The present disclosure relates to an authentication system, a method for authenticating an object, an apparatus for producing an identification device and a method for producing an identification device.
Biometric recognition methods have undergone an enormous upturn in recent years. Technological progress increasingly allows the rapid measurement of biological characteristics and the evaluation thereof with a feasible level of complexity. The use of biometrics is a promising approach to solving the problem of many security concepts. This gives rise to the issue of how identities and the associated rights can be linked to the correct physical object (e.g. a person). In the globalized information society, the solution to this problem is of central importance. By way of example, biometric data (e.g. a fingerprint from a person) can be stored on the identity card of said person in order to ensure that the holder of the identity card is also the owner thereof. Biometric measurements or scans allow forgeries and misappropriations of an identity card to be recognized. Biometric characteristics are frequently distinguished into active/passive, behavior-based, physiologically based or dynamic/static. Behavior-based characteristics which are stable in the long term include the voice, handwriting or signature, keystroke dynamics and gait dynamics. Physiological characteristics which are stable in the long term are the fingerprint, the iris or hand geometry, for example. Biometric characteristics used for authorizing an object are, inter alia: body size, iris, retina, fingerprint, face geometry, hand vessel structure, hand geometry, hand line structure, nail bed pattern, voice, signature, keystroke dynamics, lip movement, gait, body odor and DNA.
A biometric recognition system for authorizing a person is known from WO 00/74001 A1. In this case, biometric data are stored on an identification device, for example an ID card or identity card. In order to authenticate the person and hence to establish the authorization of said person, the person presents his identification device. The biometric data stored thereon are captured by a comparison device and are compared with the relevant biometric characteristics of the person. By way of example, an iris scan can be used to produce what is known as a live template with appropriate reference data and to compare it with stored biometric data, what are known as comparison data. The person is granted a particular authorization only if the geometric characteristics of the person match the stored biometric data. A drawback of the method described in WO 00/74001 A1 is that the memory on the identification device is not conclusively protected against forgery. In theory, it is possible to corrupt the data such that a third party can authenticate himself using these data. Stolen data result in the identity being compromised. The method can be used only for authentication and cannot be used for storing a key.
Furthermore, for reasons pertaining to data protection law, the biometric data can be neither duplicated nor buffer-stored in different countries. One reason for this is that various biometric data can be used to derive information about people that underlies their privacy (for example illnesses). From security-related aspects too, there is a desire to avoid the storage of complete biometric data, since these are a security risk. In theory, biometric characteristics which are required for authorization can be reconstructed and forged, which means that security locks can be bypassed, e.g. using a false fingerprint. WO 2005/064547 A1 discloses the practice of encrypting biometric comparison data and splitting them over a plurality of devices, e.g. a server and an identification device in the form of a chip card.
Different methods are known for linking biometric data or templates from a user or object to a (digital) key (e.g. a number which identifies the object). Usually, a distinction is drawn here between the following three methods:
a method which releases keys (key release);
a method which binds keys (key binding);
a method which generates keys (key generation).
In the case of the methods which release keys, the biometric authentication is completely decoupled from the key release. The biometric comparison data and the key are both stored in a central database, but with each being a separate entry. The key is released only when the biometric output data obtained (live template) match the stored template or the stored templates (comparison data). This method has the drawback that the stored biometric templates can be irrevocably stolen. Furthermore, it is possible to overwrite the stored biometric data or templates and hence to make the associated key accessible to another person.
In the case of the method which binds keys, the key and the biometric template form a unit, with the key being able to be generated only when appropriate biometric data are available. A cryptobiometric comparison algorithm is used in order to perform the authentication and at the same time to release the key. Hence, access to the key without the biometric data can be gained only with difficulty.
In the case of the method which generates keys, neither the key nor the template is stored in any form. The key is obtained directly from the biometric data from the object during the authentication process.
The last two cited methods can be implemented only with great difficulty. A known implementation of a key binding method is known from Uludag and Jain (cf. U. Uludag and A. Jain, “Fuzzy Vault for Fingerprints”, Proceedings of the Workshop “Biometrics: Challenges Arising from Theory and Practice”, pp. 13-16, Cambridge UK, 2004). Allegedly, however, some of these methods are very susceptible to brute force attacks (cf. P. Mihailescu, “The Fuzzy Vault for Fingerprints is Vulnerable to Brute Force Attacks” eprint arXiv:0708.2974.).
As regards the key release method, it is known practice to use neural networks in order to obtain a reliable comparison between the stored and the obtained biometric data (cf. EP 1 076 878 B1). Using the network as an actual storage location for the key is novel.