(keitai-l) Re: Jelly finger fools biometric sensor

From: Matt Sapero <matt_at_gamelet.com>
Date: 12/06/02
Message-ID: <EOEOKDOHBLHFKINFLPGGCEDACOAA.matt@gamelet.com> 
Hi:

Is anyone putting together an iris scanner that could work with standard
cameraphones? I'm not sure if that is doable with current camera tech, but
perhaps a cheap scanner could be embedded? The next fad would be people
jamming their eyes against their phones. So much for avoiding that
mascara-on-the-device issue for the ladies!

Of course the implications are a little frightening if a "borrowed" eye was
used. Yuk!

Best,

Matt
matt@gamelet.com

> -----Original Message-----
> From: keitai-l-bounce@appelsiini.net
> [mailto:keitai-l-bounce@appelsiini.net]On Behalf Of Curt Sampson
> Sent: Thursday, December 05, 2002 7:05 PM
> To: keitai-l@appelsiini.net
> Subject: (keitai-l) Re: Jelly finger fools biometric sensor
>
>
>
> On Thu, 5 Dec 2002, Ken Chang wrote:
>
> > biometric is a very long password you don't have to remember,
> > but it's difficult to change when disclosed.
>
> Not at all. Biometric data is completely different from, and unrelated
> to, passwords.
>
> In theory, it's supposed to be something you have that you can't
> give away to someone else. In practice, that's generally far from
> the case.  Thus, the one area where it really would have an advantage
> over "something you have," the fact that you can resist attacks by
> the person who has the thing, doesn't really turn out to be an
> advantage after all.
>
> > one may attack the connection between the authentication software
> > and the biometric sensor, say a Windows device driver, to record
> > and feed the password.
>
> Well, you could try to make the device secure and self-contained,
> and prevent all but really, really expert attacks along these lines.
> Smart cards often do this, though they too have succumbed from time
> to time.
>
> > so you need someone to monitor the process using a certificated
> > device.  may be a good idea for police or immigration officers.
> > (don't forget to lick her finger to remove any coating first).
>
> Yes, well, having a person supervising is definitely the most (and
> perhaps only) reliable way of identifying a person. But if you're
> going to do that, you don't need the device; you can just look at
> the guy and compare with a photograph.
>
> cjs
> --
> Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.netbsd.org
>     Don't you know, in this new Dark Age, we're all light.  --XTC
>
>
> This mail was sent to address matt@gamelet.com
> Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/
>
Received on Sat Dec 7 00:05:03 2002