Sony's New Personal Fingerprint Scanner

MelloDawg writes: "This article at SecurityWatch.com describes Sony's new fingerprint verfication device that fits in your wallet and uses public key infrastructure." Of course, if the prints are never transmitted and the scanner is personalized for each user, it seems like Sony'd like everyone to have his own scanner -- how convenient.

Smartkey PGP?

[DaveHowe]

Hmm. If it could be restructured slightly to be compatable with the OpenPGP standard, I can see how this could be very useful indeed.
Store a standard PGP key inside it, with the code to decrypt and digitally sign built in. Lock the key, not with a passphrase, but with a unique hash from the biometric data; user presses thumb to scanner, device goes "live" and accepts data from PC interface to sign or decrypt; after sixty seconds, device signs off and requires another scan to go live again. Add a suitable "cradle" interface, and it could form a digital credit-card / debit card that is personalized to the carrier, and can be simply dropped into a cradle at the checkout when your purchases have been scanned...... Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
--

Biometric Authentication Idiotic

[ckm]

Biometric authentication alone is one of the stupidest things ever devised.

Imagine this scenario:

1. fingerprints become common as identification,
replacing passwords.

2. someone figures out how to copy fingerprints
and use them as auth.

What do you do? 'Rotate your fingerprints'?. Yeah, right.

Tying authentication to an irreplacable body part is a bad, bad idea, except in the most extreme circumstances.

SecureID, S/Key and other challenge/reponse or one-time key systems are far better for 99.99% of all uses. At least you can replace/regenerate them...

Chris.