> -----Original Message----- > From: KuroiNeko [mailto:evpopkovat_private] > Sent: Tuesday, June 26, 2001 06:41 > To: secprogat_private > Subject: Re: CDSA-biometrics > > > > I'm doing a thesis in implementing CDSA (Common > Data Security > > Architecture) > > in a program used for secure authentication. I'm going to > use biometric > > devices for this purpose. > > Don't expect biometrics to be all-it-takes. A real-life > example. A bank > had a dactiloscopic scanner to authenticate users of rented > private vault > cells. A woman came to rent a cell, but they simply could > not establish an > account for her because she was a typist and her fingertips > were so soft > and papillar pattern was so blurry (very thin skin) that > scanner simply > could not identify her. > Also, marketoids of biometric systems tend not to tell > you one really > important thing: you should not assume that a part of human > body used for > auth will always remain and always be the same. A person can > loose a finger > in a disaster, ditto an eye. Skin tends to change > fast, especially > fingertips, voices change, even adults' voices. > Provided that biometric scanners and recognition software > still cost a > fortune, and they still have to be backed up by traditional > auth methods, > real advantage of biometrics is still questionable. > Just one more: You can't revoke a biometric key. If a BadGuy(tm) gets a hold of the digital representation of, say, your finger- he might be able to impersonate you. And poor you, you can't revoke your finger, right? Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems
This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:24:01 PDT