1. Field of the Invention
The present invention relates to authentication and security in networked computer systems. More particularly, the present invention relates to a method and an apparatus that uses biometric data, such as a fingerprint, to determine whether a user on a client computer system is authorized to access a service on a host computer system.
2. Related Art
As computer networks are increasingly used to link computer systems together, applications have been developed to allow a user on a client computer system to access a service on a host computer system. For example, a user on a client system may be able to access information contained in a database on a host computer system. Unfortunately, along with this increased accessibility comes increased potential for security problems. For example, communications between a client system and a host system can be intercepted and tampered with while in transit over the computer network. This may allow third parties or malicious users on a client computer system to gain access to a service on a host computer system without proper authorization.
A number of systems have been developed to ensure that users do not gain unauthorized access to host computer systems. Some systems prompt a user for passwords or a PIN numbers, before granting the user access to the host computer system. However, passwords and PIN numbers may be forgotten or may fall into the wrong hands. Additionally, using passwords and PIN numbers for security purposes places an additional burden on institutions because passwords or PIN numbers require additional machinery and human resources to deal with customers when customers forget passwords or PIN numbers, or when customers request that passwords or PIN numbers be changed.
As an alternative to passwords or PIN numbers, biometric authentication systems have been developed to authorize accesses to host systems. Biometric authentication systems receive a biometric input, such as a fingerprint or a voice sample, from a user. This biometric input is compared against a prerecorded template containing biometric data associated with the user to determine whether to grant the user access to a service on the host system. One such system is described in U.S. Pat. No. 5,280,527, entitled BIOMETRIC TOKEN FOR AUTHORIZING ACCESS TO A HOST SYSTEM, issued on Jan. 18, 1994 to inventors Gullman, et al.
Existing biometric authentication systems suffer from a number of shortcomings. For example, the system described in the Gullman patent stores templates locally, on the client system. This may be practical for small numbers of templates, and small numbers of client systems. However, it is not practical to replicate large numbers of templates across a large number of client systems, because storage space on client systems is typically limited. Furthermore, when new templates are added to the system, or when existing templates become invalid, updating numerous client systems to reflect these changes can require an undue amount of effort. For the above reasons, it is preferable to store large numbers of biometric templates at the host system, or at some other site that can be centrally administered.
However, storing templates on a host system presents its own challenges. In order to perform a comparison, a template must be transferred to the client system for comparison with a biometric sample, or alternatively, a biometric sample must be transferred to the host system for comparison with the template. In either case, templates or biometric samples must be transferred across a possibly insecure computer network, in which case the templates or biometric samples may be subject to surveillance or tampering. One solution to this problem is to encrypt templates or samples while they are in transit between host and client systems. However, such encryption may be subject to an attack on the encryption algorithm. Furthermore, this does not prevent a malicious user from tampering with a client system to gain unauthorized access to the host system.
What is needed is a system for transferring biometric samples or templates between a client system and a host system that is immune to an attack on the encryption algorithm and allows in-transit tampering to be detected.
Additionally, what is needed is a system for authenticating an identity of a user that allows biometric templates to be stored at a host or a central site, which can be centrally administered.