On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote: +> Alin-Adrian Anton wrote: +> >Fredrik Lindberg wrote: +> >> +> >>But that would sort of defeat the whole purpose of biometric authentication and you could really just use public keys instead +> >>which would be a lot faster and easier than scanning your finger +> >>at each login. :) +> >> +> >Unless you locally encrypt your private key with information gathered by the fingerprint reader, as a "password". +> +> That's exactly the problem with, at least, UPEKs driver. If you scan +> one of your fingers twice you'll get two "different" BioAPI records. +> That's "different" as in two binary data blobs which aren't equal. +> To match these records with each other, you hand them over to the +> driver which, as far as I know, hand them over to the hardware +> which in turn performs some black magic and then tell you if +> the records match or not.
That's right, but the idea with asymmetric crypto is very accurate. Such fingerprint reader should have a "secure chip" with your private key and on authentication, you should provide data from your finger scan and data to sign - on match, it should return signed data, which you can use to continue authentication process. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpwxmt56juB3.pgp
Description: PGP signature