Hashing Out the Next Step in Biometric Security

ergo98 writes "CNN is running a story about biometric hashing. Using this technique, biometric inputs (such as facial characteristics) are altered based upon individual characteristics in a hopefully one-way process. The goal is to continue to reduce the risk of a back-end data exposure."

Re:Compromises?

[Afrosheen]

Try this one on for size. It's my little gift to the biometric community.

  In many protocols, when a session is initiated, the beginning of the transaction includes a handshake. One side says hello are you there, the other replies yes I'm here and the session continues.

  Why not make an actual, physical handshake verifier? I'm sure most people are consistent with their real handshakes, and there are a wide variety of measurable parameters a handshake can provide. For example, when shaking someone's hand, you apply very specific pressure, grip a particular way that spreads pressure to consistent points on your buddy's hand, hand temperature (which can vary depending on a number of factors but we're talking average), hand placement, duration and motion of the shake, etc. You could take it one step further and teach your employees and the system some jive handshakes that involve many steps. The admin could have the most intricate handshake of all.

  The beauty to all this is that handshakes tend to be very personal and never given out. How could someone hack or even learn a secret handshake? It'd be pretty damn hard to do and even harder to replicate once you figured out the sequence due to pressure and duration, etc.

  Schneier should give this one some thought. All you really need is a rubber jointed hand sticking out of the wall (or hidden inside it, retractable) that feels appropriately like a real human hand. Ask the RealDoll people for advice on this. Load it up with sensors and start training it.