Security for electronic and mechanical systems has rapidly become an important issue in recent years. With the proliferation of computers, computer networks and other electronic device and networks into all aspects of business and daily life, the concern over secure file and transaction access has grown tremendously. The ability to secure data and transactions is particularly important for financial, medical, education, government, military, and communications endeavors.
Using passwords is a common method of providing security for electrical or mechanical systems. Password protection and/or combination type locks are employed for computer network security, automatic teller machines, telephone banking, calling cards, telephone answering services, buildings, factories, houses and safes. These systems generally require the knowledge of an entry code that has been selected by or provided to a user or has been configured in advance.
Pre-set codes are often forgotten, however, as users have no reliable method of remembering them. Writing down codes and storing them in close proximity to an access control device (e.g., a combination lock) results in an insecure access control system. Alternatively, the nuisance of trying several code variations generally renders the access control system more of a problem than a solution.
Password systems are known to suffer from other disadvantages. Usually, a user specifies passwords. Most users, being unsophisticated users of security systems, choose passwords that are relatively insecure. As such, many password systems are easily accessed through a simple trial and error process.
To secure access to physical areas, such as buildings, the most common building security system relied on traditionally has been a security guard. A security guard reviews identification cards and compares pictures thereon to a person carrying the card. The security guard provides access upon recognition or upon other criteria. Other building security systems use card access, password access, or another secure access approach. Unfortunately, passwords and cards have similar drawbacks when utilized for building security, particularly with computer security.
As computer networks are increasingly used to link remote computer systems together, applications have been developed to allow a user on a remote client computer system to access a service on a host computer system. For example, a user on a client system may be able to access information contained in a database associated with a host computer system. Unfortunately, along with increased accessibility comes increased potential for security breaches. For example, communications, including authentication, between a client system and a host system can be intercepted and tampered with while in transit over the computer network. This may allow third parties or malicious users on a client computer system to gain access to, or security codes for, a service on a host computer system without proper authorization.
A number of systems have been developed to ensure that users do not gain unauthorized access to host computer systems. As explained above, some systems prompt a user for passwords. Such systems may also rely on PIN numbers, before granting the user access to the host computer system. As indicated above, however, passwords and PIN numbers may be forgotten or may fall into the wrong hands. Additionally, using passwords and PIN numbers for security purposes places an additional burden on institutions because passwords or PIN numbers require additional machinery and human resources to deal with customers when customers forget passwords or PIN numbers, or when customers request that passwords or PIN numbers be changed.
As an alternative to traditional security approaches, such as security guards, passwords or PIN numbers, biometric authentication systems have been developed to authorize accesses to various electronic and mechanical systems. Biometrics can generally be defined as the science of utilizing unique physical or behavioral personal characteristics to verify the identity of an individual. Biometric authentication systems are typically combined with hardware and software systems for automated biometric verification or identification. Biometric authentication systems receive a biometric input, such as a fingerprint or a voice sample, from a user. This biometric input is typically compared against a prerecorded template containing biometric data associated with the user to determine whether to grant the user access to a service on the host system.
A biometric security access system can thus provide substantially secure access and does not require a password or access code. A biometric identification system accepts unique biometric information from a user and identifies the user by matching the information against information belonging to registered users of the system. One such biometric system is a fingerprint recognition system.
In a fingerprint biometric system input transducer or sensor, the finger under investigation is usually pressed against a flat surface, such as a side of a glass plate; the ridge and valley pattern of the finger tip is sensed by a sensing means such as an interrogating light beam. In order to capture an image of a fingerprint, a system may be prompted through user entry that a fingertip is in place for image capture. Another method of identifying fingerprints is to capture images continuously and to analyze each image to determine the presence of biometric information such as a fingerprint.
Various optical devices are known which employ prisms upon which a finger whose print is to be identified is placed. The prism has a first surface upon which a finger is placed, a second surface disposed at an acute angle to the first surface through which the fingerprint is viewed and a third illumination surface through which light is directed into the prism. In some cases, the illumination surface is at an acute angle to the first surface. In other cases, the illumination surface may be parallel to the first surface. Fingerprint identification devices of this nature are generally used to control the building-access or information-access of individuals to buildings, rooms, and devices such as computer terminals.
Before the advent of computers and imaging devices, research was conducted into fingerprint characterization and identification. Today, much of the research focus in biometrics has been directed toward improving the input transducer and the quality of the biometric input data. Fingerprint characterization is thus generally well known and can involve many aspects of fingerprint analysis.
For doorway security systems, biometric authentication systems have many known problems. For example, a user identification code, a PIN, is generally required to identify each individual in order to permit comparison of the biometric information and a single user's template. Remembering a PIN can be inconvenient and electromechanical device (e.g., keypad) needed to accept a PIN are sometimes subject to damage and failure. The device is also an additional equipment expense for a multiple entry access system.
Because a single processor can provide processing for several doors, for a multiple doorway system, the enterprise-side deployment of multiple equipment such as a biometric reader and a PIN entry unit will result in a significant portion of the overall system maintenance and associated cost. It would be advantageous to provide a system wherein provision of a PIN is not always necessary for identification. To date most biometric authentication systems or services rely on some form of PIN input device or a card reader, which also typically requires mechanical-mechanical operation (e.g., card swipe or slot entry) and hardware redundancy.
In evaluating security of biometric authorization systems, false acceptance and false rejections are sometimes evaluated as a fraction of a user population. A security system may be characterized as allowing 1 in 1,000 false acceptances or, alternatively, 1 in 1,000,000. Typically a probability distribution curve establishes a cut off for a given registration to determine what false acceptance rate this reflects. Curves of this type are exponential in nature and, therefore, for better false acceptance rates provide only nominal improvements to false acceptance rate for significant changes to a threshold value. Typically when using a biometric information sample, a low match score results in failure to authorize an individual.
In the past, a one-to-many search of biometric information has generally been considered undesirable because security may be compromised. For example, when a single biometric template is compared and a resulting comparison having an approximately 1/1,000,000 likelihood of false acceptance is desired, it should be clear that approximately 1/1,000,000 users may be misidentified. When, however, a forty-user system is provided with equivalent individual comparison criteria, the probability of false acceptance can escalate to 1-(0.999999)40, which is approximately 1/25,000. Whereas 1/1,000,000 is generally acceptable for many applications, 1/25,000 is likely not as acceptable. Further, as the number of individual templates grows, the rate of false acceptance increases; when 250 templates exist, a likelihood of about 1/4,000 of false acceptance exists.
In order to solve this problem, one might reduce the false acceptance rate to 1/10,000,000; however, this results in problems identifying some people and makes such a system inconvenient. A system of this type is unlikely to provide consistent results and therefore, requires a security guard at least at a door to provide access for those who are not identifiable to 1/10,000,000.
Another potential problem with the use of biometrics is related to the unauthorized interception of a digital signal or file representing a biometric (i.e., similar to unauthorized interception of passcodes/passwords). An unauthorized user may substitute a digital signal of a biometric attribute or template by bypassing biometric readers or scanners altogether. Therefore, like passwords or passcodes, use of biometrics for security purposes and user authorization, verification, and identification of data is not completely full proof.
Based on the foregoing, those skilled in the art can appreciate that despite the advances in biometric authentication, most biometric authentication systems are still plagued with various physical and electronic drawbacks. It is believed that the biometric methods and systems disclosed herein overcome many drawbacks known in the art.