Not Applicable.
Not Applicable.
The present invention relates in general to biometric identification of users of computerized workstations, and, more specifically, to continuous monitoring of a user""s identity while consuming a reduced level of computer processing resources.
Biometric authentication involves the use of physical and/or behavioral characteristics of individuals to identify them and to control access to places or things, such as ATM""s or other computerized equipment or specific applications running on that equipment. Biometrics has certain advantages over conventional authentication techniques (e.g., user IDs and passwords, PIN codes, and encoded identification cards) since there is nothing to remember or to carry which might be stolen. Based on an original measurement of a biometric characteristic (i.e., enrollment), a person""s identity can thereafter be verified automatically when accessing a resource by re-sampling the characteristic and comparing the biometric data with the enrollment data. If a sufficiently close match is found, then the identity is verified. In addition to verification of an identity, biometric systems can also be employed to compare biometric data from an unidentified person with a database of biometric samples of a group of individuals in order to identify that person from the group.
After a biometric sensor acquires raw data of a desired characteristic, the data is typically processed mathematically in order to extract and format the meaningful features and to compress the data. Comparison of the processed verification or identification data with previously processed and stored enrollment data typically involves a mathematical analysis to quantify the xe2x80x9cclosenessxe2x80x9d of the two data samples. A sensitivity threshold is chosen to delineate how close the samples must be in order to call them a match.
When an identification error occurs, it can be either a false acceptance (i.e., false positive) or a false rejection (i.e., false negative). A false acceptance rate (FAR) and a false rejection rate (FRR) are defined as the percentage at which these error occur for a given biometric system. By varying the sensitivity, it is possible to reduce one of the error rates, but the improvement comes at the expense of increasing the other error rate. Consequently, a crossover error rate (CER) has been defined as the error rate obtained when the sensitivity is adjusted such that the FAR and FRR are equal. The lower the CER, the better the accuracy of a biometric system.
Among the many biometric technologies that have become available are fingerprint analysis, hand geometry analysis, retina scanning, iris scanning, signature analysis, facial recognition, keystroke analysis, and voice analysis. Biometric authentication can be applied for security/access control in a wide variety of applications, some of which require only an initial authentication in granting access and others which use repeated, substantially continuous re-authentication during the time that access is granted. For example, in distance learning applications, a student accesses a teaching program using a networked computer to view live or recorded lectures and class materials. Especially when a test is given, it is necessary to verify that the person taking the test is the proper one and that the proper person stays in place at the computer workstation while the test is being taken.
Because of the computationally intensive nature of biometric identification, a more accurate biometric identification system tends to require more computer processing resources that a less accurate system. Computer processing resources may include computer CPU time, computer memory space, and operating system overhead on the user""s computer system as well as network traffic volume and CPU time, memory, and system overhead on network servers when implemented using a network (e.g., the Internet). When continuous or repeated identity verifications are conducted, the total processing load may become quite large because of the re-sampling, processing, and matching analysis that is required. Depending upon the processing capabilities of the particular computer workstation, both the biometric operations and the protected application itself may suffer from degraded performance thereby disrupting the intended system utilization.
Some biometric systems require a deliberate, cooperative action to be taken by a subject in order to collect biometric sample data (e.g., placing a finger on an imager, looking into a camera, or writing on a touch pad). While such a required action is acceptable for a one-time authentication is may not be acceptable because of the disruption it would cause if continuous or repeated authentications are being used, such as in a distance learning application.
The present invention provides advantages of increased convenience and reduced load on processing resources in a continuous or repeated biometric authentication system. Two distinct biometric comparisons are used, wherein a first biometric is adapted for providing an initial identification of a user at the beginning of a session on a protected computer application and a second biometric verifies the continued presence of the same user.
In one aspect of the present invention, a method is provided for verifying an identity and a continued presence of an individual at a computer workstation during execution of an application on the computer workstation. A first biometric sample of an individual proximate to the workstation is gathered at a first time. A first identity is established corresponding to the first biometric sample using a first biometric comparison, wherein the first biometric comparison consumes a first processing load. The application is executed in conjunction with the first identity. A second biometric sample of an individual proximate to the workstation is gathered at a second time following the first time by a delay. A second identity is established corresponding to the second biometric sample using a second biometric comparison, wherein the second biometric comparison consumes a second processing load which is less than the first processing load. The application conditionally continues to execute in conjunction with the first identity if the second identity matches. In another embodiment, the difference between the first and second biometric comparisons is that the first requires a dedicated, cooperative action while the second does not.