Re: Driver for Microsoft USB Fingerprint Reader

From: Alan Cox
Date: Thu Jul 06 2006 - 13:20:27 EST


Ar Iau, 2006-07-06 am 00:48 -0400, ysgrifennodd linux@xxxxxxxxxxx:
> As far as I can tell, the only thing you want is AUTHENTICATION - you
> want proof that you are getting a "live" scan taken from a user
> who's present, and not a replay of what was sent last week.

Read the papers on the subject. If I can get copies of the unencrypted
data I can use those to make fake fingers.

A finger print is personal data, arguably sensitive personal data. That
means there are lots of duties to store it securely. It is also very
hard to revoke a fingerprint so theft of data is highly problematic as
it will allow me to generate fake fingers. Theft of encrypted data might
allow replay attacks on one PC. Big deal.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/