On Thursday, Dec 5, 2002, at 12:03 Asia/Tokyo, Stuart Woodward wrote:
> Hey that might be a selling point in Japan, You could give a trusted
> person your gummy bear and they could authorize transactions on your
> behalf, kind of like a biometric hanko. <grin>
If you can persuade them to eat the bear after use, you have a
delicious one-time authorisation scheme :)
> While we are the topic of biometric sensors for keitais. Wouldn't a
> voice print analyser be a more suitable biometric sensor for a keitai?
> I
> guess the hardware is not powerful enough yet to do this on the
> handset.
A lot of biometric performance depends heavily on environmental
factors, change the environment slightly (different lighting, wearing
glasses, sweaty hands etc) and you'll have plenty of problems. Given
the mobile nature of the device accuracy would be nightmarish (next to
a busy street, crowded room with people talking, music etc).
As far as analysis is concerned you should certainly be able to do the
processing on the network side (unless you want to authenticate
directly to the handset). Lastly the spoken phrase needs to change with
every session to avoid replays.
Yes, biometrics sound sexy, in reality it's far from trivial to do
effectively. Again, compare to implementing a four digit PIN...
Has anyone here looked at or implemented NTT Lab's SAS (Simple and
Secure Password Authentication System) protocol?
Dirk
Received on Thu Dec 5 11:29:27 2002