[Moderator: I can't answer his question.. anyone else?] Forwarded From: Andrew McNaughton <andrewat_private> I threw a couple of odds and ends of your stuff on biometrics at one of our journalists, and he thought it was worth an article and asked me for some primary material, which I've been hunting out. A question I've been trying to answer is whether anyone's come up with a biometric which is sufficiently discrete to be put through a cryptographic hash. If a biometric was available which could be converted to some more or less invariable character sequence then it would be possible to combine it with a database specific string and produce a hash which was unique, and verifiable as belonging to the individual, but which would not require storing of the biometric itself or of anything which could be compared against the key in another database, or be stolen and applied to another database. I suspect this is problematic, since I imagine that the biometric fingerprint is a sequence of measurements which are compared against another sequence of measurements and a metric of their similarity computed. If so, the biometric can vary within a range, and standard hashing functions will not work. If you know of any system such that either the biometric fingerprint can be made discrete or a cryptographic hash can be constructed that tolerates a range of input I'd very much like to hear about it. Andrew McNaughton Some links I found which might prove interesting to you or your readers: http://www.biometrics.org/examples.html lists dozens of biometrics systems with links. The rest of the site also has some interesting stuff (This is the Biometrics Consortium, which Wired pick as probably becoming a regulatory body in the area at some stage). http://www.privacyrights.org/ar/id_theft_legis.html . This one includes a brief summary of Senator Murray's bill before the Californian Assembly about 3/4 of the way down, and is generally about identity theft. The Bill is online at: (http://www.leginfo.ca.gov/cgi-bin/postquery?bill_number=ab_50&sess=CUR&hous e=B) http://www.leginfo.ca.gov/pub/bill/sen/sb_1601-1650/sb_1622_bill_980422_amen ded_sen.html is a californian bill limiting collection and communication of biometric data with a $25,000 fine if data is passed to a third part other than law enforcement. Not sure what the connection is with the bill mentioned above. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Andrew McNaughton = ++64 4 389 6891 Any sufficiently advanced = andrewat_private bug is indistinguishable = http://www.squiz.co.nz from a feature. = http://www.newsroom.co.nz -- Rich Kulawiec = -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:30 PDT