Magnetic strip cards have been widely used for controlling access by individuals to information, rooms and financial transaction instruments. Typically, the individual must “swipe” the card through a magnetic strip reader and provide a personal identification number (PIN) in order to be identified as an authorized user of the card. This system suffers from several disadvantages, including the tendency of individuals to forget an assigned PIN number, or to seriously compromise the security of an assigned PIN number by writing it down in close proximity to the card. Similarly, individuals have a tendency to select PIN numbers that are easily remembered and that often have a personal significance, such as a birth date, which PIN numbers are easily guessed by an unauthorized individual. Accordingly, magnetic strip cards are convenient, but do not provide a high level of security.
Tokens, such as for instance a smart card having a microprocessor and a memory, are being used increasingly for controlling access to information, buildings and financial transactions. Typically, the smart card has stored within its memory a biometric information sample of the authorized user of the smart card, for instance a fingerprint image. When the authorized user of the smart card desires access to an area or to information, the user provides a biometric information sample in the form of a fingerprint for comparison with the stored fingerprint image, and if a match is determined, the user is identified and access is granted. Unfortunately, the processors that are provided on such smart cards are relatively slow and generally unsuitable for performing the types of floating point calculations that are necessary in order to, for example, rotate and process fingerprint image data.
One approach to reducing the processing requirements of the smart card processor is to do some of the image processing for use in biometric recognition in a first host processor and then to pass the processed data to the smart card for a final stage of recognition. Such an approach is discussed in patent application WO 01/11577 assigned to Precise Biometrics and in patent application WO 01/84494, also assigned to Precise biometrics. In these references, a method is disclosed wherein a processor external to the smart card pre-processes biometric information to extract therefrom a small subset of the biometric information—a portion of an image of a fingerprint—in order to reduce the amount of processing required on the smart card processor.
In patent application WO 01/11577, it is disclosed to transmit this subset of biometric information in the place of the PIN that is commonly used to access information stored on a smart card. In reality, the subset of biometric information becomes the new “PIN” and is merely a larger PIN that is more difficult to guess. That said, once the PIN is guessed successfully, security of the smart card is compromised and the device and method are rendered useless.
Also, the use of a subset of, for example, a fingerprint image as a PIN is difficult. Fingerprints and other biometric information sources are not truly repeatable in nature. A fingertip may be dryer or wetter. It may be more elastic or less. It may be scratched or dirty or clean. Each of the above listed conditions affects the fingerprint image and, as such, means that the image subset may very well differ. Typical PIN analysis requires provision of the unique and static PIN. Here, such a method will result in a system that is very inconvenient to use.
In patent application WO 01/84494, it is disclosed to transmit to the first host processor a portion of the stored biometric information sample for use in alignment and subset extraction. Then, when the subset is provided to the smart card, it is already pre-processed and only a small portion of the original data sensed from the biometric information sample of the authorized user requires processing. The reduced amount of data for processing by the smart card processor results in a reduced processing time and, as such, enhances performance. Unfortunately, once the subset is guessed successfully or intercepted, security of the smart card is compromised and the device and method are rendered useless.
Furthermore, although there is little correlation between an individual and the fingerprints they are born with, there is within a single fingerprint a significant amount of correlation. The same is true of irises, retina, faces, and so forth. Taking a face as an easily illustrated example, it is easy to verify that most people fall within a norm of values for certain facial features given other facial features. For example, given a placement of one eye, the other eye is usually within an easily estimated range of locations, orientations and colors. The same is true for fingerprints, in that once you have a fingerprint image that is missing a small rectangular area, the randomness of what is in the missing area is changed from the randomness of fingerprint assignment to a much lesser randomness allowing for guessing of features therein with more likelihood of success. As such, security is greatly compromised by the method described supra.
Another drawback to the prior art method is that it makes public a large portion of the biometric data and, as such, renders updates or improvements to user identification processes limited to operation on those private areas of the biometric data. This too is a significant drawback.
It is an object to provide a method of identifying an individual that overcomes the limitations of the prior art.