The use of biometrics for user verification and identification purposes is becoming increasingly popular in the computer industry. One of the major advantages in using biometrics is the reduction in the number of usernames and passwords a user has to memorize to access a computer system or secure resources. However, unlike traditional usernames and passwords where exact matches are made between entered and reference passwords, biometric authentications are probabilistic in nature.
An acceptable tolerance range is required to compensate for variations encountered due to physiological and environmental changes, differing signal to noise ratios, processing algorithm differences and other influences which impact the matching of an inputted biometric sample to an enrolled reference biometric template. The inclusion of the acceptable tolerance range for matching between an inputted biometric sample and a reference biometric template affects the accuracy of the biometric identification system by either falsely rejecting a valid input or falsely accepting an invalid input. These undesired effects are generally expressed in terms of a false rejection rate (FRR) and a false acceptance rate (FAR). The false rejection and false acceptance rates are generally determined empirically from a statistically significant biometric sampling population.
For example, one of the most commonly employed biometric features utilizes fingerprints to perform biometric identifications. In the relevant art, fingerprint biometric identification systems which utilize a single fingerprint have been empirically determined to have identification accuracies in the range of 95-99%. This range is probably adequate for many implementations where false acceptance is of secondary importance to false rejection. For example, replacement of the standard username/password login with a biometric input on a home computer system.
The use of biometrics may simplify access by various family members by eliminating the need to remember username/password combinations. In the home environment, the population of users and the number of authentication transactions conducted are of a sufficiently small size that the chances of encountering an undesired result are negligible. Furthermore, even if a false acceptance were to occur, the information being protected is unlikely to be of such significant economic value to warrant the expense of providing greater protections.
On the other hand, in an enterprise or governmental setting where large numbers of identification transactions occur and the information being protected may have significant economic value and/or is otherwise highly sensitive, this authentication accuracy range becomes exceedingly inadequate, particularly when large populations are to be identified. When large populations are to be identified, the false acceptance rate (FAR) tends to increase geometrically. A detailed discussion of this phenomenon and a proposed solution is provided in U.S. Pat. No. 6,160,903 to a common inventor/assignee. This patent is herein incorporated by reference.
In high security implementations, the US National Institute of Standards and Technology (NIST) have recently promulgated a requirement in their draft specification, “Derived Test Requirements for FIPS PUB 140-2, Security policy requirements for Cryptographic Modules,” Feb. 12, 2003, of a false acceptance to be less than 1:1,000,000. To accomplish this level of security, various mechanisms have been proposed in the relevant art.
For example, US patent application 2001/0126881 A1 to Langley, discloses a multi-biometric scanner/processor arrangement in which two or more biometric features of a user are scanned simultaneously. This arrangement reduces the probability of a false acceptance by (PFA)n of the false acceptance probabilities, where PFA is the probability of false acceptance and n is the number of entered biometric samples. Using the false acceptance probability of 0.05 would require about five independent biometric inputs to exceed the 1:1,000,000 threshold requirements.
In another example, U.S. Pat. No. 6,393,139 B1 to Min-Hsiung Lin, discloses a multi-biometric input arrangement which requires a specific sample entry sequence. The patent further discloses an enrollment method which determines a quality factor for each biometric input for deciding which biometric inputs are suitable for the entry sequence. This arrangement further reduces the false acceptance probability by at least (Pi*(n−1))*(PFA)n where Pi is the probability of entry of an independent sample input, PFA is the probability of false acceptance and n is the number of entered biometric samples. In this example, using the false acceptance probability of 0.05 would require less than five independent biometric inputs to exceed the 1:1,000,000 threshold requirements. Thus, by adding a unique sequence to a biometric authentication process, the total number of biometric authentications may be reduced.
In another example, U.S. Pat. No. 6,408,290 to Thiesson, et at., discloses improved Bayesian networks. The Bayesian networks provide the advantages of a neural network which facilitates expert decision-making using dynamic system inputs such as those frequently encountered in biometric authentication systems. However, the Thiesson reference does not address how the Bayesian networks may be implemented in biometric identification systems to discriminate against false acceptances.
Thus, it would be highly advantageous to provide a mechanism where a combination of multiple biometric sample inputs from related and/or unrelated physiological features of a user are evaluated using either a Bayesian network or security policy based arrangement to meet or exceed predetermined error rate.
Additional background information relative to combining biometric authentication transactions to reduce error rates is included in the following treatises and patents, which are herein incorporated by reference;    [1] IBM Research Report Biometrics 101 by Rudolf M. Bolle, Jonathan Connell, Sharathchandra Pankanti, Nalini K. Ratha, Andrew W. Senior, RC22481 (W0206-033), Jun. 10, 2002.    [2] Biometric Decision Landscapes, John Daugman, University of Cambridge, Jan. 1, 1999.    [3] U.S. Pat. Nos. 6,038,334 and 6,072,891, both entitled “Method of gathering biometric information,” to Hamid, et al., a common inventor and to a common assignee.