(1) Field of invention
The present invention relates to system security and, more specifically, to an online credential verification system using biometric scanning in a user-privacy preserving fashion with respect to identification and authentication.
(2) Description of Related Art
System security is necessary to secure networks and other computer systems from adverse actions. As technology has developed, a variety of security measures have been implemented, including using biometric-based identification. Current biometrics-based identification, authentication and access control systems store the templates of biometrics (whether in clear or in encrypted form) on secure backend servers or databases. Pattern matching or distance measure algorithms are used to compare a users' supplied biometrics when the user interacts with such systems. There are several shortcomings to this current approach. Although backend servers and databases may be secured through traditional mechanisms of access control (for example, using firewalls), and although biometric templates may be stored in encrypted form, this does not preclude the possibility of a successful attack that infiltrates them and obtains such biometric templates. Once such biometric templates are obtained, a fake biometric may be constructed (though such reconstruction may be easy or hard depending on the specific biometric used, e.g., a fingerprint is easier to replicate than an iris biometric).
One successful automated breach of a server or database storing biometric templates can reveal thousands of biometrics which could cause serious risk of massive identity theft and fraud. Another problem is that since a person's biometric does not change, if the user uses his/her biometric for identification, authentication and access control in several systems, the stored template will be the same. This compromises user privacy and does not allow for transparent revocation. It is desirable if the template stored in each case is different, yet allows the system to identify the user when it interacts with it. This prevents linking of multiple accounts to the same individual in the case of a successful breach of security, which is unfortunately a common case these days.
Current theoretical constructions of cryptographic algorithms and protocols to secure biometric-based authentication and access control consider basic notions of distance (e.g., hamming and edit distance). In reality several biometrics systems utilize more complicated distance measures (e.g., face recognition). With respect to the instance of identity systems, there are several identity systems on the Internet; however, none of them utilize biometrics. More specifically, none relies on biometrics-based authentication using fuzzy extractors.
Biometrics are unique to each individual and thus provide a mechanism to reliably identify them, addressing a lack of confidence and assurance in online identities of users. Biometrics provide a natural and single usable interface for user authentication, addressing the requirement of individuals to maintain dozens of usernames and passwords. Addressing security and privacy concerns of biometrics will contribute to solving issues relating to an increasing lack of online privacy in addition to rendering biometrics more likely to be accepted by users because they do not require users to carry additional tokens or remember a lot of additional information for authentication.
Thus, a continuing need exists for a system that combines privacy-preservation features with biometric identification.