An aspect of this invention generally relates to data processing devices and more particularly to performing biometric authentication within a data processing device.
Data processing devices such as smart phones and personal computing systems often rely on biometric sensors to safeguard data. In general, biometric security systems allow a user to gain access if biometric information submitted by the user is authenticated by the device. A typical authentication process relies on matching the biometric information submitted by the user with a previously established and stored template, which is a data representation of a source biometric sample. Authentication algorithms may include complex computations that require higher levels of processor capabilities to minimize latency issues. The complexity and corresponding power resource requirements may be calibrated to achieve an acceptable False Acceptance Rate (FAR) in view of the limited battery power and processing capabilities on a mobile device. A FAR with a low threshold may allow false or spoofed biometric inputs to attack a trusted biometric system. For example, typical biometric authentication security solutions have a FAR of approximately 1%. This corresponds to a 99% chance that a false, spoofed, or unclear biometric input is identified by the system as not matching the template and a 1% chance that the false, spoofed, or unclear biometric input is identified by the system as matching the template. The unclear biometric input may correspond to a biometric input from the authorized user that is incomplete and/or distorted. For example, a fingerprint from a dirty finger of the authorized user or a scratch on the fingerprint input device may cause the biometric authentication system to identify the fingerprint of the authorized user as an unauthenticated fingerprint. As a number of false inputs supplied to the biometric authentication system increases the probability of gaining unauthorized access to the device also increases. For example, in a pass along attack, multiple unauthorized users provide biometric input until access to the system is achieved due to the FAR. With an FAR of 1%, a sequence of 500 false inputs results in a probability of approximately 99.4% (e.g., 0.994≈1−(1−0.01)500) that an unauthorized user will gain access to the electronic device. Additionally, in response to an attempted hack attack or repeated unsuccessful attempts at authentication, some authentication algorithms may disable an input device or otherwise prevent or limit access to the device which may be inconvenient for an authorized user falsely identified as an unauthorized user.