|
| From: | David Talbot |
| Subject: | Re: [Auth]Other than password |
| Date: | Tue, 31 Jul 2001 12:42:41 -0500 |
| User-agent: | Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2+) Gecko/20010723 |
David Talbot wrote:
Ugh, I just read my own post and realized I had mangled my own thoughts, so try number 2:Norbert Bollow wrote:The problem with biometric ID is that you can't change it, once it has been copied. If somebody is able to make contact lenses that the biometric id checker mistakes for your eyes, than you can't just rip your eyes off andget a new pair. I have my reservations about this technology.Good point. Also someone might be able to intercept the data that is passed to the computer from the camera (or whatever) that obtains the raw biometric information. This may be a simpler way in which your biometric ID could potentially be faked. Greetings, Norbert.I think the solution here is to add authentication to the authentication device. For example, the thumbprint scanner makes use of PKI to modify the ID number generated by the thumbprint/retina scan then passes that number upstream. The result is a different scan for each device results in a different ID to be decoded from the server. Basically encode the ID using the server's public key for that device that is requested from the client side certificate. The server also passes out a second encryption key that is disposable for each scan.I believe something like this could be workable because the data passed over the wire would be different every time, kind of like a disposable card number.-David Talbot _______________________________________________ Auth mailing list address@hidden http://dotgnu.org/mailman/listinfo/auth .
The scanner gets a disposable key from the server. The server remembers that it gave that key to the device with certificate X. The client side device takes the result of the retinal scan/thumbprint and encodes it with the server's public key, and the disposable transaction key.
God I hope this post makes a little more sense than my last one :) -David Talbot
| [Prev in Thread] | Current Thread | [Next in Thread] |