|
| From: | David Talbot |
| Subject: | Re: [Auth]Other than password |
| Date: | Tue, 31 Jul 2001 12:37:41 -0500 |
| User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2+) Gecko/20010723 |
Norbert Bollow wrote:
The problem with biometric ID is that you can't change it, once it has been copied. If somebody is able to make contact lenses that the biometric id checker mistakes for your eyes, than you can't just rip your eyes off and get a new pair. I have my reservations about this technology.Good point. Also someone might be able to intercept the data that is passed to the computer from the camera (or whatever) that obtains the raw biometric information. This may be a simpler way in which your biometric ID could potentially be faked. Greetings, Norbert.
I think the solution here is to add authentication to the authentication device. For example, the thumbprint scanner makes use of PKI to modify the ID number generated by the thumbprint/retina scan then passes that number upstream. The result is a different scan for each device results in a different ID to be decoded from the server. Basically encode the ID using the server's public key for that device that is requested from the client side certificate. The server also passes out a second encryption key that is disposable for each scan.
I believe something like this could be workable because the data passed over the wire would be different every time, kind of like a disposable card number.
-David Talbot
| [Prev in Thread] | Current Thread | [Next in Thread] |