1. Field of the Invention
The present invention generally relates to identification systems used for security, and more particularly to use of biometric devices carried by individuals.
2. Background Description
Wireless communications is the fastest growing technology in history. More than one billion people worldwide now use wireless communications, including cell phones, personal digital assistants, and laptop computers. Wireless users of the internet now exceed the number of wireline users. Internet access via cell phone and PDA is growing almost as fast, with users performing all the informational and financial transitions from their wireless devices that they formerly performed on their desktop computer. As a subset of that market, the number of Bluetooth compliant devices is skyrocketing. At the same time, there is an urgent need, and a tremendous market, for security provisions which will assure that the devices are used only by authorized persons. Various companies have developed methods to provide digital signatures, computer security, access control, and biometrics to prevent identity theft, assure the identity of persons performing financial transactions, and replace the use of passwords while providing better security for wireless devices.
Biometrics methods currently use one or more sensors installed and dedicated to a particular control point. Upgrading or repairing the sensors may affect the accuracy of the identifications at that location in the future. A given sensor technique may not work for all persons who are authorized for access. These aspects have kept biometrics expensive to buy, install, and maintain, and confusing for many segments of the population. They have not fully exploited the potential security of biometrics. Most current biometric systems achieve at best about 7% error. Using multiple biometric techniques can improve that figure, but at increased cost and inconvenience to the supplier and user.
Biometric security as currently deployed has limitations which to only a limited extent can be overcome by using multiple sensors. In particular:
1) The commonly-used biometric techniques such as fingerprints, face recognition, hand geometry, voice recognition, and retina/iris scanning do not give reliable results for all persons. People who are elderly, artisans, have dry skin, or are from certain ethnic classes such as Asians and Ethiopians often do not produce useable fingerprints. In the general population of airports, for example, more than 8% of passengers are not good candidates for fingerprint-based identification. Hand geometry is not sufficiently unique to be useful with large databases. Face recognition is far less accurate for dark skinned persons; especially in dim light. Voice recognition is unreliable with elderly persons, those under stress or tired, or persons with colds or dry throats. Retina and iris scanning may be unreliable for persons with cataracts or glaucoma, or those wearing colored contact lenses, or people taking certain drugs or drinking alcohol.
2) Deployed biometric sensors are commonly vulnerable to vandalism, sabotage, degraded performance associated with the need for frequent maintenance, and undetected operational failures. Fingerprint sensors require clean glass plates for proper identification. The need for finger contact with those plates presents a problem. Oils from the hand accumulate and reduce the effectiveness of the system unless the plates are routinely cleaned. Dust and other debris from the hands, and intentional destruction or marking on the plate are also potential error sources which can deny use of the sensor if detected, or render the sensor performance unreliable if not detected. Hand geometry also suffers from the need for contact between the hand and the sensor. Retinal and iris scanners don't require direct contact but do require close proximity to the users, putting them within range for simple vandalism or sabotage. Voice recognition and facial recognition allow more distance between subject and sensor, and allowing the sensor's exact position to be hidden; reducing the potential for simple vandalism or sabotage. Persons who are opposed to the use of biometrics may intentionally vandalize installed systems or sabotage their use. Especially in the case of unattended systems, where biometric systems replace human guards, the resulting damage can destroy the potential cost and security advantages of using biometric technologies.
3) Use of different types of sensors at various locations requires training of the users for each different device. Poor training, or poorly designed biometric systems, result in low throughput. Unless the subject is a frequent user of that type of sensor, he may experience frustration, delays, and false rejections through improper use. Some systems incorporate features to detect or prevent piggybacking. Some incorporate timeouts which require response within a certain time period or the system automatically rejects the subject. Some must be cued by a PIN or ID card. Some allow multiple attempts and other do not. Having to remember the operational details for each biometric sensor location may be more cumbersome than remembering different passwords for each location—which is often the impetus for installing biometrics.
4) Different persons have different levels of concern for security, require various levels of access to secured areas and information, and have various levels of tolerance for dealing with security devices and procedures. A young student may only need to access his own checking account or his own credit card account which both have small balances. A senior government official may need secure access to classified locations and computer networks, in addition to the ability to perform remote financial transactions involving his personal stocks and bank accounts. An elderly retired person may need only to obtain cash from an ATM or purchase items using a debit or credit card. However, he may have very poor eyesight and limited mobility and so be unable to understand or use new sensors installed at different locations.
5) Biometric identity theft can eliminate the protection seemingly afforded by the use of biometric security. Persons leave a trail of their fingerprints everywhere they go. Others can obtain those prints and manufacture a tool for forging the prints, or sever the finger. Visual face images can be collected without the subject's knowledge, and can be used to disguise another person, or to produce a face mask which sufficiently replicates the subject that it can fool a face recognition system. Iris scans can also be collected without the subject's knowledge, and can be used to fashion a contact lens which mimics the subject's.
6) Biometric security needs to be extended to wireless and portable devices which are increasingly being used by military, law enforcement, and civilian users for transmissions of information and control signals which require privacy and protection. This includes the use of the wireless internet for financial transactions and transmission of sensitive data, and also the remote controlling of sensors and devices. Both sending and receiving parties need to be identified. Portable, personal biometric sensors will be needed for use in aware spaces, which automatically and continually identify and track inhabitants, providing them information, tools, access, and other services seamlessly without requiring the individual separately log on to each.
7) In many applications, the condition of the subject is also of concern in addition to his identity; particularly whether he is alive, awake, alert, attentive, able to perform, being deceptive, or suffering from medical or other trauma. Current biometric systems often provide degraded performance when the subject's condition changes, but do not adapt to those changes nor provide information about them. It is not sufficient that an emergency response worker be identified before he enters a HazMat environment; it is also essential that he be confirmed to be able to perform. Similarly, the person driving a commercial truck needs to be confirmed to be awake and sober, in addition to verifying his identity.
The examples below are representative of many similar patents and disclosures which are references to the current disclosure.
In U.S. Pat. No. 6,335,688, Method and system for airport security, Sweatte presents a method and system for airport or other building security where passengers or persons entering a building approach a check-in point or check-in counter and must undergo a positive identification (ID) by fingerprint scan, retinal scan, or an other means of positive identification. A digital photograph can then be taken of the person. This data plus the positive ID data and optional data about the person including a scan of a government supplied ID like a drivers license or passport is entered in a database and checked against various law enforcement databases such as FBI or others for law enforcement interest in the person. The person is then issued a smartcard with wireless capability which he is to carry while in the facility. The system can track his location by means of the smartcard, assuming that he carries it. The communication features of the smartcard are only used for tracking the card's location; there is no described use as a key to biometrically-secure locations or systems. There is also no described use at other facilities; in fact the invention is specifically for a single use at a single facility. In addition, no biometric sensor is embedded in the smartcard, which is merely an RFID sensor broadcasting a code which references a file in the facility database.
In U.S. Pat. No. 6,175,922 for electronic transaction systems and methods therefore, Wang presents a method and apparatus for approving a transaction request between an electronic transaction system and a portable electronic authorization device (PEAD) carried by a user using an electronic service authorization token. Advantages of the invention include the ability to securely and conveniently perform transactions with a portable device. The PEAD shares some characteristics with the Personal Biometric Key (PBK) of the current invention. However, under Wang, authorization and approval occur entirely within the PEAD. The user identification data that is employed to authenticate transactions may be biometric information; however, it is stored as a data block the same as if the identification data were merely the name and social security number. Wang gives no special weight to the use of biometrics, and does not include a biometric sensor within the PEAD. Furthermore, authorization decisions in his system are made within the PEAD. The PEAD may include a GPS system, but it is used to “search automatically the closest Point-of-Sale terminal according to GPS geometry position and establish the link automatically by using a Location-ID mapping table that maps the proximity of the point of sale terminal location to the unique ID of the point of sale terminal”. The GPS is not used for security in the PEAD.
Subsequent to the priority date of the present invention, in August 2001, AuthenTec Inc. announced the TruePrint™ fingerprint reader with incorporated Bluetooth transmitter, based upon the IFKey fingerprint key. IFKey Co., Ltd., headquartered in Seoul, Korea, is a biometrics security provider specializing in wireless fingerprint authentication technology, and owned by Samsung Data System (SDS), Korea's largest systems integration company. AuthenTec's press releases claim the company has 17 pending patents, but does not state the countries in which they are pending. Although its product literature echoes many of the features originally specified for the PBK of this invention, certain key differences persist.
AuthenTec uses only fingerprint sensors and makes no provision for use of other sensors, does not include a GPS or clock circuit to change the personal biometric code with each transmission and record date, time and location of each use, does not insure the immediate proximity of user to lock, does not provide for continuous or intermittent re-verification of identity, and provides no provision for checking the condition of the user.
In summary, the prior art is lacking in the following particulars: 1) The commonly-used biometric techniques such as fingerprints, face recognition, hand geometry, voice recognition, and retina/iris scanning do not give reliable results for all persons. 2) Deployed biometric sensors are vulnerable to vandalism, sabotage, degraded performance associated with the need for frequent maintenance, and undetected operational failures. 3) Use of different sensors for requirements at various locations requires training of the users for each different device. 4) Different persons have different levels of concern for security, require various levels of access to secured areas and information, and have various levels of tolerance for dealing with security devices and procedures. 5) Biometric identity theft can eliminate the protection seemingly afforded by the use of biometric security. 6) Biometric security needs to be extended to wireless and portable devices which are increasingly being used by military, law enforcement, and civilian users for transmissions of information and control signals which requires protection. 7) In many applications, the condition of the subject is also of concern in addition to his identity; particularly whether he is alive, awake, alert, attentive, able to perform, being deceptive, or suffering from medical or other trauma.