Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Honourable mention though to Bruce Schneier, who didn't write to us at all but who has produced a well-argued case against a US national ID card in Crypto-Gram. And finally, although this has gone on for long enough already, we present Irdial Discs' argument in favour of using digital signatures to secure the passport, thus entirely negating the need for a central database at all. This is so sane and rational that it stands no chance at all of being adopted by the powers that be. But we can all dream, can't we?

If any document is issued correctly, and is not tampered with, it must be assumed that the holder is the person named on the document, whether it has biometric information in it or not.

If the document has been tampered with, then the holder might not be the person named in the passport. This is the only type of check that needs to be made in passports.

Biometrics are not needed to ensure that the holder of a passport is the named person in the passport. Certainly, there is no need for a central database of all biometrics (photograph, fingerprint, iris scan) to check the identity of each person every time a passport is used. A simple test to see if the passport has been tampered with is all that is required.

This is how you do it.

~ # Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority. ~ # When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database ~ # The digital signature of the passport photo is also downloaded. ~ # A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.

If the signature is good, the document is genuine. If the signature is bad, the document is a forgery.

This system does several things.

~ # It decentralizes the management of photo authentication. ~ # It stops the inevitable abuses of centralized databases. ~ # Each passport photo is digitally unique. This means that every time that you get your photo taken for your passport, it is a different cryptographically signed number that ends up in your passport. You will never have a unique identifier tied to your identity, even though its your face in every photograph. ~ # Big brother gets a kick in the balls. ~ # Passport/ID fraud is basically eliminated, except for the fake ones made to order at the request of MI6 and the like.

There is no need for the centralized passport biometrics database that they are planning; the means exist right now, with military grade crypto and digitally signed photographs that will create a rock solid, absolutely authenticatable, user friendly, non big brother solution to passport fraud, that protects documents and does not further erase our rights as free people.

The crypto to do this is in the public domain, and so zero-cost license wise. My solution is cheaper than the centrally held database solution.

Now of course, there is nothing to stop people from collecting these signature numbers, but if that is the only part of the passport that is readable, and this readable part does not contain your name or any other personally identifiable information, it will be harder for people to create a database connected to your biometric ID. If you are the nervous type you could change your id every month; in any case, I devised this ID scheme to demonstrate that there is no reason to create a centralized database from the outset. There are other, better ways to manage document authenticity. All someone has to do is simply THINK about the problem. Unfortunately, the people who are behind the deployment of this disaster are the companies that sell the systems that will be used to fleece the population for decades to come. Money is the true root cause for centralization, that and the lust for absolute control that slobbering pigs like David Blindkid and John Asscroft dreamed about.

Actually, Ms Manners isn't sure about that last bit either, but we'll let it pass. ®

Security for virtualized datacentres

More from The Register

next story
WRISTJOB LOVE BONANZA: justWatch sex app promises blind date hookups
Mankind shuffles into the future, five fingers at a time
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.