[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Other than password

From: David Talbot
Subject: Re: [Auth]Other than password
Date: Tue, 31 Jul 2001 12:42:41 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.2+) Gecko/20010723

David Talbot wrote:

Norbert Bollow wrote:

The problem with biometric ID is that you can't change it, once it has been copied. If somebody is able to make contact lenses that the biometric id checker mistakes for your eyes, than you can't just rip your eyes off and
get a new pair. I have my reservations about this technology.

Good point.

Also someone might be able to intercept the data that is passed
to the computer from the camera (or whatever) that obtains the
raw biometric information.  This may be a simpler way in which
your biometric ID could potentially be faked.

Greetings, Norbert.

I think the solution here is to add authentication to the authentication device. For example, the thumbprint scanner makes use of PKI to modify the ID number generated by the thumbprint/retina scan then passes that number upstream. The result is a different scan for each device results in a different ID to be decoded from the server. Basically encode the ID using the server's public key for that device that is requested from the client side certificate. The server also passes out a second encryption key that is disposable for each scan.

I believe something like this could be workable because the data passed over the wire would be different every time, kind of like a disposable card number.

-David Talbot

Auth mailing list


Ugh, I just read my own post and realized I had mangled my own thoughts, so try number 2:

The scanner gets a disposable key from the server. The server remembers that it gave that key to the device with certificate X. The client side device takes the result of the retinal scan/thumbprint and encodes it with the server's public key, and the disposable transaction key.

God I hope this post makes a little more sense than my last one :)

-David Talbot

reply via email to

[Prev in Thread] Current Thread [Next in Thread]