1. Field of the Disclosure
The present disclosure relates to computer network security and, specifically, to access credentials using biometrically generated public/private key pairs.
2. Description of the Related Art
Among the types of access credentials that are typically used to provide secure access to users of computer networks and associated network services provided by network servers, the combination of a user identification (“user ID”) and password, typically provided as two separate text input fields, is one mechanism that has been widely adopted. From the perspective of network security providers, the user ID/password access credential mechanism is relatively simple to implement for large numbers of users while appearing to provide adequate security, and has accordingly become a de-facto standard implementation in many public and private networks and associated network servers.
Consequently, modern network users each typically interact with a large number of network servers, often on a daily basis over the Internet, to participate in network services that have become widely available, including, for example, shopping, financial services, subscriptions, and social networking, as non-limiting examples among others. However, from a user perspective, the preponderance of user ID/password pairs associated with individual service providers presents very real challenges that may undermine the very security such conventional access credentials seek to establish. Unfortunately, the memory capacity of the human brain is limited in the ability to effectively handle the myriad of information resulting from a user's large number of user ID/password pairs, as well as the associated network server information. So-called ‘best practices’ for user ID/password management promulgated by security experts further add complexity to the information management challenge by suggesting, at a minimum, that users provide different user ID/password combinations for each and every network server visited. Furthermore, additional constraints on passwords, such as requirements for a mix of upper case and lower case letters, numbers, symbols, etc., may differ widely among individual network servers. The resulting information management problem often overwhelms individual users and commonly leads to the result that many users do not follow best-practice guidelines and/or use a separate password manager tool, which, in turn, may actually create additional security vulnerabilities.
Another disadvantage with user ID/password management is the secure storage and retention of private user information by network service providers who maintain active user accounts. Since such private user information may enable access to critical financial information, the data repositories of nearly all network service providers are subject to continuous network attack by malicious entities who are regularly successful in exploiting vast numbers of stolen user records for nefarious purposes. Accordingly, the user ID/password access credential mechanism may be inherently limited in the ability to provide secure access credentials for very large populations of users using large numbers of network servers.
Therefore, there is a need in the art for access credentials that minimize or eliminate private data management by users and are not subject to the security vulnerabilities associated with the retention of private user information.