Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue May 9 07:43:51 UTC 2006
On Fri, May 05, 2006 at 03:58:06PM +0200, Fredrik Lindberg wrote:
+> Alin-Adrian Anton wrote:
+> >Fredrik Lindberg wrote:
+> >>But that would sort of defeat the whole purpose of biometric authentication and you could really just use public keys instead
+> >>which would be a lot faster and easier than scanning your finger
+> >>at each login. :)
+> >Unless you locally encrypt your private key with information gathered by the fingerprint reader, as a "password".
+> That's exactly the problem with, at least, UPEKs driver. If you scan
+> one of your fingers twice you'll get two "different" BioAPI records.
+> That's "different" as in two binary data blobs which aren't equal.
+> To match these records with each other, you hand them over to the
+> driver which, as far as I know, hand them over to the hardware
+> which in turn performs some black magic and then tell you if
+> the records match or not.
That's right, but the idea with asymmetric crypto is very accurate.
Such fingerprint reader should have a "secure chip" with your private
key and on authentication, you should provide data from your finger scan
and data to sign - on match, it should return signed data, which you can
use to continue authentication process.
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060509/e0dd0fa7/attachment.pgp
More information about the freebsd-hackers