The present invention relates in general to security of a computer network, and, more specifically, to transmission of substantially continuous biometric data within a local area network (LAN) for securing a port on a LAN switch without reducing available bandwidth of a network link.
Biometric authentication involves the use of physical and/or behavioral characteristics of individuals to identify them and to control access to places or things, such as ATM's or other computerized equipment, or more specifically, applications running on that equipment. Biometrics has certain advantages over conventional authentication techniques (e.g., user IDs and passwords, PIN codes, and encoded identification cards) since there is nothing to remember or to carry which might be stolen. Among the many biometric technologies in use are fingerprint analysis, hand geometry analysis, retina scanning, iris scanning, signature analysis, facial recognition, keystroke analysis, and voice analysis.
Based on an original measurement of a biometric characteristic (i.e., enrollment), a person's identity can thereafter be verified automatically when requesting access to a computer application or other resource by re-sampling the characteristic and comparing the biometric data with the enrollment data. If a sufficiently close match is found, then the identity is verified. In addition to verification of an identity, biometric systems can also be employed to compare biometric data from an unidentified person with a database of biometric samples of a group of individuals in order to potentially identify that person from the group.
After a biometric sensor acquires raw data of a desired characteristic, the data is typically processed mathematically in order to extract and format the meaningful features and to compress the data. Comparison of the processed verification or identification data with previously processed and stored enrollment data typically involves a mathematical analysis to quantify the “closeness” of the two data samples. A sensitivity threshold is chosen to delineate how close the samples must be in order to call them a match.
As described in co-pending application Ser. No. 10/306,582, biometric authentication is used to secure a network resource connection itself (e.g., a connection to an Ethernet switch or a wireless access point) so that no network activities involving the network resource other than the authentication activities (e.g., biometric authentication) of the present invention may be conducted from the access point. After this initial authentication is successfully completed, the switch or access point allows other traffic through the port. The authenticated client typically launches a client application that involves network communication.
In certain types of network applications, it may be desirable to periodically (i.e., substantially continuously) monitor the user to ensure that a different person is not substituted for the authenticated user, such as is shown in copending application Ser. No. 10/274,934, filed Oct. 21, 2002, entitled “Verification of Identity and Continued Presence of Computer Users,” now U.S. Pat. No. 6,810,480, issued Oct. 26, 2004 incorporated herein by reference. When substantially continuous biometric re-authentication is performed, however, increased processing and/or network traffic loads are created. In the local area network link between the client and its LAN switch or wireless access point, for example, the bandwidth needed for sending continuous biometric sample data together with the bandwidth used by the client application could exceed the bandwidth capability of the link, which may noticeably impair performance of the client application.