Only those individuals authorized to have access to any particular system or location, referred to herein as "destinations", should be granted such access. Indeed today, many destinations may be remotely accessed via telecommunications. Typical remotely accessible destinations include remote telephones, systems that provide access to credit, and value-added telecommunications services. On a regular basis, a large number of authorized individuals must authenticate their identity, i.e., to confirm that the person requesting the access is actually who he alleges that he is, to several destinations to which access is sought.
For actually authenticating the identity of an access requester, prior systems have employed representations of various different identifying characteristics of a person. These characteristics are used, either individually or in combination, to confirm that the person requesting the access is actually who he alleges that he is. Identifying characteristics that have been employed include: voice samples, fingerprints, retina patterns, personal appearance, handwriting and even the manner in which a wave is polarized as it passes through a portion of the body. These representations are known as authentication information. One method employed to obtain such an alleged identity is to require the requester to enter some type of a code which may include a predetermined personal identification number (PIN). This code may be typed in via a keypad or scanned from a device in the requester's possession, e.g., a credit card having a magnetically encoded version of the code. The prior systems then attempt to authenticate the requester by comparing a previously stored representation of at least one identifying characteristic of the authorized user whose identity has been alleged with a representation of the same identifying characteristic that is derived from measurements taken from the requester during the access request process. If the requester is authenticated, access is granted; otherwise, access is denied.
In each such prior system the level of security processing required before access can be granted is inherent in the nature of the request, i.e., all requests of the same form invoke the same level of security processing. For example, 800-type calls require no security processing while calls billed to credit cards always require that a valid identification number be supplied so the call may be appropriately billed. Requests of a type that always require that the measurement of the identifying characteristics be taken as part of this first level of security processing prior to granting any form of access are burdensome to requesters who are authorized users. This burdensome level of security may be unnecessary or of little value in many circumstances. Additionally, such security measures can result in an authorized requester being unable to obtain access. This can result if the requester is temporarily unable to supply the required identifying characteristic, e.g., if the identifying characteristic is a fingerprint and the requester has a large cut on his finger or if the identifying characteristic is a voice sample and the requester has nasal congestion. Blocking access to such an authorized requester is undesirable because it causes requester frustration and prevents a desired transaction from occurring. Such undesirability is exacerbated where the access is desired in a context in which fraudulent access is rarely sought or when other reasons make the value of the access check less significant.