(keitai-l) Re: Jelly finger fools biometric sensor

From: Andrew Sandes <andrew_at_asiaentry.com>
Date: 12/05/02
Message-ID: <KLEKLPJPBHDCOAJMDCIEEEPCDJAA.andrew@asiaentry.com>
I am led to believe that some of the keitais on the market already have a
chipset from Texas Instruments that has SpeechWorks (Nasdaq: SPWX) speech
verification technology built into the chipset.
(I don't work at SpeechWorks but I know lots of people that do.)
I am also led to believe that handset vendors or network operators have
plans in place to implement this as part of future systems.

If you are interested in more info - get in touch offline.

Cheers

Andrew

-----Original Message-----
From: keitai-l-bounce@appelsiini.net
[mailto:keitai-l-bounce@appelsiini.net]On Behalf Of Dirk Rosler
Sent: 2002?12?5? 18:19
To: keitai-l@appelsiini.net
Subject: (keitai-l) Re: Jelly finger fools biometric sensor


On Thursday, Dec 5, 2002, at 12:03 Asia/Tokyo, Stuart Woodward wrote:

> Hey that might be a selling point in Japan, You could give a trusted
> person your gummy bear and they could authorize transactions on your
> behalf, kind of like a biometric hanko. <grin>

If you can persuade them to eat the bear after use, you have a
delicious one-time authorisation scheme :)

> While we are the topic of biometric sensors for keitais. Wouldn't a
> voice print analyser be a more suitable biometric sensor for a keitai?
> I
> guess the hardware is not powerful enough yet to do this on the
> handset.

A lot of biometric performance depends heavily on environmental
factors, change the environment slightly (different lighting, wearing
glasses, sweaty hands etc) and you'll have plenty of problems. Given
the mobile nature of the device accuracy would be nightmarish (next to
a busy street, crowded room with people talking, music etc).

As far as analysis is concerned you should certainly be able to do the
processing on the network side (unless you want to authenticate
directly to the handset). Lastly the spoken phrase needs to change with
every session to avoid replays.

Yes, biometrics sound sexy, in reality it's far from trivial to do
effectively. Again, compare to implementing a four digit PIN...

Has anyone here looked at or implemented NTT Lab's SAS (Simple and
Secure Password Authentication System) protocol?

Dirk


This mail was sent to address andrew@asiaentry.com
Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
Received on Thu Dec 5 12:38:45 2002