Fingerprint Authentication

Alin-Adrian Anton aanton at spintech.ro
Fri May 5 18:15:47 UTC 2006 

Fredrik Lindberg wrote:
> Alin-Adrian Anton wrote:
> 
>> Fredrik Lindberg wrote:
>>
>>>
>>> But that would sort of defeat the whole purpose of biometric 
>>> authentication and you could really just use public keys instead
>>> which would be a lot faster and easier than scanning your finger
>>> at each login. :)
>>>
>>
>> Unless you locally encrypt your private key with information gathered 
>> by the fingerprint reader, as a "password".
>>
> 
> That's exactly the problem with, at least, UPEKs driver. If you scan
> one of your fingers twice you'll get two "different" BioAPI records.
> That's "different" as in two binary data blobs which aren't equal.
> To match these records with each other, you hand them over to the
> driver which, as far as I know, hand them over to the hardware
> which in turn performs some black magic and then tell you if
> the records match or not.
> 
> This is actually the way BSP (Biometric Service Providers..uhh fancy
> names) modules for BioAPI works.
> The BSP "captures" a biometric record from somewhere (could be
> hardware or it could be software), this opaque data is then used to
> construct a BIR (BioAPI Record) which you store in some database.
> This process is called "enrollment" in BioAPI-speak.
> 
> When you want to verify/match a record you let the BSP
> "capture" a new record (and thus creating a new BIR), you now have
> two BIRs which aren't bitwise equal and as they are created by a
> third party module you have no idea of that they contain (except for
> the BIR header). Then these two BIRs are handed over to the BSP module
> again for the match process, which will return either a positive or
> negative result.
> In UPEKs case I was told by their representative that the matching
> between two BIRs are done in hardware.
> 

In that case, it means the "matching" is a proabilistic 
distance-computing algorithm. This sux, for any sort of real remote logins.


-- 
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785  2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA

"It is dangerous to be right when the government is wrong." - Voltaire

More information about the freebsd-hackers mailing list