In order to enhance the security of authentication systems, biometric methods are increasingly being deployed to validate the authenticity of users that want to access systems or other protected environments. By means of such biometric methods, the identity of a person is not only tied to something a person knows, e.g. a password or PIN, or something a person has, e.g. a smart card, but also to something a person is. Typical biometric technologies encompass among others fingerprint recognition, hand recognition, face recognition, voice recognition and signature recognition. Usually, a user or person is enrolled to the biometric system by capturing samples of the respective biometry. In the case of fingerprint verification, for example, this requires the scanning of the fingerprints of a user. This is often called template generation. This enrollment data is then stored someplace and used as reference data for later verification.
Common biometric systems store this reference data on servers so that authentication requests can be fielded from any connected computer system. In such systems the scanned biometric data is sent to the server for matching purposes. If sufficient similarity between the enrolled reference data and the submitted scan is detected, access is granted, e.g. to IT-systems (logical security) or buildings (physical security).
Due to privacy concerns, increasingly more biometric technology providers are moving their matching engines closer to the user, away from the servers. In the ideal scenario, the matching is performed totally under control of the user. However, in order to ensure that no bogus biometric authentications occurs, e.g., initiated by attackers providing false biometrics to the system in order to gain unauthorized access to some systems or buildings, the user-centric matching must be sufficiently secured from tampering. This is achieved by bringing the biometric match engines onto secure hardware tokens that cannot be altered by their users. Typically, smart cards are employed for this purpose. In this case, the user is enrolled in a controlled environment, e.g., a passport issuing office, the biometric reference data are stored on a smart card together with some machine-readable credentials that ascertain later as to the authenticity of the card. Typically, public key technology is employed to this purpose. Other means, such as shared secrets, may also be utilized. After enrollment and personalization of the card, the card is handed to the user who may then use it later for authentication attempts to logical or physically protected environments, e.g., at border crossings. The process of access then proceeds as follows: The user approaches a scanner for a supported biometric, presents the security token and has his or her biometric scanned. Then the biometric data are sent to the card, which performs the matching locally inside of the card. If this process has been concluded successfully (a match occurred, i.e., sufficient similarity between the stored biometric reference data and the newly presented biometric data has been confirmed), the machine-readable authentication means, e.g., the shared secret or the private key are activated for use with the system to-be-authenticated-to. If the smart card does not determine a biometric match, it will refuse to authenticate to the system, and access will be refused for the bearer of the card (who may be not the legitimate owner). Thus, the same purposes as with a server-based biometric matching system are achieved, but with the difference that the biometric data of the user do not leave his immediate vicinity.
It is an object of the invention to provide improved solutions for biometric authentication, in particular solutions with enhanced security.