Are Fingerprints a Good Authentication Factor?

Posted on November 24, 2004

Good article from Bill Can at Microsoft. Some very interesting comments too:

# re: Are Fingerprints a Good Authentication Factor? 11/23/2004 10:04 AM Peter da Silva

The problem with fingerprints as an authentication factor is that you can’t change ‘em and you can’t hide ‘em. Why would you want to change the token you use to authenticate? Well, the suthentication software isn’t actually using your fingerprints to authenticate against… they’re using a stream of digital signals derived from them. If someone can get a copy of that stream, and a compromised scanner, they can use them in a replay attack. If someone can get a picture of your fingerprints, they can scan it and try and reproduce that stream.

If you’re giving them a revokable password, you can change your password, but how do you change your fingerprints?

The idea of a personal input device is a good one, but rather than using the biometric information as the authentication token, keep your certificates and other cryptographic keys in that device, and use your fingerprint as a mechanism for unlocking it. That way you can revoke a compromised certificate while still have biometric security for the “keychain” device.

Unlike a conventional smartcard, the “keychain” device would not be the token itself: you would load keys into it at an appropriate station (for example, you could copy your bank keys at an ATM, or the ones to unlock your computer at the computer itself). You could copy your keys into one for your purse, one for your glovebox, one in your desk at work, so you wouldn’t have to worry about losing it, or having stacks of cards to carry around, or worry about your keys being compromised if someone got the card…

» Filed Under Blogger Posts

Comments

• Search for:

• Pages

  • About David Dean

• Recent Posts

  • links for 2008-06-21
  • links for 2008-06-18
  • links for 2008-06-17
  • links for 2008-06-02
  • links for 2008-05-27

• Categories

  Select Category action  (1) admin  (3) advertising  (2) art  (1) audio-visual  (3) australia  (3) automobile  (1) baby  (1) bibtex  (1) biometrics  (15) blogger  (1) Blogger Posts  (281) blogging  (1) books  (3) brisbane  (2) code  (2) comics  (12) computer  (6) conference  (5) cool  (1) crash  (1) david dean  (8) democracy  (1) diy  (1) DMCA  (1) DRM  (3) ebooks  (2) economics  (1) eten  (1) extraterrestrial life  (1) face recognition  (2) family  (2) fhmm  (2) fiction  (7) fingerprint  (4) firefox  (1) fix  (1) flash  (1) freedback  (3) freedbacking  (1) gadget  (2) gadgets  (1) gaze tracking  (2) gesture  (1) global warming  (1) gnome  (1) google  (10) henry  (1) history  (1) howto  (8) htk  (1) humour  (24) IDIAP  (1) impact  (1) journals  (1) latex  (2) links  (123) linux  (2) linux. howto  (1) listing  (1) lockpick  (1) lyx  (2) map  (3) maps  (1) math  (1) matlab  (2) mobile  (1) movies  (2) NAS  (1) nofollow  (1) NSLU  (1) onion  (1) open source  (2) opengl  (2) PhD  (3) photography  (1) photos  (3) podcast  (3) programming  (1) publications  (4) QUT  (1) research  (23) retro  (1) science  (3) search  (1) security  (11) sf  (5) shopping  (1) software  (2) spam  (1) speech  (15) subvocal  (1) syndication  (3) tablet  (1) technorati  (1) techoni  (1) television  (1) terrorism  (1) thomas  (1) toulouse  (1) trains  (1) transcription  (1) tshirt  (2) tv  (1) ubuntu  (1) uncategorised  (6) usa  (3) vegemite  (1) video  (9) virtualisation  (1) vision  (1) vmware  (1) WaveSurfer  (1) wishlist  (2) wordpress  (3) yuck  (1) zoomr  (1)

• Interesting from Elsewhere

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org