Slashdot Mirror
Can the iPhone Popularize Fingerprint Readers?
Nerval's Lobster writes "Apple's iPhone 5S features a fingerprint scanner embedded in the home button. Of course, fingerprint-scanning technology isn't new: Bloomberg Terminals feature a built-in fingerprint reader to authenticate users, for example, and various manufacturers have experimented with laptops and smartphones that require a thumb to login. But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want. Security experts seem to be adopting a wait-and-see attitude with regard to Apple's newest trick. 'I'd caution right away, let's see how it tests and what people come up with to break it,' Brent Kennedy, an analyst with the U.S. Computer Emergency and Readiness Team, told Forbes. 'I wouldn't rely on it solely, just as I wouldn't with any new technology right off the bat.' And over at Wired, technologist Bruce Schneier is suggesting that biometric authentication could be hacked like anything else. 'I'm sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,' he wrote. 'But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.'"
Apple used a saphire cover for the lens cover. Why? One possibility was they needed a material that is transparent in the IR to do the sub dermal imaging. But there's other choices. Another possibility is that it's just cool. But what I'm thinking is that perhaps this cannot tolerate too much scratching so they had to use something super hard. I suppose there's also the requirement for mechanical stresses. I don't know. But if it's scratching I wonder if this will be robust.
In any case getting back to the post I'm replying to. there's no reason to store the finger print, just a hash of it, as is done for passwords. You would not want to hash the image of it either. You would want to distill it down to a set of rotationally and translationally invariant feature vectors. Of course that's still an ID of you from your fingerprint, but given the features they could not recreate your fingerprint itself.
Personally I'm very excited about this because I'm very concerned about my phone being the worlds worst 2 -factor identification. Since passwords resets from nearly all websites are sent to the address that you get all your other correspondence from them you have to use the same e-mail address for both. Your phone knows this address since you have to be able to get your e-mail. And if you also use your phone for a 2nd factor, then that doesn't really help. Anyone with your phone can just request a password reset and then they have your password and the 2nd factor. By by pay pal and google pay and your bank accounts.
So if the phone is to be that important having a biometric filter running transparently, regardless of whether it is 100%, is really welcome.
Some drink at the fountain of knowledge. Others just gargle.
I know Slashdot is mostly single guys, but I'd be curious to know if this feature supports multiple fingerprints for family situations. I unlock my phone, my wife will unlock it to look something up, my kids will unlock it to play a game or watch a video - How will this work in these scenarios? I'd also expect customization - I'm fine with my kid using a fingerprint to unlock the phone, but I don't want them to be able to make iTunes purchases at all. I own that right.
Calculate invarient properties of the image and hash those. This is not new technology it has been around for many decades.
Here is an article that explains this better than I did, written by an attorney that specializes in computer security, electronic privacy etc.
http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/