The present invention relates to biometrics and, more particularly, but not exclusively to a system and method for providing a biometric identification service.
Biometric identification refers to the automatic identification of a person based on his/her physiological or behavioral characteristics. This method of identification is preferred over more traditional methods involving passwords and PIN numbers for various reasons: (i) the person to be identified is required to be physically present at the point-of-identification; (ii) identification based on biometric techniques obviates the need to remember a password or carry a token.
Specifically, with increased use of computers as vehicles of information technology, it is necessary to restrict access to sensitive/personal data. By replacing PINs, biometric techniques can potentially prevent unauthorized access to or fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. PINs and passwords may be forgotten, and token based methods of identification like passports and driver's licenses may be forged, stolen, or lost.
Thus biometric based systems of identification are receiving considerable interest. Various types of biometric systems are being used for real-time identification, the most popular are based on face, iris and fingerprint matching. However, there are other biometric systems that utilize retinal scan, speech, signatures and hand geometry.
Biometric identification and authentication systems were introduced into a variety of processes implemented by organizations such as financial institutions, medical institutions, government organizations, etc.
For example, U.S. Pat. No. 7,047,419 to Black et al, filed on Oct. 28, 2001, entitled: “Data Security System”, describes a data security system which comprises a host processor, and a plurality of remote computers. Each remote computer provides biometric authentication of a user prior to responding to the user request for data access. The remote computers are handheld when in operational mode. A sensor in the handheld computer captures a biometric image while the remote computer is being used. The biometric sensor is positioned in such a way that the sensor enables the capture of the biometric image continually during computer usage with each request for access to secure data. The biometric authentication occurs in a seamless manner and is incidental to the data request enabling user identity authentication with each request to access secure data.
U.S. Pat. No. 7,043,754 to Amouse et al, filed on Jun. 12, 2003, entitled “Method of secure personal identification, information processing, and precise point of contact location and timing”, describes a lightweight and easily carried memory identification card. The memory card includes a file system of electronic files on the card, which are automatically detected and recognized by selected authorized readers. The file system is organized so that stored electronic files appear in separate and distinct encrypted compartments in the card, so that only authorized preselected readers have access to particular compartments. Biometric identifying information is imprinted in the card, so that no data can be transferred unless there is a biometric match between a reader and a person assigned to the card and who possesses the card. The separate compartments of the memory card may include a compartment containing medical, administrative or financial information relating to the assigned user of the card, wherein the information is accessed only by a preselected memory card reader having the unique pin code assigned to the compartment having the medical information. The memory identification card can also have a single chip Global Positioning System (GPS) to identify where the card is being used.
U.S. Pat. No. 7,003,670 to Heaven et al, filed on Jun. 8, 2001, entitled “Biometric Rights Management System”, describes an apparatus and method for using biometric information to control access to digital media that is obtained over a network such as the Internet. Encryption, techniques are used in combination with biometric verification technology to control and monitor access to online or locally held media. Biometrics such as keystroke dynamics are measured at a user's computer to confirm the identity of a user for the purpose of allowing the user to audit music files to which the user has authorized access.
U.S. Pat. No. 6,985,887 to Sunstein et al, filed on Nov. 24, 1999, entitled “Apparatus and method for authenticated multi-user personal information database”, describes a method of assuring integrity of personal information in a data base. The database contains personal information provided by multiple users. In various embodiments, physiological identifiers associated with each of the users are stored in the database. Related systems are also described by Sunstein et al.
U.S. Pat. No. 6,928,547 to Brown et al, filed on Jul. 7, 2003, entitled “System and method for authenticating users in a computer network”, introduces a rule based biometric user authentication method and system in a computer network environment. Multiple authentication rules can exist in the computer network. For example, there may be a default system-wide rule, and a rule associated with a particular user trying to log in. There may be other rules such as a rule associated with a remote computer from which the user is logging in, a rule associated with a group to which the user belongs, or a rule associated with a system resource to which the user requires access such as an application program or a database of confidential information. An order of precedence among the rules is then established which is used to authenticate the user.
U.S. Pat. No. 6,928,546 to Nanavati et al, filed on May 14, 1999, entitled “Identity verification method using a central biometric authority”, describes a method for performing biometric verifications, to authenticate the identification of users using a central biometric authority (CBA). This allows parties to an electronic transaction to be assured of each other's identity. Specifically, at the sender side, a first message to a receiver is generated, wherein the first message includes a message text and a unique message identifier (UMI).
At the sender side, a second message concerning a posting to the CBA is also generated, wherein the second message includes the sender's biometric sample, the UMI, and the sender's submission profile record. At a receiver side, it is decided that if a receiver wishes to verify the sender's identity and if so, the first message is automatically verified. At the receiver side, a third message concerning a receiver's posting to the CBA is issued, the third message including only the UMI, as received from the sender side. Finally, at the CBA, a reply to the third message is provided, the reply including the sender's verification result.
Implementations of current biometric identification solutions, such as the ones described hereinabove, are specific with regards to the biometric equipment used.
Furthermore, with the current solutions, an organization may have to develop, buy, or install a complete biometric system including: biometric readers, computer drivers to control the biometric readers, software for generating biometric signatures (templates) from the read biometric values (say the from the image of a fingerprint read by a biometric reader), software for processing the biometric data read and comparing the processed biometric data with existing biometric data (say for authentication or identification of end users), dedicated databases to store the biometric data, etc.
A complete biometric system may be too expensive to buy and maintain, specifically for a relatively small business, which may not have experienced IT workers, and cannot finance the development of a complete biometric system which suits the needs of the business.
For example, a small drugstore chain is not likely to have the resources to develop a complete end-to-end system for biometric identification, say for controlling the distribution of prescription narcotic pain relievers by the chain's staff.
There is thus a widely recognized need for, and it would be highly advantageous to have, a system devoid of the above limitations.