Many electronic devices such as personal computers, mobile devices including phones and personal digital assistants (PDAs) use some form of authentication, typically a password that must be input into the device to gain access. The password is most often typed onto a keyboard or other interface which then allows the user to gain partial or full access to the utility of the device and/or network. A problem associated with using passwords is that they are time consuming and inconvenient for the user to enter. Users often use informal passwords or share their password with others which works to compromise system security. These practices negate the password's value and make it difficult to have an accurate auditing of access. Moreover, passwords are expensive to administer when forgotten or misplaced. Although the use of other types of security access systems such as voice recognition, fingerprint recognition or iris scans have been implemented, these types of systems require a different procedure to access and use the device. These techniques also require a specific and time-consuming enrollment process in order to be operational.
Additionally, radio frequency (RF), infrared (IR), and ultrasonic transmitter devices have also been used as proximity-type devices to allow access when the transmitter is in a predetermined range of the device. The problem associated with these types of systems is the transmitter must be continuously worn or otherwise carried by the user. Should the transmitter signal be lost, misplaced or become inoperative, the user will no longer have any access to the device. Moreover, if another user has possession of the transmitter, the other user gains full access to the device. Obviously, this can lead to all types of security issues should the transmitter be lost or stolen.
Finally, biometric authentication using facial recognition is also often used to gain access to electronic devices. U.S. Pat. No. 6,853,739 to Kyle and U.S. Pat. No. 6,724,919 to Akiyama et al., which are both herein incorporated by reference, disclose examples of identity verification systems wherein a database is employed to compare facial features of a user to those in the pre-established database. Once a comparison is made, then authentication is verified and access is granted to the system. The disadvantage of this type of system is the requirement of a separate and specific enrollment procedure by the user to create the database. As with this type of facial recognition system and others in the prior art, the database must be populated before being used; otherwise, the system will not operate. This puts an unnecessary burden on the system operator, requiring detailed education on the steps to populate the database before the system may become operational. Additionally, this type of security system does not permit the automatic updating of the database to accommodate changes in head position, user features (such as different glasses), a change in the camera's operational characteristics, lighting and other environmental factors. This can limit the speed, accuracy, and even the success of database matching (recognition). Also, these prior art facial recognition and other biometric systems operate only at the instant of authentication.
Thus, these systems have no way of confirming the identity of the user even milliseconds after the actual authentication. The device has no way of knowing when a user has stepped away from the device, leaving the device unsecured. Existing methods of locking based on inactivity of data entry, such as keyboard or mouse activity, do not provide the needed flexibility. If they are set to lock on a very short delay, the user is locked out as the user is using the device. Conversely, if the delays are set long enough to not impact the user, the device is vulnerable to unauthorized access when the user steps away.
Hence, the need exists to provide a system and method for providing secure access to an electronic device using facial recognition that provides continuous authentication, no special enrollment process, automatic updates to the biometric database to improve recognition performance and multi-factor authentication while not requiring unnecessary data processing. The recognition system and method should be capable of running on devices requiring relatively low computing power so as to provide an inexpensive and responsive approach to providing biometric user authentication with a high level of security.