Currently there is an enormous problem with identity theft. Most people think of identity theft in the sense of financial identity theft, for example, stealing a credit card account number and/or social security number to make unauthorized purchases. While this is a significant portion of all identity theft incidents, there are many other types of identity theft including medical, insurance, perimeter, and network (or computer/electronic) identity theft. Medical and insurance identity thefts involve accessing one's medical and insurance information, respectively, which can be misused in unauthorized hands. Perimeter identity theft involves the theft of a personal identity in order to gain access to a restricted area—a particularly important issue for airports, nuclear power plants, municipal water supply facilities, etc. And network identity theft relates to the theft of a user identity in order to gain unauthorized access to a computer system such as a military or corporate computer network.
The technology currently available for identity security suffers from the significant problem of a lack of identity authentication. The U.S. government uses the term “strong authentication” as a rating of the robustness of the security of an identity authentication system. An identity authentication system is rated as a strong authentication system if it uses at least two of the following authenticators: (1) something the user has (a security token, driver's license, credit card, debit/ATM card, smart card, clearance badge, keychain fob, etc.); (2) something the user knows (a password, PIN, zip code, etc.); and (3) something the user is (a signature, fingerprint, DNA, etc.). While it may seem that having two or even all three of these authenticators would make the authentication strong, the reality is that all or most all of these authenticators can be compromised. And oftentimes in practice one or more of them are not even used at all. For example, credit card services originally met the requirements of strong authentication because they used a credit card the user had (authenticator 1) and a signature of the user (authenticator 3). But in current practice the user signatures are rarely checked during credit card transactions, and credit card companies actually promote that this increases the speed and convenience of using their cards.
Identity authentication systems using biometric identifiers have been developed in an effort to provide increased identity security. Even the newest and best biometric identity authentication systems, however, are prone to compromise. Their security depends on restricting access to biometric identifier files stored on centrally located databases or individual tokens. Storing the biometric identifier files on central databases poses obvious problems, such as the databases being high-value targets for thieves (i.e., hackers). And when the biometric identifier files are stored on the tokens, even though the biometric identifier files are dispersed among the numerous individual tokens, the tokens are still prone to hacking. This is because conventional token-based systems include token readers that access a biometric identifier file on a token, receive a user-inputted biometric identifier, and perform a comparison to authenticate the user's identity. Because the reader has to have the ability to access the biometric identifier files on the tokens, the thieves attack there. Hack one reader and gain access to one token and therefore all tokens. Simply switch out the biometric identifier file stored on the token with one for the thief, and the user's identity has been stolen.
Accordingly, it can be seen that needs exist for improvements in securing access to confidential information and secured places and, in particular, for improvements in authenticating the identity of persons who are attempting to gain access to the confidential information or the restricted-access location. It is to the provision of solutions meeting these and other needs that the present invention is primarily directed.