity of the interaction, the biometric security service can allow the interaction with the secure RTOS.