The growth of the Internet and other networking technologies has enabled users of business and consumer applications to access these applications remotely at an ever increasing rate. To maintain the privacy of sensitive information and to avoid commercial losses from fraudulent access to these applications as well as to meet mandated government legislation, there is a need for accurate verification of a user's identity in a way that can not be imitated or stolen. Additionally, applications such as secure facility entry, banking transactions, and other commercial transactions would benefit greatly by irrefutable biometric authentication and/or identification.
Email services would also benefit from a more secure means of authentication. Whether accessed through a local network or over the Internet, the vast majority of email servers today rely on simple password authentication and are, therefore, highly vulnerable to fraudulent access.
Current means to prevent unauthorized access include password authentication, personal identification numbers (PINs), confirmation of various aspects of personal history (date of birth, mother's maiden name, etc.), hardware and/or software token-based access, combinations of password and token-based access, and trusted containers of secret SKI (Symmetric Key Infrastructure) keys or PKI (Public Key Infrastructure) key-pairs assigned to users, such as with smart cards, which may or may not be PIN-protected.
Password and PIN based authentication are two commonly used methods for a number of applications in commercial transactions. A password or PIN can be made nominally more secure by increasing its length, forcing the user to change it frequently, and/or imposing cryptic restrictions on it. However, these complications make access more difficult because of the challenge for users to remember such passwords or PINs, leading to an increased incidence of input errors. A mole serious drawback to both is that they can be easily stolen by direct or indirect observation of a user's input or his written record of both in an accessible location, cracked through the means of brute-force combinatorial or other cracker software, or intercepted in transit to a server and potentially replayed, if not sufficiently encrypted. Recently, fraudulent emails that appear as requests for information from commercial entities such as banks have been employed to induce consumers to disclose passwords or other personal information in a process known as phishing.
The requirement for disclosing personal information to gain access can partially enhance security. However, much of this information can also be obtained either fraudulently or through legal means from consumer database services as witnessed by recent intrusions into Checkpoint, HSBC, and others.
Token-based systems involve the use of a unique hardware or software token for authentication This token can range from a bank ATM card to various hardware devices that may or may not attach to a computer for authorizing access over a network to resident software for remote network users. These devices are often used in combination with a password or other personal identifier. Although token-based access is more difficult to reproduce fraudulently because access is granted only with the unique token, it still has a number of shortcomings. Highly portable tokens such as credit cards can be lost, stolen, and, in some cases, counterfeited. More sophisticated tokens, which generate either single-use or time-sensitive dynamic passwords, may be portable; however, they cannot be shared among different users without compromising their security. Furthermore, most such tokens have a limited lifespan before they require replacement or reactivation Lastly, any of these tokens can still be used for unintended access if an unauthorized user obtains the token and associated password, PIN, etc.
More recently, systems that employ images of a user's unique biometric identifiers such as fingerprints, hand geometry, retinal patterns, DNA, iris and facial scans have been used to eliminate some of these shortcomings. Biometric identifiers have the natural advantage of being unique to the individual being identified and can't be lost or stolen. With biometric authentication, an authorized user requests access using a scanner or similar device to capture an image of the biometric identifier. Depending on the algorithms employed, key features of the digital template derived from the grayscale image produced by the device ate compared to a database containing digital templates of authorized users. The matching system must be able to compare properly the sample template against a database of stored (enrolled) user templates, and identify the closest match within preset parameters. The two templates will not exactly match (as in contrast to password matching), because the user will not be generating the exact same image twice. A positive match occurs when the differences between the sample template and the closest stored template are less than predetermined thresholds. In this case, the user gains access to the system of application as appropriate. Accurate evaluation of the template is essential for mission critical applications in an enterprise environment. Any significant amount of false positives could have dire consequences for a business's viability, while false negatives can degrade the credibility of the authentication system. Furthermore, broad user acceptance of biometric authentication is contingent on this accuracy. Consequently, a highly-discriminating, advanced matching system, with accuracy far beyond current standards such as the Automatic Fingerprint Identification Systems (AFIS) used in law enforcement today for identification is needed in this type of environment.
Another challenge is to eliminate the risk of unauthorized copying and/or replaying of the response stream generated by a user's biometric output from a scanner. As a specific example, if the output of the biometric imaging of a fingerprint or extracted template thereof were recorded, that output could conceivably be played back at a later time as a means of attack into the system to gain unauthorized access. Thus, the problem becomes one of assuring that the image sample being submitted to the authentication system is being taken live, and the template extracted from the live image is not being replayed.
The vulnerability of the Internet and other public access networks to attack creates additional challenges for insuring secure authentication for remote access to applications and systems, including email. In one representative architecture, a user at a workstation requests access to an application. That request is encrypted and transmitted over a network to a web server where the authentication of the user takes place. If the user's identity is confirmed, the user accesses an application server behind an enterprise firewall. The direct exposure of the web server to the Internet leaves it vulnerable to hacking, cracking, SQL injection, and other methods for gaining unauthorized access to any or all applications and or their private data residing behind the enterprise firewall.
One alternative is to perform user-authentication at the application server level. User authentication at the application server level provides an added measure of security as opposed to the web server level because of the application server's more restricted access. Because of the diverse set of hardware and software components that are utilized in an enterprise, many applications are developed in the Java programming language because of its portability to a variety of operating systems. The biometric system should support the Java runtime environment as well as non-Java runtime environments that enable web application access including Microsoft's Net, ADODB and others that may come into mainstream computing use. Numerous commercially available application server technologies based on Java such as IBM WebSphere, BEA WebLogic, Macromedia JRun, and JBOSS support authentication directly with lightweight directory access protocol (LDAP) directories containing the user profile data and are compatible with the diversity of hardware and software in the enterprise. These directory servers can work with token-based authentication systems, dynamic passwords, and others as available depending on the authentication method supported. However, they don't eliminate the fundamental security problem with all of these authentication methods, namely that they all use credentials that can be shared, stolen or lost.
Although a number of authentication systems today allow for so-called site licenses with a fixed set of users, they seldom actually monitor and/or offer a variable maximum number of users, nor do they distinguish between classes of users for access or the number of applications using any particular authentication method. Licensing use by specific application and variable number of users would allow improved cost accounting fox enterprise software managers by creating a means for attributing licensing costs directly to each application In addition, the authentication software vendor can collect fees based on the incremental number of applications and/or users licensed, rather than strictly by site or maximum number of users. Charging for applications on an incremental basis is beneficial to enterprises because it allows them to purchase only what they need and not pay fox greater capacity which they do not utilize. It also facilitates cost accounting among various divisions and departments thereby giving greater autonomy to division and department managers by controlling and limiting expenditures.