Re: Cash, Credit -- or Prints?

2004-10-12 Thread Frank Siebenlist
Can anyone explain how sophisticated those fingerprint readers are?
Are there readers out there that by themselves are secure devices and 
essentially are able to talk with their servers thru the 
PCs/workstations over a protocol such that any man-in-the-middle, like a 
driver, can not learn anything from the traffic?
(...and all that for less than $40, of course...)

If not, would a trojan then be able to capture your fingerprint's 
digital-fingerprint, and impersonate you from any other node on the network?

-Frank.

R.A. Hettinga wrote:
http://online.wsj.com/article_print/0,,SB109744462285841431,00.html
The Wall Street Journal
October 11, 2004
Cash, Credit -- or Prints?
Fingerprints May Replace
Money, Passwords and Keys;
One Downside: Gummi Fakes
By WILLIAM M. BULKELEY
Staff Reporter of THE WALL STREET JOURNAL
October 11, 2004; Page B1
Fingerprints aren't just for criminals anymore. Increasingly, they are for
customers.
Fingerprint identification is being used to speed up checkouts at Piggly
Wiggly supermarkets in South Carolina, and to open storage lockers at the
Statue of Liberty. Fingerprints are also being used as password 
substitutes
in cellphones and laptop computers, and in place of combinations to 
open up
safes.

But these aren't the fingerprints of yore, in which the person placed his
hand on an ink pad, then on paper. Instead, the user sets his hand on a
computerized device topped with a plate of glass, and an optical 
reader and
special software and chips identify the ridges and valleys of the
fingertips.

Fingerprint technology seems to be reaching critical mass and is spreading
faster than other widely promoted biometric identification methods, such
as eyeball scanning, handprint-geometry reading and facial recognition.
Interest in these and other new security systems was heightened by the
September 2001 terror attacks.
Fingerprints will be dominant for the foreseeable future, says Don
McKeon, the product manager for biometric security at International
Business Machines Corp.
One reason fingerprint-security is spreading is that technological 
advances
are bringing the cost down. Microsoft Corp. recently introduced a
stand-alone fingerprint reader for $54, and a keyboard and a mouse with
fingerprint readers. Last week, IBM said it would start selling laptop
computers with fingerprint readers built in. These products reduce the 
need
for personal-computer users to remember passwords.

A customer uses a fingerprint reader to pay at a Piggly Wiggly store,
cutting his checkout time.

Earlier this year, American Power Conversion Corp., a Rhode Island company
that makes backup computer batteries, started selling a fingerprint reader
for PCs with a street price of $45 -- less than half the price of
competitors at the time. American Power says it has sold tens of thousands
of the devices since.
Korea's LG Electronics Inc. has introduced a cellphone with a silicon chip
at its base that requires the owner's finger to be swiped across its
surface before the phone can be used. This summer, NTT DoCoMo Inc. started
selling a similar phone reader that is being used on Japanese trains as an
electronic wallet to pay fares or to activate withdrawals from on-board
cash machines.
Proponents have never had trouble explaining the benefits of fingerprints
as payment-and-password alternatives: Each person has a unique set, and
their use is established in the legal system as an authoritative means of
identification. But some people are uneasy about registering their
fingerprints because of the association with criminality and the potential
that such a universal identifier linked to all personal information would
reduce privacy.
Moreover, numerous businesses and governments have tested fingerprint
systems in the past only to rip them out when the hype failed to match
reality. That's partly because the optical readers have had problems with
certain people's fingers. Elderly people with dry skin, children who
pressed down too hard, even women with smaller fingers -- including many
Asians -- were often rejected as unreadable.
Security experts also have successfully fooled some systems by making
plaster molds of fingers and then creating fake fingers by filling the
molds with Silly-Putty-type plasticizers or gelatin similar to that 
used in
candy Gummi Bears.

But advocates say the rate of false rejections of legitimate users has 
been
greatly reduced by improved software. I'd say 99% of people can register
their fingers, says Brad Hill, who installed fingerprint-controlled 
lockers
at his souvenir store at the Statue of Liberty this summer when the
National Park Service forbade tourists from entering the statue while
carrying packages. Mr. Hill was worried that tourists would lose locker
keys when security screeners forced them to empty their pockets.

Some makers of readers also say their technology can solve the fake-finger
problem by taking readings from below the surface skin layer. Or they
suggest combining four

Cash, Credit -- or Prints?

2004-10-11 Thread R.A. Hettinga
http://online.wsj.com/article_print/0,,SB109744462285841431,00.html

The Wall Street Journal


 October 11, 2004


Cash, Credit -- or Prints?
Fingerprints May Replace
 Money, Passwords and Keys;
 One Downside: Gummi Fakes

By WILLIAM M. BULKELEY
Staff Reporter of THE WALL STREET JOURNAL
October 11, 2004; Page B1


Fingerprints aren't just for criminals anymore. Increasingly, they are for
customers.

Fingerprint identification is being used to speed up checkouts at Piggly
Wiggly supermarkets in South Carolina, and to open storage lockers at the
Statue of Liberty. Fingerprints are also being used as password substitutes
in cellphones and laptop computers, and in place of combinations to open up
safes.

But these aren't the fingerprints of yore, in which the person placed his
hand on an ink pad, then on paper. Instead, the user sets his hand on a
computerized device topped with a plate of glass, and an optical reader and
special software and chips identify the ridges and valleys of the
fingertips.

Fingerprint technology seems to be reaching critical mass and is spreading
faster than other widely promoted biometric identification methods, such
as eyeball scanning, handprint-geometry reading and facial recognition.
Interest in these and other new security systems was heightened by the
September 2001 terror attacks.

Fingerprints will be dominant for the foreseeable future, says Don
McKeon, the product manager for biometric security at International
Business Machines Corp.

One reason fingerprint-security is spreading is that technological advances
are bringing the cost down. Microsoft Corp. recently introduced a
stand-alone fingerprint reader for $54, and a keyboard and a mouse with
fingerprint readers. Last week, IBM said it would start selling laptop
computers with fingerprint readers built in. These products reduce the need
for personal-computer users to remember passwords.

A customer uses a fingerprint reader to pay at a Piggly Wiggly store,
cutting his checkout time.



Earlier this year, American Power Conversion Corp., a Rhode Island company
that makes backup computer batteries, started selling a fingerprint reader
for PCs with a street price of $45 -- less than half the price of
competitors at the time. American Power says it has sold tens of thousands
of the devices since.

Korea's LG Electronics Inc. has introduced a cellphone with a silicon chip
at its base that requires the owner's finger to be swiped across its
surface before the phone can be used. This summer, NTT DoCoMo Inc. started
selling a similar phone reader that is being used on Japanese trains as an
electronic wallet to pay fares or to activate withdrawals from on-board
cash machines.

Proponents have never had trouble explaining the benefits of fingerprints
as payment-and-password alternatives: Each person has a unique set, and
their use is established in the legal system as an authoritative means of
identification. But some people are uneasy about registering their
fingerprints because of the association with criminality and the potential
that such a universal identifier linked to all personal information would
reduce privacy.

Moreover, numerous businesses and governments have tested fingerprint
systems in the past only to rip them out when the hype failed to match
reality. That's partly because the optical readers have had problems with
certain people's fingers. Elderly people with dry skin, children who
pressed down too hard, even women with smaller fingers -- including many
Asians -- were often rejected as unreadable.

Security experts also have successfully fooled some systems by making
plaster molds of fingers and then creating fake fingers by filling the
molds with Silly-Putty-type plasticizers or gelatin similar to that used in
candy Gummi Bears.

But advocates say the rate of false rejections of legitimate users has been
greatly reduced by improved software. I'd say 99% of people can register
their fingers, says Brad Hill, who installed fingerprint-controlled lockers
at his souvenir store at the Statue of Liberty this summer when the
National Park Service forbade tourists from entering the statue while
carrying packages. Mr. Hill was worried that tourists would lose locker
keys when security screeners forced them to empty their pockets.

Some makers of readers also say their technology can solve the fake-finger
problem by taking readings from below the surface skin layer. Or they
suggest combining four-digit ID codes with fingerprint scanning to
virtually eliminate false readings.

Makers of fingerprint readers acknowledge the privacy concerns. But they
maintain that the threat of personal invasion is minimized because most
systems don't store the actual print, but instead use it to generate a
unique series of numbers that can't be reverse-engineered to re-create the
print. And public willingness to submit to fingerprint readers has soared
since the 2001 terrorist attacks, as the need for security overcomes
worries about