In other user authentication systems, a user authenticates identity by selecting a particular image that is then matched to a previous choice. This invention enables greater security for access control systems by combining facial recognition technology with a user authentication question.
This technology expands on previous systems by projecting onto the face an image previously selected by the user. The system is more user-friendly than obtrusive “look here” technologies such as iris scans. Users can define easily remembered challenge-response themes, with multiple themes and multiple challenge rounds.
A user enters an authentication station and provides initial verification of identity. The system then presents a series of images that can be based on particular themes. The user is then able to select and manipulate the previously determined image so that it appears in a specific location on the user’s face; for example, a flower can be projected on the cheek. Another user may use the same theme or image, but project it onto another part of the face. Once the image is in position, the user instructs the system to begin authentication. The user’s facial geometry provides further security by uniquely distorting each image. This aspect of “fuzziness” counteracts an adversary’s ability to overcome more precise authentication methods such as passwords and personal identification numbers (PINs).
This method replaces constantly changing challenge-response mechanisms based on secure tokens or subject knowledge, and adds more levels of security, indicating status and preventing adversaries’ “lucky guesses.”