Biometic Passports will become a Reality This Year

that will be interesting... nobody will lose their passports unless they get their finger cut off and hit their eyes on pointy objects :D

that will be interesting... nobody will lose their passports unless they get their finger cut off and hit their eyes on pointy objects :D

I like it, although if you lost both eyes and all your fingers, (and possibly toes?), I think losing your passport would be the least of your worries.

How would it work though, would you have info stored on a card that you carried around, or would it be a central database. I would of thought this could mostly erradicate identity theft if it was linked into stuff like bank accounts.

Has the ability to really rain on your day with the inevitable teathing problems. Are there any trials, anything UK based?

The passport would contain the biometrics data on a chipcard or something similar.
We've here already a stiff plastic card embedded in the passport which contains a digitised photograph and signature, adding a chip to that would be easy.

To verify identity (if in doubt from the photograph and other data) a fingerprint and/or retinal scanner can be used and the generated data compared to that stored on the passport.
A central database can be used as a backup to verify the passport was indeed issued (eliminating the possibility of false passports, now a problem as some countries are rumoured to be experts at falsifying the passports of western nations for distribution to terrorists and spies).

The technology exists and has been used for years in access cards for companies, computer networks, etc.
It's the integration and largescale use that's new.

Some people hint at privacy implications but those are mainly the people screaming their rights are being violated whenever anyone does anything that limits their "right" to do whatever they want no matter the consequence for others...

Knowing absolutely 0 about this subject, I would have thought such a project would be much more simple than imbedding something in a normal passport.

1. They could do the whole thing on a credit card - just coming from Europe, we had credit cards with chips in them that are not yet ready for the US consumer. No one actually needs to see the passport stamps, as long as they are stored somewhere.

2. They could just use the retinal or fingerprint info in a master database to keep all the files. Lean and mean...

But the second way no one would actually need to carry anything. But I suppose the government will never give up its paper. Remember the myth that when computers became popular, we wouldn´t need to use paper anymore, lol...

There is one thing that's bothered me - people have this misconception that any website can will be able to directly accept fingerprint as a password. However, this has the same weakness that normal passwords have - if you use it on more than one site, that site can store the data transmitted and use it to access your other accounts.

A lot more secure than any man made number or code.

A lot more secure than any man made number or code.

That's only true if dedicated (and trusted) hardware is available to verify using public/private key signing that the fingerprint data is current (signing a timestamp provided by the website/computer/whatever it is that wants identity verification).

No single system relying on constant data is ever totally secure.

Using biometric data in combination with one time encryption pads may be the only thing that really works but how to get those one time pads to the users without chance of them being compromised?

No single system relying on constant data is ever totally secure.

Using biometric data in combination with one time encryption pads may be the only thing that really works but how to get those one time pads to the users without chance of them being compromised?

Are you talking about authentication or data security here?

Both. If your data security isn't watertight when transmitting the authentication code/data you can never know if said data is coming from a legitimate source.

The one time pad can be both a code and encryption method.
But if you can't guarantee that only the person who should have it has the pad you can't know for sure that the code that is encrypted with it is coming from the person it should be coming from.

and yes, I know I'm paranoid.
But remember: just because you're paranoid doesn't mean they're not after you

Are you guys talking about the subdermal chip that is implanted in the skin?

That's one option for shortrange applications like security checkpoints.
That data can be compared with centrally stored photographs of the people and other data to identify them no problem.

But how to make sure the data you get from someone over the phone or over the internet (for example) is indeed coming from that person and not someone else?

But how to make sure the data you get from someone over the phone or over the internet (for example) is indeed coming from that person and not someone else?

Quite an interesting question. If done over SSL (and we're assuming that the client is VERY SURE of the certificate authority or has personally checked the fingerprint of the cert), the client knows who is at the other end. However, the server does not know that the client knows for sure, and thus it *could* be a "man in the middle" attack.

I can't wait till ID goes thumbprint! Places like the bank would be so much faster if you could draw 10,000 cash and prove your identity with a thumb instead of messign with IDs

thumbprints are relatively easy to fake. That's why airports are moving to iris scan technology. It's not quite impossible to fake but a lot harder than a thumbprint.

I can't wait till ID goes thumbprint! Places like the bank would be so much faster if you could draw 10,000 cash and prove your identity with a thumb instead of messign with IDs

What if you don't have a thumb?

then you become a second-class citizen and your money goes to the already rich bank. That sounds fair, right?

thumbprints are relatively easy to fake. That's why airports are moving to iris scan technology. It's not quite impossible to fake but a lot harder than a thumbprint.

On another thought. If your ID was ever compromised, How could you fix it? You can't replace your thumb with one that's longer and more complex

Wouldn't a combination of thumb, iris, password and voice be a pretty hard to crack method?

yup. Add a DNA profile and it gets even better.

The biometric factors themselves can't be counterfeited. But as soon as you can digitize them and transfer them over the Internet, copies could be made and fraudulently presented as the real thing, or data from other people could be substituted.

Biometrics are a great improvement over passwords, ID numbers, tattoos, microchips, and anything else man made. Those other things can be faked, stolen, copied, or replaced. But boimetrics must be done without using a computer or converting them to digital form, or they will be as easy to defraud as the man made items, because the digital copy itself is man-made.