that will be interesting... nobody will lose their passports unless they get their finger cut off and hit their eyes on pointy objects :D
I like it, although if you lost both eyes and all your fingers, (and possibly toes?), I think losing your passport would be the least of your worries.
How would it work though, would you have info stored on a card that you carried around, or would it be a central database. I would of thought this could mostly erradicate identity theft if it was linked into stuff like bank accounts.
Has the ability to really rain on your day with the inevitable teathing problems. Are there any trials, anything UK based?
The passport would contain the biometrics data on a chipcard or something similar.
We've here already a stiff plastic card embedded in the passport which contains a digitised photograph and signature, adding a chip to that would be easy.
To verify identity (if in doubt from the photograph and other data) a fingerprint and/or retinal scanner can be used and the generated data compared to that stored on the passport.
A central database can be used as a backup to verify the passport was indeed issued (eliminating the possibility of false passports, now a problem as some countries are rumoured to be experts at falsifying the passports of western nations for distribution to terrorists and spies).
The technology exists and has been used for years in access cards for companies, computer networks, etc.
It's the integration and largescale use that's new.
Some people hint at privacy implications but those are mainly the people screaming their rights are being violated whenever anyone does anything that limits their "right" to do whatever they want no matter the consequence for others...
Knowing absolutely 0 about this subject, I would have thought such a project would be much more simple than imbedding something in a normal passport.
1. They could do the whole thing on a credit card - just coming from Europe, we had credit cards with chips in them that are not yet ready for the US consumer. No one actually needs to see the passport stamps, as long as they are stored somewhere.
2. They could just use the retinal or fingerprint info in a master database to keep all the files. Lean and mean...
But the second way no one would actually need to carry anything. But I suppose the government will never give up its paper. Remember the myth that when computers became popular, we wouldn´t need to use paper anymore, lol...
There is one thing that's bothered me - people have this misconception that any website can will be able to directly accept fingerprint as a password. However, this has the same weakness that normal passwords have - if you use it on more than one site, that site can store the data transmitted and use it to access your other accounts.
A lot more secure than any man made number or code.
That's only true if dedicated (and trusted) hardware is available to verify using public/private key signing that the fingerprint data is current (signing a timestamp provided by the website/computer/whatever it is that wants identity verification).
Both. If your data security isn't watertight when transmitting the authentication code/data you can never know if said data is coming from a legitimate source.
The one time pad can be both a code and encryption method.
But if you can't guarantee that only the person who should have it has the pad you can't know for sure that the code that is encrypted with it is coming from the person it should be coming from.
But how to make sure the data you get from someone over the phone or over the internet (for example) is indeed coming from that person and not someone else?
Quite an interesting question. If done over SSL (and we're assuming that the client is VERY SURE of the certificate authority or has personally checked the fingerprint of the cert), the client knows who is at the other end. However, the server does not know that the client knows for sure, and thus it *could* be a "man in the middle" attack.
The biometric factors themselves can't be counterfeited. But as soon as you can digitize them and transfer them over the Internet, copies could be made and fraudulently presented as the real thing, or data from other people could be substituted.
Biometrics are a great improvement over passwords, ID numbers, tattoos, microchips, and anything else man made. Those other things can be faked, stolen, copied, or replaced. But boimetrics must be done without using a computer or converting them to digital form, or they will be as easy to defraud as the man made items, because the digital copy itself is man-made.