User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021212
X-Accept-Language: en-us, en
Subject: Re: Biometric fingerprint sensors
References: <firstname.lastname@example.org> <email@example.com> <3h1R9.3610$T41.13574@amstwist00> <3E14A406.firstname.lastname@example.org>
Date: Thu, 02 Jan 2003 22:45:41 +0100
NNTP-Posting-Date: Thu, 02 Jan 2003 22:45:42 MET
Rene Tschaggelar wrote:
>> They produce some kind of image that is evaluated by the host system.
>> Why put an expensive CPU in the reader?
> Simple reasons :
> the software is safe in an embedded device, add data security and
> fear of tampering.
OTOH sending a 'yes or no' signal across the cable would be very interesting.
Replace device with a 'yes' switch and enter :)
> You don't give 10 years of software development away in a dll.
THAT is a good reason. But I think usually cost wins. At least, one of the
tested devices showed a fingerprint on the computer screen. But maybe that's
optional, and teh interpretation / finding of minutes is done in firmware.
> When transmitting the image of a fingerprint, that could be listenen at,
> especially when it is stored on a server, and subsequently reconstructed
> from silicon. Therefore only a template that contains the relevant
> information in some code is leaving the reader. It has to be made sure
> no fingerprint can be reconstructed from the template.
This is HARD, as a fingerprint can change a tiny bit, and the comparison should
still work. No way a standard hash is going to work... thus the data will likely
be more meaningful than that, and obscured or encrypted. Or is there a much