Access control systems are used in many situations where it is desired to restrict access to a physical location or to a secured system, such as a computer. One example of an access control system is the common garage door opener, which utilizes a remote, keyless radio-frequency (RF) transmitter to actuate a motorized garage door opener. Another example is the common “key-card” security system for selectively unlocking doors, gates, or other barriers to entry into buildings or other secured locations.
Typical access control systems are essentially insecure systems. A fundamental problem with granting access to a secured physical location or to a secured system using conventional methodologies is that anyone in possession of the instrumentality of access (a conventional key, the transmitter of a garage door opener, or an electronic access security card, for example) can be granted access to the secured location or system. In the case of systems or physical locations protected by a password-based system, anyone in possession of the password can gain access. That is, in most systems, once the instrumentality of access is obtained by any person, there is no further verification to ensure that that person is in fact the person who is actually authorized to be granted access.
Known systems also tend to be inconvenient. The number of different PINs and passwords a person has to remember seems to increase daily. Since most people do not want to remember dozens of different passwords, using one or two easy-to-remember passwords for all services becomes the norm. That, in itself, is insecure, since PIN codes and passwords that are easy to remember are also more easily obtained surreptitiously, e.g., by “social engineering,” or guessing. A person's use of the same password for several accounts or services also compromises security. Keys, key fob transmitters, card-keys and the like present their own problems, a primary one being that they are physical items that can be lost, stolen, and damaged.
In recognition of the deficiencies among known access control systems, it is becoming increasingly common to include biometric information among the criteria used to grant or deny access to a secured location or system. Among all the biometric techniques, fingerprint-based identification is the oldest method, one that has been successfully used in numerous applications. Each individual is known to have unique, essentially immutable fingerprints (extreme trauma or surgical measures aside). A fingerprint is made of a series of ridges and furrows on the surface of the finger. The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending. Fingerprint biometrics is a dynamic technology that is being adopted into new markets and applications at a rapidly increasing pace. Depending on the applications, users can simply touch or slide their finger over a sensor for access to their personal computers, wireless devices, workplaces or homes. Fingerprint biometrics has emerged as the most popular biometric technology to protect critical computer information as it enables convenient security for desktop and internet applications. Miniature fingerprint sensors lock out any unauthorized individual while allowing a convenient way for the authorized user to gain access without the need for passwords for system login or access. These same sensors can be used to personalize computers, enabling companies to confidently implement identity access management systems, or to allow parents to control the Web sites or other content accessed via the computer by their children.
Biometric technologies other than fingerprint recognition have been used or proposed in the prior art. These include, without limitation, physiological biometric methodologies such as face recognition, hand and palm geometry, iris recognition (which has largely supplanted retinal scanning), and behavioral methodologies such as typing rhythm, gait, and voice recognition (which is in a sense both physiological and behavioral), and handwriting recognition. As used herein, the term “biometric” is used to refer to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits; that is, biometrics refers to the use of any characteristic or feature that is unique to a single individual person and that cannot as a practical matter be possessed or replicated by any other person. Unfortunately, inherent to all sensors used in the various available biometric technologies are what are termed False Accept Rates or False Match Rates (collectively referred to hereinafter as “FAR”). FAR is when a system incorrectly matches the biometric input to a non-matching template in the relevant database and, as a result of that incorrect match, incorrectly accepts an invalid input.
Biometrics in access control systems such as residential or commercial door locks and time and attendance systems have seen rapid market expansion in recent years as home and business owners struggle to overcome several common problems associated with previous generation solutions. Many businesses and government organizations need to restrict access in parts of their facilities to employees with special clearances, or track employee time and attendance on the job. Also, homeowners have expressed concern about house keys being unknowingly copied for use in a burglary.
When embedded into door locks, smart card readers or similar devices, fingerprint sensors lock out intruders and unauthorized individuals and restrict access for special clearance locations. Notably, this restriction can be realized even for persons who come into possession of a primary instrumentality of access, such as a key (mechanical or electronic), or a remote transmitter. New advanced biometric security devices can be tied into an organization's computer network to control access throughout an entire building, campus or company.