Feeds

Fingerprints as ID - good, bad, ugly?

Well, there's an effectiveness:usability trade-off, for starters

  • alert
  • submit to reddit

High performance access to file storage

Honourable mention though to Bruce Schneier, who didn't write to us at all but who has produced a well-argued case against a US national ID card in Crypto-Gram. And finally, although this has gone on for long enough already, we present Irdial Discs' argument in favour of using digital signatures to secure the passport, thus entirely negating the need for a central database at all. This is so sane and rational that it stands no chance at all of being adopted by the powers that be. But we can all dream, can't we?

If any document is issued correctly, and is not tampered with, it must be assumed that the holder is the person named on the document, whether it has biometric information in it or not.

If the document has been tampered with, then the holder might not be the person named in the passport. This is the only type of check that needs to be made in passports.

Biometrics are not needed to ensure that the holder of a passport is the named person in the passport. Certainly, there is no need for a central database of all biometrics (photograph, fingerprint, iris scan) to check the identity of each person every time a passport is used. A simple test to see if the passport has been tampered with is all that is required.

This is how you do it.

~ # Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority. ~ # When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database ~ # The digital signature of the passport photo is also downloaded. ~ # A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.

If the signature is good, the document is genuine. If the signature is bad, the document is a forgery.

This system does several things.

~ # It decentralizes the management of photo authentication. ~ # It stops the inevitable abuses of centralized databases. ~ # Each passport photo is digitally unique. This means that every time that you get your photo taken for your passport, it is a different cryptographically signed number that ends up in your passport. You will never have a unique identifier tied to your identity, even though its your face in every photograph. ~ # Big brother gets a kick in the balls. ~ # Passport/ID fraud is basically eliminated, except for the fake ones made to order at the request of MI6 and the like.

There is no need for the centralized passport biometrics database that they are planning; the means exist right now, with military grade crypto and digitally signed photographs that will create a rock solid, absolutely authenticatable, user friendly, non big brother solution to passport fraud, that protects documents and does not further erase our rights as free people.

The crypto to do this is in the public domain, and so zero-cost license wise. My solution is cheaper than the centrally held database solution.

Now of course, there is nothing to stop people from collecting these signature numbers, but if that is the only part of the passport that is readable, and this readable part does not contain your name or any other personally identifiable information, it will be harder for people to create a database connected to your biometric ID. If you are the nervous type you could change your id every month; in any case, I devised this ID scheme to demonstrate that there is no reason to create a centralized database from the outset. There are other, better ways to manage document authenticity. All someone has to do is simply THINK about the problem. Unfortunately, the people who are behind the deployment of this disaster are the companies that sell the systems that will be used to fleece the population for decades to come. Money is the true root cause for centralization, that and the lust for absolute control that slobbering pigs like David Blindkid and John Asscroft dreamed about.

Actually, Ms Manners isn't sure about that last bit either, but we'll let it pass. ®

High performance access to file storage

More from The Register

next story
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.