Don’t waste time to capture Ursula’s fingerprints

Another day and another claim: next successful case of stealing biometric data.  But question remain – how can be possible to steal data already exposed to public? Because everything disclosed every day to public can’t be secret. Your face, fingerprints, iris and even DNA is exposed to public and can be easily captured.

Such misunderstanding of biometrics and privacy is common and originate from very wrong assumption: person and his/her unique characteristics remain private in public place. Yes, wearing burqa, gloves and Ray-Ban together can minimize exposure but it will send very clear message to other persons about possible intentions.

How to deal with the biometric data?

Same way like national identity numbers, SSN’s, tax ID’s etc. All such data isn’t secret or public. And clear rules must exist to handle data.

All that information is unique for each person and can be used for identification if there are trustworthy way to verify connection between person and data. Only one major difference – when unique digital identificators are representing always one-to-one type relation, then biometric data is analogue and therefore unlimited quantity of datasets can be exist simultaneously as many-to-one relation.

Finally we will approach to the most important point of this article. Using biometric data for identity verification or authentication. Most important rule – there must be trustworthy way to verify relation between person and biometrical data. In biometrics frequently used term „liveness detection“.  Good implementation of liveness detection reduces greatly risks of physical presentation attacks.

Why is possible to make cheap and successful physical presentation attack with IPhone or other current mobile phones?

Apple engineers succeeded to realize 2 principles: confidentiality and integrity. But non-repudiation remains challenge because lack of good liveness detection in cheap mobile fingerprint sensors.

Another coffin nail – both sides of modern mobile phones are great fingerprint magnets. In many cases there are no need to try capture Ursula’s fingerprints, all required latents are already on top of her phone!

POST IS WRITTEN BY

Ott Sarvfounder@SignWise Services and electronic identity expert.

Head of IT architecture with 12 years experience in banking and public sector.

Broad expertise in e-banking, biometrics, identity management, telecommunication, software development management, security architecture.

Learn more about electronic identity and document signing trends and how you can get the support for your business by contacting SignWise Services team now.

Contact with SignWise Services team
2017-08-31T15:44:37+00:00 Categories: biometric data, Identity, KYC|Tags: , , , , |

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close