1. Field of the Invention
The present invention relates to authorization systems and more particularly to identity and verification systems and methods at least partially dependent on biometrics.
2. Description of Related Art
Fingerprints, voiceprints, hand geometries, retinal vessel patterns and iris texture characteristics have all been used in biometric measurements to identify individuals to security systems. Such measurements are usually coded into a statistically unique bit pattern for each individual and stored in a database that represents the list of individuals with a particular kind of access authority. A new level of complexity in authorizing an access is encountered when the requisite statistical tests in a verification task cannot be made on the spot because the authorized access list database is at some other remote location. Often the data recorded that describes an individual is stored at a remote location and so verification requires the transmission of private data over an insecure channel. For remote secure proof of identity, the prior art typically uses cryptographic methods for such verification.
Many private and public sector information applications depend on public key cryptography and secure proof of a user's identity. Biometric measurement data, albeit subject to statistical variations, is nevertheless conventionally used to verify the identity of individuals. Prior art methods used are based on a kind of statistical hypothesis testing where each person's biometric measurements are stored at the time of "enrollment" at some central facility. Then during "verification," biometric measurements are taken again and compared to the stored measurements. Since the privacy of the individual data is compromised, it is important to store such private biometric data at a secure place within an authentication system. It is also equally important to avoid transmitting such data over insecure communication channels.
Data privacy can be addressed by using standard cryptographic methods, but many cryptographic applications require exact and unique bit patterns for the encryption and decryption functions. A type of error correction procedure is needed to repeatedly reproduce the right bit pattern because sequential biometric measurements will have a range for any one individual, especially when taken at different times and places using even slightly different equipment.
An error correction mechanism must therefore be incorporated in some part of a system for biometric data to be used for remote secure proof of identity. However, the number of bits that can be corrected by practical error detecting and correcting codes is inherently limited. And getting reproducible bits from individual biometric measurements is a fundamental problem.