1. Field of the Invention
The present invention relates to apparatus and methods for use in providing a security check. It has particular utility in relation to apparatus which uses recognition methods which rely on a data sequence which varies unpredictably from one use to the next.
2. Description of Related Art
Known security checks control, amongst other things, access to a building, access to a secure computer system or allow an authorised person to withdraw cash from his or her bank account. Normally, a user is required to enter an alphanumeric password (this may be for example a Personal Identification Number associated with the authorised person""s bank account). If the password tallies with a stored password associated with the authorised person then the user passes the security check. Problems arise where an unauthorised person learns the passwordxe2x80x94that person is then able to pass the security check easily.
More recently, the use of digital signatures rather than alphanumeric passwords has been suggested. Many types of digital signature reflect a physiological characteristic (known as a biometric) of a person. The physiological characteristic underlying these signatures cannot be provided by another personxe2x80x94hence a biometric-based digital signature offers greater security than conventional passwords. Biometrics that have been suggested include fingerprints, voice samples, retinal scans and iris patterns. Other types of digital signature, such as a digitised version of a person""s written signature, have also been considered.
In contrast to an alphanumeric password, the probability of obtaining exactly the same digital signature from, for example, a biometric or a written signature in any two attempts is often low, and recognition based on such inconstant digital signatures relies on obtaining a digital signature which is sufficiently close to a reference digital signature. For example, in relation to iris recognition, the differences between measured iris codes typically result from differences in camera set-up, illumination level variations, or because of partial eyelid closure or debris or dust on spectacles, etc. In the case of written signatures, differences in the digital signature occur not only because of differences in data capture but also because of variation in the written signatures themselves.
European patent application 0 392 159 discloses a written signature verification method in which a user""s written signature is compared to a reference signature supplied by an authorised person who the user is purporting to be. The reference signature is supplied during an enrollment procedure. If there are significant differences between the instant signature provided by a user and the reference signature provided by the authorised person the user is purporting to be, then the user is regarded as an impostor. If the two signatures are extraordinarily similar then the signature is regarded as a forgery. Only if the differences between the reference signature and the user""s signature are of the degree expected is the user verified to be the authorised person.
A problem common to many security checks is that the level of security that can be provided on enrolling an authorised person cannot be matched in locations where a user may subsequently attempt to pass the security check. For example, in a system enabling remote users to access a shared resource, the password or digital signature on which the security check relies must be sent across communications links before being checkedxe2x80x94this situation might for example arise in relation to automated teller machines provided by a bank. Furthermore, in some situations the apparatus which digitises the written signature or biometric is vulnerable to being altered in order to facilitate unauthorised access. For example, an unauthorised user might connect a digital memory inside a point of sale device in order to learn the passwords or digital signatures of authorised persons who subsequently use the device.
One way to avoid the above problems is to timestamp each password or digital signature before sending it. However, the provision of a timestamp requires the distributed nodes of the system to be synchronisedxe2x80x94this is both difficult and expensive to implement.
According to a first aspect of the present invention there is provided a method of determining whether a person is authorised to pass a security check on the basis of an inconstant digital signature, the method comprising the steps of:
comparing an instant digital signature provided by a person attempting to pass the security check with a stored digital signature;
identifying the person as the person who provided said stored digital signature responsive to said comparison revealing said signatures to be sufficiently similar; said method being characterised by;
comparing said instant digital signature and one or more previous digital signatures provided in previous attempts to pass the security check; and
invalidating the identification responsive to said comparison revealing said instant signature to be improbably similar to one or more of the previous signatures.
By arranging the apparatus to check that an inconstant digital signature does not match a previously submitted version of the signature too closely, the danger of an eavesdropper being able to gain unauthorised access to the system is reduced.
In some embodiments, the identification is invalidated only on said instant signature being identical to a previous signature. In this case, an eavesdropper who exactly copies a previous digital signature will be denied passage through the security check, whilst the chance of an authorised person being denied access mistakenly is reduced.
In other embodiments, the identification is also invalidated on said instant digital signature closely matching one or more previous signatures. This has the advantage or thwarting unauthorised users who attempt to breach the security check by using, for example, a cast of a finger to provide a fingerprint, or a photograph of an eye to provide an iris pattern or a facsimile of a written signature.
In preferred embodiments: comparing the instant digital signature with the reference signature involves calculating a first measure of similarity between the instant and reference signatures; the user is identified as an authorised person on the first measure of similarity exceeding a predetermined first threshold; comparing the instant digital signature with one or more previous digital signatures involves calculating one or more second measures of similarity between the instant and previous signatures; and the identification of the user is invalidated on the second measure of similarity exceeding a predetermined second threshold higher than the first and one or both of said first and second thresholds are adaptable. This provides an advantage that differences between authorised persons in the inherent deviation in their digital signatures can be compensated for. In addition, differences in an authorised person""s digital signature that might occur owing to location or time could be compensated for in this way.
According to a second aspect of the present invention, there is provided apparatus for use in providing a security check, said apparatus comprising:
input means for receiving a digital signature provided by a user;
first storage means for storing one or more reference digital signatures and respective associated information items identifying the authorised users who provided the reference signatures;
second storage means for storing previous digital signatures obtained in previous recognition attempts attributed to the identified authorised user; and
first processing means for accessing the first storage means, comparing a received digital signature with one or more reference digital signatures and, in the event a measure of similarity between the received digital signature and a reference digital signature exceeds a first predetermined threshold of similarity, identifying the user as the originator of the received digital signature,
second processing means for accessing the second storage area, comparing the received digital signature with previous signatures associated with previous recognition attempts attributed to the identified authorised person and invalidating the identification in the event a second measure of similarity between the received digital signature and a previous digital signature exceeds a second predetermined threshold.
By additionally considering the similarity between digital signatures submitted in previous recognition attempts, the apparatus offers a higher degree of security than that offered by known security check apparatus.