In recent years, personal computers and digital communication systems have become pervasive in industrialized nations. Along with this growth, the speed and power of these systems are now at the point where any subject matter including date, images, audio, video and software can be stored, transferred and reproduced with ease.
A great deal of the information and software that resides on these systems, is not intended for general public access. To name just a few examples, individuals may have personal data on-line such as tax and banking information, businesses may have sales data and licensing agreements, and software suppliers may have made valuable software available only to those who properly purchased it. It is therefore necessary to restrict access to certain software and data content.
There are a variety of techniques for restricting access to secure data and software, the most common one being the use of secret passwords (i.e. a software application, for example, will only run if the user inputs the password that the software application requires).
However, users are inundated with passwords. Not only do they have a password for their ATM machine, they have a password for every web site on the Internet that they visit: banking, brokerage services, online stores and other services. On top of this, there are passwords at work for the network, files and applications.
A good password has high entropy—it is highly differentiated and hard to guess. Strong passwords, or pass phrases, can be created if they are long, case sensitive and use non-alphanumeric characters (e.g. “too BEE or N0t 2B, that !S the ?”). In the real world however, it is impractical to expect users to employ multiple, long, and different pass phrases for their different accounts.
Thus, passwords have a number of drawbacks including the following:                strong or complex passwords are easily forgotten, or avoided altogether;        if a user does have a large number of passwords, the same password is often used for everything. Once an attacker discovers the password to just one application, they have access to all of an individual's online (or local) personal data and history, including any private keys. If a user does decide to use a different password for each application, he often has to write them all down—which provides another avenue for attack;        they are easily shared, knowingly or not; and        they are easy to guess and/or attack because they do not have a lot of randomness, or entropy. Users often select alpha-numeric character strings that are easy to remember such as birth dates, names of family members and words that may be found in the dictionary.        
If that is not sufficient, there are password-cracking tools which test all the words in a dictionary and other obvious combinations in a few minutes. A weak password is uncovered in seconds.
As a result, research is being done into suitable replacements for passwords. One such area of research that has particular promise is that of “biometric identification”. Biometric identification relies on the fact that all humans are different in their physical characteristics, and therefore, it is possible to distinguish between any two people based on these differences. Hair color, height, and the sound of a voice are simple examples of how people are different from one another. Combined, these differences create our identity and make us distinct from each other.
In the context of software and data access control, biometrics may use one or more unique characteristics to identify a person, or verify that a person is who they say they are. Biometrics work by matching or comparing a person's unique traits with stored data (the “biometric template” for the user) in two general categories: physiological characteristics and behavioural characteristics. Physical indicators include iris or retina patterns, fingerprint, facial structure, or hand geometry. Behavioural traits may include voiceprints, typing recognition (for example, the timing between keystrokes) and handwritten signatures.
Biometric identification has the following advantages over traditional passwords:                it is based on a person's physical traits, so there is nothing for the user to remember or forget; and        it cannot be knowingly or unknowingly shared (to a degree, behavioural biometrics can be compromised in this manner, though a user can alter his behavioural biometrics); and it is attack resistant due to the great quantity of data that it contains.        
While biometrics seem like a perfect substitute for passwords, they have one major drawback: the software that is used to manipulate biometric data is generally easy to compromise. For example, if an attacker can locate the line of software code which determines whether an input biometric matches the stored data, the attacker can modify this conditional branch to allow all access attempts to be successful. Biometric verification systems generally do not require a 100% match between a given access attempt and the stored template data, but only require a match that is statistically significant. Thus, a related attack is to lower the statistical threshold so that the attacker is able to obtain access.
Alternatively, the software code can be analysed to identify the stored data to which inputs are compared (the stored biometric template), and this stored data can be used as the input on subsequent access attempts. Each user has a finite number of biometric traits, so security of the stored biometric template is paramount. Once a user's thumb print has been compromised, it can never be reliably used again.
Thus, biometric solutions are implemented as a replacement for passwords, or to provide a secret, but only in the following situations:                when the biometric verification is done on a secure server; or        when the biometric verification is done on secure hardware.        
If used without such precautions, an attacker could obtain access to a user's original biometric data or stored biometric template. Once this biometric data has been compromised, it can never be used with confidence again.
The use of a secure server has many drawbacks:    1. high cost;    2. difficult to deploy, as new users must be confirmed to the secure server and they may be remote from it;    3. each user's system must be compatible with the secure server, so this is not a flexible solution;    4. the secure server becomes a high-value target for attack. If an attacker can successfully access the biometric data on the secure server, he could render all of the biometric traits stored on the central server unreliable as passwords. Until the attacker is detected, he could masquerade as the users;    5. biometric sign-on data may not be secure because this data must be transmitted to the secure server over a communication network, and therefore can be intercepted by an attacker;    6. the user will not have access to secrets, keys and secure data when either the network connection is down, or the secure server is not available; and    7. users generally do not trust governments and other organizations to store or use their biometric data, so there will be reluctance to use the secure server.
The concept behind secure hardware devices is that a physical device is attached to the port of a computer. The secure hardware device reads inputs from the user, and only outputs passwords and/or cryptographic keys—biometric data is stored on the physical device, but never leaves it. Any data or software applications that are developed under the secure hardware device's control, can only be accessed again if the same biometric feature is read. The Sony FIU-710 “puppy” and BioScrypt reader are examples of such devices.
While this may sound effective, there are a number of problems with these devices:    1. they are high in cost, as a separate physical device must be supplied for each computer;    2. they are inflexible, in that they are designed to read a certain biometric feature and produce a password or key in a certain format. Neither of these can be changed; and    3. if the device is lost, broken or the user's biometric feature falls outside the allowable range (due to a cut or chapped finger, perhaps), the protected software and data may be lost forever.
Thus, a more effective method and system of handling biometric passwords is required.
One application area of particular concern for those in the data security industry is the area of wireless devices. Cellular telephone manufacturer Ericsson forecasts that there will be more than 500 million Internet-enabled mobile devices in use by the year 2003. With each of these devices being able to perform mobile commerce (m-commerce) transactions, the need for device security is quite clear.
Mobile e-commerce suppliers have managed to secure the wireless communication of information, but have had the same difficulties noted above, in securing the devices themselves. Thus, if a portable device is lost or stolen, the owner's identity and data may easily be compromised.
There is therefore a need for a method and system of biometric verification which is secure against attack. This method and system should be suitable for implementation on portable devices such as wireless telephones, smart phones, personal digital assistants (PDAs) and laptop computers, as well as hard-wired devices such as desktop computers.