Biometric authentication is generally regarded as being more secure, and also more user-friendly, than conventional forms of authentication. Examples of biometric authentication include the use of fingerprints, voice patterns, retinal patterns, and/or other physiological characteristics of a user to uniquely identify that user.
Typically, when the user wishes to access a protected application (e.g., secure building, secure area within a building, secure computer, secure software application, etc.), the user is asked to provide a substantially real-time sample of the biometric characteristic. For example, he might place his finger in a fingerprint scanner, speak a voice sample into a microphone, peer into a retinal scanner, etc. The biometric characteristic is captured electronically (typically digitally), and compared to a stored sample. If the captured data match the stored data (to a required degree of accuracy), the user is granted access.
Biometric authentication relies on the user's identifier or other access indicia being “something the user is.” Such an access indicia is not readily stolen or reproduced. In contrast, nonbiometric authentication relies on the user's access indicia being “something the user has” (e.g., a password, a private key, etc.), which is much easier to steal or reproduce. Therefore, all other factors being equal, biometric authentication is usually more secure than nonbiometric authentication.
However, biometric authentication is not infrastructure-friendly, because of the relative scarcity of biometric scanners for acquiring a biometric characteristic to serve as, or for conversion to, the user's biometric identifier. This scarcity, in turn, reflects the fact that biometric data acquisition is much more expensive than conventional authentication. For example, a fingerprint- or retinal-based biometric scanner requires optics (to visualize the biometric data), image acquisition hardware/software (to capture the data), digital processing software (to transform the data to a standard format at an acceptable quality level), and a sufficiently high bandwidth connection to a computer (to transmit the data for authentication). In contrast, in a nonbiometric authentication scheme, a simple pop-up field in a web browser is sufficient to capture the password or other alphanumeric access indicia.
The expense and complexity of biometric scanners is a significant reason why biometric authentication, to date, has not been widely deployed in, say, home environments. As a corollary, users of a system requiring biometric authentication typically cannot access the system from locations other than those having a biometric scanner.
Thus, it would be desirable to allow access to systems requiring biometric authentication from locations not necessarily equipped with a biometric scanner. For example, if a biometric authentication system could also accept a user-inputted pass code derived from and serving as a proxy for a biometric identifier, then the benefits of biometric authentication could be extended to locations lacking biometric scanners.