摘要 |
A biometric-based access mechanism implements a dual authentication scheme. It is assumed that an authorized user has enrolled in the system by generating a set of biometric data from which at least first and second templates have been generated and stored in an authentication server. When the user at a client later seeks to obtain access to a protected resource (e.g., a data file, a database, an application, or the like) stored on an application server or other host, a new set of biometric data is generated at the client, together with new templates. The templates are generated using the same functions that were used to generate the first and second templates during the enrollment process. The client maintains one of the two templates in-memory at a client while at least one other template is exported to the authentication server for matching. If the authentication server matches the template received from the client, the authentication server exports to the client a template that must then be matched with the template being held in-memory before authentication is complete and access to the protected resource at the application server or other host provided. This "dual authentication" approach prevents a third party from spoofing the communications between the client and authentication server.
|