lets say you are replacing pin'ed magstripe card with a chip card needing biometric ... say fingerprint (in place of a PIN) along with chip (in place of magstripe).
there are two issues 1) effort to compromise the biometric is still significantly more difficult that a normal 4-digit pin and 2) there seems to be a large population that writes their 4-digit pin number on their card (as well as numerous tricks of capturing the PIN). biometric can work almost anywhere if the increment cost of the biometric infrastructure is off-set by a corresponding decrease in fraud/compromise. It doesn't have to be perfect. Even if similar infrastructures used to capture large number of PINs & magstripe values were used in a chip/biometric infrastructure ... the use of the biometric would still be dependent of stealing the card ... compared to the current pin/magstripe ... where both the pin & magstripe can be captured with some of the techniques. The issue then is that biometric represents a particularly difficult shared-secret that doesn't have to be memorized compared to PIN values which you find people writing on their cards. The biometric has the advantage of not being written on the card .... so simply stealing the card is not sufficient. Both the biometric value has to be acquired and the specific card stolen. Reversing the viewpoint ... rather than can I make a perfect authentication system using various biometric implementations? ... Can the addition of biometrics reduce the current fraud rate in a cost effective manner (not does it have to totally eliminate all forms of fraud)? [EMAIL PROTECTED] on 1/27/2002 10:35 am wrote: Biometric id can only work when you control the hardware and the adversary does not, and you can also control what hardware the adversary can bring to fool your hardware. This is feasible in an security door, or security checkpoint --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
