Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Biometric update Tim Mather's article "Why Biometrics Might Just Bite Back" [September 2005] is misleading, inaccurate and at least ten years old in thinking. First, let me correct a market misconception that a biometric is just a very long password. Biometrics are nothing like passwords. Passwords are semi-secrets known only to the user and the verifier; hence the security of passwords rely primarily on their confidentiality. Biometrics are not secret; individuals leave latent fingerprints everywhere -- their faces are photographed, their voices are recorded, etc. Thus the security of a biometric authentication system by definition cannot rely on confidentiality. Rather, such security must rely on the integrity and authenticity of the biometric data. Hence biometrics, unlike semi-secret passwords, are public information and do not need to be reset.
This is exactly the approach of the American National Standard X9.84 Biometric Information Management and Security. As the incumbent chair of the X9F4 Cryptographic Protocols and Application Security Working Group that developed this standard, I can attest that X9.84 and other national standards are being transformed into international biometric standards.
Login above or Register now and get unlimited access.
Already subscribed but have forgotten your login? Recover your password your here.