Date: Tue, 9 May 2006 09:42:03 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Fredrik Lindberg <fli+freebsd-hackers@shapeshifter.se> Cc: freebsd-hackers@freebsd.org, aanton@spintech.ro, Cesar <listas@itm.net.br> Subject: Re: Fingerprint Authentication Message-ID: <20060509074203.GA91101@garage.freebsd.pl> In-Reply-To: <445B59EE.6040701@shapeshifter.se> References: <00fb01c66fb2$a8e157c0$0501010a@ironman> <445A5F48.60303@spintech.ro> <200605051009.49344.doconnor@gsoft.com.au> <445AF8AB.9080008@shapeshifter.se> <445B35EA.5080009@spintech.ro> <445B48E6.3070000@shapeshifter.se> <445B544D.5070107@spintech.ro> <445B59EE.6040701@shapeshifter.se>
next in thread | previous in thread | raw e-mail | index | archive | help
--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote: +> Alin-Adrian Anton wrote: +> >Fredrik Lindberg wrote: +> >> +> >>But that would sort of defeat the whole purpose of biometric authentic= ation and you could really just use public keys instead +> >>which would be a lot faster and easier than scanning your finger +> >>at each login. :) +> >> +> >Unless you locally encrypt your private key with information gathered b= y the fingerprint reader, as a "password". +>=20 +> That's exactly the problem with, at least, UPEKs driver. If you scan +> one of your fingers twice you'll get two "different" BioAPI records. +> That's "different" as in two binary data blobs which aren't equal. +> To match these records with each other, you hand them over to the +> driver which, as far as I know, hand them over to the hardware +> which in turn performs some black magic and then tell you if +> the records match or not. That's right, but the idea with asymmetric crypto is very accurate. Such fingerprint reader should have a "secure chip" with your private key and on authentication, you should provide data from your finger scan and data to sign - on match, it should return signed data, which you can use to continue authentication process. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFEYEfLForvXbEpPzQRAk4NAKDTXlKZcct23JgQBWjNAVc+qeAROQCfWsfX mUvq/zltBP2x192JoHONGDM= =V5no -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060509074203.GA91101>