The present invention pertains to personal identification systems, and more particularly a number of systems for the generation of unforgeable identification data and subsequent comparison of continuously or intermittently generated identification data in order to protect access to certain systems and devices.
Security is becoming increasingly important as society relies more and more heavily upon information--its storage, communication, creation, transfer, and withdrawal. As the volume of information increases, so too does the number of storage sites, communication devices, and transfer and withdrawal sites.
As the volume of information and the value of information increases, so too does the motivation for theft. Theft of information is at present estimated to be a multibillion dollar industry.
Governments, corporations, and other entities recognize the need for access protection. They regularly spend millions of dollars for protection systems to protect their classified and sensitive information from unauthorized access, but no prior device exists to intermittently or continuously determine the authenticity and authorization of a person who is remotely accessing a database to read it or update it, or who is entering a transaction into an information processing system.
Additionally, it is rapidly becoming more desirable to restrict access to certain systems and pieces of equipment which have nothing to do with information security. For instance, the computer-based gaming (i.e., gambling) industry is being restricted in growth because access systems are not yet able to ensure non-use by minors. Fraudulent use of cellular phones by unauthorized users accounts for yearly losses estimated to exceed one hundred million dollars. Other systems in which access restriction is a problem unsolved in the art include military weapons systems, nuclear power plant controls, aircraft, locomotives, ships, and spacecraft, among many others.
There are many methods and systems whose sole purpose is the protection of certain equipment or systems from unauthorized user access. These protection systems include but are not limited to magnetic strip cards, Personal Identification Numbers (PINs), so-called "smart cards," passwords, keys, magnetic keys, and so on. All of these systems rely upon a piece of information or a physical artifact, in the possession of a rightful user, for access to be gained. The problems with this approach are evident, and examples of such problems are as follows. The information or artifact may be extracted from a rightful user under duress, the access-required information may be stolen through surveillance, or the physical artifact may be stolen and possibly even duplicated. Any of these possibilities would allow a fraudulent user to pose as a rightful user.
Other access protection systems employ certain physical traits, measurements, and other characteristics specific to a particular user. These physical characteristics are generally referred to as Biometric Data. These data include, but are certainly not limited to, palm, thumb, or fingerprints, voiceprint, digital photo, dynamic signature, sonic pulse signature, hand geometry, biochemical analysis, retinal scan, keyboard typing pattern, body measurements (e.g., height, weight, density, wrist width, etc.), signature analysis, and so on. As technology advances, the variety and accuracy of such data should increase.
Typically, biometric authentication systems store a prospective user's traits or characteristics for future reference. When the user initially seeks access to the protected system, his biometric data are again taken, then compared to the reference data previously stored. If the two sets of data are acceptably close in nature, user access is granted. If the two sets differ by more than a preset acceptability tolerance level, user access is denied at the very outset.
Some of these biometric authentication systems store the user's reference data on a smart card to be carried by the user. This presents problems regarding loss, theft, or tampering, although some versions encrypt the reference data to hinder tampering. Still others store the reference data in a reference "library," often off site. These libraries of data can be, and often are, encrypted for additional protection.
A number of biometric authentication systems, regarded as relatively more highly effective, employ a variety of biometric authentication devices (which may be abbreviated as BAD's). For instance, voiceprint analysis may be used in conjunction with hand geometry, e.g. a user may place his hand upon the reader and state his name. The comparison takes place and the user, if authentic, is admitted. Additional biometric devices may be employed, but this renders the system more difficult to use and raises the problem of "user-unfriendliness."
The problems with biometric authentication systems, as they exist now, are basically of two categories. First, they are decreasing rapidly in security effectiveness due to improvements in technology and increased ingenuity of adversaries. Second, they are user unfriendly and often intimidating to rightful users since such systems exist as an artificial barrier to a user attempting to use a protected system or device.
Present biometric authentication systems, no matter how sophisticated, basically act as a "gate" to a protected system. Once a prospective user gains entry to a protected system or access to a protected device, the user stays in, unchecked. The user is then free and clear. Technology can, in such systems, be made to work for non-rightful users, and such non-rightful users are often clever. A short term biometric "charade" (false credentials) can be manufactured. The charade need only be short term since only the initial check need be fooled. For instance, digital recording and playback devices may fool a one-time voiceprint analysis. Such a "charade" is difficult enough to sustain for a once only check--to be required to sustain it indefinitely could increase the difficulty to near impossibility. Therefore, if biometric checks are increased in duration and/or number, security would be enhanced.
Also, user substitution presents a similar problem. An authorized user, upon gaining entry to a protected system, could then turn the system over to an unauthorized user. Continuous or intermittent periodic biometric checks would eliminate this problem. Continued use of a protected system or device would be directly dependent upon continued "passing" of such intermittent biometric tests, especially if performed at random intervals.
As to the user-friendliness aspect of such continuous testing, since continuous checks must be made of the user, it would be preferable to make the biometric sensors less distracting by incorporating them into the system or device to be protected. This could, for example, include integrating the present invention into the user interface, thereby making the user subject to passing the biometric threshold each and every time the user interacts with the system.