1. Field of the Invention
The present invention relates to identification authentication and more particularly to using biometrics as a factor for authentication.
2. Related Art
Although user identifiers and passwords are the most common method for accessing computer resources, they are widely recognized as the weakest form of authentication. Research and development in a new type of identification technique, called biometric identification, has created a new form of user authentication. A biometric identification system identifies a human from a measurement of a physical (i.e., biological) feature or repeatable action of the individual, such as hand geometry, retinal scan, iris scan, fingerprint patterns, facial characteristics, DNA sequence characteristics, voice prints, hand-written signature and the like.
Privacy issues, potential identity and/or biometric print theft and other concerns have inhibited widespread acceptance of using biometrics as a factor in authentication. Among these concerns are the level of invasiveness and physical and/or psychological discomfort during the enrollment and usage phases. In addition to the more obvious concerns of health issues, there is a perceived notion that biometric data could be stolen and identities could be forged. For example, retina scanning systems may enable the exchange of body fluids through the use of the eyepiece. The exchanged body fluids could then possibly be stolen and then forged.
Notwithstanding the above concerns, many entities are beginning to embrace biometrics as a second factor in the authentication process. For example, financial-services firms are interested in biometrics for performing background checks on prospective hires and for verifying customer transactions (particularly, credit, charge, debit, stored value and prepaid card transactions). In addition, many entities are requiring second factor authentication for more sensitive transactions such as the transfer of funds, high-value financial transactions, accessing personal medical records, and the like.
In most conventional biometric databases, however, in addition to a biometric, a user's name, address, social security number and the like are also stored. If the technological measures controlling access to the database are defeated, an individual's personal information can be stolen. This is commonly known as “identity theft”. Other conventional biometric systems use the biometric feature as well as an individual's personal information in the same transaction. Because the personal information is accessible during the transaction, there is the possibility that it can be compromised.
Given the foregoing, what is needed is a system, method and computer program product for nameless biometric authentication and non-repudiation validation.