`
`United States Patent
`Sands et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7.404,086 B2
`Jul. 22, 2008
`
`USOO7404086B2
`
`(54) METHOD AND APPARATUS FOR
`BOMETRICAUTHENTCATION
`
`(75) Inventors: Justin M. Sands, Reston, VA (US);
`Christopher A. Sands, Herndon, VA
`(US); Arthur J. Sands, Jr., Falls
`Church, VA (US)
`(73) Assignee: AC Technology, Inc., Herndon, VA (US)
`(*) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 806 days.
`
`(21) Appl. No.: 10/350,003
`(22) Filed:
`Jan. 24, 2003
`
`(65)
`
`Prior Publication Data
`US 2004/O 148526A1
`Jul. 29, 2004
`ul. Z9,
`
`(51) Int. Cl
`(2006.01)
`tion o/32
`713A186
`52) U.S. C
`ir grrrrr.
`(52)
`(58) Field of Classification Search ............... . 713/186
`See application file for complete search history.
`References Cited
`
`(56)
`
`U.S. PATENT DOCUMENTS
`6.256,737 B1 * 7/2001 Bianco et al. ............... T13, 186
`
`ser initiates request
`to autheriticate.
`
`7,003,670 B2 * 2/2006 Heaven et al. .............. T13, 186
`7,039,812 B2 * 5/2006 Kawan et al. ............... T13, 186
`2002/0174347 A1* 11/2002 Ting ........................... T13, 186
`2003/0154382 A1* 8, 2003 Vicard ........................ T13, 186
`
`* cited by examiner
`Primary Examiner Matthew B Smithers
`(74) Attorney, Agent, or Firm Bingham McCutchen LLP
`
`(57)
`
`ABSTRACT
`
`A biometric authentication method and system may be imple
`mented in a client server architecture to provide substantial
`access control security and ease of administration. Users are
`enrolled in the system by providing multiple biometric mea
`Surements which are stored in a database as part of the user's
`biometric profile. Upon attempted access of a computer, the
`biometric authentication engine determines which biometrics
`are required and what the biometric matching criteria are
`based on the location of the computer, time of day and other
`security conditions. If the user is determined not to be authen
`tic, a security policy may cause an action to occur Such as
`revoking the user's access privileges or causing the login
`attempt to appear to be successful while the authorities are
`Summoned.
`
`57 Claims, 4 Drawing Sheets
`
`445
`Authentication
`Granted
`A
`
`
`
`
`
`
`
`
`
`455
`Authentication
`Reyoked
`
`Autilation
`Policy override
`akhentication
`result to implement
`sixtefuge
`452
`
`400
`— -
`System deteranines
`user location 405
`w
`Retriwe User's
`
`R
`
`y
`f
`
`E.4107.7 to "45
`
`
`
`420
`
`Authentication Polics
`deierraines if access
`to the location or user
`has bee; disabled
`
`Aless has been
`disabled
`
`440
`Authentication policy is
`notified and ray
`take special
`actigr if needed
`
`450
`AuthenticatioR policy is
`notified and may
`as
`acticonifeeded
`A
`
`
`
`?he sample profile
`matches the
`template profile
`
`he sample profile
`does not match the
`template profile
`
`Authentication Policy
`compares the
`template
`biometric profile with
`
`w
`Authentication Policy
`deterninas set
`of iometrics equired
`fair 425
`
`System acqui?es
`set of bioetics
`to form a 'sample'
`biometrote 43 O
`
`?he po?icy delermines that
`the authentication process
`should
`intinue
`
`he policy deteries that
`more biometries are necded,
`or should be re-sampled
`
`Authentication policy
`is
`notified and may
`takespecial
`actic); if needec
`460
`The policy determines that
`access should be revoked
`
`
`
`Authentication
`Revoked
`
`465
`
`IPR2022-00602
`Apple EX1025 Page 1
`
`
`
`U.S. Patent
`
`Jul. 22, 2008
`
`Sheet 1 of 4
`
`US 7.404,086 B2
`
`SERVER
`
`140
`
`AUTHENTCATION SERVER
`SOFWARE
`
`NETWORK
`
`- 120
`
`
`
`
`
`
`
`/- 130
`
`110
`
`A- e - 130
`
`BIOMETRIC
`DEVICE
`
`CLENT
`
`M
`PRESENTATION
`SOFTWARE
`
`150 o O O CLIENT
`
`BIOMETRIC
`DEVICE
`
`FIGURE 1
`
`IPR2022-00602
`Apple EX1025 Page 2
`
`
`
`U.S. Patent
`
`Jul. 22, 2008
`
`Sheet 2 of 4
`
`US 7.404,086 B2
`
`
`
`
`
`IPR2022-00602
`Apple EX1025 Page 3
`
`
`
`U.S. Patent
`
`Jul. 22, 2008
`
`Sheet 3 of 4
`
`US 7.404,086 B2
`
`
`
`
`
`$ $H(H05) I H
`
`IPR2022-00602
`Apple EX1025 Page 4
`
`
`
`U.S. Patent
`
`Jul. 22, 2008
`
`Sheet 4 of 4
`
`US 7.404,086 B2
`
`ser initiates request
`to authenticate.
`
`
`
`400
`
`System determines
`user location.
`
`445
`
`Authentication
`Granted
`
`Retrive user's
`template
`biometric profile.
`
`etrive configuration
`info for Ocation, 45
`
`FIGURE 4
`
`455
`
`Authentication
`Revoked
`
`No
`
`
`
`Yes.
`
`
`
`Does
`Authentication
`Policy ovemide
`authentication
`result to implement
`subtrefuge.
`452
`
`
`
`
`
`
`
`
`
`
`
`420
`
`Authentication Policy
`determines if access
`to the location or user
`has been disabled.
`
`
`
`Authentication Policy
`determines set
`of biometrics required
`for authentication.
`
`System acquires
`set of biometrics
`to form a 'sample'
`biometric profile.
`
`
`
`
`
`Access has been
`disabled
`
`440
`Authentication policy is
`notified and may
`takespecial
`action if needed.
`
`450
`Authentication policy is
`notified and may
`take special
`action if needed.
`
`The sample profile
`matches the
`template profile.
`
`The sample profile
`does not match the
`template profile.
`
`Authentication Policy
`compares the
`template
`biometric profile with
`
`on record.
`
`The policy determines that
`the authentication process
`should continue,
`
`Authentication policy
`is
`notified andma
`take special y
`
`
`
`
`
`The policy determines that
`more biometrics are needed
`s
`of should be re-sampled.
`
`action if needed 460
`
`The policy determines that
`access should be revoked.
`
`
`
`Authentication
`Revoked
`
`46 5
`
`IPR2022-00602
`Apple EX1025 Page 5
`
`
`
`US 7,404,086 B2
`
`1.
`METHOD AND APPARATUS FOR
`BIOMETRICAUTHENTICATION
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to authentication
`and, more particularly, to biometric authentication.
`
`BACKGROUND OF THE INVENTION
`
`2
`It is an object of the present invention to provide a simple
`security method and apparatus.
`It is another object of the present invention to provide a
`simple and inexpensive security system.
`It is a further object of the present invention to provide a
`method and apparatus for biometric authentication.
`It is still another object of the present invention to provide
`a method and apparatus for biometric authentication in which
`the requirements for authentication can be made relatively
`unpredictable until the time of access.
`To achieve the above and other objects, according to an
`embodiment of the invention, a method of authenticating a
`user comprises: obtaining a user profile; receiving biometric
`information; obtaining stored user biometric information;
`comparing at least Some of the stored user biometric infor
`mation and said received biometric information based on the
`user profile; and determining if the user is authenticated based
`on the comparison.
`According to another embodiment of the present invention,
`a biometric authentication system comprises: an input device
`for providing biometric information; a memory operatively
`connected to store user biometric information; a memory
`operatively connected to store at least one user profile; a
`controller operatively connected to compare at least some of
`the stored user biometric information and the biometric infor
`mation provided by the input device, based on the user profile,
`and to determine if a user is authenticated based on the com
`parison.
`
`30
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a schematic block diagram of a client server
`architecture in which an embodiment of the present invention
`may find application.
`FIG. 2 is an expanded view of the biometric authentication
`server Software according to an embodiment of the present
`invention.
`FIG. 3 is an illustrative diagram of a user entry in the
`database.
`FIG. 4 is an illustrative logic flow diagram in accordance
`with an embodiment of the present invention.
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`Security measures are increasingly needed to protect sen
`sitive data and facilities. Only authentic users should have
`access to Such data and facilities. However, simple passwords
`or even magnetic type security cards that have conventionally
`been used to authenticate users can be lost, stolen or dupli
`cated. In Such cases the missing or duplicated security cards
`or passwords allows a thief access to secure areas.
`In addition to providing security, a security method and
`apparatus must be relatively simple and easy to use and
`administer. For example, armed guards can protect stored
`data and facilities containing such data, but it is impossible to
`have armed personnel protect all important data and secure
`facilities. Even if sufficient personnel were available, the
`question still remains: how can a guard know who should
`have access?
`Today, businesses generally deploy networks, such as local
`area networks (LANs) or wide area networks (WANs) in
`order to make valuable information and resources available
`immediately to trusted employees. Computer networks are
`thus very powerful and enable employees to work efficiently
`together. However, the power and convenience of computer
`networks also makes theft of information easier to accom
`plish.
`In U.S. Pat. No. 6.256,737, it is proposed to implement one
`or more biometric devices associated with a client computer
`to read biometric(s) of a user and control access to a computer
`network. The patent, however, performs authentication and
`grants access to the network based solely on biometrics of a
`user and fixed confidence thresholds.
`Accordingly, there is a need for security measures that are
`not easily susceptible to theft and duplication. There is a
`further need for security measures for accessing computers
`and computer networks that may be implemented securely
`and conveniently within an organization. There is still a fur
`ther need for security measures that are capable of providing
`variations in authentication procedures based on events that
`comprise security risks.
`
`10
`
`15
`
`25
`
`35
`
`40
`
`45
`
`SUMMARY OF THE INVENTION
`
`According to the present invention, a biometric authenti
`cation method and system may be implemented in a client
`server architecture to provide Substantial access control Secu
`rity and ease of administration. Users are enrolled in the
`system by providing multiple biometric measurements which
`are stored in a database as part of the user's biometric profile.
`Upon attempted access of a resource, a biometric authen
`tication engine determines which biometrics are required and
`what biometric matching criteria are required, based on the
`location of the computer, time of day and other security
`conditions. It then gathers the required biometrics from the
`user, and determines if they match the biometrics on record
`for that user. If the user is determined not to be authentic, or
`the user's pattern of activity is sufficiently suspicious, a secu
`rity policy may use access Subterfuge to protect the integrity
`of the resource.
`
`According to an embodiment of the present invention,
`computer network security is enhanced by the implementing
`biometric authentication Software at a server that is governed
`by an authentication policy. The authentication policy is flex
`ible and allows the biometric authentication procedure imple
`mented at any given computer or location within the network
`to be altered based on security conditions.
`Definition of Terms
`For the purpose of this document the following terms
`should be interpreted to mean the following:
`Authentication—A process to ensure that an individual is
`whom they claim to be. Authentication is typically tied to
`allowing a person to login into a computer system.
`Biometric—A biometric is any measurable aspect of a
`lifeform, such as a fingerprint, iris Scan, Voice print, or even a
`person’s height. The term also refers to the measurement
`itself.
`Biometric Profile-A Biometric Profile (“BP) is a set of
`information about an individual’s physical characteristics.
`This set may include, but is not limited to: patterns of the skin,
`Such as fingerprints, toe prints, etc.: characteristics of the eye,
`
`50
`
`55
`
`60
`
`65
`
`IPR2022-00602
`Apple EX1025 Page 6
`
`
`
`US 7,404,086 B2
`
`10
`
`3
`Such an image of an iris; Voice patterns; and other types of
`images of the body, Such a ultra-violet, thermal or infra-red
`scans. The BP may be limited to one representation of a single
`physical characteristic or may be as robust as multiple physi
`cal characteristics with multiple representations of each char
`acteristic. For example, a BP could be created for someone
`with a single scan of her right thumb. Another example of a
`BP could be two scans, each in a different wavelength of light,
`of all ten of the person’s fingers along with a scan of the
`person’s left iris. The biometric information also need not
`contain only complete scans. Rather, the biometric informa
`tion may be stored in a reduced form containing only the
`salient features of the Scan.
`Device—Any physical electronic device requiring authen
`tication that a user would use. This could be a personal com
`15
`puter, thin client to a computer server, PDA, automobile, etc.
`Plug-in Framework—A plug-in framework is a method in
`which two pieces of software (software A and software B)
`communicate to each other, but the communication is done in
`such a way that one piece of software, software B, could be
`replaced with another without modifying software A.
`Scanning device—Any physical device that can produce a
`digital representation of a part of the human body or byprod
`uct of the human body. This may include, for example, a
`finger print Scanner, a Voice representation device, and an iris
`scanner. These scanners could scan via physical appearance,
`ultra-violet, infrared, etc. Many other types of Scanners are
`possible and the broadest possible definition is intended.
`Access Subterfuge—An attempt by the system to escape
`intrusion by an attacker. The system may use a variety of
`mechanisms that seek to delay an imposter, who has been
`detected attempting to gain access to unauthorized resources.
`The delay is intended to occupy the intruder until designated
`authorities can arrive. For example, the imposter may be
`re-directed to a false area or resource which the imposter will
`spend time examining while authorities arrive. Or simply a
`long time may pass before (possibly false) access is granted.
`In addition the system may attempt to bluff potential
`imposters by always rejecting the first access attempt. Also
`the system may lock out the machine from which failed
`access was attempted, as well as locking out the user from
`future authentication.
`BiObex BiObex refers to the biometric authentication
`product developed by Advanced Biometric Computing, LLC.
`The name may change in the future. BiObex is only used to
`represent this product in this document.
`Authentication Policy
`A biometric authentication policy is a set of rules and
`procedures defined by an organization. The policy implicitly
`or explicitly specifies how various resources on the organiza
`tions network should be biometrically protected. Typically
`the policy is implemented as a custom Plug-in software
`component or a configuration of an existing software compo
`nent. An authentication engine collects key pieces of infor
`mation, referred to as security conditions, and presents them
`to the policy at appropriate times. The output of the policy
`then, controls the behavior of the authentication engine to
`within certain customizable behaviors. The rules may be dif
`ferent for each computer network, depending on the security
`60
`needs of the organization. An authentication policy is com
`posed of three components: Requirements, Matching, and
`Security (all defined below).
`The requirements component of a policy determines the set
`of biometrics required to authenticate a user. It does this based
`on the user's identity, biometric profile, physical location,
`type of resource the user is attempting to access, and the
`
`45
`
`4
`hardware devices available at that location. Other security
`conditions such as the time of day and day of the week may
`also be used to influence the decision. The biometrics
`required may be from a single person or from multiple per
`SOS.
`Given that a network is deployed with computer terminals
`that are connected to the network at different locations within
`a physical building, certain locations may be considered more
`secure than others. This may be because Some locations are
`guarded or because they require a user to present more cre
`dentials to be able to access them.
`Moreover, building access might be available 24 hours a
`day to employees who present proper credentials. This allows
`access to the computer network at hours where few people are
`around. Accordingly, after hours access might require more
`biometric authentication because the risk of intrusion is con
`sidered higher.
`In a heterogeneous hardware environment, some locations
`may have different sets of biometric devices than other loca
`tions. This may occur for a variety of reasons, including that
`the biometric devices, such as finger print Scanners, were
`purchased at different times so that there is a variation in
`model, type and performance among the scanners.
`The authentication policy should define what the require
`ments are for authenticating a user at each location on the
`computer network.
`Matching is a determination of authenticity of the user
`based on the authentication requirements, the user's biomet
`ric profile, and the set of biometrics gathered from an indi
`vidual seeking authentication as the user. Other information
`or security conditions, (such as the location and time of day,
`etc) may be used as part of the matching criteria as well,
`specifically for determining a confidence threshold. The
`matching policy decides when the evidence presented is
`strong enough to grant authentication; when the evidence is
`weak enough to revoke authentication; or possibly when
`more biometrics must be acquired or re-acquired.
`Secure locations may set a higher confidence threshold for
`a match, while less secure locations set a lower threshold to be
`more lenient and avoid multiple user login attempts where
`possible.
`The Security policy determines if any special action is
`required based on the past history of events for that user,
`location or network. The special action may include access
`Subterfuge and storing a log entry identifying each failed
`login attempt. Other examples of special action might be
`locking a user out based on a number of failed authentication
`attempts, or alerting a user to re-enroll because the user's
`fingerprints appear to have changed slightly since the user
`enrolled.
`The system may compare present biometric scans to pre
`viously acquired biometric scans in an attempt to detect
`imposters who have stolen previous biometrics. Digital sig
`natures or message digests of the scans may be compared
`instead of the scans themselves (for efficiency reasons); how
`ever these methods will not be robust if the imposter can add
`noise to the scan and re-encrypt it. If an exact or almost exact
`match is found, the new biometric could be one interposed on
`the network by someone who has compromised the system
`and copied a previous scans from the network.
`Authentication policies do not need to consider all of the
`information provided by or available from the network. How
`ever, according to the present invention, during the authenti
`cation process, the authentication policy must make a deter
`mination for matching and requirements (defined above). The
`security policy is optional and no action is required, but may
`be taken.
`
`25
`
`30
`
`35
`
`40
`
`50
`
`55
`
`65
`
`IPR2022-00602
`Apple EX1025 Page 7
`
`
`
`US 7,404,086 B2
`
`10
`
`15
`
`30
`
`40
`
`25
`
`5
`Illustrative Server Architecture for Biometric Authentication
`FIG. 1 depicts a schematic block diagram of a security
`system embodying the present invention. Referring to FIG. 1,
`a server 100 is coupled to a plurality of client computers over
`a computer network 120. The network may be, for example, a
`local area network (“LAN”) or a wide area network
`(“WAN). The network may be contained within a single
`physical building or interconnected several remotely situated
`buildings.
`The client computers 110 are used to gain access to the
`network, generally by employees, to perform work for the
`business that owns the network. Positioned at each client
`computer is at least one biometric reader or scanner device.
`The biometric scanner(s) are used to read one or more par
`ticular biometrics associated with an individual and send the
`biometric measurements to the computer network for use in
`authenticating the individual as a valid user of the computer
`network.
`The client computers 110 run a presentation software pro
`gram 150. The presentation software program is invoked after
`the client computer is started each time control of a computer
`resource changes hands, from one user to another. When a
`computer first is turned on, initially it is controlled by no user;
`control transitions when the first user then tries to log on, and
`back to no user when the user logs off or are logged off due to
`inactivity. Similarly when users wish to take control of an
`authenticated resource. Such as an application or database on
`the network, the presentation layer guides them through the
`authentication process.
`The server 100 may be coupled to multiple client comput
`ers which are distributed within a facility over the network
`120. The server computer runs biometric authentication
`server software 140, which is a program run from the server's
`memory. The biometric authentication server software 140,
`hereinafter referred to as the server software 140, interacts
`35
`with the biometric devices, the client computer and the com
`puter network to authenticate users to the network. The server
`software 140 instructs the user how to authenticate herself to
`the network, collects and processes the biometrics received
`from the biometric scanner and user information from the
`user for the location where the user is logging on. The Soft
`ware 140 grants or denies access based on a comparison
`between the collected biometrics, the biometrics in the user
`database for the user and the requirements and matching
`policies. The operation of the server software is described in
`more detail with reference to FIG. 2.
`The client computer may be a standard computer or a thin
`client. Thin clients are computer systems that simulate a
`personal computer to the user. Typically, they are set up with
`a large single computer that has multiple monitors, keyboards
`and mice attached to it. A given user will have a single
`monitor, keyboard and mouse and when the user gains access
`to the system, it appears to be a personal computer. In reality
`the user has a session on the large computer that controls the
`monitor, keyboard and mouse to simulate a personal com
`55
`puter look and feel.
`Implementing biometric authentication on thin clients cre
`ates additional difficulty over implementing biometric
`authentication on a single-computer architecture or a client
`server architecture. The main difference between otherarchi
`tectures and thin clientarchitectures is that in the other archi
`tectures, each user has a dedicated computer containing a
`CPU, memory, ports, etc.
`FIG. 2 depicts a functional block diagram of the biometric
`authentication server software 140. The server software 140
`is generally stored on a hard disk drive associated with the
`server and is loaded into the memory of the server for execu
`
`45
`
`50
`
`60
`
`65
`
`6
`tion when the server is turned on and is running. The server
`software includes an enrollment manager 200 that interacts
`with a persistent storage medium 205. This storage 205, may
`be a centralized database or distributed, as in the case where
`each user carries a portable storage media, Such as a Smart
`card, containing one or more biometric profiles. In either case
`it must be accessible by the server. The profile on the storage
`media may optionally be cryptographically protected as dis
`cussed in a later section.
`The enrollment manager 200 is responsible for collecting
`and storing information for each valid user of the network into
`the storage media 205. The enrollment manager 200 may
`collect user identification information (USERID) from a new
`user, such as the user's name or a derivative of the user's
`name. The enrollment manager 200 also collects from the
`user one or more biometric profiles. The user's biometric
`profile comprises one or more biometric scans of a particular
`characteristic of the user using one or more biometric scan
`ning devices.
`According to the present invention, any biometric scanner
`may be used to acquire any particular biometric characteristic
`of the user for inclusion in the biometric profile. In the case of
`fingerprints, one or more fingerprints of each user may be
`scanned using one or more fingerprint scanning devices. Fin
`gerprint scanning and storage for biometric authentication is
`well known and any technique may be used in connection
`with the present invention.
`According to a well known technique, fingerprints may be
`scanned and then processed prior to storing the Scanned
`image. The fingerprint processing may be performed to
`extract features of the fingerprint, Such as minutia, which are
`patterns of ridges of the skin. Each minutia point represents
`the beginning or end of a skin ridge. For example, a ridge of
`skin may bifurcate or trifurcate at particular points. The
`beginning or endpoints and the angle of the skin ridge relative
`to a preferred direction at the beginning or end points char
`acterize the minutia. Information describing the minutiae for
`fingerprints may be, for example, extracted, processed and
`efficiently stored to represent the fingerprint(s) for biometric
`authentication. Fingerprints may be scanned multiple times
`to obtain a more accurate sample for processing and increase
`the likelihood of correct identification.
`The userID and biometric profile for each user is stored by
`the enrollment manager in the database. The biometric infor
`mation may be encrypted prior to storing the data. In addition,
`for each biometric or biometric device that the user is entitled
`to use, biometric data may be generated and stored for the user
`in the enrollment database as part of the biometric profile.
`FIG.3 shows an illustrative view of a database entry for a user.
`The entry includes the user's USERID, and an entry for each
`biometric device type that the user has been measured on up
`to N biometric devices. The database also stores the biometric
`data measured from the user for that particular biometric
`device. In this manner, the database stores biometric mea
`Surements for the user taken by one or more devices present
`on the network that the user needs to access.
`The enrollment manager 200 may be managed and oper
`ated only by a handful of people who are set up as enrollment
`officers. The enrollment officers must authenticate them
`selves to both the network and separately to the enrollment
`manager 200 using biometric authentication prior to enrolling
`any new users. The enrollment officers may also configure a
`user's network access privileges and other information and
`may modify a user's profile or delete a user altogether. In this
`manner, the enrollment manager controls which users are
`allowed to use the system and stores the biometric profiles of
`all users in the enrollment database.
`
`IPR2022-00602
`Apple EX1025 Page 8
`
`
`
`US 7,404,086 B2
`
`7
`The authentication policy engine 215 implements the
`authentication policy of the network. It is configured based on
`the defined requirements, matching criteria and security
`policy to carry out the authentication policy of the system. It
`interfaces with the location identification engine 210, session
`layer 220, acquisition layer 225, and the matching engine
`230.
`The session layer 220 communicates with the security
`presentation layer 150, which may reside on the client or on
`the server. The session layer is responsible for monitoring
`each client that is connected to the network and allocating
`resources of the server software to each client. It is also
`responsible for translating commands, information and pro
`tocols between the server software 120 and the security pre
`sentation layer where necessary.
`The security presentation layer 235 is responsible for pre
`senting the user an interface for use in the authentication
`process. It may be software that resides on the client that is
`executed out of the clientor, in the case of a thin client, it may
`reside on the server as well. The security presentation layer
`235 may include a screen prompt inviting would be users to
`enter their USERID. The security presentation layer 235 also
`prompts users throughout the user authentication process
`based on information and instructions conveyed from the
`authentication policy engine based on the requirements and
`matching policy of the system.
`The operating system interface layer 145 interacts with the
`operating system to gather information about the hardware,
`and remote address of clients requesting authentication.
`When required, it notifies the operating system of the final
`authentication output (access granted or denied) from the
`authentication policy in cases where the user is trying to login
`to the operating system; since to biometrically authenticate
`access to a computer, the computer operating system must be
`notified. In many UNIX operating systems, the operating
`system interface layer 145 and presentation layer 140 are
`combined and integrated into a standard framework known as
`PAM (Pluggable Authentication Modules). This framework
`then interfaces with various PAM aware applications.
`The location identification engine 210 communicates with
`the session layer. When a user accesses a terminal to authen
`ticate, the location identification engine determines which
`scanner(s) are beside the user who is trying to login. In the
`single computer or client-server architecture, the scanner
`plugs directly into the user's computer. Each computer has its
`own scanner. However, in a thin clientarchitecture, each user
`does not have his or her own computer but rather only a
`monitor, keyboard, and mouse. This requires that all of the
`scanners be connected to a single large computer through a
`network. Hence the problem is determining which of the
`many scanners is associated with the monitor, keyboard,
`mouse combination of the user's chosen terminal.
`The server software 140 solves this problem with the loca
`tion identification engine which obtains unique information
`from the hardware that the user is using to try to log in from.
`This unique information is associated with the logical loca
`tion of the scanner that is beside that thin client. Now the
`single large computer knows which scanner to take the scan
`from. For example, in Sun Microsystem’s SunRay (thin cli
`ent) architecture, BiObex receives the MAC address of the
`client and determines the IP address of the scanner located
`next to that client. The administrator of the SunRay manages
`this information in a file or database associated with BiObex.
`The MAC address is the unique information from the hard
`ware and the IP address is the logical location of the associ
`ated Scanner.
`
`40
`
`45
`
`8
`Once the location is established and the permissible scan
`ning devices are determined, the authentication policy deter
`mines the requirements and matching criteria. Additional
`inputs to the authentication policy engine 215 for determining
`the requirements and matching criteria are various security
`conditions and may be, for example: time of day, day of week,
`location, previous failed login attempts of the user, previous
`failed login attempts, past statistical metrics from the match
`ing engine 230.
`Based on the location and security conditions, the authen
`tication policy engine determines which biometric devices
`the user must use for authentication and what steps the user
`must perform using those devices. The authentication policy
`engine then notifies the security presentation layer 140, of the
`step by step requirements via the session layer 220. The
`presentation layer 140, in turn presents the instructions to the
`user, possibly taking into account the user's native language.
`The acquisition layer 225 receives biometric measure
`ments from the biometric equipment at the user's location via
`the session layer and network. The acquisition layer may send
`messages to the user when a poor sample