1. Field of the Invention
The present invention generally relates to a method and apparatus for authorization based on biometrics, and more particularly, to a method and apparatus for secure authorization using biometrics but without invasion of a subject's privacy. The invention is also equally applicable to other biometric functions such as identification.
2. Description of the Related Art
The need for personal recognition is a basic requirement of society which has existed for thousands of years. There are a number of activities in today's society which require identification including writing checks, making credit card purchases, authorizing a contract to purchase a home or car, obtaining pharmacological products, obtaining physical access to a building, submitting taxes, becoming married, etc.
Authentication techniques which an individual may use today can be divided generally into four major categories:                1) Something possessed—a physical object that a subject carries such as a key or a badge;        2) Something known—a password or personal identification number (PIN) or sequence which must be remembered, or answers to personal (or presumably familiar) questions or problems (e.g., birth date, mother's maiden name, etc.);        3) A physical characteristic—a fingerprint, hand geometry, retinal scan characteristics, dental records, facial characteristics, or voice features (vocal tract effect, pitch); and        4) Acquired characteristics–a manner of signing a document or of writing a text, accent, way of speaking (prosody, use of words etc.)        
Some of the above methods require cooperation of the user (e.g., writing a text, answering a question, speaking, signing a document, undergoing a physical inspection such as for dental or retinal characteristics, etc.), while others can be more passively acquired. However, each method by itself has certain drawbacks.
For example, a key or badge is external to a person and can be lost, stolen or shared with other individuals, and therefore does not ensure that the person in possession of the key is the same person who is authorized to obtain access.
The use of passwords or PIN numbers has been accepted as one means of personal identification. However, passwords must be remembered and can also be shared. Thus, security can be breached. Further, passwords preferably should be long for enhanced security protection. However, lengthy passwords are hard to remember. Moreover, the average number of passwords people have to remember is growing annually. This is problematic.
Examples of the proliferation of passwords include E-mail, Phone Mail, Bank ATM card, Credit Card PINs, Calling Card PINs, Internet Access Password, Stock Account Password, Bank account password, car alarm password, etc.; each is prevalent in society. As a result, account holders must physically record (e.g., write down) each of their passwords and PINs which is a clear threat to security.
Moreover, the use of a single password for several applications is often impossible as each application may assign a password or have different rules for the methods of selection and also the frequency with which passwords must be changed.
Further, in some cases, password protection has been compromised by thieves and others directly observing or filming passwords as they are being input (e.g., keyed in). These practices are used frequently to obtain calling card passwords, and may include use of false ATM machines, or phone line tapping.
A biometric print (i.e., stored in some database and used to perform biometric recognition) of a subject (e.g., person, animal, object, etc.) is based on, in the case of a person, a unique physical characteristic such as a fingerprint, retinal pattern, DNA, hand geometry, dental characteristics, voice characteristics, and the like. It is unique (to a certain degree) and cannot be lost, stolen or shared with another person. Therefore, if used properly, it can provide a higher level of security, or at least can be used as a basis for a mechanism for ensuring a higher level of security. Depending on the measured biometric, cooperation of the person may or may not be required.
However, acquiring biometrics of a subject typically requires the subject to perform an action. The advantage of this approach is that it only works if the person chooses to cooperate.
Unfortunately, a major drawback of the use of biometrics is the loss of privacy that a person suffers when he/she provides a network or organization his/her biometric identity. Indeed, there have been many examples in society where personal information has been used by organizations with dramatic negative impact on society. Therefore, in a democratic society, the need to provide a security for one's personal identity is and will continue to be important.
Furthermore, a common practice for many commercial corporations is to sell to other companies customer data including marketing surveys, demographics, etc. As a result, many people are emphatic about not having their biometric characteristics known by such commercial companies nor any company (as any company can change policies or be purchased by another company with different moral and ethical standards).
Thus, prior to the invention, there has been no method or apparatus which can provide secure authorization using biometric information, while unobtrusively and non-invasively using biometric data in such a manner that the biometric data is not shared with another party (e.g., either a party requesting authorization or a third party).