Re: Driver for Microsoft USB Fingerprint Reader
From: Daniel Drake
Date: Thu Jul 06 2006 - 08:20:28 EST
linux@xxxxxxxxxxx wrote:
I utterly fail to see why multiple, generally knowledgeable people are
claiming that encryption in a fingerprint scanner is desirable.
As far as I can tell, the only thing you want is AUTHENTICATION - you
want proof that you are getting a "live" scan taken from a user
who's present, and not a replay of what was sent last week.
This is called "freshness" and is usually provided by including a
random "nonce" (known in other contexts as "magic cookie") in the
authenticated data.
The Digital Persona readers apparently use a challenge-response
authentication scheme for the encryption. I think I know the
challenge-sending and response-reading command structure but have not
yet examined their effect on the encrypted fingerprint data.
Not that I expect "A-1 Computer Corporation" in Shenzhen to have a clue
about these things, but you'd think that Microsoft would have one or
two competent employees left on the payroll.
Now theres an interesting story in this area. The Microsoft fingerprint
readers are based on Digital Persona devices, and actually they seem to
be completely identical. But when comparing bus traffic for the DP
devices vs the MS devices, the DP devices send encrypted fingerprint
data and the MS devices send it as unencrypted 8-bit greyscale.
Anyway, further investigation shows a 1 bit difference in the firmware
uploaded to each device, and I have confirmed that this bit turns
encryption on and off.
IOW, MS's device are capable of encryption but they explicitly turned it
off at the firmware level.
Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/