The present invention generally pertains to biometric security systems. More specifically, the present invention pertains to biometric security systems that provide an enhanced defense against unlawful hackers and other system attackers.
Within a typical biometric security system, there are at least two operations, enrollment and authentication. The operation of enrollment encompasses the original sampling of a person's biometric information, and the creation and storage of a match template (a.k.a., an enrollment template) that is a data representation of the original sampling. The operation of authentication includes an invocation of a biometric sample for the identification or verification of a system user through comparison of a data representation of the biometric sample with one or more stored match templates.
Biometric information is, by nature, reasonably public knowledge. A person's biometric data is often casually left behind or is easily seen and captured. This is true for all forms of biometric data including, but not limited to, fingerprints, iris features, facial features, and voice information. As an example, consider two friends meeting. The one friend recognizes the other by their face and other visible key characteristics. That information is public knowledge. However, a photo of that same person ‘is’ not that person. This issue similarly applies, electronically, to computer-based biometric authentication wherein a copy of authorized biometric information is susceptible to being submitted as a representation of the corresponding original information. In the context of biometric security applications, what is important, what enables a secure authentication, is a unique and trusted invocation of an authorized biometric.
A key issue confronting biometric authentication for security applications is providing some sort of assurance that the biometric sample being processed during authentication is a true and trusted sample. Numerous known biometric security systems are susceptible to being duped because a data representation received by a security processor during authentication is actually a fraudulent invocation of biometric information. For example, an individual in possession of a copy of authorized biometric information can submit the copy during authentication to gain unauthorized access. In a particularly dangerous scenario, an individual in possession of an electronic copy of authorized biometric information can fraudulently bypass the physical collection of biometric information and directly submit the copy to an electronic security processor during the operation of authentication to gain unauthorized access.
To ensure a trusted invocation of biometric information, data integrity should be maintained during each stage or level of the authentication process. The integrity of any transfers of information between a capture device and a processor, and between a processor and any subsequent applications, should be maintained. In particular, the processor responsible for receiving and processing biometric information submitted by a user should be able to ‘trust’ the biometric data it receives. In other words, there should be a trusted relationship between a device that gathers a user's biometric information (i.e., a fingerprint scanner) and a security processor responsible for processing that biometric information.
Ensuring that access is granted only upon unique and trusted invocations of authorized biometric information is a challenge relevant to most all biometric security systems.