Acer Laptop W/Fingerprint Recognition System

Dekaner writes "Acer has announced the TravelMate 740 with a built-in fingerprint recognition security system. The fingerprint sensor is part of the notebook? s palm rest. Users must train the recognition system, which is then used to boot the machine or to decrypt files stored on the hard disk. The TravelMate has a 1.2 GHz Pentium III processor, a 15-inch screen with a resolution of 1400 by 1050 pixels, built in 56K modem and Ethernet connection, and it can be supplied with either 128 or 256 MB of memory. It can be configured with a second hard disk, CD-ROM, DVD, or a DVD-CD-RW drive. It will go on sale in October."

Re:False security is worse than no security

[Syberghost]

Using what encryption key? Your fingerprint?

Obviously not. More likely, a key generated at some point in the setup process, and your fingerprint is merely the passphrase to access the key. Same way PGP does it, really.

Re:False security is worse than no security

[Panaflex]

(disclaimer, I worked for a few years on a fingerprint security project)

Actually, the problem is that you have to keep a copy of the fingerprint to match. Getting a copy of this fingerprint from disk or memory would be fairly simple.

Also, you can not hash a fingerprint. Each scan of the same fingerprint is different from the previous one. You can't protect the b' enrolled fingerprint.

The only way this would work is by:
(a) using a dual password/biometric. The password would unlock the b' biometric(enrolled) and the fingerprint would be used to extract it.

(b) using a hardware protection and matching system. Whereby the hardware is responsible for protecting itself. Simular to a smart card concept, the hardware would encrypt the data on disk, and also gather and match the fingerprints. Still, a bit of reverse engineering could defeat this. Also, a cheap fingerprint scanner could probably be fairly suseptable to rubber finger attacks. ;-)

Pan