[Moderator: I can't answer his question.. anyone else?]
Forwarded From: Andrew McNaughton <andrew@squiz.co.nz>
I threw a couple of odds and ends of your stuff on biometrics at one of our
journalists, and he thought it was worth an article and asked me for some
primary material, which I've been hunting out.
A question I've been trying to answer is whether anyone's come up with a
biometric which is sufficiently discrete to be put through a cryptographic
hash.
If a biometric was available which could be converted to some more or less
invariable character sequence then it would be possible to combine it with
a database specific string and produce a hash which was unique, and
verifiable as belonging to the individual, but which would not require
storing of the biometric itself or of anything which could be compared
against the key in another database, or be stolen and applied to another
database.
I suspect this is problematic, since I imagine that the biometric
fingerprint is a sequence of measurements which are compared against
another sequence of measurements and a metric of their similarity computed.
If so, the biometric can vary within a range, and standard hashing
functions will not work.
If you know of any system such that either the biometric fingerprint can be
made discrete or a cryptographic hash can be constructed that tolerates a
range of input I'd very much like to hear about it.
Andrew McNaughton
Some links I found which might prove interesting to you or your readers:
http://www.biometrics.org/examples.html lists dozens of biometrics systems
with links. The rest of the site also has some interesting stuff (This is
the Biometrics Consortium, which Wired pick as probably becoming a
regulatory body in the area at some stage).
http://www.privacyrights.org/ar/id_theft_legis.html . This one includes a
brief summary of Senator Murray's bill before the Californian Assembly
about 3/4 of the way down, and is generally about identity theft. The Bill
is online at:
(http://www.leginfo.ca.gov/cgi-bin/postquery?bill_number=ab_50&sess=CUR&hous
e=B)
http://www.leginfo.ca.gov/pub/bill/sen/sb_1601-1650/sb_1622_bill_980422_amen
ded_sen.html is a californian bill limiting collection and communication
of biometric data with a $25,000 fine if data is passed to a third part
other than law enforcement. Not sure what the connection is with the bill
mentioned above.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Andrew McNaughton =
++64 4 389 6891 Any sufficiently advanced =
andrew@squiz.co.nz bug is indistinguishable =
http://www.squiz.co.nz from a feature. =
http://www.newsroom.co.nz -- Rich Kulawiec =
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue May 5 01:49:47 1998