1. Technical Field
The invention relates to authenticating a candidate user of a microprocessor based system. More particularly, the invention relates to interactive, performance based authentication.
2. Description of the Prior Art
In many instances, the designer of a microprocessor based system may wish to restrict access to system resources to authorized users only. Accordingly, a great number of methods have been devised for authenticating the identity of a potential user of microprocessor based systems.
Commonplace are systems that require a user to provide a valid alphanumeric password prior to allowing access to system resources. Desktop computers, automatic bank teller machines, and Internet based shopping accounts are just a few examples of system resources that are protected by passwords.
For several reasons, such passwords are not always effective in authenticating the identity of the user. First, alphanumeric passwords are easily shared, in a cooperative manner, between many users. Secondly, the alphanumeric nature of the passwords ensures that they are easily and succinctly expressed, and are therefore convenient targets of theft. This problem is compounded by the fact that alphanumeric passwords, particularly those not subject to dictionary based attacks, are usually difficult to remember and are often written down by authorized users. Third, such passwords may be obtained by unauthorized persons via eavesdropping, e.g. monitoring of physical keystrokes on a numeric keypad or computer keyboard, or monitoring of transmissions across a network. Finally, an alphanumeric password is easily coerced from an authorized user if the user is placed under duress.
Biometric identification systems have been proposed and implemented to address many of these shortcomings. Known systems, such as the Infineon FingerTIP™ and Biotouch Identix™, identify an individual based on the individual's fingerprint patterns. Such finger scanning systems analyze a fingerprint pattern to find distinctive minutiae, e.g. discontinuities that interrupt the ridge patterns of a fingerprint. The nature and location of the minutiae are noted, thus creating a record uniquely associated with the scanned fingerprint. Techniques have also been developed to identify individuals based on the shape and pattern of an entire hand.
There are also several technologies that identify a user based on the patterns within an individual's eye. Such eye sensors record and analyze patterns within the subject's iris or retina. Iris scanners, such as the IriScan™ system offered by Iridian, Inc., are both reliable and convenient. Retinal scanners such as the ICam 2001™ manufactured by EyeDentify, while more intrusive and typically requiring a more cooperative subject, offer increased reliability.
Biometric identification does possess several appealing characteristics. The authentication process is potentially very accurate, and biometric information is inherently non-transferable from one user to another. However, biometric identification equipment is typically expensive, and typically is of little use during ordinary system operation after successful authentication. Furthermore, many users find the actual biometric identification process invasive or unpleasant.
It would be advantageous to provide a user authentication technique that is both accurate and reliable, but not shareable, subject to theft, observable through eavesdropping, or extractable through coercion. Furthermore, it would be advantageous to provide such a technique that is implementable with a minimum amount of additional equipment beyond that already present in a typical system that requires user authentication, and that therefore entails minimal additional cost and effort. Finally, the authentication process should be noninvasive and pleasant, perhaps even enjoyable, for the user.