Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Technology

Sony's New Personal Fingerprint Scanner 130

Posted by timothy from the but-daddy-I-wanna-*iris*-scanner! dept.
MelloDawg writes: "This article at SecurityWatch.com describes Sony's new fingerprint verfication device that fits in your wallet and uses public key infrastructure." Of course, if the prints are never transmitted and the scanner is personalized for each user, it seems like Sony'd like everyone to have his own scanner -- how convenient.
This discussion has been archived. No new comments can be posted.

Sony's New Personal Fingerprint Scanner More

Sony's New Personal Fingerprint Scanner

Comments Filter:
  • try one of the "hidden" forums like sid=moderation [slashdot.org]

  • Re:Not Linux compatible (Score:4)

    by Bronster ( 13157 ) <slashdot@brong.net> on Sunday May 21, 2000 @04:05PM (#1057596) Homepage
    This USB trend really is a pain in the ass for now, but since USB will be supported in the next kernel, I'm sure there's gonna be a port eventually. Or maybe it would work with a USB-to-parallel converter cable

    From the linked site: It contains USB drivers for Windows(R) 98 and 2000 and there is a serial cable available for use with Windows NT(R) systems.

    Shouldn't be too much trouble to interface to Linux through the serial option for now (though it does load the system more than USB - and we'll have USB support soon enough.)

    Also from the site: Sony is working with Entrust Technologies and I/O Software Inc., to allow them to develop specific software applications and is also actively looking to work with other software providers in the infosec field

    It's unlikely that they will be providing open-sourced drivers at first (Sony haven't really "jumped on the open source bandwagon" yet) but with Linux becoming more popular all the time, it's likely that demand will convince them to build drivers.

    They'll almost certainly be building drivers for various UN*X systems because, despite Microsoft's efforts to push NT, there are many large institutions which will pay megabucks to have a more secure way of authenticating users that just works! The weakest link in most security is the users themselves, and the pathetic passwords most people choose.

    Fingerprint assisted password protection would be much stronger, and I doubt Sony will restrict themselves to a single OS manufacturer if they're getting so many companies to write drivers.

  • Or worse, what if they just decide to cut off your thumb? Hehe, that brings to light another scenario, wanna punish a "hacker", just cut off his thumbs so he can't authenticate any more, who needs jail time?
  • Yea, but if you noticed in the article, it also has a serial interface for the NT boxes - guess NT doesn't have USB support either (?)
  • Amidst the many technical issues already raised, I'd like to ask a simple logistical question:

    How do you keep fingerprint readers clean?

    Thought Experiment #1: How many of you have ever spent a significant amount of time in a public computer lab? (counts hands) OK, everybody. Now, recall the last time you looked at a screen that had been used by the general public for more than a couple of hours. Caked with fingerprints, wannit?--and that's a part of the computer people aren't supposed to touch. I don't even want to get into what public keyboards look like.

    Thought experiment #2: How many of you have ever looked at the walls above the urinals in a public men's restroom? (counts hands) OK, all of the men, and a surprising number of the women. They've often got snot, hair and...other things on them, usually at eye level.

    Now, imagine what your bank's cash machine is going to look like after a day's worth of customers have plastered their nose wiping, Big Mac eating, butt scratching hands all over a single teensy-weensy little square of glass.

    Maybe you carry moist towelettes everywhere you go, but I don't. The very idea of putting my hands on something that's been touched by hundreds, perhaps thousands of people since its last cleaning is enough to make me pause.

    Isn't there a technical issue here too, in that dirty readers aren't going to function correctly?

  • -attempt at humor-

    Well, depending on the method, you could possibly throw this quite far. It's 8.5 cm * 5.4 CM body will allow a nice frisby throw, if you try with a nice snap of the wrist, you could throw this 100 feet or even more.

    You're not going to get very far with a baseball throw, however.

    -/Attempt at humor-

    Given the rash of "Important Briefcases & Laptops" stolen lately, I think giving the hardware to work around such systems to the NGA (Nameless Government Agency) would be a bad idea.

    Very bad.

  • Is Rob providing you with your very own forum out of the kindness of his heart?

    While slashdot may have started with 'kindness of heart', it is now motivated by Money__. Why do you think that stories are released on a schedule? Rob has done studies to see when the optimal 'release' times are, to maximize page hits, eyeballs, and ad revenue.

    Pardon me if this sounds to [sic] blunt, but you're ungratefull and rude. You piss on...[snip]

    Is name calling necessary? I've often found that when one is having a problem articulating on the losing end of an argument, casting disparaging remarks works wonderfully...

    I still fail to see how anyone is interfering or sensoring [sic] your comments.

    Actually, my comments have never been censored. Others have, however.

    censor:

    1. A person authorized to examine books, films, or other material and to remove or suppress what is considered morally, politically, or otherwise objectionable.

    By the way, I've no objection to the moderation system - I browse at -1 because I believe that I am intelligent enough to decide for myself what I should and shouldn't read. I don't need a team of people telling me what is insightful. I can figure that out on my own.

    Still, for the time-impaired, moderation is useful. My only objection is to "console-moderation", and its potential for abuse.

    -jerdenn

  • Veridicom has two fingerprint scanning products, both with (unoffical) Linux support.

    Their USB product is just a scanner. Think of it as a minature flat bed scanner that works on direct finger contact with a postage stamp size chip.

    They have their own Linux driver and user-level program that writes PGM files. Looking at their protocol I was able to write a program that worked with Scyld's "Univeral bulk USB driver" in just a few hours, so it works with 2.2, and you don't even need special kernel level support beyond the standard add-on USB package.

    The product that is comparable to the announced Sony product is the serial port version, with an internal matcher. One mode of operation is to download a few hundred bytes of encoded fingerprint info. The device returns e.g. "28 of 35 points match", which might be good enough for a gas purchase but not good enough to authorize a major funds transfer.

    The claim is that these devices can detect living from dead tissue. I don't doubt that is true in controlled cases, but it's probably mostly PR when the device is set up to scan cold, dry finger and still work with warm, wet digits. Even so, it's easier to just kill someone and take their wallet than to cut off their fingers and leave them alive.

    Oh, and when is 9mm thick "credit card sized". It might be "credit card outline", but if all of my credit cards and IDs together are only 5.5mm thick.

  • Well, you can have it IR if you wanted. It would just mean you would either:
    • Have a bulky battery attached to it.
    • Plug a power cable into it, which would kinda defeat the perpous of getting rid of the USB connection.

    I'm not sure if bandwidth would be problem either.

  • I recently went on a (sales) tour of Globix's new facility in downtown Manhattan. The doors, even the racks and cages, have fingerprint scanners (in addition to scan cards and regualr physical keys). Why do I bring this up?

    We jokingly asked "What happens if someone cuts off your finger?"

    Deadpan, the tour guide says "There's a body temperature scanner built in, so that wouldn't work".

    :-)

    Of course, this doesn't change the fact that fingerprint-only protection for a private key is not as great as it may seem. Especially when it's being done by a company like Sony, who's typical response to the thought of having unique, per-device keys is "That's too expensive."

  • My story submision made /. ! Guess I'll have to change my sig now. =)
  • Imagine this scenario [someone copies your fingerprint...]

    You mention that SecureID, S/Key, etc. are better. This sounds like pretty much the same thing with the addition that the token authenitcates the user to itself before authenticating to the remote system. If someone steals one and "copies your fingerprints(TM)," you just key up another one and revoke the stolen item. As I understand it, you can require a password for authentication in addition to the prints, too.

    So how is this weaker than the systems that do exactly the same thing minus the fingerprint id?

  • He could use his toe prints.
  • What I don't like about this device is all I would have to do is replicate
    the data coming to it. If I bypass the fingerprint sensors and feed previous
    data that I acquired then the data would available to me such as password
    to web sites credit cards and such. Well I don't know if that is possible,
    but you never know

    http://theotherside.com/dvd/ [theotherside.com]
  • True, no yellow sticky, but you basically print your password on anything you touch! For example your coffee mug...
  • Except that they delete comments over there.
  • In the recent "Our Attorney's Response To Microsoft" article, the Andover attorney stated that "as a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users." This is a blatant lie. "Bitchslapping," and "lameness filtering" ARE interfering with the communications of Slashdot's users.

    Couldn't agree more...

    I made this same point [slashdot.org] in the orig inal story. [slashdot.org]

    -jerdenn

  • That doesn't seem like too big a concern. It would only give out the information through the USB port when the fingerprint matched, so you wouldn't be able to just plug it in and get the info. You'd have to open it up and disect the circuits, and I'm sure they could make it very, very difficult to get the data out. Assuming they could, though, you're right; they'd have your data. But how much worse would that be than having your credit cards stolen?
  • When you made your point in a previous article, and again here in an offtopic comment how exactly does slashdot interfere or sensor you or any other user??
    ___
  • You really think that. So it's so much worse to take fair and reasonable precautions to try improving the signal-to-noise ratio than to turn over Slashdot to a bunch of prepubescent morons who have nothing better to do with their pathetic little lives than spam a technical discussion site with puerile humor, [slashdot.org] attempts to change the subject, [slashdot.org] and just plain meaningless crap [slashdot.org]? Note, by the way, that not only are all of my examples from this discussion, but they are three of the first four posts to this discussion. And you say Slashdot isn't declining.

    It seems the moderation has gotten way too politically correct.

    Not that I've seen. I have yet to see an truly insightful, well-thought-out post that hasn't been modersted up quite high in the end. And no, I haven't agreed with all of them. No, they haven't all been politically correct (hell, many of the posts I do couldn't be called politically correct).

    The quality of posts that get moderated up to +5 (in particular +5 funny) is really getting more and more lame.

    You mean they haven't all been tasteless crap. Boo hoo hoo.

    It's not the trolls' fault, it's the moderation system.

    Oh, yeah. The moderators force the trolls to troll. Like we tie the trolls up, guard then with NINJAS and torture them with pr0n of Natalie Portman naked and petrified, and threaten to pour steaming hot grits down their pants if they don't troll. Suuuuuuuuuuuuuure.

    the "1984 version" of Slashdot that you get at high thresholds is truly bland. Personally, I would rather read some truly amusing posts and take my chances with being offended or whatever you think the post is going to do to me.

    What do you want, a humor site? Go here [segfault.org] if you want that. Or better yet, go here [hotgrits.org].

    Some of those posts obviously took some effort and creativity too... they deserve some recognition.

    I know of only one troll that could possibly have taken any effort or creativity: the original naked and petrified post. The rest are just idiotic drivel, badly-written porn (I could write better stories than that, about the same subject matter, without any pr0n elements, in ten minutes), or slander (libel?) against JonKatz.

    And even with that troll, it wasn't in the appropriate place. There is a time and a place for everything, even for trolls. Slashdot ain't it.

    I think everyone should be able to vote on a post... let the score reflect the total of all votes applied to it. people can judge it by that and choose to ignore it or not, as they see fit.

    We've got that already. It's called moderation. It picks people at random, yes, and it doesn't let known troublemakers mod, but it's quite fair.

    I think free-speech has all but vanished on this site.

    Free speech vanishing? Hardly. You can still say whatever you want. And we can also tell you to go fuck yourself. You have the fundamental rights to speak, to hear, and to not hear, but you have no fundamental right to be heard. You are given that right when someone listens to you. And if no one wants to listen, you can still prattle on all you want, while we simply build and move around you. But don't scream censorship when no one wants to hear you. That's just because we all think it's bullshit. And if we all think it's bullshit, there's a very large probability that it is.

    "Bitchslapping," and "lameness filtering" ARE interfering with the communications of Slashdot's users.

    Never heard these terms mentioned in connection with this site before. What is this "bitch-slapping" and "lameness filtering," as defined by Slashdot?

    I've certainly never seen my communications interrupted or interfered with. Nor anyone else's.

    Rob Malda almost seems like he's in a panic. He will do anything to eliminate the "trolling"... no matter how it may interfere with the operations of the site.

    But does it interfere with this site's operations? Absolutely not. I have yet to see any moderation-related change which has interfered with actual technical discussion on Slashdot. Flamers, trolls, and spammers get filtered down (and I, like you, browse at -1 just to make certain of this), yes. But actual intelligent discussion? Hardly.

    Is this Malda's site? Sure is. Will it generate any income when people no longer read it? Nope.

    And you think Slashdot's readership is declining? Not that I've seen. And the people I do see leaving are all blaming it on trolls, not moderation.

    Rob, you'd better wake up and smell the coffee... take an objective look at what moderation is doing. It's not good.

    Maybe, maybe not. But regardless, it's better than the alternative: a site on which technical discussion can no lnger take place because it's been overrun by assholes.

  • Smartkey PGP? (Score:5)

    by DaveHowe ( 51510 ) on Sunday May 21, 2000 @04:19PM (#1057615)
    Hmm. If it could be restructured slightly to be compatable with the OpenPGP standard, I can see how this could be very useful indeed.
    Store a standard PGP key inside it, with the code to decrypt and digitally sign built in. Lock the key, not with a passphrase, but with a unique hash from the biometric data; user presses thumb to scanner, device goes "live" and accepts data from PC interface to sign or decrypt; after sixty seconds, device signs off and requires another scan to go live again. Add a suitable "cradle" interface, and it could form a digital credit-card / debit card that is personalized to the carrier, and can be simply dropped into a cradle at the checkout when your purchases have been scanned...... Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
    --

  • Rusty deletes (First post) comments from (Natalie Portman) Kuro5hin only (MEEPT!!!) when they (Hot grits down your pants) are grossly (IF I EVER...) off topic. If you have something childish to say, say it on Hotgrits [hotgrits.org]: News for Trolls. Stuff that matters.

  • 1. Moderation could use some updates. Stuff that's been suggested at sid=moderation [slashdot.org].. but not a complete overhaul.

    2. I can't stand how I'm *told* that somethings funny. It's somewhat demeaning, like a laugh track. But it's somewhat of a necessary evil. People need to filter out comments.

    3. People can't see other's karma. Karma has become much less of a pissing contest since.

    4. I don't get this suggestion? What difference does this make?

    Just my thoughts...

  • Yay! Someone was listening! Now keep telling people this. :-)

    I've answered the question "why do you delete comments" way nore times than I've actually deleted a comment. Probably a factor of 10 more times, actually. Here's hoping someone else will take up the explanatory mantle for a bit! :-)

    --

  • On the Real Decline of Slashdot


    I've been reading Slashdot for well over a year now. I've always read the comments and browsed at -1. I've noticed a disturbing trend lately. It seems the moderation has gotten way too politically correct. The quality of posts that get moderated up to +5 (in particular +5 funny) is really getting more and more lame.

    This isn't due to the content of the posts either. There are still some truly amusing ones at a low threshold. I wonder if people are afraid to moderate true to what they actually think due to things like Malda's "bitch-slapping."

    I remember how people used to howl about the terrible noise the trolls were causing. Well, take a close look at what you have now. It's not the trolls' fault, it's the moderation system. I feel sorry for people who browse at a high threshold... the "1984 version" of Slashdot that you get at high thresholds is truly bland. Personally, I would rather read some truly amusing posts and take my chances with being offended or whatever you think the post is going to do to me. Some of those posts obviously took some effort and creativity too... they deserve some recognition.

    I think everyone should be able to vote on a post... let the score reflect the total of all votes applied to it. people can judge it by that and choose to ignore it or not, as they see fit. This "bitch-slapping" bullshit has to go. This "lameness filter" bullshit has to go, the moderation bullshit has to go. I think free-speech has all but vanished on this site.

    In the recent "Our Attorney's Response To Microsoft" [slashdot.org] article, the Andover attorney stated that "as a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users." This is a blatant lie. "Bitchslapping," and "lameness filtering" ARE interfering with the communications of Slashdot's users.

    Rob Malda almost seems like he's in a panic. He will do anything to eliminate the "trolling"... no matter how it may interfere with the operations of the site. Is this Malda's site? Sure is. Will it generate any income when people no longer read it? Nope.

    Rob, you'd better wake up and smell the coffee... take an objective look at what moderation is doing. It's not good.

  • Yea, but /. has a *lot* more posts/comments than Kuro5hin. Makes things a bit harder.
  • What I don't get is why people take such offense at those comments. The only ones that truly tick me off are the goatse.cx links... A lot of the time, the funniest comments on Slashdot are from people like osm, and his infatuation with Natalie Portman is quite amusing. (No, I don't find it amusing because I'm just new around here, I've been around /. for a while.)
  • Bitchslapping is a new (a couple weeks old, max) thing. The moderation page hasn't been updated since 09.09.1999. See the problem?

  • Annother important point when talking about biometrics is the fact that your finger doesn't change much. In effect you will be using the same passphrase at multiple organizations that require the fingerprint scan. What's to say that an unscrupulous organization won't record your fingerprint scan and replay it to other machines, or use it to create a prosthesis that can mimic your finger in any way that is important for the scanners (I think they determine live/deadness by the conductivity of the tissue, which is a measurement you would have)

    These scanners could go a long way towards addressing this. Each user could have their own, trusted, scanner that merely unlocks a crypto key(s) on board that are actually used to authenticate. If the hardware was open enough so you could trust is this could be a very good thing.

  • I'm impressed. Didn't think the technology was that good.

  • I think that this technique would also make an excellent trigger-lock for a gun. Perhaps a gun that has such a scanner built into its side so that it scans when picked up. Assuming the authentication is fast enough, I would expect to see a partnership between Sony and some gun manufacturer pretty soon. Overall, a small fingerprint authenticator would have applications anywhere where some relatively small device needs to be used by a limited number of people.
  • You can't generate a consistent hash from a biometric - two readings will never be exactly the same and in cryptographic applications single bit error will render the hash useless.
    On the whole, you are right - not that you can't generate a consistent number from a fingerprint (you can - it's awkward, but you can. In place of trying for an exact photographic match, you look for features (whorls, loops, junctions) and form a mesh of those features. you then store the mesh in such a way that relative position is preserved, but distances and angles are not.However, I agree it is awkward and requires quite a high res scan, plus a fair wadge of computing power and storage space)
    No, the problem is that, if someone steals your device, it is very likely to be COVERED in your fingerprints - after all, you handle the damned thing. all they need do is use a child's fingerprint kit to lift one intact print on sticky-tape, transfer it to the sensor, and they have unlimited access to your key. Not to mention a anyone sufficiently desperate to force the device from you at gunpoint, will probably be desperate enough to remove a suitable "key" from your person with an axe..... not a risk I would want to undergo. but its still a cool idea, though :+)
    --
  • *sigh*
    I hate to tell you this, but Hashes have been around for a lot longer than their cryptographic use. One of the useful functions of a hash (in a programming sense) is to throw away or minimise changing elements of data so as to locate a record; multiple items of data that converge to the same hash value are called Hash Collisions - Cryptographic hashes are written to minimise collisions between similar inputs (error propagation hashing); data filtering hashes are written to maximise collisions between related data items (error reduction hashing)

    Might I suggest you locate and READ one or two books on programming and pattern matching before you start being abusive online?
    XNormal made a reasonable reply, based on his knowledge of Cryptographic hashing and the way a fingerprint matching database works (the police one, for example). However, I am not trying to match a fingerprint, I am trying to extract a repeatable value from the fingerprint, not the same thing and not the usual way to do this. You merely read his reply and added an abusive postscript. All I can suggest is to either acquire Clue or go back to your hot grits and petrified females.
    --

  • This sounds to me like a *very* good rendition of SecurID. Not only does it have a safety margin in the way of fingerprints, but it does not rely on time / random number generation and would not need to have a central server in theory...
    You would think that needing a scaner for every user would be a detriment, but, i belive that it would actually be an asset. I mean think about it, you would be able to store the public and private keys on the card, which would pretty much make it something like a extremely secure credit card.

    Oh well, i am goning to need to get me one of these soon :)
  • Re: -1 default :
    I think if you have a negative karma then you're at -1 default.

    Re: the -2 :
    dmg was knocked down to a default -2, and he had a pretty high scores on the few posts he had at that point (4s & 5s).

    Re: Metamoderation :
    Those that can grep Perl can check out the rules for metamoderation on their own with the Slashcode [slashcode.org] (and please post your findings to a forum like sid=moderation [slashdot.org].
  • For adding features to Slash, go to Slashcode.org [slashcode.org]. You'll find more people interested in screwing around with the Slash code.

  • Yet another standard (Score:3)

    by Money__ ( 87045 ) on Sunday May 21, 2000 @03:38PM (#1057632)
    The company (www.sel.sony.com [sony.com]) is plugging a new standard in security measures it calls "convergent authentication".

    Yet another closed standard.

    I get the feeling someone at sony heard the phrase: "standards are great, everyone should have one", and took it seriously!
    ___

  • Personally, I think that fingerprint verification for high-security areas is horribly flawed. Yeah, it would be great if I could log into my box with my fingerprint ID. Wonderful.

    What if you have root access at some huge defense company. You're an admin, you don't do development, but with that root PW you have access to all of the data on your network.

    You use your thumbprint to log in everywhere you go.

    Someone wants the plans to the new fighter that your company is developing.

    So now, instead of kicking your ass until you give up the password, any evil terrorist group has two simple choices:

    Cut off your thumb.

    Kidnap you and use you to get into the system.

    I don't know about you, but I don't think that my thumb is very good security at all. Great for identification, but there is no way in hell I would trust my thumb over a 16 character alpha-numeric password.

    -S

    Scott Ruttencutter
  • Hmm... didn't realize Yu Suzuki reads slashdot. Hi!
  • Although it may be a little bit melodramatic and overly zealous, there are a few valid points brought up in the post.

    The quality of posts that get moderated up to +5 (in particular +5 funny) is really getting more and more lame.

    I agree with this. although I may not be the best at creating brilliantly innovative, informing, or humorous posts, I think that many of the level 5 posts are not quite up to the level they should be. I think many moderators are influenced by the "me too" phenomenon, and automatically mod a comment based on the reactions of the first moderation. This causes some posts to unfairly get knocked to troll status, and other "okay" comments to get promoted to the status of greatness which they dont really deserve.

    This "lameness filter" bullshit has to go, the moderation bullshit has to go. I think free-speech has all but vanished on this site.

    Although this is a bit overrated, the moderation does interfere with free speech on the site. Fundamentally, free speech is the ability to be heard by the community when and where you need to. Since the average slashdot reader is more likely to read a topic up at the 3-5 level, those who have been modded down are not getting the attention they really deserve. And, if the topics are knocked down just because they are offtopic, it becomes even worse. How is one supposed to bring an issue to the attention of the community if there is no place to do so?

    Although it may not amount to anything at all, hopefully some change for the better can come of this. Please though, for all the reasons mentioned above, don't knock this reply or its parent down just for standing up.

    ______________________________



    --------------------------------------------
  • You know, there's no doubt in my mind that this will be better than passwords. Given that my fingers are a part of me, I can't forget them at home. So, I guess that it's better than the classic yellow sticky on the side of the monitor. But I wonder if this won't wind up being less useful than it appears at first glance. Sure, no two people's fingerprints are alike, but that's only half the story. Using biometric data assumes there's no way to create a mechanical device that simulates the fingerprint. I wouldn't want to bet a lot of money on that not being possible -- and using my fingerprints to unlock my bank account is doing just that.
  • Well, if you read the link [slashdot.org], then you would see the reference to 'bitchslapping' [slashdot.org] in sid=moderation. [slashdot.org]

    -jerdenn

  • 2) Someone steals your scanner which not only has your public key, but your private key as well, and you've lost your copy altogether.

    Fingerprint ID sounds great on paper, but it does have it's flaws. What if someone steals your finger? I know it sounds sick, but it has happened. Using conventional passwords really isn't as bad as it's made out to be. :-)
  • I've got better things to do with my life. back to your Hot Grits, little troll......
    --
  • At Disney World, they use the shape of your first two fingers' bones to ID you for season passes. You stick your fingers, V-shaped, into a little scanner for verification. Slick, eh? But what happens if you don't remember to keep your hands inside the car at all times? Hope you weren't planning on coming back.

    I still like retinal scanners better. Modern ones detect the slight jiggle and changes in pupil size that are only found in a living eyeball, so no hi-res photo will do. If you combined this with a retinal scan, an extremely hi-res movie of an eyeball wouldn't work, either. The only way to get around it would be to kidnap the person and force them to hold their eye up to the scanner. With traditional security, if you wanted access you didn't have you could still kidnap the person and force them to reveal their passwords/security cards, so there really isn't a big difference there in personal safety.

    And what about people with no eyeballs? There are plenty of ways to identify someone biometrically. Perhaps a quick X-ray shot of someone's facial bone structure that would uniquely identify them? After all, you could lose finger or go blind, but you don't see many people walking around without facial bones. In the horrible event that yours were traumatically injured, you could go to an identity verification place and have the ID system recalibrated to your new facial structure. This is probably the most insecure point in the process, but with accurate records, modern data storage and retrieval, and DNA analysis, security concerns can be kept to a minimum.

    Personally, I'm waiting for the Mark of the Beast! Team Satan: Go 666!

    bytesmythe
    Proud Member of Satan's Secret Agents
  • I don't take offense at them. They're just not usually appropriate, IMO. *Now* they're the funniest things on /., but that wasn't always the case. They're just good here now because most of the rest of the discussions suck so bad. :-)

    --

  • Old, soon-to-be-dead technologies, those fingerprint and retinal scanners and stuff.

    I'm pleased to informally unveil for the Slashdot community the NEWEST of the new in user authentication.


    • The
    • GLANSPRINT SCANNER!

    The glansprint is a completely unique identifier, and it's far less likely to be scarred and damaged in the course of normal life than a fingerprint... (one would hope).

    Further, the unique user position required to operate the Glansprint Scanner affords an excellent opportunity for punitive actions to be automatically taken against an individual attempting to fraudulently gain access to the secured system. Repeated attempts to circumvent the Glansprint Scanner would therefore be rendered impossible. Sirens to alert nearby security personnel would not be necessary, thus reducing total cost of ownership and installation.

    Being heavily influenced by the Linux movement, it goes without saying that the software drivers required will be open source; a link will be posted here when the first version of the software is released.

    yiddophile@i.hope.all.spammers.get.colon.cancer. and.die.slow.horrible.deaths.yahoo.com

  • Oops, changing the password every few days would be just a little bit on the paranoid side wouldn't it?


    Maybe it would, however I think its a hell of a lot easier then getting a skin graft to change your fingerprints once a week. 8)

  • Problem is, trolls are getting more offensive (tho that's not a real reason, just a complaint. I don't really want to buy an 'adult check' id to read slash) and mods are running around just to keep up with all the posts. True, many, many gems slip through the threshold (i am at +2 because i don't have time for anything else) but can you think of a better system? I can't. Bitchslap is supposed to be for 'troll moderators' but meta-mod should catch them... oh well... Oh, and the lameness filter is lame. Too bad Rob is up to his neck in trolls and has to try everything he can just to keep them in check (by this i mean real trolls not OOG THE CAVEMAN trolls). Sad time.

    -Elendale (BTW, odd that you posted as AC...)

  • Comments on Soultions are as follows:

    1. There do need to be some changes to the moderation system. Letting everyone moderate like Kuro5hin would be a little extreme. I think it would be better to implement a system in which you could moderate only after a karma level, almost like the initaial post score 2 bonus. This would allow the entire community to moderate, but would filter out newbies who don't know what they're doing and trolls who want to flame. To do this, the entire 5 point system would have to go. It would need to be something based on the percentage of what those who voted thought, or a general aggregate opinion of all the voters. (i. e. a "slashdot-poll"-esque type system)

    2. I don't think this would work out too well. People like to know the general consensus on a story. That way, those scrolling at a -1 (or equivalent under new system) level will be able to judge for themselves and those who wish to skim the "gems" can do so.

    3. As of now, no one knows each others karma

    4. Good idea. Instead of the aforementioned filtering to a certain level, I think that sort of system could replace the filters completely. One could select a general level to filter the posts at, lets say 4. Then, they would get posts with scores of say 60% fours and fives, 30% threes, and 10% negative one through two.


    --------------------------------------------
  • not normally evil, but wouldn't that promote the killing of people just so you can chop off their hands and go on a shopping spree? that would be cool!!! (just joking)
  • you must have no life to speak of that you take one website in the endless sea of websites so seriously, like a religion.

    While I do admit to taking Slashdot seriously, I certainly don't consider it a religion.

    I don't know you, nor would I want to. I can just picture you hitting refresh all day, hoping for that +5 insightful, and the day that Bruce Perens or someone "famous" responds to one of your posts, you feel all warm and fuzzy.

    Oh, please; I'm not like that. I don't try for +5 Insightfuls; I get enough of them anyway. And as for "famous" respondents, I don't recall ever actually getting a famous one. I've gotten quite a bit of e-mail feedback, only two of which weren't positive: one being in response to my assertion that Napster was never intended for illegal purposes (quite an insightful post, though with some flawed logic), and one which was basically an e-mail troll.

    I would advise that you get a life outside of Slashdot.

    I have one, thank you very much. Quite a fulfilling one at that.

    It is obvious that through all of the trouble that you have gone through with that "Taking back Slashdot", that you are in need of counseling. I am not trolling here, notice the lack of profanity or inflammatory language.

    Oh, geez; I make one post about trolling and one sig linking to it, and all the trolls hate me for it. Gee, I wonder why?

    And you're right; this isn't a troll. Nor is it a flame. And I do admit to using both profanity and inflammatory language in the parent of this post, to make a point.

    I don't mean to be a killjoy. I like posts that can put a humorous bent on the topic at hand, and I'm one of OOG's biggest fans (where has he been lately anyway?) But there's a time and place for trolls, and it's not Slashdot. You want that, go to hotgrits.org; it runs Slash, parodies Slashdot, and actually has a few funny posts. And better yet, they belong there; it's a forum created just for the trolls. Not a technical discussion site where they only get in the way and annoy people.
  • of course, the only flaw to this is tht it does nto detect capillaries in distress by the evil man pointing a gun to his head.
  • With such a system, the risks are far greater than with simply using a regular, proven piece of software, with a passphrase. Have enough RAM so as not to need a swap partition or swapfile, and you avoid the risks of the passphrase being written to disk; a utility can then be used to "wipe" the RAM on shutdown and startup, to avoid a well-funded intruder with physical access to the machine being able to inspect the residual charges in the RAM, if this is a real security concern. The only real danger then is an intruder installing a keyboard sniffer, but an intruder who could do that would as easily be able to install software to capture the authentication from this fingerprint device. The inherent problem with a piece of hardware like this is that you can't be sure how secure the implementation is, whereas with open-source software the implementation can easily be reviewed. Rest assured that this hardware very likely has a security flaw--possibly one requested by the FBI/NSA, for "investigative" purposes. Remember the "Clipper Chip" initiative? Just because the FBI and NSA didn't win that argument doesn't mean that they haven't requested, and been granted, workarounds to the security afforded by other security devices. Trust only systems with *full documentation* which is publicly viewable.
  • have this discussion in jawad's sid=moderation,t hats why its there - your just adding to what your yelling about
  • go to sid=moderation, thats why its there, you like your friend "above", are adding to the problem of a hard to read slashdot
  • im already doing this - thanks - but your wasting space too! go to jawad's sid=moderation to talk, wait..you are jawad..my bad

  • Biometric Authentication Idiotic (Score:5)

    by ckm ( 87462 ) on Sunday May 21, 2000 @04:33PM (#1057653) Homepage
    Biometric authentication alone is one of the stupidest things ever devised.

    Imagine this scenario:

    1. fingerprints become common as identification,
    replacing passwords.

    2. someone figures out how to copy fingerprints
    and use them as auth.

    What do you do? 'Rotate your fingerprints'?. Yeah, right.

    Tying authentication to an irreplacable body part is a bad, bad idea, except in the most extreme circumstances.

    SecureID, S/Key and other challenge/reponse or one-time key systems are far better for 99.99% of all uses. At least you can replace/regenerate them...

    Chris.

  • I think everyone should be able to vote on a post... let the score reflect the total of all votes applied to it.

    How about a system where any logged in user can rate any comment from 1 (hot grits) to 5 (gem), and the displayed score is the average of all votes applied to it? I'd call it Kuro5hin [kuro5hin.org].

  • Slashdot, apparently, has something called a 'lameness filter', basically an algorithmic system to filter out posts that are 'lame'. If a post triggers the filter, it gets blocked. I once ran into it when I tried to illustrate the size of a large number in relation to another number by writing it out. It got 'lameness filtered'. I don't know how long its been in existence, but it seems kind of redundant when you have the 70-second post attempt thing as well.

    Getting 'Bitch slapped' is when your karma drops an extreme amount, like 50 or 60 points, or something. Someone posted on one of the threads that it happened to him. He believed it was because he modded down signal 11, or something like that. The person thought it Rob Malda did it himself.
  • ; I've certainly never seen my communications interru

    i just did. :grin:
    --Phil
  • Here's [safergunsnow.org] a page detailing the progress of such a technology. Hope it answers any questions.


    --------------------------------------------
  • i think there is a much better and flexible way to check security than lugging around a personal fingerprint scanner. since many of the new mobile devices are going to contain some kind of built-in camera, couldn't these devices either take a snapshot of your finger and use the picture to determine your identity, or alternatively use a picture of your iris to do the same thing? this way, you're using a useful generic piece of technology to achieve the same thing that otherwise requires a separate piece of hardware. it's bad enough carrying around a palm pilot and a cell phone, without needing yet another piece of generic hardware.
  • Yeah, but the guy being robbed would know about that. He wouldn't know if someone made a rubber mold of his finger in his sleep or copied his fingerprint off a glass. No technology can protect you from a guy with a gun pressed to your gut.
  • Just another reason for iris identification. The evil terrorist group can't just rip out your eye and use it to get in.

    Or can they...
    (cue ominous sounding music now)


    --------------------------------------------
  • Now I am in favor of finding a better way to log into systems. I hate having to remember tons of passwords, even worse when they rotate a lot. Many times I find myself typing in my old password due to finger memory.

    But with a fingerprint scanner I would think they would have to have a decent amount of leyway in their scanning. What if you get a cut that scars your fingerprint, then you have to get a new scan done. Or, I landscaped for a couple of summers and after a couple of days my fingertips were all torn up. Since I imagine it would be tough to get a clean scan of my fingerprint I would have problems accessing systems that used this type of system.

    As for retinal scans. I have not researched this subject much, but how would having contacts effect the accuracy of the scan?

    The one thing I have seen that might be slightly secure is a card that you input a numeric key into. This generates a key that you use as the password. This password is basically a one-time pad key. Once you use it it cannot be used again. The password only stays visible for a few seconds, less than 30 seconds I believe. After that you have to input your passkey again.

    Until there is a safe and accurate ability to verify a person passwords are about the best we will get. But even still passwords can be cracked or interigated out.

  • I absolutely love the paranoia level here. No sarcasm, it's a good thing. I do, however, wish people would do a little thinking/research before demonstrating their ignorance on the subject at hand.

    Biometrics as an authentication scheme has been in the literature as far back as the the 50s. The US Department of Defense has spent very large $DOLLARAMMOUNTS on the subject. Recently, thanks to Moore's Law, the processor power to actually implement some of these ideas have become generally availble. Additionally, it has long been recognized that a single token is insufficient for access authentication. Bought groceries on your debit card recently? You need the physical access to the card (finger, eye?) plus a Personal Identification Number (PIN). Two tokens. We may get to the point that three tokens are necessary, but I'd be suprised to see it in my lifetime.

    From Sony I want two things: 1) A white paper dealing with exactly how what they are selling works, for peer review purposes. (Sony is all about selling a better solution, so explaining the base method should have zero impact. Speed counts.)

    2) The asurrance that Sony and the entities that it sells its solution to will not violate the privacy of the individuals who end up using the technology proposed.

    Oh well. New sound card. Life is good.
  • "Bitchslapping is wrong.". It seems that if you moderate someone with high karma's posts down as a troll, you're karma drops to a negative amount, this is stupid. I have triple digit karma, does this mean that I can't post blatantly inflammatory material from my account? No. So why shouldn't people be able to mod me down?

    If you read those posts, you will find that Malda himself has to 'bitchslap' someone. It does NOT happen automatically. I do, however, agree that bitchslapping is wrong. My main problem is with the fact that it changes the scores on all previous posts to -1.

    -Mike bell

  • Prevents only casual attacks (Score:3)

    by evin ( 31167 ) on Sunday May 21, 2000 @09:16PM (#1057664)

    This device (and most of biometrics) is a fraud and merely security through obscurity. Once someone figures out how the card works, then it should be fairly trivial to build a device which opens the card up and grabs your public and private keys.

    With PGP and GPG, there's a passphrase to prevent having physical access to the device instantly revealing the private key. You can't really do this with fingerprints (or other biometrics) since the fingerprint cannot be used as a key. The digital image of your fingerprint varies from impression to impression so the device has to ask itself "is this close enough to Alice's finger?" instead of using it as a key.

    Even if they could use the fingerprint as a key (perhaps some abstract description of the fingerprint which doesn't vary much), then all you need is a sample of the fingerprint which is fairly easy to obtain. It doesn't even need to be off a live finger - any tests in the device for heat or circulating blood can be bypassed since they can exist only as physical prevention mechanisms, not mathematical mechanisms.

    The only really legitimate use of biometrics is if you have secured hardware with trusted guards (i.e., real people) watching that you don't mess with the hardware and that you really are presenting your actual finger or retina. And even this shouldn't be trusted for very important things unless you have several guards at each machine, all resistant to bribes.

    Biometrics on a card would prevent only very unsophisticated attacks from people unfamiliar with the cards. If your attackers won't have physical access to your card, then using PGP or GPG without a passphrase is just as secure and more convenient.

    Read Bruce Schneier's take on biometrics here [counterpane.com].

  • In the recent "Our Attorney's Response To Microsoft" article, the Andover attorney stated that "as a general matter, it is the policy of Slashdot not to interfere with or censor the communications of its users." This is a blatant lie. "Bitchslapping," and "lameness filtering" ARE interfering with the communications of Slashdot's users.

    How is this a lie? Slashdot employees don't moderate, slashdot readers do. I just moderated yesterday and I certainly don't work for Andover or Slashdot. Read the moderation page [slashdot.org] sometime to see exactly how slashdot moderation works. Moderation works like elections, a few do it and they represent the whole (yep, the same way the U.S. president gets elected by the electoral college and not the American public). If you have a problem with slashdot moderation (specifically bogus +5 scores)don't blame Rob Malda, blame the real culprit the average slashdot reader, moderation selects people at random and asks them their opinions, unfortunately as Signal 11 [slashdot.org] has shown the average slashdot reader is into demagoguery and dogma, not criticism or conflict.

    Frankly if you want to discuss moderation I would suggest visiting the Slashdot Moderation Forum [slashdot.org] instead of posting offtopic rants to news articles.

  • He doesn't. That's a fake!
  • Too easy to pickup remotely though not as easy as EMP/RF.
  • This is exactly what I've been advocating all along: A system where every registered user can rate every single comment. The /. karma system only invites abuse and creates an artificial divide between the haves and the have-nots. The windfall from having a system like Kuro5hin is that bad comments will just be ignored. There is no "negative feedback loop" that motivates people to keep posting.

    Malda, you dumbfuck, start listening!

  • Couldn't this be the start of using like PGP or some other public-key system as ids? what if everyone in the world had 1 pgp key... and it was used for all sorts of transactions. This could be good or bad... depending on how you look at it. I think it would be pretty sweet until someone figured out how to take out the encryptions scheme in a hurry. then id theft would be a problem but then we could jsut use a different scheme.. stronger one. I think this might be a neat id.. though I jsut don't want to be a pgp id.

  • Worse yet: You're standing at an ATM, and somebody attacks you and cuts off your finger or gouges out your eyes.

  • The whole point of a smart card (which is what this is -- just fancier) is that the private key never leaves the card. It doesn't matter if you know how it works, because it doesn't rely on security-through-obscurity.

    Losing a private signing key isn't the end of the world; you can just revoke it and generate another one.
  • Can't fingerprint scanners tell if a finger is alive or not? I know retinal scanners can check for blood pumping through capillaries in the eye, and I thought fingerprint scanners could too.

    If they don't already, it won't be long.
  • Yeah, it could happen, but the poor idiot would have wasted his time.

    Good fingerprint scanners can tell whether the finger is alive or not by looking for blood in the capillaries close to the surface of the skin.
  • I'm tired of remembering 30 different passwords. Why not have computers scan my finger or memorize my hand shape or retina pattern? It's an awful lot more secure; you can't run "crack" on a fingerprint scanner.

    Or is this another one of slashdot's "Big Brother is Watching" conspiracy theories?

    - A.P.
    --


    "One World, one Web, one Program" - Microsoft promotional ad

  • Well, I love the idea, but there are some problems. A friend of mine, a very very good friend blow ALL his fingertips of in an accident several years ago and he don't have any fingertips left and I don't think he is alone, so whay should he do if fingerprints become the only solution? Fingerprints IS a great and easy way to identify people if they have fingers, but do the people behind theese devices think about a solution for people who can't use fingerprint devices? Magne
  • Ok, sure, this scanner may seem pretty secure.. but this reminded me of an episode of that show, McGyver.(wow, I haven't thought about that show for a while...) There was this fingerprint scanner that is used to secure a door. McGyver needed to get in, so he used scotch tape, and put it and the glass which had someone's fingerprint on it. He then took the tape, put it on the scanner, and he was in. Now sure, this wouldn't work on this device. But it brings up a good point, how secure is it really. I mean, in terms of fingerprints.
  • What if someone steals your finger? I know it sounds sick, but it has happened.

    I've heard about that too. Does anybody have information on where and how it happened ? Story link anyone ? I'm sure there's fingerprint protected stuff valuable enough to steal for something like that to happen but OTOH this sounds a lot like the average urban legend...
  • The loss of said body part speaks enough.

    Need a finger print to get something? Well, bye bye finger.

    Gosh, the thought of scanning an entire hand scares the shit out of me.
  • Yeah, but the guy being robbed would know about that. He wouldn't know if someone made a rubber mold of his finger in his sleep or copied his fingerprint off a glass. No technology can protect you from a guy with a gun pressed to your gut.

    Not entirely true - bullet proof vest? ;-)

    Seriously, though: for code-based systems (burglar alarms etc.) you can often have a `duress' code. If someone puts a gun to your head and tells you to shut off the alarm, you type that code. The alarm pretends to shut off - in reality, it calls the police, silently.

    Better still, you could rotate a couple of code between being `valid' and `duress' - 2378 would genuinely shut the alarm off on Monday, Wednesday, Friday, while 7826 shuts it off on the other days. Enter one of these codes on the wrong day, it acts as a duress code.

  • I see two problems with that:

    1) Everyone has their own. Geeks like us come along and buy two: A control and a subject. In no time a few people understand exactly how they work and how the data is stored - and with the public and private keys on each one, well there's nothing secret.

    Just like if you take two copies of PGP and compare them, you've got my secret key? The secret key is encrypted remember - the card doesn't know it. Only the card in conjunction with your (live) finger knows your secret key. If they've managed to steal your finger without you noticing, you have bigger problems than your ATM balance...

    2) Someone steals your scanner which not only has your public key, but your private key as well, and you've lost your copy altogether.

    Essentially a DoS attack... Yes, this would mean you'd have to revoke your old key pair and generate a new one. This will always be possible, though, unless you memorise your keypair and have total recall - or everyone stores their keys on a central server, so an administrator can give you another copy of your key. There's probably nothing to stop you having more than one of these cards, though (a bit tricky securely duplicating the keypair, but it could probably be done.)

    The `attack' you describe would work perfectly well if this system were based on security through obscurity (CSS, anyone?). It isn't (I hope) - like PGP etc., it just relies on actually being secure. Perhaps we should patent idea that in case Microsoft try it? Nah - they'll just stick to FUD, lies and videotape ;-)

  • What if you have no Fingers, Hands, Arms to make the transaction ?

    Paraplegics, MS and other non able bodied people may yet again be sidelined to a minority of a minority by technology that should free everybody.

    Sure its hard to make perfect security but dont make it impossible to have sensible security
  • I did read the link and even in the linked text your thoughts, expressions, rants, and raves are all there in full vivid detail. Not one line of text was omited, not one comment deleted.

    Rob lets you create your own discussion forum? Yes. Does the sid=moderation forum cost you any money? No. Is Rob providing you with your very own forum out of the kindness of his heart? Yes. Does he complain to you about the waist of hard drive space on his server? No.

    Pardon me if this sounds to blunt, but you're ungratefull and rude.

    You piss on someone elses carpet and then complain about the color of the stain? If you don't like it get the source and build your own.

    I still fail to see how anyone is interfering or sensoring your comments.
    ___

  • Talk about security.... Wanna meet someone? make sure their prints check out. Pretty interesting gadget..... If sony's their REAL name.
  • Good idea, if the specs of the device are public it shouldn't be too difficult to modify GnuPG to use it.

    > Lock the key, not with a passphrase, but with a unique hash from the biometric data;

    You can't generate a consistent hash from a biometric - two readings will never be exactly the same and in cryptographic applications a single bit error will render the hash useless.

    Instead, biometrics are compared by a pattern-matching engine that can tolerate some errors. This means that your private key will actually be stored in plaintext inside the token and you must rely on physical tamper-resistance to protect it.

    > Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.

    The real problem is not a damaged fingerprint - it's a damaged or lost token. You must have some kind of recovery mechanism for this case and, naturally, it will also cover the less common case of an injured finger.

    For an interesting approach to the problem of secret key recovery see Protecting Secret Keys with Personal Entropy [counterpane.com]

    ----
  • Why would a scratch be a problem in this case. I used the Veridicom [veridicom.com] sensor before with the LBV Server [lbvserver.com] backoffice product, and you can specify more than one finger to make sure you can enter even if you hurt your primary finger. (But a small scratch didn't reject me trying to access the building.)
  • Damn, people, just because you lose your finger should this painful experience become even worth after you realize that all your passwords just invalidated and you can not open your email or your bank account information from the web? There are more advanced solutions for physically secured systems such as biometrics http://www.dmoz.org/Computers/Se curity/Biometrics/ [dmoz.org] - check this out.

    My favorite biometric is retinal scan: http://biometric-consulting.com/bio.htm [biometric-consulting.com] its accuracy is 1:10,000,000. Finger print accuracy is only 1:500

    I just don't think Fingerprints are good enough for computer security, plus I don't like anyone touching my hardware with their greesy fingers!
  • you can always sell hardware.
    --

  • I prefer contactless smartcards (Score:4)

    by Kris_J ( 10111 ) on Sunday May 21, 2000 @03:52PM (#1057707) Homepage Journal
    If we're going to use some sort of physical token I much prefer something clean like the Swatch Access [swatch.com] than a messy, oily fingerprint that might not work if you scratch yourself while gardening.
  • Desktop biometric scanners that transmit the biometric through an insecure network to a server for verification are a fraud and security through obscurity (don't laugh, people actually do this kind of thing). This device, while not perfect, looks like it can offer some real security because it performs the verification internally.

    A quote from the article you are linking to:
    "Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier."

    In this case there is a trusted path from the reader to the verifier because they are both inside the same tamper-resistant pacakge (no, not tamper-proof, there is no such thing).

    "Trusted" is always a relative term and depends on the resources available to your opponent. If your opponent is a foreign government then even secure (breakable) hardware and (bribable, killable) guards may not be enough.

    I don't know how many casual attackers have access to a focused ion beam workstation and the knowledge required to operate it and try to crack a multilayer tamper-resistant chip. See this article [cam.ac.uk] for more information about the techniques used to crack smartcards. Remember that this device is thicker and more expensive than a smartcard and could theoretically provide much better tamper resistance.

    Correctly applied biometrics can let you have some security even when facing intentional misuse. I'd rather have access to my medical information protected by this kind of biometric token rather than a password that will end up on a post-it note on the secretary's monitor or a smartcard that will be "shared" because it is not tied to a specific person. Experience has shown that most people will bypass security in every imaginable way. Biometrics can help enfore an organization's security policy under these conditions.

    Personally, I will stick to my passphrases (6 words, at least 2 of them not in any dictionary...)

    ----
  • A friend of mine, a very very good friend blow ALL his fingertips of in an accident several years ago and he don't have any fingertips left and I don't think he is alone, so whay should he do if fingerprints become the only solution? Fingerprints IS a great and easy way to identify people if they have fingers, but do the people behind theese devices think about a solution for people who can't use fingerprint devices?

    What does somebody with no hands do now in a world of signatures?

    It's an inconvenience not having a part of your body. The world can't be completely stopped to meet the needs of the most-handicapped individual, however.

    Accomodations will have to be made, just like they're made now.

    --
  • In theory at least, kuro5hin's system ought to scale better than slashdot's, considering your total pool of moderators is nearly as large as the pool of posters. Also, when you rate a comment on kuro5hin, it's not permanent and immutable-- you can change your rating if you think it's necessary. You only ever get counted as one vote, but you can change it if you want.

    It isn't yet widely used, though, and does lack some features necessary for it to be truly a filtering system, rather than just ordering. Time will tell. :-)

    --

  • That's not a practical application, for obvious reasons. ("Excuse me, Mr. Rapist, sir; I need to clean off my fingers and try to get this thing to scan properly....")
    /.

  • But.. (Score:2)

    by cdlu ( 65838 )
    I see two problems with that:

    1) Everyone has their own. Geeks like us come along and buy two: A control and a subject. In no time a few people understand exactly how they work and how the data is stored - and with the public and private keys on each one, well there's nothing secret.

    2) Someone steals your scanner which not only has your public key, but your private key as well, and you've lost your copy altogether.

    Nu?
  • I've been waiting for a long time for a company to put out a product like this. It's pretty obvious that a fingerprint scanner model like this boasts some evident advantages; it's definitely going to make Internet transactions more secure.

    However, what concerns me is whether or not this type of thing will be actually allowed for use by the U.S. government. Since everyone has his or her own unique fingerprint -- after all, the police use fingerprints to identify suspects -- that means there must be a lot of different factors and variables that go into a fingerprint. Doesn't that mean that a fingerprint has too many "bits" of information and couldn't be uploaded under current export restrictions?

    It's sad to see the United States government is holding back technological progress by attempting to impose its own short-sighted laws on the rest of the world. I'd love to have a personal fingerprint scanner -- how about you, Bob Dole?

    Yu Suzuki

Slashdot Top Deals

God help those who do not help themselves. -- Wilson Mizner

Close