Nowadays, computer terminals (e.g. portable personal computers) and telecommunication terminals (e.g. mobile phones) are used by almost every person. These user terminals (providing computing and/or communication functions to the user) often store personal or confidential information, for example the so-called “sensitive data”.
Additionally, these user terminals are often used for carrying out money transactions, for example buying products/services or managing bank accounts or for connecting to confidential computer/storage systems.
Therefore, the secure authentication of the user of these user terminals is very important.
A first well known solution to this problem is the use of userid/password pairs; in this case, security relies on the fact that only the rightful user knows a valid and authorized userid/password pair.
A second well known solution to this problem is the use of smartcards; in this case, security relies on the fact that only the rightful user holds a valid and authorized smartcard.
Both these solutions are not completely satisfactory even if used together.
Recently, the use of biometric data for authentication purposes is becoming popular. Biometric authentication refers to technologies that measure and analyze human physical and behavioural characteristics for authentication purposes. Examples of physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. Voice is considered a mix of both physical and behavioural characteristics.
There are already on the market some portable personal computers and mobile phones with an integrated fingerprints detector for enabling the use of the terminal in alternative or in addition to the input of “credential information” by the user.
From patent application US20040257196, there is know a method using one or more biometric sensors (for example a fingerprint scanner) for controlling the access to a wireless communication apparatus or to a feature or service provided via the wireless communication apparatus. According to this patent application, a sensor may be internal (i.e. integrated) or external to the apparatus; an external sensor may be connected either wirelessly over a wireless local area network such as Wi-Fi or Bluetooth™ or via a wired connection.
From patent application WO03007125, there is known a secure network and networked devices using biometrics. According to this patent application, a biometric data sample is taken and compared with stored biometric data. If the biometric data sample matches the stored data, access to a secure data storage module is enabled. The secure data storage module contains data necessary for successful communication with a server. Accordingly, a biometric data match enables sensitive data retrieval, and ultimately secure communication with another device. In a preferred embodiment, a SIM in a GSM phone provides stored biometric data and processing capabilities for the matching function within a cellular phone. By storing biometric data on the SIM (i.e. a type of smartcard) and performing the biometric matching process on the SIM, the need to transmit or store biometric data in a way that leaves it available for retrieval or tampering is reduced.