Today, there are several solutions available for user authentication on mobile devices. These solutions vary in the nature of how users are authenticated. Some use password for authentication, while others use pattern, biometric or facial recognition.
These solutions vary in the context of how the users are authenticated. The user authentication occurs either at the device level or at the application level. Device level authentication authenticates whether a user is a valid user of a mobile device thereby establishing ownership. Application level authentication, on the other hand, authenticates whether a user is a valid user of an identified one of the applications installed on the mobile device.
Typically, application level authentication requires the user to enter a password every time the application is started. This type of authentication presents limitations in terms of usability as well as security. For instance, users need to enter a password manually on mobile devices that usually have a small screen size. In addition, password authentication also presents security limitations as the application needs to store the password somewhere on the mobile device for verification.
Biometric sensors are beginning to appear on mobile devices. An example of a biometric sensor is an imaging sensor, such as a camera-based fingerprint sensor, that collects external information and constructs an image of a fingerprint, face or object. Other examples of biometric sensors include capacitive sensors, optical sensors, thermal sensors, pressure sensors, radio frequency sensors, and ultrasonic sensors. The use of biometrics to access a mobile device may be increasing. The currently used software, however, is based on an outdated software architecture.
In this outdated software architecture, any applications that use the biometric service provided by an equipment manufacturer are using an application programming interface (API) that is proprietary to the equipment manufacturer to access the biometric sensing technology on the device. As a result, a user's enrollment with the biometric service and deletion of any template made during the enrollment is controlled by the system software of the equipment manufacturer. While applications can request that the biometric service examine enrolled templates for a match to an inputted biometric, the application has little control over the management of the enrolled templates and the biometric matching service. The problems with this architecture include 1) only the equipment manufacturer system controls the template management; 2) the application does not control deletion of the templates; and 3) if the number of templates are large, and a biometric request is made, the matching may take some time to go through all of the enrolled templates stored in the device memory.
Furthermore, the outdated software architecture assumes that the mobile device is a single user device, only receives control signals from system control (i.e., not application based), and has a single area of memory for enrolled template storage. This architecture was sufficient in the past when devices were simpler and applications were integrated into the mobile device software. Such an architecture is also sufficient for devices that have full control of the mobile device system and that have only a handful of applications available for use, and not to any other application. Many advanced devices do not and will not in the future fit these limitations.
As a result, a need exists for biometric-enabled applications to provide some control inputs to the biometric system and to manage the enrollment of templates including allowing deletion of enrolled templates, and limiting the number of templates to be examined during matching.