1. Field of the Invention
The present invention is a single sign-on solution for secure access to computer and/or electronic data, services or resources based on prerequisite personal identification and authentication and, more particularly, is an intelligent docking device for verifying the identity and privilege level of an individual in order to grant the permissible access through biometric evaluation.
2. Description of the Background
Modern data and computing systems store vast amounts of personal and often sensitive information about people, companies and transactions. Likewise, these same computer systems make it possible to access this information quickly and economically and provide the resources to manipulate and communicate such data with little effort. Modern data and computing systems have vastly influenced society for the better. Unfortunately, such modern technologies create new problems of their own, especially since they are inherently prone to outside attack by individuals who were never intended to have access to the data. This can result in drastic negative results for innocent people and organizations.
Unfortunately, the challenges of monitoring and controlling computer stored data and computing resources are becoming more difficult each day because hackers are becoming more sophisticated in their efforts. Cyber laws, filters and password protected security systems have only limited effectiveness in restricting access. Individuals and organizations need more control over their information and resources. Two types of access control systems are commonly employed: challenge based systems and token based systems.
Challenge based systems challenge a person seeking access to provide certain information to verify their identity so as to grant access. Often that knowledge is in the form of a user defined password or a question whose answer would be known only to a specific user. Access to a system or resource is restricted to persons with the requisite knowledge. Such systems are vulnerable to the guessing of simple passwords or the answer to security questions as well as dictionary or other systematic attacks. These systems are also vulnerable to inadvertent divulgence of the requisite knowledge by and authorized user and outright theft and can be inefficient if users frequently forget the complicated passwords needed for high levels of security (especially since some passwords need to be periodically changed within short mandated periods).
Token based systems restrict access to persons with a token, usually an identification card, used to verify identity. Anyone with possession of the card can gain access. Such systems are vulnerable to lost or stolen tokens.
Biometric verification of an individual's physiological traits has become an increasingly common method of verifying to a reasonably high certainty the identity of an individual. Biometric verification eliminates the problem of the lost or stolen token by the obvious point that such tokens are part of an individual's body. The problems associates with knowledge based challenge systems are also eliminated by biometric evaluation because such features of the individual cannot be guessed by another or forgotten by a rightful user. The individual need only be present in order to be verified, and need not memorize a password (which can be difficult in light of mandated periodic changing of passwords often required by conventional security solutions).
Biometric systems often use the unique features of the human iris, hand or facial geometry to verify identity. One of the oldest and most commonly used biometric identification method is by human fingerprinting. Biometric authentication is gaining popularity as a security measure in the digital age. For example, U.S. Pat. No. 6,950,810 to Lapsley et al. Indivos Corporation issued Sep. 27, 2005 shows a tokenless biometric electronic financial transactions method for authorization of an electronic payment between a payor and a payee using a third party provider.
United States Patent Application 20040199469 by Barillova et al. published Oct. 7, 2004 shows a method and system for authentication of online commercial transactions between a customer and a merchant comprising the steps of registering a customer with a PIN and a biometric sample, and a customer financial account. A temporary transaction code is issued to each authenticated customer; and conducting a transaction with a merchant using said temporary transaction code.
U.S. Pat. No. 5,613,012 to Hoffman et al. (Smarttouch, LLC) issued Mar. 18, 1997, and related U.S. Pat. No. 6,269,348 to Pare, Jr. et al. (Veristar Corporation) issued Jul. 31, 2001 both show a tokenless identification system and method for authorization of transactions and transmissions. The system uses a comparison of a fingerprint gathered directly from an unknown user, with an authenticated biometrics sample of the same type obtained and stored previously.
U.S. Pat. No. 6,270,011 to Gottfried issued Aug. 7, 2001 shows a method for providing secure transactions with credit cards by adding a fingerprint scanner at the point-of-sale to obtain fingerprint data, so that a credit card company database can verify the fingerprint data against stored fingerprint information and verify the transaction accordingly. The method is integrated into the existing negotiation protocol between a point-of-sale system and a credit card company database, and uses a human fingerprint and a secure algorithm. The credit card company has the customer fingerprint for comparison on its existing database. In the case of an Internet purchase, an authorization adaptor is connected to the user PC, and once the user has made the purchase request, an encrypted communication is then commenced in which a token is sent by the credit card company to the user PC, requesting fingerprint data. The authorization adaptor provides the fingerprint scan, and sends the data to the user PC in encrypted form, for transfer to the credit card company by a secure communication, for authorization. The fingerprint scanner is based on use of a new sensor employing a technology that maps and matches fingerprints, using coincidence of the features minutia on as few as twelve similar points, to determine a match.
United States Patent Application 20050165700 by Karthik Multimedia Glory published Jul. 28, 2005 shows a security system for electronic commerce for verifying the authenticity of a user including: a server authentication program installed in a web-server at a website of a web-service provider; a client software component and fingerprint scanner installed at a workstation of the user. The scanner takes and converts a biometrics image into digital data, which is then compressed and encrypted, and transmitted to the web-server.
U.S. Pat. No. 6,944,773 to Abrahams issued Sep. 13, 2005 shows a method of on-line authentication in which a user presents one or more fingerprints for authentication during an on-line transaction, such as an Internet transaction. The host system indicates how many fingerprints will be requested for authentication, randomly selects which fingerprints will be requested, and sends a request for entry of the randomly selected fingerprints, and then compares the received fingerprint data to fingerprint data stored in a database.
U.S. Pat. No. 6,241,288 issued to Bergenek et al. in 2001 shows a fingerprint identification/verification algorithm that uses bitmaps of a stored fingerprint to correlate with a bit map of an input fingerprint, wherein an accurate reference point is located. This is followed by the selection of several two-dimensional areas in the vicinity of the reference point of the input image of the fingerprint. These areas are then correlated with stored fingerprint recognition information to determine if the input fingerprint image and the stored fingerprint recognition information are sufficiently similar to identify/verify the input fingerprint.
U.S. Pat. No. 4,229,023 to Luz issued Oct. 21, 1980 shows an identity check card with a fingerprint cut away in spots to provide alternate transparent zones and partial fingerprint zones. The placement of the card over a fresh fingerprint show immediately if the latter complements the former, thus permitting a quick and reliable check to be effected.
U.S. Pat. No. 5,869,822 to Meadows et al. issued Feb. 9, 1999 shows an automated fingerprint identification system. When a person applies for a credit card they must register a finger of their choice with the card issuance company. At the company, the finger is scanned and a composite number is produced that consists of several fingerprint-identifying parameters. The composite number is encoded onto the card and is stored in a card database. When a person wants to use the card, the card is inserted into a card reader and the person's finger is scanned by a fingerprint scanner, which produces a composite number. The immediate and stored composite numbers are compared and, when similar, use of the card is allowed.
United States Patent Application 20040044621 by Huang et al. VISA published Mar. 4, 2004 shows a payment system for facilitating a payment transaction between a payer and a payee using a separate payer access device, payee access device, and a services hub.
AuthenTec Inc. has announced the TruePrint™ fingerprint reader with incorporated Bluetooth transmitter. AuthenTec's press releases claim the company has 17 pending patents, but does not state the countries in which they are pending.
Internet Commerce Account Status Information ICASI sells a third party service that requires a biometric finger-scan to authorize use of a business bank account, credit card transaction, or online commerce. Once users have registered their fingerprints, they can conduct business with thousands of participating merchants.
The TouchPass log-on security solution by NEC Technologies, Inc. offers finger-imaging technology to authenticate an individual's identity.
DigitalPersona, Inc. provides a fingerprint security system for PCs using USB fingerprint sensors. The plug-and-play USB fingerprint sensor is self-calibrating, and features auto and optimal image capture, latent image removal, a challenge-response link, and encrypted transmission of biometric information.
While the foregoing references all teach improved security through fingerprint biometrics, none does so without exposing any authentication information to possible hijack during transmission over the data network.