biometrics

[David Honig]

>There is no such thing as a "tamper proof" device, and that goes
>double for anything distributed to consumers and left in their sole
>possession for indefinite periods Alice cannot be sure it is Bob if
>Frank can spend time physically attacking the reader so that he can
>send Bob's iris print whether Bob is there or not. 

The lesson I learned from the excellent reverse engineering of
various smartcards is this: if the device is in someone's possesion,
*they* should be interested in not tampering with it.  (E.g., When a bank's
card is in a cracker's wallet, this is not the case.)  Which party the
sensor should belong to depends on the app.  For some apps the other party
may insist that you use their sensor; for some, you might insist on
keeping your fingerprint (etc) in your smart card.





 






  







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com