The present invention relates to access control, and more particularly access control based on biometric analysis, i.e. an analysis of individual physical characteristics.
In order to guarantee the security of certain information an access control of people can be implemented on the basis of a biometric analysis of people. These controls can be based on an analysis of morphological characteristics such as for example fingerprints, retina, iris or face, or also on an analysis of behavioural characteristics, such as for example characteristics related to signature dynamics, or also to keystroke dynamics. These controls can also be based on a combination of these different types of analysis.
The general aim of the implementation of such access controls is the protection of information which only a defined group of people is authorized to access. This information can be located for example on a physical site and in this case the access control consists of controlling the physical access of a person on this site. They can also be accessed via a computer system and in this case the access control consists of controlling the access to this computer system.
Whatever the type of information and the type of access to this information, a biometric control system generally comprises an access control server which manages a database storing the comparison signals corresponding respectively to the individual characteristics of the people authorized to access this information. It also comprises a plurality of access control sensors which are suitable for collecting a biometric signal for control relating to a person who wishes to access the information, and to cooperate with a transmission device so as to transmit the collected biometric signal to the control server. For example, when the biometric access control is based on the characteristic of a fingerprint, the comparison signals correspond to the digital images of fingerprints of the group of people authorized to access the information or people authorized subsequently. Thus, during access control of a person, the latter positions his finger on one of the access control sensors of the system. An image of the fingerprint of this person is then captured, then transmitted in the form of a biometric signal to the control server which is then in a position to compare the received collected biometric signal and the comparison signals stored in the database, in order to determine if the person wishing to access the information is part of the group of people authorized to do so.
A biometric signal comprises the individual characteristics which do not change, or change very little, over time. Thus, it is important to protect the confidential character of such biometric signals in such access control systems.
To this end, document U.S. Pat. No. 6,836,554 discloses a control system in which the comparison signals and the collected biometric signals to be verified are stored and manipulated in a transformed form, obtained by applying a non-invertible transformation function to the collected biometric signal. More precisely, in order that the control server learns the comparison signals with which the signals collected during an access control are compared, the sensor collects, in an initialization phase, a biometric signal of an authorized person, then this collected signal is transformed by applying a transformation function corresponding to the person who is to be verified, before being sent, thus transformed, to the control server. The latter stores it in order to be able to carry out an access control by comparing the received signal and the stored signals.
In this way, the server directly stores the comparison signals in a transformed form which corresponds to the form according to which it also receives the respective collected signals.
Thus, a potential attacker can only intercept a transformed biometric signal because the stored and exchanged signals are in a transformed form. Moreover, a potential attacker is not in a position to restore the original biometric signal from the transformed form of an intercepted biometric signal because the transformation function which has been applied has a non-invertible character.
On the other hand, if a potential attacker retrieves a comparison signal in the database or also intercepts a biometric signal to be verified during its transmission between a sensor and the control server, he is then in a position to replay this transformed intercepted biometric signal in any context in order to access the protected information.
Document U.S. Pat. No. 6,836,554 proposes, in the case where the security of such a system is compromised by an attack based in this way on replaying a transformed biometric signal, replacing the transformation function corresponding to the transformed biometric signal with a new transformation function.
However, in such a case, it is then envisaged that the server learns the new transformation signal corresponding to an authorized person, as in the initialization phase described above. This results in a complexity and slowness of such a transformation function change management because a new input of the comparison signal is then required.
The present invention aims to overcome the above-mentioned drawbacks.