I just read schneirs latest cryptogram and it brought out a few issues I have been thinking about for a while wrt biometrics. at http://www.counterpane.com/insiderisks1.html he says: "Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look. " Has there been any work that anyone knows of applying anonymous digital cash style blinding algorithms to biometric databases? Is this feasible? ie, coupled with a passphrase or a smart card or both, can a biometric database be constructed so that the data is blinded and your biometric data cannot be stolen and used without knowing the blinding factor (presumably kept safe).
