[IP] Biometric Innovation Breakthrough answers UK ID Card Security Fears

To: Ip ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Biometric Innovation Breakthrough answers UK ID Card Security Fears
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 30 Jun 2005 11:30:08 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <p05210626bee9bb99042a@[192.168.0.3]>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Benjamin Kuipers <kuipers@xxxxxxxxxxxxx>
Date: June 30, 2005 11:23:57 AM EDT
To: dave@xxxxxxxxxx

Cc: Ip ip <ip@xxxxxxxxxxxxxx>, Brian Randell<Brian.Randell@xxxxxxxxxxxxxxx>, John.g.fisher@xxxxxxxxxxxxxx,Benjamin Kuipers <kuipers@xxxxxxxxxxxxx>Subject: Re: [IP] Biometric Innovation Breakthrough answers UK IDCard Security Fears



Dave,

This is a nice idea, and undoubtedly helpful, but it's just the cross-product of fingerprints (unchangeable, but hard to forge or guess)and a numeric PIN (changeable, but in a small searchable space).

However, if I can tap your computer or card-reader (or even swipesome of your drinking glasses), and get a collection of yourfingerprints, then I have an "alphabet" to use while searching forthe numeric PIN.

If I have to do this individually for each victim, then it raises thecost of "retail" identity theft while making "wholesale" theftprohibitively expensive, which is certainly a big step forward.

Unless and until someone steals a large fingerprint database. Thenthis is just as vulnerable to wholesale identity theft as before. Itwill cost more cycles, but Moore's Law will take care of that.


Have a nice day!

Ben Kuipers


At 4:41 AM -0400 6/30/05, David Farber wrote:

Begin forwarded message:

From: Brian Randell <Brian.Randell@xxxxxxxxxxxxxxx>
Date: June 28, 2005 5:27:28 PM EDT
To: dave@xxxxxxxxxx
Subject: Biometric Innovation Breakthrough answers UK ID CardSecurity Fears
Dave:
This "understated" commercial press release has been issued thevery day that the UK Parliament is debating the Government'scontroversial ID Card proposals.
I look forward to reading IPers reactions!

cheers

Brian Randell
PRESS RELEASE

June 29th 2005

Further information: 02476 236644

Press Office: John Fisher - 01785 840978
M: 07808 171 664
John.g.fisher@xxxxxxxxxxxxxx
jfisher@xxxxxxxxxxxxx

http://www.senselect.com

Biometric Innovation Breakthrough answers UK ID Card Security Fears
A biometric identity card system that is hacker and thief-proofand puts the missing privacy and security into the UK ID project -has been unveiled today (Wednesday).
The British inventors of the BiometricPIN system say the systemcan be used in the new UK ID cards, overcoming all security fearsand objections and putting control on the use of biometrics in thehands of the user. Instead of using a single, easily lifted orstolen fingerprint, BiometricPIN will allow any sequence of fingerprints determined by the user. No one has been able to achievethis so far and the implications will be global as spin-offprojects emerge.
The sequence creates a digital pattern that can only be recreatedby the user. When it is stored on a Government or central databaseit simply becomes an unidentifiable "blob" that cannot be stolen.
Behind the world-first breakthrough is West Midlands biometriccompany, Senselect Limited, which has been working on the hush-hush software-based system for five years. John Topping, ManagingDirector of Senselect, said BiometricPIN would have implicationsfor everyday life across the world, but the company hasconcentrated so far on the ID card security problem and the "bigbrother" fears it instills in people.
"This is totally secure, fast and "hacker-proof", said Mr Topping."The sequence simply cannot be replicated by anyone other than bythe user. It also allows the user to determine just how muchinformation others can see about them. A doctor, for example,could be restricted to medical history whilst a bartender willonly get confirmation that the customer is over 18."
With BionetricPIN there will be no "big brother", said JohnTopping and identities stored on Government databases are safefrom theft. With single finger biometrics everyone has a right tobe scared because, while you can change a pin number if you arecompromised, fingerprints are for life.
Biometrics using single fingerprints as an identifier have beenused for some years, and despite them being capable of being"lifted", their use has grown. Their use in government ID cards -even with the backup of iris and facial biometrics - is considereda step backwards by many.
"With BiometricPIN there would be total security as the patterndecided on uniquely by the user cannot be lifted from a singlefinger reader or hacked from a database", said John Topping."BiometricPIN produces a unique biometric print that just cannotbe copied. It also needs live fingers."
Mr Topping said BiometricPIN would solve a huge worldwide problem.Anyone concerned that their ID could be copied can rest assuredthat this will allay all their fears. Protecting peoples ID isalready written into our law but with BiometricPIN it will be inthe hands of the user. Senselect says BiometricPIN, because it issoftware-based, can be used in conjunction with all existingtechnology, along with iris and facial biometric systems.
The company says it already has several European governmentsinterested in implementing BiometricPIN and Senselect has produceda set of security standards for cross border biometricidentification. This is now being considered by the European Unionfor adoption.
Added John Topping: "We believe we have solved a huge problem forthe world and are ready to share our knowledge. This is thebiggest breakthrough in computer technology for many years andwill have a huge impact on everyday commerce as furtherapplications for BiometricPIN emerge".
Ends

Senselect Limited
Coventry University Technology Park
The Innovation Centre
Puma Way
Coventry, UK, CV1 2TT

http://www.senselect.com
For further information, please reply to<mailto:john.g.fisher@xxxxxxxxxxxxxx>john.g.fisher@xxxxxxxxxxxxxx
--
School of Computing Science, University of Newcastle, Newcastleupon Tyne,
NE1 7RU, UK
EMAIL = Brian.Randell@xxxxxxxxx   PHONE = +44 191 222 7923
FAX = +44 191 222 8232  URL = http://www.cs.ncl.ac.uk/~brian.randell/



-------------------------------------
You are subscribed as kuipers@xxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/



--

Benjamin Kuipers, Professor         email:  kuipers@xxxxxxxxxxxxx
Computer Sciences Department        tel:    1-512-471-9561
University of Texas at Austin       fax:    1-512-471-8885
Austin, Texas 78712 USA             http://www.cs.utexas.edu/~kuipers


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more problems with PalmOne
Next by Date: [IP] Internet Mailing Lists vs. Specter-Leahy data security bill
Previous by thread: [IP] Biometric Innovation Breakthrough answers UK ID Card Security Fears
Next by thread: [IP] National Security Service created by Bush; surveillance plan endorsed [priv]
Index(es):
- Date
- Thread