Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Honourable mention though to Bruce Schneier, who didn't write to us at all but who has produced a well-argued case against a US national ID card in Crypto-Gram. And finally, although this has gone on for long enough already, we present Irdial Discs' argument in favour of using digital signatures to secure the passport, thus entirely negating the need for a central database at all. This is so sane and rational that it stands no chance at all of being adopted by the powers that be. But we can all dream, can't we?

If any document is issued correctly, and is not tampered with, it must be assumed that the holder is the person named on the document, whether it has biometric information in it or not.

If the document has been tampered with, then the holder might not be the person named in the passport. This is the only type of check that needs to be made in passports.

Biometrics are not needed to ensure that the holder of a passport is the named person in the passport. Certainly, there is no need for a central database of all biometrics (photograph, fingerprint, iris scan) to check the identity of each person every time a passport is used. A simple test to see if the passport has been tampered with is all that is required.

This is how you do it.

~ # Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority. ~ # When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database ~ # The digital signature of the passport photo is also downloaded. ~ # A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.

If the signature is good, the document is genuine. If the signature is bad, the document is a forgery.

This system does several things.

~ # It decentralizes the management of photo authentication. ~ # It stops the inevitable abuses of centralized databases. ~ # Each passport photo is digitally unique. This means that every time that you get your photo taken for your passport, it is a different cryptographically signed number that ends up in your passport. You will never have a unique identifier tied to your identity, even though its your face in every photograph. ~ # Big brother gets a kick in the balls. ~ # Passport/ID fraud is basically eliminated, except for the fake ones made to order at the request of MI6 and the like.

There is no need for the centralized passport biometrics database that they are planning; the means exist right now, with military grade crypto and digitally signed photographs that will create a rock solid, absolutely authenticatable, user friendly, non big brother solution to passport fraud, that protects documents and does not further erase our rights as free people.

The crypto to do this is in the public domain, and so zero-cost license wise. My solution is cheaper than the centrally held database solution.

Now of course, there is nothing to stop people from collecting these signature numbers, but if that is the only part of the passport that is readable, and this readable part does not contain your name or any other personally identifiable information, it will be harder for people to create a database connected to your biometric ID. If you are the nervous type you could change your id every month; in any case, I devised this ID scheme to demonstrate that there is no reason to create a centralized database from the outset. There are other, better ways to manage document authenticity. All someone has to do is simply THINK about the problem. Unfortunately, the people who are behind the deployment of this disaster are the companies that sell the systems that will be used to fleece the population for decades to come. Money is the true root cause for centralization, that and the lust for absolute control that slobbering pigs like David Blindkid and John Asscroft dreamed about.

Actually, Ms Manners isn't sure about that last bit either, but we'll let it pass. ®

Remote control for virtualized desktops

More from The Register

next story
Apple CEO Tim Cook: My well-known gayness is 'a gift from GOD'
'I have benefited from the sacrifice of others'
MEN: For pity's sake SLEEP with LOTS of WOMEN - and avoid Prostate Cancer
And, um, don't sleep with other men. If that's what worries you
Jim Beam me up, Scotty! WHISKY from SPAAACE returns to Earth
They're insured for $1m, before you thirsty folks make plans
Now: The REAL APPLE NEWS you need to know
OMG! Gravity's totes amazeballs. Calm down, George Clooney, not your film
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Let's make an app that POSTS your POO to APPLE HQ
Plus: It's OPEN WARFARE in the Linux greybeard world
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.