Alan Barrett <[EMAIL PROTECTED]> writes: >On Tue, 12 Oct 2004, John Kelsey wrote: >>but there doesn't seem to be a clean process for determining how >>skilled an attacker needs to be to, say, scan my finger once, and >>produce either a fake finger or a machine for projecting a fake >>fingerprint into the reader. > >... or a replacement reader that fakes the signals to the rest of the >security system.
I've seen a number of smart card/PCMCIA combo devices that to this, they have a discrete fingerprint sensor device connected to a discrete crypto device. You can fake out the fingerprint check portion by tying one of the connecting lines to Vcc or GND. Peter.
