1. Field of Invention
The present invention relates generally to the field of biometric-based authentication. More specifically, the present invention is related to biometric-based authentication in wireless communications for access control.
2. Discussion of Prior Art
In an age where electronic transactions are prevalent, safe-guarding data has become an important issue, thus giving rise to a myriad of security systems. Two of the common security systems used are password and personal identification (PIN) systems. Password systems require a user to provide the authentication system with a username and a password (both of which are unique to the user.) PIN systems on the other hand usually require a user to provide a code, usually referred to as the PIN code, for authentication purposes. Both the password and the PIN system can prove to be a nuisance to users in the event they forget their password or PIN code. Moreover, a user A can easily impersonate another user B if user A happens to get a hold of the password or PIN code (given either voluntarily or cracked through other means) of user B. One way to avoid such breaches of security is to implement a user-based physiological or behavioral characteristics as a means for authentication. This is the general idea behind biometrics.
Biometrics is the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physiological or behavioral characteristics that can be automatically checked.
In the above description, authentication is usually accomplished via a biometric device. A general description of the functionality of a biometric device now follows. First, the biometric device captures a profile of the characteristic and next, a comparison of the acquired profile is made with a stored profile or template. Lastly, upon successful matching of the captured and stored profile, the user is interfaced with the application system requesting authentication.
Biometrics, as described above and in FIG. 1, depend on physiological 104 or behavioral 106 characteristics of a person. Physiological characteristic 104 is a stable physical characteristic associated with a person. In other words, it is a set of physical characteristics (of a person) that does not change, in any considerable way, with respect to time. Some examples of physiological characteristics 104 that are stable and which can be utilized for authentication purposes include, but are not limited to: fingerprint pattern 108, retinal pattern 110, iris pattern 112, facial pattern 114, hand silhouette pattern 116, or blood vessel pattern on the back of the eye.
On the other hand, a behavioral characteristic 106 involves a person""s psychological makeup in conjunction with various other general physical traits such as sex and size. Examples of behavioral characteristics 106 that can be monitored include, but are not limited to: signature pattern 118, voice pattern 120, or typing pattern or keystroke dynamics 122. A general description of some of the physiological and behavioral characteristics are outlined below.
Authentication based on fingerprint: One of the most common biometric techniques, wherein users scan in a copy of their fingerprint and a comparison is performed by the authentication device as to whether or not the input fingerprint matches that of a stored fingerprint, corresponding to the same person. Some fingerprint authentication devices take it a step further and check for a pulse to combat problems posed by false-authentication via fingerprints that are not real.
Authentication based on hand geometry: An authentication querying system captures the physical characteristics of a user""s hand and fingers via a scanner and is matched with a stored template of the same user. Upon successful authentication, an action (like opening a secure door) is performed by the querying system.
Authentication based on retinal scanning: A scanner scans at close range a user""s retina (the image forming innermost coat of the black part of the eye ball) using a low intensity light, creates a eye signature, matches it with a stored retinal template, and performs a specific action upon successful authentication. It should however be noted that failure of a user to focus correctly results in inaccurate results.
Authentication based on iris scanning: An iris scanner scans unique random patterns of the iris (the colored part of the eye) and authenticates users based on comparing the consistency of the acquired pattern with that of stored patterns. Unlike retinal scanning, close range interaction is not required.
Authentication based on facial recognition: A facial recognition system scans (the features of a users face) and captures an image of the user""s face and compares it to a stored static facial image of the same user. Upon successful authentication, a specific action is performed by the facial recognition system.
Authentication based on signature verification: This authentication technique utilizes a pressure sensitive pen and a tablet to record a user""s signature. The system then compares it against stored samples of signatures corresponding to the same user, and upon authentication, performs a specific action.
Authentication based on voice recognition: Authentication in this technique is based on recognizing voice and speech characteristics (associated with a user) that are imperceptible and hence not replicable. Voice recognition systems typically require more memory for storing voice templates of users.
Hence, biometrics are beginning to play a critical role in authentication and security. Biometrics authenticate the user not based on what he can remember (like passwords, PIN""s, etc.), but rather use the user""s characteristics (or who the user is) to perform authentication.
FIG. 2 illustrates prior art biometric authentication system 200. A combination of two authentication scenarios are illustrated in this example. In the first scenario user 201 uses smart card 202, and in the second scenario, a scan for an biometric attribute is performed 208, on user 201, for further authentication. In the first scenario, user 201 inserts smart card 202 into smart card reader system 204. Then, the smart card reader system 204 extracts biometric profile 206 (stored in smart card 202) that is unique for user 201. Next, the extracted profile 206 is compared with profiles stored in database 212 to determine if a match exists. Furthermore, in the second scenario, a scan for attribute 208 (e.g., a retinal scan) is performed on user 201 and the system creates digital profile 210 of the measured attribute. Next, the measured digital profile is compared with digital profiles stored in database 212 to determine if a match exists, and upon successful matching, an action is performed (like opening a secure door).
The prior art scenario described above exposes some of the pitfalls associated with these authentication systems. A biometric template or profile associated with a user, as described in the above example, is either stored on smart card (first scenario) 202, which must be inserted into reader or scanner 204, or on server (second scenario) 212. One common problem associated with the first scenario is that smart card reader 204 in the authentication system processes information in a very slow and time consuming manner. Each time a card is removed from the user and placed in a reader, increases the chance that the card will be left in the reader or otherwise lost. The exposed contacts of smart cards and readers make them susceptible to dirt, grime and other contaminants, decreasing reliability. This is particularly an issue for outdoor verification, for example at automatic teller machines which are exposed to weather and vandalism.
One common concern associated with the second scenario is that storing the biometric profile in database 212 and accessing it over a network is not completely secure. In other words, the biometric data stored in databases accessible over a network is susceptible to attacks from intruders.
Thus, the prior art systems described above fail to provide a fast and secure way of accessing biometric profiles, and moreover none of the above mentioned systems provide for a system and a method for authenticating users in a wireless manner. Whatever the precise merits, features and advantages of the above cited references, none of them achieve or fulfills the purposes of the present invention. The current invention provides for a system and a method for wirelessly authenticating a user using acquired biometrics (e.g., fingerprint) and a locally stored biometric template. These and other objects are achieved by the detailed description that follows.
The present invention provides for a method and a system to wirelessly authenticate a user using a combination of biometrics (e.g., fingerprint) and a locally stored biometric template. By storing the biometric template locally, the current system reduces the chances an intruder can access biometric data.
A portable device is provided that can locally store a biometric template that can be used for authentication purposes. When a challenge is presented to the portable device, it can either wirelessly transmit the biometric template to the system presenting the challenge, or optionally it can measure the biometric, match the measured biometric with the stored biometric template and respond accordingly to the querying system. For example, the portable device could either transmit to a querying system a fingerprint template associated with the user, or optionally the portable device measures the fingerprint pattern of the user and matches it with the locally stored fingerprint template. Upon successful matching, the portable system sends an authentication message to the querying system.
In one embodiment, once a user is reliably authenticated by a portable device, the authentication status is temporarily maintained to perform various privileged activities based on renewing authentication status using various criterion or thresholds. But, once an unfamiliar pattern associated with the user is detected, a solid biometric authentication is required.