U.S. patent application number 09/757903 was filed with the patent office on 2002-07-11 for random biometric authentication methods and systems.
Invention is credited to Ortiz, Luis M..
Application Number | 20020091937 09/757903 |
Document ID | / |
Family ID | 25049694 |
Filed Date | 2002-07-11 |
United States Patent
Application |
20020091937 |
Kind Code |
A1 |
Ortiz, Luis M. |
July 11, 2002 |
Random biometric authentication methods and systems
Abstract
Methods and systems for biometrically securing access to
electronic systems. A user prompted to input to the electronic
system at least one biometric attribute randomly selected from a
user profile containing biometric attributes of the user. A user
may be prompted to input such a biometric sample through a user
interface integrated with the electronic system. A user may be
permitted to perform a user-desired activity, such as accessing an
ATM machine, particular data, or entry to a secure area, if at
least one biometric attribute input by the user to the electronic
system matches at least one biometric attribute randomly selected
from the user profile. A user profile may be generally accessible
from a server through the electronic system. A user profile may
also be accessible from a biometric broker through the electronic
system over a secure network connection. A user profile may also be
accessible from a hand held device, such as a smart card, wireless
PDA or wireless communication device.
Inventors: |
Ortiz, Luis M.; (Dallas,
TX) |
Correspondence
Address: |
Kermit D. Lopez
PO Box 7720
Dallas
TX
75209-0720
US
|
Family ID: |
25049694 |
Appl. No.: |
09/757903 |
Filed: |
January 10, 2001 |
Current U.S.
Class: |
726/5 ;
382/115 |
Current CPC
Class: |
H04L 2463/082 20130101;
H04W 12/06 20130101; H04L 63/0861 20130101; H04L 63/102
20130101 |
Class at
Publication: |
713/200 ;
382/115 |
International
Class: |
H04L 009/32 |
Claims
1. A method for biometrically securing access to an electronic
system, said method comprising the steps of: prompting a user to
input to said electronic system at least one biometric attribute
randomly selected from a user profile containing biometric
attributes of said user; and permitting said user to perform a
user-desired activity, if at least one biometric attribute input by
said user to said electronic system matches said at least one
biometric attribute randomly selected from said user profile.
2. The method of claim 1 wherein said user profile is accessible
from a server through said electronic system.
3. The method of claim 1 wherein said user profile is accessible
from a biometric broker through said electronic system over a
secure network connection.
4. The method of claim 1 further comprising the steps of: obtaining
at least one biometric attribute from said user for compilation in
a user profile; compiling said user profile; and storing said user
profile in a location accessible by at least one electronic
system.
5. The method of claim 4 further comprising the step of: permitting
said user to modify said user profile, in response to approval of a
request by said user.
6. The method of claim 1 further comprising the step of: comparing
at least one biometric attribute input by said user to said
electronic system with said at least one biometric attribute
randomly selected from said user profile.
7. The method of claim 6 further comprising the step of:
subsequently prompting a user to input to said electronic system at
least one additional biometric attribute randomly selected from
said user profile, if at least one biometric attribute previously
input by said user to said electronic system does not match said at
least one biometric attribute previously randomly selected from
said user profile.
8. The method of claim 1 wherein said electronic system comprises
at least one wireless device that operates with a wireless
network.
9. The method of claim 1 wherein said electronic system comprises
at least one computer workstation operable over an associated
network.
10. The method of claim 1 wherein said electronic system comprises
an automated teller machine.
11. The method of claim 1 wherein said electronic system comprises
a secured entry system to a secured environment.
12. The method of claim 1 wherein said electronic system comprises
a wireless network.
13. The method of claim 1 wherein said electronic system comprises
a computer network.
14. The method of claim 1 wherein said electronic system comprises
a wireless device.
15. The method of claim 1 further comprising the steps of:
identifying at least one defective biometric attribute associated
with said user; and thereafter prompting a user to input to said
electronic system at least one additional biometric attribute
randomly selected from a user profile containing biometric
attributes of said user.
16. The method of claim 1 wherein said user-desired activity
comprises a financial transaction.
17. The method of claim 1 wherein said user-desired activity
comprises an ATM transaction.
18. The method of claim 1 wherein said user-desired activity
comprises access to a secure area.
19. The method of claim 1 wherein said user-desired activity
comprises access to data from said electronic system.
20. The method of claim 1 wherein said user-desired activity
comprises execution of a mechanical activity.
21. The method of claim 1 further comprising the step of:
initiating access to said electronic system utilizing only one
biometric attribute input to said electronic system.
22. A method for biometrically securing access to an electronic
system, said method comprising the steps of: prompting a user to
input to said electronic system at least two biometric attributes
randomly selected from a user profile containing biometric
attributes of said user; and permitting said user to perform a
user-desired activity, if biometric attributes input by said user
to said electronic system matches said at least two biometric
attribute randomly selected from said user profile.
23. A system for biometrically securing access to an electronic
system, said system comprising: module for prompting a user to
input to said electronic system at least one biometric attribute
randomly selected from a user profile containing biometric
attributes of said user; and module for permitting said user to
perform a user-desired activity, if at least one biometric
attribute input by said user to said electronic system matches said
at least one biometric attribute randomly selected from said user
profile.
24. The system of claim 23 wherein said user profile is accessible
from a server through said electronic system.
25. The system of claim 23 wherein said user profile is accessible
from a biometric broker through said electronic system over a
secure network connection.
26. The system of claim 23 wherein: at least one biometric
attribute is obtained from said user for compilation in a user
profile; and said user profile is stored in a location accessible
by at least one electronic system.
27. The system of claim 23 wherein said user is permitted to modify
said user profile, in response to approval of a request by said
user.
28. The system of claim 23 further comprising: module for comparing
at least one biometric attribute input by said user to said
electronic system with said at least one biometric attribute
randomly selected from said user profile.
29. The system of claim 28 further comprising: module for
subsequently prompting a user to input to said electronic system at
least one additional biometric attribute randomly selected from
said user profile, if at least one biometric attribute previously
input by said user to said electronic system does not match said at
least one biometric attribute randomly previously selected from
said user profile.
30. The system of claim 23 wherein said electronic system comprises
at least one wireless device that operates with a wireless
network.
31. The system of claim 23 wherein said electronic system comprises
at least one computer workstation operable over an associated
network.
32. The system of claim 23 wherein said electronic system comprises
an automated teller machine.
33. The system of claim 23 wherein said electronic system comprises
a secured entry system to a secured environment.
34. The system of claim 23 wherein said electronic system comprises
a wireless network.
35. The system of claim 23 wherein said electronic system comprises
a computer network.
36. The system of claim 23 wherein said electronic system comprises
a wireless device.
37. The system of claim 23 further comprising the steps of: module
for identifying at least one defective biometric attribute
associated with said user; and wherein said user is thereafter
prompted to input to said electronic system at least one additional
biometric attribute randomly selected from a user profile
containing biometric attributes of said user.
38. The system of claim 23 wherein said user-desired activity
comprises a financial transaction.
39. The system of claim 23 wherein said user-desired activity
comprises an ATM transaction.
40. The system of claim 23 wherein said user-desired activity
comprises access to a secure area.
41. The system of claim 23 wherein said user-desired activity
comprises access to data from said electronic system.
42. The system of claim 23 wherein said user-desired activity
comprises execution of a mechanical activity.
43. The system of claim 23 wherein access to said electronic system
is initiated utilizing only one biometric attribute input to said
electronic system.
44. A system for biometrically securing access to an electronic
system, said system comprising: module for prompting a user to
input to said electronic system at least two biometric attributes
randomly selected from a user profile containing biometric
attributes of said user; and module for permitting said user to
perform a user-desired activity, if biometric attributes input by
said user to said electronic system matches said at least two
biometric attribute randomly selected from said user profile.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Technical Field of the Invention
[0002] The present invention relates to authentication for and
security of electronic systems, such as computers, kiosks, wireless
devices, associated fixed and wireless networks, and mechanical
systems, such as secure buildings. The present invention also
relates to the use of biometric data for authenticating user
identity and providing secure user access to data and/or
transactions.
[0003] 2. Description of the Related Art
[0004] Security for electronic and mechanical systems has rapidly
become an important issue in recent years. With the proliferation
of computers, computer networks and other electronic device and
networks into all aspects of business and daily life, the concern
over secure file and transaction access has grown tremendously. The
ability to secure data and transactions is particularly important
for financial, medical, education, government, military, and
communications endeavors.
[0005] Using passwords is a common method of providing security for
electrical or mechanical systems. Password protection and/or
combination type locks are employed for computer network security,
automatic teller machines, telephone banking, calling cards,
telephone answering services, buildings, factories, houses and
safes. These systems generally require the knowledge of an entry
code that has been selected by or provided to a user or has been
configured in advance.
[0006] Pre-set codes are often forgotten, however, as users have no
reliable method of remember them. Writing down the codes and
storing them in close proximity to an access control device (e.g.,
a combination lock) results in a secure access control system with
a very insecure code. Alternatively, the nuisance of trying several
code variations renders the access control system more of a problem
than a solution.
[0007] Password systems are known to suffer from other
disadvantages. Usually, a user specifies passwords. Most users,
being unsophisticated users of security systems, choose passwords
that are relatively insecure. As such, many password systems are
easily accessed through a simple trial and error process.
[0008] To secure access to particular areas, such as buildings, the
most common building security system relied on traditionally has
been a security guard. A security guard reviews identification
cards and compares pictures thereon to a person carrying the card.
The security guard provides access upon recognition or upon other
criteria. Other building security systems use card access, password
access, or another secure access approach. Unfortunately, passwords
and cards have the same drawbacks when used for building security
as when used for computer security.
[0009] As computer networks are increasingly used to link computer
systems together, applications have been developed to allow a user
on a client computer system to access a service on a host computer
system. For example, a user on a client system may be able to
access information contained in a database on a host computer
system. Unfortunately, along with this increased accessibility
comes increased potential for security problems. For example,
communications, including authentication, between a client system
and a host system can be intercepted and tampered with while in
transit over the computer network. This may allow third parties or
malicious users on a client computer system to gain access to, or
security codes for, a service on a host computer system without
proper authorization.
[0010] A number of systems have been developed to ensure that users
do not gain unauthorized access to host computer systems. As
explained above, some systems prompt a user for passwords. Such
systems may also rely on PIN numbers, before granting the user
access to the host computer system. As indicated above, however,
passwords and PIN numbers may be forgotten or may fall into the
wrong hands. Additionally, using passwords and PIN numbers for
security purposes places an additional burden on institutions
because passwords or PIN numbers require additional machinery and
human resources to deal with customers when customers forget
passwords or PIN numbers, or when customers request that passwords
or PIN numbers be changed.
[0011] As an alternative to traditional security systems, such as
security guards, passwords or PIN numbers, biometric authentication
systems have been developed to authorize accesses to various
electronic and mechanical systems. Biometrics can generally be
defined as the science of utilizing unique physical or behavioral
personal characteristics to verify the identity of an individual.
Biometric authentication systems are typically combined with
hardware and software systems for automated biometric verification
or identification. Biometric authentication systems receive a
biometric input, such as a fingerprint or a voice sample, from a
user. This biometric input is typically compared against a
prerecorded template containing biometric data associated with the
user to determine whether to grant the user access to a service on
the host system.
[0012] A biometric security access system can thus provide
substantially secure access and does not require a password or
access code. A biometric identification system accepts unique
biometric information from a user and identifies the user by
matching the information against information belonging to
registered users of the system. One such biometric system is a
fingerprint recognition system.
[0013] In a fingerprint biometric system input transducer or
sensor, the finger under investigation is usually pressed against a
flat surface, such as a side of a glass plate; the ridge and valley
pattern of the finger tip is sensed by a sensing means such as an
interrogating light beam. In order to capture an image of a
fingerprint, a system may be prompted through user entry that a
fingertip is in place for image capture. Another method of
identifying fingerprints is to capture images continuously and to
analyze each image to determine the presence of biometric
information such as a fingerprint.
[0014] Various optical devices are known which employ prisms upon
which a finger whose print is to be identified is placed. The prism
has a first surface upon which a finger is placed, a second surface
disposed at an acute angle to the first surface through which the
fingerprint is viewed and a third illumination surface through
which light is directed into the prism. In some cases, the
illumination surface is at an acute angle to the first surface. In
other cases, the illumination surface may be parallel to the first
surface. Fingerprint identification devices of this nature are
generally used to control the building-access or information-access
of individuals to buildings, rooms, and devices such as computer
terminals.
[0015] Before the advent of computers and imaging devices, research
was conducted into fingerprint characterization and identification.
Today, much of the research focus in biometrics has been directed
toward improving the input transducer and the quality of the
biometric input data. Fingerprint characterization is thus
generally well known and can involve many aspects of fingerprint
analysis.
[0016] For doorway security systems, biometric authentication
systems have many known problems. For example, a user
identification code, a PIN, is generally required to identify each
individual in order to permit comparison of the biometric
information and a single user's template. Remembering a PIN can be
inconvenient and the device needed to accept a PIN are sometimes
subject to damage and failure. The device is also an additional
expense in a doorway access system. Since a single processor can
provide processing for several doors, for a multiple doorway
system, the PIN entry unit forms a significant portion of the
overall system cost. It would be advantageous to provide a system
wherein provision of a PIN is not always necessary for
identification. To date most biometric authentication systems or
services rely on some form of PIN input.
[0017] In evaluating security of biometric authorization systems,
false acceptance and false rejections are sometimes evaluated as a
fraction of a user population. A security system may be
characterized as allowing 1 in 1,000 false acceptances or,
alternatively, 1 in 1,000,000. Typically a probability distribution
curve establishes a cut off for a given registration to determine
what false acceptance rate this reflects. Curves of this type are
exponential in nature and, therefore for better false acceptance
rates provide only nominal improvements to false acceptance rate
for significant changes to a threshold value. Typically when using
a biometric information sample, a low match score results in
failure to authorize an individual.
[0018] In the past, a one-to-many search of biometric information
has generally been considered undesirable because security may be
compromised. For example, when a single biometric template is
compared and a resulting comparison having a 1/1,000,000 likelihood
of false acceptance is desired, it should be clear that 1/1,000,000
users may be misidentified. When, however, a forty user system is
provided with equivalent individual comparison criteria, the
probability of false acceptance can escalate to 1-(0.999
999).sup.40 which is about 1/25,000. Whereas 1/1,000,000 is
generally acceptable for many applications, 1/25,000 is likely not
as acceptable. Further, as the number of individual templates
grows, the rate of false acceptance increases; when 250 templates
exist, a likelihood of about 1/4,000 of false acceptance
exists.
[0019] In order to solve this problem, one might reduce the false
acceptance rate to 1/10,000,000; however, this results in problems
identifying some people and makes such a system inconvenient. A
system of this type is unlikely to provide consistent results and
therefore, requires a security guard at least at a door to provide
access for those who are not identifiable to 1/10,000,000.
[0020] Another potential problem with the use of biometrics is
related to the unauthorized interception of a digital signal or
file representing a biometric (i.e., similar to unauthorized
interception of passcodes/passwords). An unauthorized user may
substitute a digital signal of a biometric attribute or template by
bypassing biometric readers or scanners altogether. Therefore, like
passwords or passcodes, use of biometrics for security purposes and
user authorization, verification, and identification is not full
proof.
[0021] Based on the foregoing, those skilled in the art can
appreciate that despite the advances in biometric authentication,
most biometric authentication systems are still plagued with
various physical and algorithmic drawbacks. It is believed that the
biometric methods and systems disclosed herein overcome such
drawbacks by employing a unique random method and system of
biometric identification and verification that correlates directly
to biometric attributes themselves.
SUMMARY OF THE INVENTION
[0022] The present invention provides biometric authentication
methods and systems.
[0023] It is a feature of the present invention to provide
biometric authentication based on random factors.
[0024] It is still another feature of the present invention to
provide a biometric authentication methods and systems based on the
random selection of biometric attributes from a user profile
containing biometric information about the user.
[0025] The above and other features of the invention are achieved
as will now be further described. Methods for biometrically
securing access to an electronic system are disclosed. According to
one such method, a user may be prompted to input to the electronic
system at least one biometric attribute randomly selected from a
user profile containing biometric attributes of the user.
[0026] A user may be permitted to perform a user-desired activity
if at least one biometric attribute input by the user to the
electronic system matches the at least one biometric attribute
randomly selected from the user profile. A user profile may be
generally accessible from a server through the electronic system. A
user profile may also be accessible from a biometric broker through
an electronic system over a secure network connection. A user
profile may also be accessible from a portable electronic device
such as smart cards PDAs and/or other wireless hand held
devices.
[0027] Additionally, methods may include processing steps which
result in obtaining at least one biometric attribute from a user
for compilation in a user profile or template, compiling the user
profile, and subsequently storing the user profile in a location
accessible by at least one electronic system. The user may be
permitted to modify the user profile in response to approval of a
request by the user.
[0028] Additionally, a method can involve the processing step of
comparing at least one biometric attribute input by the user to an
electronic system with at least one biometric attribute randomly
selected from the user profile. The user can then be subsequently
prompted to input to the electronic system at least one additional
biometric attribute randomly selected from the user profile, if at
least one biometric attribute previously input by the user to the
electronic system does not match the at least one biometric
attribute previously selected randomly from the user profile.
[0029] The electronic system itself may be configured with at least
one wireless device that operates with a wireless network. The
electronic system can also be configured with at least one computer
workstation operable over an associated network. The electronic
system may be configured as an automated teller machine. The
electronic system can also be configured as a secured entry system
to a secured environment. The electronic system may also be part of
a point of sale in a retail establishment that relies on credit
card authorization to enable customer transactions. The electronic
system may simply be a wireless network or a computer network, or a
combination thereof. Alternatively, the electronic system may
simply be a wireless device, such as, for example, a Wireless
Application Protocol (WAP) enabled cellular telephone and/or PDA
(Personal Digital Assistant).
[0030] Biometric attributes can comprise fingerprints, facial
information, voice print data, retinal data, hand geometry
measurements, scanned iris data, and/or signature verification
data. Other biometric attributes not listed herein may also be
utilized in accordance with the present invention.
[0031] Additionally, at least one defective biometric attribute
associated with the user may be identified as defective (or
otherwise un-readable), according to a method disclosed herein.
Thereafter, a user can be prompted to input to the electronic
system at least one additional biometric attribute randomly
selected from a user profile containing biometric attributes of the
user.
[0032] A user-desired activity, according to the present invention,
may be, for example, a financial transaction, an ATM transaction,
access to a secure area, access to data from the electronic system,
and/or execution of a mechanical activity.
[0033] In accordance with the present invention, there is also
provided a method for biometrically securing access to an
electronic system. In such a method, a user may be prompted to
input to an electronic system at least two biometric attributes
randomly selected from a user profile containing biometric
attributes of the user. The user may then be permitted to perform a
user-desired activity if biometric attributes input by the user to
the electronic system matches the at least two biometric attribute
randomly selected from the user profile.
BRIEF DESCRIPTION OF THE DRAWINGS
[0034] The novel features believed characteristic of this invention
are set forth in the appended claims. The invention itself,
however, as well as a preferred mode of use, further objects, and
advantages thereof, will best be understood by reference to the
following detailed description of an illustrative embodiment when
read in conjunction with the accompanying drawings, wherein:
[0035] FIG. 1 depicts a block diagram illustrating components of an
electronic system associated with a database containing biometric
attributes in which preferred embodiments of the present invention
may be implemented;
[0036] FIG. 2 illustrates a diagram illustrating client computer
systems coupled to host systems through a network in which
preferred embodiments of the present invention may be
implemented;
[0037] FIG. 3 illustrates a block diagram illustrating some of the
functional components within the client computer system depicted in
FIG. 2, which may be utilized to implement an embodiment of the
present invention
[0038] FIG. 4 depicts a diagram illustrating biometric attributes
and a user profile, which may be utilized in accordance with
preferred embodiments of the present invention;
[0039] FIG. 5 illustrates a flow chart illustrating operations for
authenticating a user in accordance with an embodiment of the
present invention;
[0040] FIG. 6 depicts a flow chart illustrating additional
operations for authenticating a user in accordance with an
embodiment of the present invention;
[0041] FIG. 7 depicts a portion of a user interface that may be
implemented in accordance with the present invention; and
[0042] FIG. 8 depicts a portion of an alternative user interface
that may be implemented in accordance with the present
invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENT
[0043] The following description is presented to enable any person
skilled in the art to make and use the invention, and is provided
in the context of particular applications and its requirements.
Various modifications to the disclosed embodiments will be readily
apparent to those skilled in the art, and the general principles
defined herein may be applied to other embodiments and applications
without departing from the spirit and scope of the present
invention.
[0044] Thus, the present invention is not intended to be limited to
the embodiments shown, but is to be accorded the widest scope
consistent with principles and features disclosed herein. Although
preferred embodiments of the present invention are described
herein, those skilled in the art can appreciate that a number of
varying embodiments may be implemented in accordance with the
present invention.
[0045] FIG. 1 depicts a block diagram illustrating components of an
electronic system 12 associated with a database or memory
containing biometric attributes 14, in which preferred embodiments
of the present invention may be implemented. Database 14 may be
linked or integrated with electronic system 12 and may include a at
least one user profile 15 containing biometric templates (i.e.,
samples) of biometric attributes provided previously by particular
users. Electronic system 12 may interact with and communicate with
a variety of devices and mechanical systems.
[0046] Electronic system 12 may, for example, communicate with a
computer workstation 24. In such an example, electronic system 12
may be configured as a remote computer network, such as the
Internet, or a dedicated computer network operating within a
particular organization, business or institution. Electronic system
12 may also be configured to communicate with electromechanical
systems, such as entry hardware of a secure building 22. A user may
access electronic system 12 to secure entry to secure building 22.
In some applications, electronic system 12 may be configured as
electronics associated with or resident within the user interface
(e.g., typical of non-networked systems, such as secure
entries).
[0047] Additionally, electronic system 12 may be configured to
communicate with an Automatic Teller Machine (ATM) 20 and/or point
of sale. A user attempting to retrieve cash through ATM 20 can be
required to authentication his or her identification, based on
previously stored biometric attributes contained within database 14
and/or user profile 15. Database 14 and user profile 15 may
together function as a biometric broker that communicates as a
third-party service with various mechanical systems and other
devices through electronic system 12. Electronic system 12 may also
communicate with a financial institution 18 and wireless device
16.
[0048] In order to communicate with wireless device 16, electronic
system 12 may be configured as part of a wireless network. A
wireless device 16 may be, for example, a wireless telephone or a
wireless hand held device that can communicate with wireless
networks to send and receive data. Wireless device 16 may be, for
example, a Wireless Application Protocol (WAP) enabled
communications device configured to authenticate the identity of a
user through a biometric scanner integrated with or attached to the
wireless device.
[0049] FIG. 2 illustrates a diagram illustrating client computer
systems 32, 34, and 36 coupled to host computer systems 48, 40, and
42 through a network 30, in which preferred embodiments of the
present invention may be implemented. Network 30 may be any
communication channel through which computer systems can
communicate. This includes, but is not limited to, local area
networks, such as Ethernet or Token ring, and wide area or remote
computer networks, such as the Internet and World Wide Web, well
known in the networking arts.
[0050] Network 30 may also be implemented as a wireless network
through which wireless devices, such as wireless device 16 of FIG.
1, may communicate with other devices and other systems. A client,
such as client systems 32, 34, and 36 can be any node on a computer
network including computational capability and including a
mechanism for communication across network 30. Human users 33, 35,
and 37 may operate client systems 32, 34, and 36, respectively. A
host, such as host systems 48, 40 and 42, can be any node on a
computer network including a mechanism for servicing requests from
a client for computational or data storage resources. Hosts may
also be implemented as servers.
[0051] Host systems 48, 40 and 42 may be coupled to biometric
broker 44. Biometric broker 44 can be implemented as a centralized
repository for storing biometric attributes (i.e., biometric data),
such as fingerprint data. Biometric broker 44 may also be
configured as an entity that obtains biometric data form a variety
of biometric databases operated by different entities and
organizations, and utilizes such information for authentication
purposes. FIG. 4, which will be further described herein, lists
examples of biometric data that may be utilized in accordance with
the present invention. Biometric broker 44 may also include a
mechanism for managing the biometric attributes stored as data, and
may additionally include a mechanism for implementing security
policies for the biometric attributes. Such policies may require
specific levels of authentication for different groups of users, or
for access to different servers.
[0052] Biometric brokers 44 may be implemented in any number of
forms. In one possible embodiment, biometric broker 44 may be
implemented as a node on network 30, which communicates with host
systems 48, 40, and 42 across network 30. In another possible
embodiment, biometric broker 44 is located on a host, such as host
system 48.
[0053] The example illustrated in FIG. 2 may operate generally as
follows. A user, such as user 33, works on a client, such as client
system 32. User 33 requests access to resources on host system 48
across network 30. In response to this request, host system 48
attempts to authenticate user 33. In doing so, host system 48
requests a biometric attribute (i.e., biometric data) from
biometric broker 44. Biometric broker 44 returns a biometric
attribute or biometric template, which may be compared against
sample biometric attribute(s) randomly collected from user 33. This
comparison may take place at a number of locations, including at
client system 32, at host system 48 or at biometric broker 44. If
the sample biometric attribute collected from user 33 matches the
biometric attribute retrieved from biometric broker 44, user 33 may
be permitted to access resources on host system 48.
[0054] Providing a centralized authentication service such as
biometric broker 114 has a number of advantages. One advantage is
generally that centralized revocation can be supported. For
example, an employee in an organization typically has access to a
number of different resources on a number of different host
systems. When this employee leaves the organization, it often takes
a long time to explicitly revoke the employee's access rights on
all host systems. Under a centralized revocation scheme, such
revocation only needs to take place once at the centralized
revocation service since the disparate host systems always look to
the centralized revocation service to authenticate a user.
[0055] FIG. 3 illustrates a block diagram illustrating some of the
functional components within client computer system 32 that may be
utilized to implement an embodiment of the present invention. Note
that in FIGS. 2 and 3 identical parts are represented by identical
reference numerals. As mentioned above, client system 32 can be any
node on a computer network including computational capability and
including a mechanism for communication across network 30. In the
illustrated embodiment, client system 32 includes user interface
62, networking code 64 and adapter 66. These functional components
can be implemented in software running on, for example, a client
CPU. User interface 62 provides a mechanism through which user 33
can operate client system 32. Networking code 64 may include a
library of functions, which allow client system 32 to communicate
across network 30. Adapter 66 may include a collection of functions
that implement the client portion of a biometric authentication
system according to one embodiment of the present invention.
[0056] Adapter 66 may communicate with sealed hardware unit 58,
which can be utilized to perform biometric authentication
functions. In the example illustrated in FIG. 3, sealed hardware
unit 58 can be encased in a sealed insulating layer, which prevents
a malicious user of client system 32 from monitoring the
computational operations performed within sealed hardware unit 58.
This can prevent a malicious user from improperly gaining access to
host system 48, even if the malicious user has the power to modify
hardware and software resources on client system 32. The circuitry
inside sealed hardware unit 58 may be encased in the insulating
layer in such a manner that any attempt to cut through the
insulating layer to monitor the circuitry is likely to render the
circuitry inoperable. Of course, such features may or may not be
implemented and are presented here for illustrative purposes only
and are not meant to be interpreted as limited features of the
present invention.
[0057] Sealed hardware unit 58 can include a CPU 50, which can be
any type of computational engine that can be used to perform the
computational and logical operations involved in biometric
authentication. Sealed hardware unit 58 can additionally include
threshold storage 52 and key storage 54. Threshold storage 52 may
be utilized as a memory location for storing threshold values
indicating how closely a biometric attribute take as a biometric
sample from a user must match a biometric attribute retrieved from
a database through biometric broker 44, in order to allow the user
to access the host system. Key storage 54 can store at least one
encryption key that can be used to encrypt messages or computer
checksums for communications across network 30.
[0058] Sealed hardware unit 58 may communicate with scanner 60,
which can be utilized to take a biometric sample (i.e., biometric
attribute) from user 33. This biometric attribute can be any type
of biometric measurement of user 33. This includes, but is not
limited to, fingerprint data, retinal scan data, handwriting data,
voice data (e.g., a voice print), and facial data (e.g., a face
scan). Note that the biometric attributes stored as data within a
database, such as biometric database 14 and/or user profile 15 of
FIG. 1, may be stored as a template or biometric template.
[0059] The components illustrated in FIG. 3 can operate as follows.
User 33 initiates the biometric authentication process by seeking
access to resources on a host system, such as host system 48 of
FIG. 2, through user interface 62. This causes authentication code
within adapter 66 to initiate communications with host system 48
(i.e., host system 48 illustrated in FIG. 2). This authentication
code within adapter 66 may additionally initiate operations within
sealed hardware unit 58 to gather a biometric attribute as a
biometric sample from user 33 through scanner 60. These
authentication operations are described in more detail below with
reference to the flow charts in FIGS. 5 and 6.
[0060] FIG. 4 depicts a diagram illustrating biometric attributes
and a user profile 82, which may be utilized in accordance with
preferred embodiments of the present invention. Elements of user
profile 82 in FIG. 4 can be analogous to user profile 15 of FIG. 1.
Biometric attributes 80 may include fingerprints, voiceprints,
retinal and iris information, hand geometry, facial information,
and signatures. Thus, biometric authentication may be based on a
variety of possible biometric measurements. A user profile 82 of a
particular user will thus include one or more of the aforementioned
biometric attributes. Such biometric attributes are utilized to
verify the identity of the user.
[0061] Typical biometric measurements, which may be utilized to
authenticate identity, include fingerprint verification.
Fingerprint images contain a large amount of information and
therefore has a reliable and inherent accuracy. Fingerprint
identification is generally well known in the biometric arts and
has been utilized since the 1800's by law enforcement agencies to
assist law enforcement officers in criminal investigations.
[0062] Hand geometry may also be utilized to measure the physical
characteristics of a user's hands and fingers. Hand geometry
biometric authentication has traditionally been utilized for
physical access control and time/attendance systems. Hand geometry
has traditionally been limited to verification (i.e., one-to-one
comparisons) rather than identification (one-to-many comparisons.
Hand geometry does not measure or capture finger or palm prints,
but can reliably measure the physical characteristics of an
individual's hands from a three dimensional perspective.
[0063] Voice recognition is known as another important technique
for identify users. In voice recognition systems, a voiceprint is
obtained from a user and stored as biometric attributes for later
user identification. It is generally well known in the biometric
arts that an individual's voice contains unique wavelength sound
characteristics. Such characteristics can be analyzed and stored as
biometric data.
[0064] Retinal scanning is another biometric measurement technique
that can be utilized in accordance with the present invention.
Retinal scanning is generally based on a biometric measurement
process that maps the structure of veins at the back of
individual's eye. Retinal scanners typically send a beam of
concentrated light into the eye. Retinal scanners, however, employ
low intensity light for measuring the retina characteristics
associated with an individual.
[0065] Iris scanning is another biometric measurement technique
that can be utilized in accordance with the methods and systems
disclosed herein. Iris scanning, well known in the biometric arts,
scans unique random patterns of an individual's iris. Such a
measurement method does not rely on the iris color. Iris scanning
is generally based on the fact that the color portion of the eye
that surrounds the pupil contains patterns that are unique to each
individual.
[0066] An individual's signature is another important biometric
attribute that can be utilized to verify the identity of an
individual. Signature verification can be readily utilized with the
other biometric measuring techniques utilized above.
[0067] Facial recognition may be utilized in accordance with the
present invention to enhance biometric authentication. In facial
recognition techniques, a facial scan of an individual is taken and
stored as data which may later be compared against a user's most
recently provided facial scan to confirm or deny user identity. In
typical facial scan systems, a user steps in front of a digital
camera, which captures an image of the user's face. Associated
software captures the image and creates a facial template.
[0068] Some facial recognition software currently in use relies on
Local Feature Analysis (LFA) to measure the size and shape of
features around the eyes or center of the face captured in the
image, along with the width of the bridge of the nose or distance
form the nose to each eye. Such software relies on features that
are not statistically change altered to weight gain or loss, aging,
facial hair growth and so forth. An example of a facial recognition
system that uses facial recognition software is Visionics' Faceit
software, which works with simple digital Web cameras to verify a
user's identity for access to computers and associated computer
networks.
[0069] Other biometric attributes are not shown in FIG. 4, but
those skilled in the art can apply equally to the practice of the
present invention. Such biometric attributes may include a palm
print, ear shape, ear canal acoustic properties, DNA, keystroke
(e.g., typing rhythm), and body odor.
[0070] FIG. 5 illustrates a flow chart 100 illustrating operations
for authenticating a user, in accordance with an embodiment of the
present invention. The process can be initiated as indicated at
block 102. A user transaction may be initiated with an electronic
system, as depicted thereafter at block 104. Such an electronic
system may, for example, be configured as an ATM and/or point of
sale linked to a computer network that communicates with a
biometric broker, such as biometric broker 44 of FIG. 2.
[0071] As explained previously, such a biometric broker can be
composed of a database containing biometric attributes and/or a
user profile integrated with or in communication with the database.
The user profile contains previously store biometric attributes of
a particular user. A user during enrollment may provide a biometric
attribute. During such an enrollment stage, samples of designated
biometric attributes may be acquired. One or more unique features
of the samples can then be configured to form a biometric template
of one or more biometric attributes for subsequent comparison
purposes.
[0072] As depicted next at block 106, the user is requested by the
electronic system to provide at least one biometric attribute. The
operation described at block 106 is based on random factors. In the
operation depicted at block 106, the user is prompted to input to
the electronic system at least one biometric attribute randomly
selected from a user profile containing biometric attributes of the
user. User input of a biometric attribute can be based on this
random selection. Thereafter, as illustrated at block 108, the user
provides to the electronic system, the biometric attributes
randomly selected by the electronic system from the user
profile.
[0073] As described next at block 110, a comparison may be made
between the random biometric attribute(s) selected by the
electronic system from the user profile and the biometric
attributes input by the user to a biometric scanner. If a match
does not occur, then the process may be repeated, beginning with
the operation depicted at block 104.
[0074] If a match does occur, then as depicted at block 112, the
user may be permitted to perform a user-desired activity such as,
for example, performing financial transactions. If a biometric
attribute input by the user to the electronic system does not match
one or more of the biometric attributes randomly selected from the
user profile associated with the user after, for example, three
attempts, the user is not permitted to perform user-desired
activities or transactions.
[0075] FIG. 6 depicts a flow chart 130 illustrating additional
operations for authenticating a user, in accordance with an
embodiment of the present invention. The process may be initiated,
as indicated at block 132. Thereafter, as illustrated at block 134,
a user initiates a transaction with an electronic system via a
single biometric attribute. This single biometric attribute may be
provided via, for example, a fingerprint provided by the user
through a fingerprint scanner integrated with the electronic
system.
[0076] This single biometric attribute may also be provided via a
smart card that is receivable by the biometric system. Biometric
attributes may be previously stored within a memory location
contained within the smart card for later retrieved (e.g., read or
scanned by an electronic system at a point of sale or ATM) for user
authentication or verification purposes using biometric method
taught herein. Smart cards are generally known in the art as
credit-card sized plastic cards with an embedded computer chip. The
chip can either be a microprocessor with internal memory or a
memory chip with non-programmable logic. The chip connection can be
configured via direct physical contact or remotely through a
contactless electromagnetic interface.
[0077] Smart cards may be generally configured as either a contact
or contactless smart card, or a combination thereof. A contact
smart card requires insertion into a smart card reader with a
direct connection to, for example, a conductive micromodule on the
surface of the card. Such a micromodule may be generally gold
plated. Transmission of commands, data, and card status takes place
through such physical contact points.
[0078] A contactless card requires only close proximity to a
reader. Both the reader and the card may be implemented with
antenna means providing a contactless link that permits the devices
to communicate with one another. Contactless cards can also
maintain internal chip power or an electromagnetic signal (e.g., RF
tagging technology). Two additional categories of smart codes, well
known in the art, which are based on contact and contactless cards
are the so-called Combi cards and Hybrid cards.
[0079] A Hybrid card generally may be equipped with two chips, each
with a respective contact and contactless interface. The two chips
are not connected, but for many applications, this Hybrid serves
the needs of consumers and card issuers. The Combi card may be
generally based on a single chip and can be generally configured
with both a contact and contactless interface.
[0080] Chips utilized in such smart cards are generally based on
microprocessor chips or memory chips. Smart cards based on memory
chips depend on the security of the card reader for their
processing and can be utilized when low to medium security
requirements. A microprocessor chip can add, delete and otherwise
manipulate information in its memory. Microprocessor-based memory
cards typically contain microprocessor chips with 8, 16, and 32 bit
architectures.
[0081] When a transaction is initiated with a biometric attribute,
the user may input a single biometric attribute at the request of,
or to initiate, the electronic system. The electronic system may
be, for example, an ATM machine equipped with a biometric scanner.
The biometric scanner may be configured with, for example, iris
scanning, retinal scanning, and fingerprint scanning capabilities.
The user may, for example, provide his or her left thumbprint, if
requested by the electronic system, to initiate a transaction
utilizing the electronic system. Following user input of a single
biometric attribute, a user profile may be retrieved by the
electronic system based on the input of a single user biometric
attribute, such as a fingerprint. Again, retrieval may be from a
server, electronic system memory, or portable device memory (e.g.,
smart card or other electronic hand held device)
[0082] The user selects a desired user-activity at an interface
associated with the electronic system, as indicated at block 138,
and thereafter, as illustrated at block 140, the user may be
requested by the electronic system to provide at least one
biometric attribute via random selection of such an attribute by
the electronic system. Biometric attributes are thus randomly
selected from the user profile associated with the user. The user
must then provide the electronic system with biometric attributes
that match the biometric attributes randomly selected from the user
profile, as indicated at block 142.
[0083] If a biometric attribute input by the user through an
interface and biometric scanner associated with the electronic
system does not match the biometric attributes randomly selected
from the user profile, the user can be requested again, as
indicated at block 140. If, however, a match is made, then the user
may be permitted to perform the user-desired activity, such as
accessing secure data or entry to a secure building, as illustrated
at block 146. The process then terminates, as indicate at block
148.
[0084] FIG. 7 depicts a pictorial diagram 200 of a user interface
202 that may be implemented in accordance with the present
invention. In the drawing illustrated in FIG. 7, user interface 202
is shown, for example, at three different moments in time. User
interface 202 can be analogous to user interface 64 of FIG. 3.
Those skilled in the art can appreciate that a user interface 202
may be of many forms depending on the type of biometric sample
being requested, obtained and/or utilized. As indicated previously,
a user can be requested by electronic system to provide a one or
more biometric samples for authentication purposes. Biometric
samples may be of different types (e.g., voice, fingerprint, eye,
etc.).
[0085] The user may be prompted to input biometric samples randomly
selected by the electronic system from a user profile containing
biometric attributes previously obtained from the user. User
interface 202 may be integrated with, for example, an ATM machine,
or a secure door that accesses a secure area, such as a government
building or military complex. In the example depicted in FIG. 7,
user interface 202 includes an iris scanner 208 and a fingerprint
scanner 206. Finger print scanner 206 may be integrated with a
display area 204, which may also be integrated with iris scanner
208.
[0086] Input of a biometric attribute by a user to interface 202
may be based on the random selection of a biometric attribute from
a user profile. The number of biometric attributes requested from a
user may also based on a random number. For example, during one
authentication session, a user may be requested to provide a left
index fingerprint and a left iris scan. During another
authentication session, the same user may be required to provide a
left index fingerprint, followed by the fingerprint of his or her
right middle finger, and immediately thereafter, an iris scan of a
left eye, or perhaps, a right eye.
[0087] The selection of biometric attributes from the user profile
may thus be based on a random selection. The number of required
biometric samples that a user may be required to input may also be
a random number. Those skilled in the art will appreciate, however,
that the number of biometric attributes required to be input by a
user will likely be a limited number. Thus, a user may be required
to input only three biometric attributes during one authentication
session, two biometric attributes during another authentication
session, and five biometric attributes during another biometric
session.
[0088] Those skilled in the art can also appreciate that other
biometric scanning devices may also be integrated with the user
interface 202, such as, for example, a retina scanner, palm
scanner, voice print scanner, and so forth. Thus, the example
illustrated in FIG. 7 should not be interpreted as limiting the
invention. The drawing illustrated in FIG. 7 merely represents one
possible embodiment in which the present invention may be
implemented.
[0089] FIG. 8 depicts a pictorial diagram 220 illustrating a
portion of an alternative user interface 222 that may be
implemented in accordance with the present invention. User
interface 222 may communicate with or be integrated with an
electronic system, such as an ATM machine or point of sale. User
interface 222 may be integrated with a microphone 230 that may
receive a voiceprint from a user. User interface 222 may also be
integrated with a fingerprint scanner 228 that captures
fingerprints as biometric data from users. Additionally, user
interface 222 may include a camera 226 that functions for iris,
retinal, and facial scanning purposes.
[0090] Note that pictorial diagram 220 illustrates first, second
and third biometric attribute input stages. During a first
biometric attribute input stage, a user may be prompted through a
display unit 231 to input his or her name or other word or phrase.
The user merely speaks his or her name, for example, into
microphone 230. During a second biometric attribute input stage,
the user may be requested to input his or right hand thumbprint.
Finally, during a third biometric attribute input stage, the user
may be requested to provide a biometric sample of his or right eye,
which may be scanned as a retina or iris biometric attribute of the
user. Alternatively, the user may be asked to provide a facial
scan, in which case, camera 226 captures a facial image of the user
for biometric authentication purposes.
[0091] Those skilled in the art will appreciate that the methods
described herein may be implemented in the context of associated
systems for performing tasks resulting from the processing of such
methods. The present invention may thus be configured as a system
for biometrically securing access to an electronic system. Such a
system may include modules thereof. A module, in software use, is
generally a collection of routines and data structures that
performs a particular task or implements a particular abstract data
type. Module typically are composed of an interface, which lists
the constants, data types variables, and routines that can be
accessed by other modules or routines, and an implementation, which
can be accessible only by the module. The implementation contains
the source code that actually implements the routines in the
module.
[0092] Thus, the system described herein may include a module for
prompting a user to input to the electronic system at least one
biometric attribute randomly selected from a user profile
containing biometric attributes of the user. Additionally, the
system can include a module for permitting the user to perform a
user-desired activity if at least one biometric attribute input by
the user to the electronic system matches the at least one
biometric attribute randomly selected from the user profile.
[0093] In such a system, the user profile is generally accessible
from a server and/or memory through the electronic system. The user
profile may also be accessible from a biometric broker through the
electronic system over a secure network connection. Additionally,
at least one biometric attribute may be obtained from the user for
compilation in a user profile. The user profile is generally stored
in a location accessible by at least one electronic system. The
user is generally permitted to modify the user profile, in response
to approval of a request by the user.
[0094] Such a system can also include a module for comparing at
least one biometric attribute input by the user to the electronic
system with the at least one biometric attribute randomly selected
from the user profile. Additionally, such a system includes a
module for subsequently prompting a user to input to the electronic
system at least one additional biometric attribute randomly
selected from the user profile, if at least one biometric attribute
previously input by the user to the electronic system does not
match the at least one biometric attribute randomly previously
selected from the user profile.
[0095] In such a system, the electronic system may be configured as
one or more wireless devices that operate with a wireless network.
The electronic system may also be configured as one or more
computer workstations operable over an associated network. The
electronic system may comprise an automated teller machine, or a
secured entry system to a secured environment. The electronic
system may simply be a wireless network or a computer network, or a
combination thereof. The electronic system may also be a wireless
device.
[0096] Such a system may also include a module for identifying at
least one defective biometric attribute associated with the user.
The user can be prompted to input to the electronic system at least
one additional biometric attribute randomly selected from a user
profile containing biometric attributes of the user.
[0097] The user-desired activity may comprise activities, such as,
for example, a financial transaction, an ATM transaction, access to
a secure area, or access to data from the electronic system. The
user-desired activity may also simply comprise the execution of a
mechanical activity.
[0098] Alternatively, a system for biometrically securing access to
an electronic system may include a module for prompting a user to
input to the electronic system at least two biometric attributes
randomly selected from a user profile containing biometric
attributes of the user. Such an alternative system can also include
a module for permitting the user to perform a user-desired
activity, if biometric attributes input by the user to the
electronic system matches the at least two biometric attribute
randomly selected from the user profile.
[0099] The embodiments and examples set forth herein are presented
in order to best explain the present invention and its practical
application and to thereby enable those skilled in the art to make
and utilize the invention. However, those skilled in the art will
recognize that the foregoing description and examples have been
presented for the purpose of illustration and example only. The
description as set forth is not intended to be exhaustive or to
limit the invention to the precise form disclosed. For example, a
variety of biometric attributes may be utilized in a variety of
combinations and configurations to implement particular embodiments
of the present invention. Many modifications and variations are
possible in light of the above teaching without departing from the
spirit and scope of the following claims.
* * * * *