Biometric authentication systems are used in different fields of applications to identify and verify the identity of individuals.
In [1], A. Jain et al., BIOMETRICS, Personal Identification in Networked Society, Kluwer Academic Publication, Massachusetts 2002, chapter 4, page 4, the following seven factors for the qualification of a biometric in view of usability for authentication purposes are identified. “UNIVERSALITY”, requiring that every person using a system has the characteristic or the trait; “UNIQUENESS”, requiring that only one person has the same embodiment of the characteristic; “PERMANENCE”, requiring that the characteristic is invariant with time; “COLLECTABILITY”, requiring that the characteristic can be measured quantitatively; “PERFORMANCE”, referring to achievable identification accuracy, speed, and robustness; “ACCEPTABILITY”, referring to the extent people are willing to accept the biometric system and “CIRCUMVENTION”, referring to the robustness against fraudulent attacks.
While, modern biometric authentication systems meet these seven factors fairly well, research remains in progress for creating even more secure authentication systems.
[2], US8370262B2, which is enclosed herein in its entirety, discloses a method for a multi-modal biometric authentication system that allows reaching low equal error rates EER that ensure strong authentication of an individual. This network-based biometric system, which uses challenge/response procedures, allows reliable biometric authentication of an individual by means of an authentication server, which is accessible over a network from user terminals that are equipped with audio- and video-recording devices and that are designed for simultaneously capturing biometric audio and video samples from the users. During enrolment of a user, biometric audio and video samples are simultaneously captured and stored in a database. For on-line authentication of a user, biometric audio and video samples are simultaneously captured for speech elements expressed by the user in reply to a challenge relating to randomly assembled speech elements. By comparing the online captured biometric audio and video data with correspondingly assembled biometric data retrieved from the database the user can reliably be authenticated.
Biometric authentication systems using challenge/response procedures, such as the one disclosed in [2], are robust due to the “liveness” of action. Systems however, that are restricted to taking an image of the user suffer from a lack of liveness as described in [3], US8515124B2, which relates to a method that allows verifying “liveness” of a captured biometric sample. According to [3], when a still photograph or a display image on an LCD or the like is input to a camera instead of a person, a region determined as a background is moved due to hand trembling and a background motion index varies due to the motion of the still photograph or the display image on the LCD. The apparatus for determining a fake image includes an image-acquiring block for acquiring an image captured by and input from a camera; and a background-learning block for learning a background of the image to create a learning background. Further, the apparatus for determining the fake image includes a face extracting-block for extracting a face region of a person to be authenticated when an input image for authentication is transmitted from the camera; and an inter-background comparing block for comparing a present background of an input image, from which the face region is removed, with the learning background.
In general, in the absence of fraudulent interferences, modern biometric authentication systems allow authentication of a user with extremely low error rates thus avoiding false acceptance and false rejection. Physiological characteristics are unique to a single user and allow the biometric authentication system to establish a firm link between the processed biometric samples and the related user. However, with each biometric sample provided by the user to a trusted authority, biometric information is transferred over a network that may be tapped by an attacker who is collecting biometric data.
Furthermore, in [4], Christian Zeitz et al., Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth, University of Magdeburg, mechanisms for fraudulent collection of biometric samples for later misuse are described.
In [5], Anil K. Jain, Arun Ross, and Umut Uludag; BIOMETRIC TEMPLATE SECURITY: CHALLENGES AND SOLUTIONS, http://biometrics.cse.msu.edu, attacks designed to elicit information about the original biometric data of an individual from stored templates is described. A template represents a set of salient features that summarizes the biometric data of an individual. Due to its compact nature, it is commonly assumed that the template cannot be used to elicit complete information about the original biometric signal. However, recently it has been demonstrated that a face image can be regenerated from a face template using “Hill Climbing” methods. “Hill Climbing Attacks” are possible, when the attacker has the ability to inject raw biometric sample data of features directly through a trojan horse attack or a man-in-the-middle attack. In the event that an attacker gets access to templates, then the attacker may alter the templates or may derive data that then are used for attacking purposes. In order to avoid attacks related to templates, document [5] recommends the application of watermarking techniques that allow detection of regions that have been tampered by an attacker. However, it would be desirable to obtain even stronger protection for templates or templates.
Hence, biometric data of a user can get in different ways to an attacker; e.g., by tapping data channels of a user, by bio-pishing attacks or by steeling and maliciously exploiting templates.
Consequently with the inexorable flow of biometric data from the side of the users of a biometric authentication system to the side of the attacker over time as well as with the increase of the available computing power, the risk of successful Man-in-the-Middle-attacks will increase. The biometric authentication system disclosed in [2] remains highly robust against such attacks. However, in view of the persistent loss of control over biometric data, further reinforcement of this and comparable systems would be desirable.
It is therefore an object of the present invention to provide an improved method for performing enforced biometric authentication, particularly biometric authentication using challenge/response procedures by means of a mobile station.
It is a particular object of the present invention to keep the false acceptance rate low even if an attacker has obtained biometric data of a user.
Furthermore, the improvement of robustness and performance of the biometric authentication system shall not impair the factor “ACCEPTABILITY”. It is rather decided that this factor is augmented, e.g. by providing the user with a feeling of reassurance when performing authentication.
Still further, a biometric authentication system and a mobile station shall be defined that advantageously allow implementation of the inventive method.