Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony's New Personal Fingerprint Scanner

Posted by timothy on from the but-daddy-I-wanna-*iris*-scanner! dept.

MelloDawg writes: "This article at SecurityWatch.com describes Sony's new fingerprint verfication device that fits in your wallet and uses public key infrastructure." Of course, if the prints are never transmitted and the scanner is personalized for each user, it seems like Sony'd like everyone to have his own scanner -- how convenient.

4 of 130 comments (clear)

  1. Re:Not Linux compatible by Bronster · · Score: 4
    This USB trend really is a pain in the ass for now, but since USB will be supported in the next kernel, I'm sure there's gonna be a port eventually. Or maybe it would work with a USB-to-parallel converter cable

    From the linked site: It contains USB drivers for Windows(R) 98 and 2000 and there is a serial cable available for use with Windows NT(R) systems.

    Shouldn't be too much trouble to interface to Linux through the serial option for now (though it does load the system more than USB - and we'll have USB support soon enough.)

    Also from the site: Sony is working with Entrust Technologies and I/O Software Inc., to allow them to develop specific software applications and is also actively looking to work with other software providers in the infosec field

    It's unlikely that they will be providing open-sourced drivers at first (Sony haven't really "jumped on the open source bandwagon" yet) but with Linux becoming more popular all the time, it's likely that demand will convince them to build drivers.

    They'll almost certainly be building drivers for various UN*X systems because, despite Microsoft's efforts to push NT, there are many large institutions which will pay megabucks to have a more secure way of authenticating users that just works! The weakest link in most security is the users themselves, and the pathetic passwords most people choose.

    Fingerprint assisted password protection would be much stronger, and I doubt Sony will restrict themselves to a single OS manufacturer if they're getting so many companies to write drivers.

  2. Smartkey PGP? by DaveHowe · · Score: 5

    Hmm. If it could be restructured slightly to be compatable with the OpenPGP standard, I can see how this could be very useful indeed.
    Store a standard PGP key inside it, with the code to decrypt and digitally sign built in. Lock the key, not with a passphrase, but with a unique hash from the biometric data; user presses thumb to scanner, device goes "live" and accepts data from PC interface to sign or decrypt; after sixty seconds, device signs off and requires another scan to go live again. Add a suitable "cradle" interface, and it could form a digital credit-card / debit card that is personalized to the carrier, and can be simply dropped into a cradle at the checkout when your purchases have been scanned...... Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
    --

    --
    -=DaveHowe=-
  3. Biometric Authentication Idiotic by ckm · · Score: 5

    Biometric authentication alone is one of the stupidest things ever devised.

    Imagine this scenario:

    1. fingerprints become common as identification,
    replacing passwords.

    2. someone figures out how to copy fingerprints
    and use them as auth.

    What do you do? 'Rotate your fingerprints'?. Yeah, right.

    Tying authentication to an irreplacable body part is a bad, bad idea, except in the most extreme circumstances.

    SecureID, S/Key and other challenge/reponse or one-time key systems are far better for 99.99% of all uses. At least you can replace/regenerate them...

    Chris.

    --
    -- I don't have a cool sig.
  4. I prefer contactless smartcards by Kris_J · · Score: 4

    If we're going to use some sort of physical token I much prefer something clean like the Swatch Access than a messy, oily fingerprint that might not work if you scratch yourself while gardening.