Fingerprint Authentication

Pawel Jakub Dawidek pjd at
Tue May 9 07:43:51 UTC 2006

On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote:
+> Alin-Adrian Anton wrote:
+> >Fredrik Lindberg wrote:
+> >>
+> >>But that would sort of defeat the whole purpose of biometric authentication and you could really just use public keys instead
+> >>which would be a lot faster and easier than scanning your finger
+> >>at each login. :)
+> >>
+> >Unless you locally encrypt your private key with information gathered by the fingerprint reader, as a "password".
+> That's exactly the problem with, at least, UPEKs driver. If you scan
+> one of your fingers twice you'll get two "different" BioAPI records.
+> That's "different" as in two binary data blobs which aren't equal.
+> To match these records with each other, you hand them over to the
+> driver which, as far as I know, hand them over to the hardware
+> which in turn performs some black magic and then tell you if
+> the records match or not.

That's right, but the idea with asymmetric crypto is very accurate.
Such fingerprint reader should have a "secure chip" with your private
key and on authentication, you should provide data from your finger scan
and data to sign - on match, it should return signed data, which you can
use to continue authentication process.

Pawel Jakub Dawidek             
pjd at                 
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-hackers mailing list