Computer security is fast becoming an important issue. With the proliferation of computers and computer networks into all aspects of business and daily life--financial, medical, education, government, and communications--the concern over secure file access is growing. Using passwords is a common method of providing security.
Password protection and/or combination type locks are employed for computer network security, automatic teller machines, telephone banking, calling cards, telephone answering services, houses, and safes. These systems generally require the knowledge of an entry code that has been selected by a user or has been configured in advance.
Pre-set codes are often forgotten, as users have no reliable method of remembering them. Writing down the codes and storing them in close proximity to an access control device (i.e. a combination lock) results in a secure access control system with a very insecure code. Alternatively, the nuisance of trying several code variations renders the access control system more of a problem than a solution.
Password systems are known to suffer from other disadvantages. Usually, passwords are specified by a user. Most users, being unsophisticated users of security systems, choose passwords that are relatively insecure. As such, many password systems are easily accessed through a simple trial and error process.
A most common building security system is a security guard. A security guard reviews identification cards and compares pictures thereon to a person carrying the card. The security guard provides access upon recognition or upon other criteria. Other building security systems use card access, password access, or another secure access approach. Unfortunately, passwords and cards have the same drawbacks when used for building security as when used for computer security.
A security access system that provides substantially secure access and does not require a password or access code is a biometric identification system. A biometric identification system accepts unique biometric information from a user and identifies the user by matching the information against information belonging to registered users of the system. One such biometric identification system is a fingerprint recognition system.
In a fingerprint input transducer or sensor, the finger under investigation is usually pressed against a flat surface, such as a side of a glass plate; the ridge and valley pattern of the finger tip is sensed by a sensing means such as an interrogating light beam. In order to capture an image of a fingerprint, a system is prompted through user entry that a fingertip is in place for image capture. This is impractical as it likely requires the use of two hands. Another method of identifying fingerprints is to capture images continuously and to analyse each image to determine the presence of biometric information such as a fingerprint. This method requires significant processing image transfer times and is therefore, not suited to many applications.
The use of a biometric imaging device with a personal computer is considered inevitable. Unfortunately, using a biometric input device to transmit frames repeatedly according to the second method above, wastefully consumes significant bandwidth and processing time. As indicated above, the first method that is commonly used, requires the use of two hands.
Various optical devices are known which employ prisms upon which a finger whose print is to be identified is placed. The prism has a first surface upon which a finger is placed, a second surface disposed at an acute angle to the first surface through which the fingerprint is viewed and a third illumination surface through which light is directed into the prism. In some cases, the illumination surface is at an acute angle to the first surface, as seen for example, in U.S. Pat. Nos. 5,187,482 and 5,187,748. In other cases, the illumination surface is parallel to the first surface, as seen for example, in U.S. Pat. Nos. 5,109,427 and 5,233,404. Fingerprint identification devices of this nature are generally used to control the building-access or information-access of individuals to buildings, rooms, and devices such as computer terminals.
U.S. Pat. No. 4,353,056 in the name of Tsikos issued Oct. 5, 1982, discloses an alternative kind of fingerprint sensor that uses a capacitive sensing approach. The described sensor has a two dimensional, row and column, array of capacitors, each comprising a pair of spaced electrodes, carried in a sensing member and covered by an insulating film. The sensors rely upon deformation to the sensing member caused by a finger being placed thereon so as to vary locally the spacing between capacitor electrodes, according to the ridge/trough pattern of the fingerprint, and hence, the capacitance of the capacitors. In one arrangement, the capacitors of each column are connected in series with the columns of capacitors connected in parallel and a voltage is applied across the columns. In another arrangement, a voltage is applied to each individual capacitor in the array. Sensing in the respective two arrangements is accomplished by detecting the change of voltage distribution in the series connected capacitors or by measuring the voltage values of the individual capacitances resulting from local deformation. To achieve this, an individual connection is required from the detection circuit to each capacitor.
Before the advent of computers and imaging devices, research was conducted into fingerprint characterisation and identification. Today, much of the research focus in biometrics has been directed toward improving the input transducer and the quality of the biometric input data. Fingerprint characterization is well known and can involve many aspects of fingerprint analysis. The analysis of fingerprints is discussed in the following references which are hereby incorporated by reference:
Xiao Qinghan and Bian Zhaoqi: An approach to Fingerprint Identification By Using the Attributes of Feature Lines of Fingerprint," IEEE Pattern Recognition, pp 663, 1986; PA1 C. B. Shelman, "Fingerprint Classification--Theory and Application," Proc. 76 Carnahan Conference on Electronic Crime Countermeasures, 1976; PA1 Feri Pernus, Stanko Kovacic, and Ludvik Gyergyek, "Minutaie Based Fingerprint Registration," IEEE Pattern Recognition, pp 1380, 1980; PA1 J. A. Ratkovic, F. W. Blackwell, and H. H. Bailey, "Concepts for a Next Generation Automated Fingerprint System," Proc. 78 Carnahan Conference on Electronic Crime Countermeasures, 1978; PA1 K. Millard, "An approach to the Automatic Retrieval of Latent Fingerprints," Proc. 75 Carnahan Conference on Electronic Crime Countermeasures, 1975; PA1 Moayer and K. S. Fu, "A Syntactic Approach to Fingerprint Pattern Recognition," Memo Np. 73-18, Purdue University, School of Electrical Engineering, 1973; PA1 Wegstein, An Automated Fingerprint Identification System, NBS special publication, U.S. Department of Commerce/National Bureau of Standards, ISSN 0083-1883; no. 500-89, 1982; PA1 Moenssens, Andre A., Fingerprint Techniques, Chilton Book Co., 1971; and, PA1 Wegstein and J. F. Rafferty, The LX39 Latent Fingerprint Matcher, NBS special publication, U.S. Department of Commerce/National Bureau of Standards; no. 500-36, 1978.
For doorway security systems, biometric authentication systems have many known problems. For example, a user identification code, a PIN, is required to identify each individual in order to permit comparison of the biometric information and a single user's template. Remembering a PIN is inconvenient and the device needed to accept a PIN is subject to damage and failure. The device is also an additional expense in a doorway access system. Since a single processor can provide processing for several doors, for a multiple doorway system, the PIN entry unit forms a significant portion of the overall system cost.
It would be advantageous to provide a system wherein provision of a PIN is not necessary for identification.
In evaluating security of biometric authorization systems, false acceptance and false rejections are evaluated as a fraction of a user population. A security system is characterized as allowing 1 in 1,000 false acceptances or, alternatively, 1 in 1,000,000. Typically a probability distribution curve establishes a cut off for a given registration to determine what false acceptance rate this reflects. Curves of this type are exponential in nature and, therefore for better false acceptance rates, provide only nominal improvements to false acceptance rate for significant changes to a threshold value. Typically when using a biometric information sample, a low match score results in failure to authorize an individual.
In the past, a one-to-many search of biometric information has been considered undesirable because security is compromised. For example, when a single biometric template is compared and a resulting comparison having a 1/1,000,000 likelihood of false acceptance is desired, it is clear that 1/1,000,000 users may be misidentified. However, when a forty user system is provided with equivalent individual comparison criteria, the probability of false acceptance escalates to 1-(0.999 999).sup.40 which is about 1/25,000. Whereas 1/1,000,000 is acceptable for many applications, 1/25,000 is likely not as acceptable. Further, as the number of individual templates in the many grows, the rate of false acceptance increases; when 250 templates exist, a likelihood of about 1/4,000 of false acceptance exists.
In order to solve this problem, one might reduce the false acceptance rate to 1/10,000,000; however, this results in problems identifying some people and make such a system inconvenient. A system of this type is unlikely to provide consistent results and therefore, requires a security guard at at least a door to provide access for those who are not identifiable to 1/10,000,000.