In the last decade, the rapidly decreasing cost of computers, coupled with simultaneous performance gains, as well as the growing availability of inexpensive access to high speed telecommunications, have resulted in a dramatic jump in the installed base of computers and broadband telecommunication connections both in consumer and commercial areas.
The proliferation of computers and low-cost high-speed telecommunications, also led to an ever-growing increase in the amount of information exchanged between various parties, within and between circles of individuals ranging from social groups (friends, family), to government, educational and corporate organizations.
In addition, the explosive growth of versatile personal communication devices (such as, for example, cellular telephones equipped with a myriad of functions) has arguably eclipsed the above-noted rise in availability of computers with high speed telecommunication connections. With each month, new personal communication options become available to consumer and organizational users, most often embodied in mobile telephones that are smaller, more powerful, and with a more impressive list of features, than comparable models released mere weeks ago.
Not surprisingly, these trends have led to an unprecedented escalation in demand for solutions related to secure transmission of information between various parties (e.g., electronic data transmissions, voice communications, etc.), and also for solutions related to controlling access to secured stored content (e.g., ranging from personal information, such as photographs, to content generated and owned by corporate, government and educational organizations).
For decades, and continuing to present day, the primary solution to securing transmission of information between parties using electronic devices, has been to enable the sending party to encrypt transmitted information, and, at the same time, provide the receiving party with the ability to decrypt and access the sent information. One popular approach to securing electronic data, transmission involves the use of PGP (or “pretty good privacy”) encryption, with appropriate PGP keys being exchanged between the parties prior to data transmission, and later used to achieve encryption, and subsequent decryption, of transmitted data. Similar security measures have also been the typical approach taken to secure access to stored content, where the access to content (encrypted or otherwise) is controlled by a password, or other form of access code, provided to the party authorized to gain access thereto.
However, the above solutions have significant drawbacks. First, and most important, is the fact that none of the previously known encryption techniques enabled the parties involved in information transfer therebetween, to authenticate the identity of the party sending the information, as the source of the transmission, and also to authenticate the identity of the recipient, to confirm that the transmitted information was accessed by the specific identified party to which it was addressed, rather then by anyone having access to the receiving party's communication device and/or access code (e.g., username/password).
The same challenge is present in the field of content access control, where anyone can use a stolen, or otherwise misappropriated, access code (e.g., username/password) to gain unauthorized access to secured content. Additionally, the process of exchange, and/or provision, of PGP key information, is complex and cumbersome—a deterrent to the use of conventional encryption/decryption technologies for most parties outside government and corporate sectors.
One attempt to address the above challenges was the proposed utilization of biometric access control systems by the sending and receiving party to authenticate the identity of the sending and receiving party. The use of biometric technologies has previously gained some acceptance in the field of content access control. Therefore, the application of such technologies to the goal of securing data transmission was a reasonable approach.
Biometrics is a field of technology aimed at utilizing one or more unique personal characteristics of an individual, ranging, for example, from their fingerprints to their hand vein pattern, odor, iris image, or their DNA, to authenticate their identity. Biometric technologies are typically of two types—passive and active. Passive biometrics either do not require the individual who's identity is being verified to do anything other than to enable a certain biometric characteristic to be acquired by the system (e.g., by placing a finger on a fingerprint scanner, by looking into a retinal scanner, or by looking in the direction of a facial scanner). Active biometrics require the individual who's identity is being verified to perform one or more predetermined actions in order to enable the system to acquire the representation of one or more appropriate biometric characteristics (e.g., by providing a signature, by speaking, by squeezing a certain object, etc.). Certain types of biometric systems may incorporate a combination of active and passive biometric approaches. The various types of biometric systems are discussed in greater detail in the commonly assigned co-pending U.S. patent application Ser. No. 11/332,017 entitled “MULTIPLATFORM INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM”, which is hereby incorporated by reference herein in its entirety.
While certainly appearing to address one of the key challenges of securing information transfer, biometric access control systems suffer from a number of serious disadvantages that have prevented their widespread use, and that have effectively stunted their growth in most areas outside of physical access control and local computer access control applications. To understand these disadvantages, it is useful to provide an overview of previously known biometric access control system operations.
A biometric access control system (also interchangeably referred to herein as “biometric identity verification system”), typically includes two main components—a physical device of some sort to actively, and/or passively, acquire predetermined biometric information, and program instructions (such as a software application, embedded in the device, installed on the computer connected to the device, or a combination of both), for managing the operation of the device, and for providing biometric recognition technology that enables utilization of the device to authenticate the identity of one or more individuals previously “enrolled” in the system when the individual presents the appropriate biometric information to the device.
Each individual authorized to use a biometric access control system, is first “enrolled” (i.e., registered) in the system, so that the system can acquire particular biometric information from the individual in accordance with a predetermined enrollment protocol (for example, requiring the individual to provide the same, or similar, biometric information several times, etc.). The acquired biometric enrollment information is then transformed, in accordance with one or more proprietary technologies, into a “recognition template” (or equivalent logical data structure), representative of the acquired biometric information, and then optionally optimized for use with the appropriate biometric recognition algorithms.
During a later authentication attempt, biometric information, of the same specific type as was originally enrolled (e.g., left index finger fingerprint, right iris, etc.), is presented to the biometric device, then acquired and transformed into a template, and finally compared to the enrolled stored recognition template, to determine a match, in accordance with one or more recognition criteria (for example a “recognition threshold”, representative of the allowable degree of difference between the enrolled template, and the presented template, for successful authentication thereof), and therefore to authenticate the identity of the presenting individual. The two main reasons for using stored recognition templates are: (1) as a requirement for using biometric recognition algorithms during the authentication process; and (2) to ensure that actual acquired biometric information is never stored for security purposes.
The key disadvantage, crippling the use of biometrics as a broad scalable secure information transfer and access control solution, has been the combination of (1) availability of several hundred different biometric devices of various types flooding the market (with the amount of devices growing each year) and (2) the fact that in a vast majority of cases, the available biometric devices, even of the same type (e.g., fingerprint scanners) are incompatible with one another. Each of these devices uses their own biometric software (although several device manufacturers share a similar core biometric information acquisition device and biometric recognition algorithms), and during enrollment creates a biometric recognition template specific to the device. In addition, the enrollment recognition template may be stored in the biometric device, in the computer to which the device is connected, in a different computer connected thereto, or in one or more of the above, depending on the device model. As a result, the enrolled individual must always utilize the specific type and model of biometric device and the specific computer (or computer network) where they originally enrolled.
Another devastating shortcoming of previously known biometric systems, flowing from general incompatibility of biometric devices, from different manufacturers, is the fact that without any clear unifying standard, the only way for parties to truly use a biometric technology solution for verifying the identity of the sending and/or receiving party, and for securing information transfer therebetween (as opposed to using biometrics as a password replacement supplement to conventional security measures), is for all parties to acquire and use the same compatible model and type of biometric device. This is a serious drawback, because commitment to utilization of a specific type and brand of biometric identity verification device, requires a significant degree of collusion and common agreement between many individuals that intend to use the system.
In addition, the issue of compatibility and uniformity is particularly problematic for any large scale implementation of a system for verifying and securing information transfer. The requirement that ail parties in a large organization involved in developing and, more importantly, using the system, to cooperate and coordinate biometric device acquisition and uniform installation, to ensure that everyone involved is using the same biometric devices equipped with compatible biometric recognition software, is very burdensome and a significant barrier to implementation of such systems.
And, if a particular biometric device in such a system is later replaced with another biometric device using a biometric recognition template incompatible with the original biometric device, all of the devices in the system must be replaced to maintain compatibility therebetween, and all individuals using those devices must be re-enrolled with the new devices.
Similar issues exist with respect to use of biometrics to control access to content—all involved parties must use a biometric device that is compatible with the system providing biometric access control to the content, and similarly are limited to using the same type and model of biometric device, and only at the computers (or computer networks) where they previously enrolled.
In addition, if a previously known installed biometric security system is changed to a new one that uses a different infrastructure, or is significantly upgraded, while the previously used biometric devices used are kept, then all of the users would need to repeat the time consuming and resource intensive re-enrollment process on each biometric device to generate a new biometric enrollment database compatible with the new biometric security system.
Moreover, there is a growing number of security applications and government rules and regulations which require the use of multiple authentication factors (i.e., by simultaneous or sequential utilization of multiple biometric identity verification systems by a user to authenticate the identity thereof) to perform certain secure tasks.
While the above-incorporated U.S. patent application Ser. No. 11/332,017 provided a solution to interoperable utilization of different types of biometric devices in the same group of users (for example, the users of a local or wide area network), it did not specifically address all of the issues involved in applying the disclosed techniques to the purpose of using biometrics to secure and authenticate transmission and receipt of information transferred between various parties.
Thus, none of the previously known biometric security approaches enable parties to verify and secure the transfer of information therebetween, utilizing any biometric identity verification system available to each party, without regard to the biometric identity verification system (or systems) utilized by the other party or parties, nor do any previously known biometric security systems enable users to each utilize one or more different biometric identity verification devices, individually or in conjunction with one another. Furthermore, none of the previously known biometric security systems provide the capability to easily add newly developed or released biometric identity verification devices thereto.
It would thus be desirable to provide a system and method for transferring secured information, between parties, while enabling authentication of identities of at least one of, the party sending the information, and the party, or parties, receiving and/or accessing the received information, with each party being able to utilize multiple different biometric identity verification systems of their choice, independently of the biometric identity verification systems used by the other party. It would additionally be desirable to provide the above-described system and method also having adaptive intelligent biometric identity verification system enrollment with the capability to easily add newly developed or released biometric identity verification devices thereto, transparently to the users thereof. It would further be desirable to provide a system and method for restricting access to content to one or more specific identified individuals, where each identified individual is able to utilize one or more biometric identity verification systems of their choice, independently of the access control system being used, and independently of the biometric identity verification systems being utilized by other identified individuals (if any). It would additionally be desirable, to provide a system and method for tracking and biometrically verifying various data relating to previously conducted information transfer between parties, whether such transfer occurred through transmission of information therebetween, or by one party allowing access to secured content to one or more other, biometrically verified, parties.