The use of computer technologies to perform financial and other high value transactions continues to increase. Because of the nature of these transactions, authentication of the parties involved in the transaction is critical. Authentication traditionally takes one of three forms, referred to as factors—something the user is (e.g., fingerprint, retinal scan, etc.), something the user has (e.g., smart card, ID card, computing device, etc), or something the user knows (e.g., PIN, password, etc.). Certain transactions, e.g., financial transactions, require multiple authentication factors (referred to as multi-factor authentication). For example, a user may have to present a smartcard and input a PIN to gain access to a system or specific service.
Biometric authentication is considered a particularly strong form of authentication due to the complexities of spoofing a valid biometric signature for a user. Biometric authentication uses physical or behavioral characteristics of a user for authentication purposes. Examples of biometrics include fingerprints, eye retinas and irises, and voice patterns.
A typical biometric authentication device includes a sensor for generating the biometric print and a processor for analyzing and matching the biometric print against a database including biometric templates of authorized individuals. Because of the risks of eavesdropping, certain man-in-the-middle attacks, and other more sophisticated attacks, the biometric analysis processor and sensor are co-located in the same device or closed system. This increases the cost of an enterprise-wide deployment of biometric authentication. Furthermore, the current implementations bind a user to a specific biometric sensor and processor.
What is therefore needed is a secure distributed biometric authentication system in which biometric templates for users are stored in a centralized authentication processor.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers can indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number may identify the drawing in which the reference number first appears.