1. Field of the Invention
The invention pertains generally to security systems. In particular, it pertains to an improved security device based on biometric characteristics of the user.
2. Description of the Related Art
Improvements in circuit miniaturization, radio technology, and battery power have led to widespread use of portable devices that access the resources of much larger distributed systems. An example is the use of cellular telephones, which allow subscribers to access the resources of national and global telephone systems with a device they can carry on their person. The typical cell phone allows access to these resources to anyone possessing the cell phone. With larger devices, such as desktop computers that are located in secure areas, basing security on possession is not an issue. But with small, portable devices that are easily lost or stolen, this level of security is inadequate.
A conventional way to address this problem is through the use of passwords. However, password-based security is based entirely on protecting the password. Passwords can be illicitly obtained by unauthorized persons in various ways, such as by observing a person entering the password, electronic monitoring of password entry, or intercepting a new password as it is being delivered to the intended user. Since the user still has the password, the security breach may not be detected until some time after it has been improperly used by the unauthorized person. Another problem is that passwords are sometimes forgotten by the legitimate user, leading to frustration, inconvenience, and taking steps to avoid this problem in ways that may compromise the security of the password.
Another approach is the subscriber interface module (SIM), which combines a password with an artifact such as a machine-readable plastic card containing both secure data and processing capability. Since both the card and the password are necessary for access, this provides an improved level of security over a password-only approach, but it still suffers from many of the same problems.
Problems with these conventional approaches are that passwords can be stolen or forgotten, while artifacts can be lost, stolen, copied, or forged. An improved approach to access control uses biometric data to identify a specific user without the need for passwords or artifacts. Biometric data is data that describes a unique physical characteristic of the user, and which is read directly from the user's person at the time access is requested. Some of the known biometric approaches identify users through fingerprints, retina scans, and voice prints. Each has its own strengths and weaknesses, but all are based on unique physical characteristics of the user that are difficult to duplicate and do not require the user to memorize anything. However, biometric-based security systems also have a weakness. If the biometric data can be obtained, the fingerprint, retina image, voice, etc. can be forged or duplicated and used illicitly to obtain access to the system.
FIG. 1 shows a conventional biometric security system 1. A host system 11 contains a host processor 12, a memory 13, a reader interface 14 to a biometric reader 16, and a general purpose interface 18 to other parts of the system. Memory 13 can include various types of memory, such as random access memory (RAM), read-only memory (ROM), and flash memory. The flash memory is typically used to store valid biometric data on approved users, and can be updated as users are added, removed, or need to have their data modified. This biometric data might be in raw form, such as a digitized image of a fingerprint, but is more likely in a reduced form, representing a coded ‘map’ of the image that defines the pertinent points of the image in a predefined digital format. At the time access is requested, biometric reader 16 takes the appropriate biometric inputs from the user. For example, reader 16 might be a fingerprint reader, a retina scanner, or a voice print identification device. Biometric reader 16 converts the raw biometric data into a digitized map and sends the map through reader interface 14 to host processor 12, which compares it with the reference map in flash memory. If there is a match, processor 12 will initiate access to the requested resources, typically through general purpose interface 18. This design has at least three major weaknesses. 1) The link between reader 16 and interface 14 can expose the biometric map to monitoring and copying. The illicitly copied map can later be presented to reader interface 14 directly, without the need to duplicate the actual biometric image or data, thereby tricking system 11 into believing it is reading valid data from an authorized user. 2) Host processor 12 typically handles non-secure functions, such as the operational functions of a cell phone. Host processor 12 is therefore subject to hacking and other invasive tampering. It can be falsely directed to provide secure user data through general purpose interface 18, or to store false user data in the flash memory. Either act can permit an unauthorized person to later use the system in the normal manner through reader 16. 3) Flash memory (and therefore secure data) is accessible from outside system 11 through a common bus 15 tying together processor 12, memory 13 and interfaces 14, 18.
These weaknesses also expose the system to destructive tampering, whose goal is to disrupt normal operations rather than obtain unauthorized use of those operations.