data encryption + Biometric security

Heilpern, Mark mark.heilpern at authentec.com
Thu Feb 1 19:12:58 CET 2007


There are many competing technologies behind fingerprint scanning and
evaluation techniques, some which are rather weak and others which are
quite strong. Forming opinions based on tests against a small subset of
them is not exactly doing due dilligence.

Watching things like tv's MythBusters defeat fingerprint sensors is
interesting and entertaining, but when you know they're using several
year old, out-dated technology for the sensors they evaluate, you might
suspect that there's more to the story that they're telling you.

Disclaimer: I work for a fingerprint sensor manufacturer.





-----Original Message-----
From: community-bounces at lists.openmoko.org
[mailto:community-bounces at lists.openmoko.org] On Behalf Of Robert Michel
Sent: Thursday, February 01, 2007 12:41 PM
To: community at lists.openmoko.org
Subject: Re: data encryption + Biometric security

Salve Ben!

First it sounds a very smart idea to have biometric security, but sorry,
when I give you some sceptical feedback.

On Thu, 01 Feb 2007, Ben Burdette wrote:

> Here are a couple of items for the phone wish list:  data encryption 
> and biometric security.

Biometric "security" wasn't discussed by the OpenMoko community yet, I'm
no crypto expert, but I'm not convinced that biometric worth the
hardware... see:
http://www.ccc.de/biometrie/fingerabdruck_kopieren

When somebody wants to play with biometric "security"  the Neo1973 could
be used for voiceanalysing - Print 7 random words to the screen and the
user has to read them aloud ...

> I'd like the phone to be a secure place for me to store passwords and 
> similar information.  Are there plans to have some security features 
> like this, that would prevent someone from extracting secure data from

> the phone if it was lost?

A file could have an encrypted filesystem, acess is given only for a
while and only while GPRS connection is on.
If it is lost, use Internet or an asterisk server to unmount this file.

> Having a fingerprint scanner would be more of a convenience feature so

> I wouldn't have to enter a password whenever I want use the phone, or 
> alternatively when I want to access encrypted data.

Sounds nice, but I have doubts that a fingerscanner is given real
security.

I will going to play with my (Debian) Crytoflex card, but not to make
access more easy - to make it more secure.
So when I have to lost both - my Neo and my Cryptotoken.

projectblackdog.com costs 199US$+Chiping for me to expensive.

But this is just my 2cents....

When somebody has such a finger scanner and likes to make it running
with OpenMoko would be fine - but expect also some feedback that the
fingerscanner concept is not so secure as it looks like:
google "finger scanner site:www.schneier.com"

Greetings,
rob



_______________________________________________
OpenMoko community mailing list
community at lists.openmoko.org
https://lists.openmoko.org/mailman/listinfo/community




More information about the community mailing list