Retailers Experiment With Biometric Payment article
From http://www.washingtonpost.com/wp-dyn/content/article/2005/06/08/AR20050 60802335_pf.html: You can always get a new Social Security number, but you certainly can't get a new thumbprint..., Lee [of EFF] said...Robinson, of BioPay, argues that a personal check written at a grocery store passes through eight people before it is cashed, a process he considers much less secure than a biometric payment, in which the fingerprint image is connected immediately to the user's bank account. What can I do to hurt you if I have a picture of the tip of your finger? Not much, Robinson said, contending that associating fingerprints with legal troubles is unwarranted. BioPay does not share its biometric data with government agencies, and in fact, the full fingerprints are not stored in the system. Instead, a complex mathematical algorithm is created to represent identifying characteristics of the fingerprint, which are matched to the real thing when a user shows up at a checkout counter. No discussion on the threat of finger removal... -Michael - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Retailers Experiment With Biometric Payment article
On Thu, Jun 09, 2005 at 11:17:59AM -0400, Heyman, Michael wrote: | From | http://www.washingtonpost.com/wp-dyn/content/article/2005/06/08/AR20050 | 60802335_pf.html: | share its biometric data with government agencies, and | in fact, the full fingerprints are not stored in the | system. Instead, a complex mathematical algorithm is | created to represent identifying characteristics of | the fingerprint, which are matched to the real thing | when a user shows up at a checkout counter. | | No discussion on the threat of finger removal... | Has anyone ever studied the reversability of these algorithms? It seems to me that you could make some plausible guesses and generate fingerprints from certain representations. I don't know how likely those guesses are to be right. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Retailers Experiment With Biometric Payment article
On Thu, Jun 09, 2005 at 12:02:20PM -0400, Adam Shostack wrote: Has anyone ever studied the reversability of these algorithms? It seems to me that you could make some plausible guesses and generate fingerprints from certain representations. I don't know how likely those guesses are to be right. The fingerprint hash (fingerprint's fingerprint) has to be resistant to rotation/translation, area size and subpattern presence, and tolerate some skin lesion noise, so it's the very opposite of a cryptographic hash. Probably quite easy to reverse. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature