Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

Security for virtualized datacentres

Honourable mention though to Bruce Schneier, who didn't write to us at all but who has produced a well-argued case against a US national ID card in Crypto-Gram. And finally, although this has gone on for long enough already, we present Irdial Discs' argument in favour of using digital signatures to secure the passport, thus entirely negating the need for a central database at all. This is so sane and rational that it stands no chance at all of being adopted by the powers that be. But we can all dream, can't we?

If any document is issued correctly, and is not tampered with, it must be assumed that the holder is the person named on the document, whether it has biometric information in it or not.

If the document has been tampered with, then the holder might not be the person named in the passport. This is the only type of check that needs to be made in passports.

Biometrics are not needed to ensure that the holder of a passport is the named person in the passport. Certainly, there is no need for a central database of all biometrics (photograph, fingerprint, iris scan) to check the identity of each person every time a passport is used. A simple test to see if the passport has been tampered with is all that is required.

This is how you do it.

~ # Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority. ~ # When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database ~ # The digital signature of the passport photo is also downloaded. ~ # A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.

If the signature is good, the document is genuine. If the signature is bad, the document is a forgery.

This system does several things.

~ # It decentralizes the management of photo authentication. ~ # It stops the inevitable abuses of centralized databases. ~ # Each passport photo is digitally unique. This means that every time that you get your photo taken for your passport, it is a different cryptographically signed number that ends up in your passport. You will never have a unique identifier tied to your identity, even though its your face in every photograph. ~ # Big brother gets a kick in the balls. ~ # Passport/ID fraud is basically eliminated, except for the fake ones made to order at the request of MI6 and the like.

There is no need for the centralized passport biometrics database that they are planning; the means exist right now, with military grade crypto and digitally signed photographs that will create a rock solid, absolutely authenticatable, user friendly, non big brother solution to passport fraud, that protects documents and does not further erase our rights as free people.

The crypto to do this is in the public domain, and so zero-cost license wise. My solution is cheaper than the centrally held database solution.

Now of course, there is nothing to stop people from collecting these signature numbers, but if that is the only part of the passport that is readable, and this readable part does not contain your name or any other personally identifiable information, it will be harder for people to create a database connected to your biometric ID. If you are the nervous type you could change your id every month; in any case, I devised this ID scheme to demonstrate that there is no reason to create a centralized database from the outset. There are other, better ways to manage document authenticity. All someone has to do is simply THINK about the problem. Unfortunately, the people who are behind the deployment of this disaster are the companies that sell the systems that will be used to fleece the population for decades to come. Money is the true root cause for centralization, that and the lust for absolute control that slobbering pigs like David Blindkid and John Asscroft dreamed about.

Actually, Ms Manners isn't sure about that last bit either, but we'll let it pass. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Are you a fat boy? Get to university NOW, you PENNILESS SLACKER
Rotund types paid nearly 20% less than people who didn't eat all the pies
Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
... said an anon coward who we really wish hadn't posted on our website
Japan develops robot CHEERLEADERS which RIDE on BALLS
'Will put smiles on faces worldwide', predicts corporate PR chief
Bruges Booze tubes to pump LOVELY BEER underneath city
Belgian booze pumped from underground
Let it go, Steve: Ballmer bans iPads from his LA Clippers b-ball team
Can you imagine the scene? 'Hey guys, it's your new owner – WTF is that on your desk?'
Amazon: Wish in one hand, Twit in the other – see which one fills first
#AmazonWishList A year's supply of Arran scotch, ta
SLOSH! Cops dethrone suspect - by tipping over portaloo with him inside
Talk about raising a stink and soiling your career
Ingredient found in TASTY BEER is GOOD for your BRAIN
You only have to drink 2k litres a day to see the effect...
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.