1. Field of the Invention
The present invention generally relates to communication between a first user and at least one other user and more specifically to the authentication and identification services provided to the first user regarding at least one of the other users.
2. General Background and Related Art
Modern telecommunications is frequently carried out over public and private networks comprises a series of points or nodes interconnected by communication paths. Data enters and leaves the network through these nodes. Private networks are often used by businesses and other enterprises to facilitate data and resource sharing and data communication (e.g., electronic mail and file transferring services) among employees. Local telephone companies (also referred to as local exchange carriers or Public Switched Telephone Networks, (PST)) and long distance service providers (also referred to as inter-exchange carriers) are examples of public networks.
Traditional PSTN or “legacy” networks are often referred as Circuit SNetworks (CSN) because they utilize circuit switching, i.e., a type of switching in which the communication path for a particular call is a dedicated physical channel (or “circuit”) on which the data exchanged by the parties to the call (the “data stream”) flows. Legacy networks are currently being replaced by packet-switched networks. Packet-switching is a method of data transport that encapsulates the data stream in a sequence of data aggregates called “packets”, and then transports the packets from source to destination based on a destination address contained within each packet. The packets may, but need not, take the same physical path from source to destination.
Generally, networks used for data traffic and networks used for voice traffic have been physically distinct, and engineered to different requirements . Current trends in public networks are toward “converged” communications networks. A “converged” communications network” is a network in which data (including media such as audio and video) and voice are carried using the same method of transport. Typically, the method of transport is packet-based rather than circuit-based.
Converged communications networks are required to interoperate with legacy CSNs. In general, users of different networks need to send voice and other data to each other. Media gateways can be used to interchange such data between networks.
Identification and/or authentication services can be used to secure or protect the data as it is carried over these networks. Identification is the process of identifying a particular entity, e.g., an individual, machine or organization, within a population. Conceptually, identity is information that allows a user to determine who someone is to some defined extent. For example, identity may relate to an individual identity or a corporate identity (e.g., a legitimate employee of a company with which the first user wants to conduct business, e.g., over the telephone). Identity may also be used to authorize someone to spend money via a specific credit card number.
Authentication is the process of determining whether an entity is, in fact, who or what it declares itself to be. Authentication is commonly performed using logon passwords, i.e., user names, passwords or personal identification numbers (PIN). Each user initially registers (or is registered by someone else), using an assigned or self-declared logon password. On each subsequent use, the user must know and use the previously declared logon password. Knowledge of the logon password is assumed to guarantee that the user is authentic; however, logon passwords can be stolen, accidentally revealed, or forgotten, which may leave networks vulnerable to security lapses.
It is becoming increasingly common for Internet business and many other transactions to use more secure authentication processes, such as digital certificates. Digital certificates are typically issued and verified by a Certification Authority (CA) as part of a public key infrastructure (PKI), some of which may conform to the ITU-T Pre-Published Recommendation X.509 (03/00).
Both authentication and identification may also be provided by utilizing biometric data or measurements, including voice characteristics, fingerprints, hand geometry, facial geometry or movement, retina scans or iris scans, in network security. The use of biometric technology generally requires two phases: enrollment, in which an initial Biometric Identification Record (BIR) of a user is created, and authentication/identification, in which the BIR is used to identify or authenticate a user. The initial BIR is constructed by collecting a number of samples through a biometric device. Salient features are then extracted from the samples and the results are combined into the initial BIR. Algorithms, which are usually proprietary, are used to construct the initial BIR. However, the BioAPI Consortium has recognized the need to develop a converged standard for biometric authentication, which allows software developed by different manufacturers to interact.
Typically, the initial BIR is stored by a biometric application and may be matched against processed samples captured from a biometric device (authentication). Alternatively the initial BIR may be matched against a specified population of BIRs to determine which ones match most closely (identification). The initial BIR may be used to replace or augment the logon password to release the digital signature authorizing sales and/or other transactions.
Fingerprints, facial geometry, or other biometric data can be placed on smart cards, which are plastic cards including an embedded microchip that can be loaded with data, such as biometric data. Users can present both a smart card and their fingerprints, faces or other biometric data to merchants, banks, or telephones for identification or authentication.