Security for Dummies
Safe and simple
Friday 4 July 2008, 10:12 PM
Biometric devices. Do you need one?
• I want biometric device to fill my passwords instead of me.
• I want it to encrypt files for me.
• I want it to protect my computer.
• I want it to be small and portable.
• I want it to work without drivers on any PC
There are more “I want” and most of them are answered here. But this is my personal passion. I would like to hear your opinion.
Do you need biometrics? Why?
What features are you expecting to get with biometric devices?
What will make you purchase such device?
Please answer in comments.
PS. My last post on this item somehow disappeared together with comments. Please, post your comment again if you already did. Thank you.
PreviousComments on this post
There are two questions here – how much do you trust biometrics, and if they work perfectly (they always identify you correctly and never identify anyone else as you), how would you like to use them?
The first question is, currently, not very much. I don't think any one biometric method is reliable enough to be trusted – or is applicable in all situations.
We're learning that multiple methods combined with intelligent weighting is a very good way to identify things: location technology is moving towards mixing GPS, wireless WAN/LAN sampling and context awareness as the best, most commercially viable, way to provide good data.
Similarly, I think it's possible to create a reliable biometric identifier by combining voice, gait, iris, face and fingerprint recognition, but not in a useful way. When it comes to having one tiny device that knows you are what it considers you should be, we have very little idea how to do it, let alone for the mass market. I'm sure that we can get there, especially with the mixture of nanotech sensors and intensely powerful low-wattage computation that we're being promised, but it's going to take a lot of work from the ground up.
Let's ignore all that. Given that it works, how to use it? There are some profound implications. Assuming that the biometric is perfect, that it is impossible to forge or steal its authorisation message, and that things can be safely tagged as yours, then it becomes possible to own everything you cause to happen online. Identity theft (eventually, real theft) becomes impossible, taxation becomes a Web service ("Hello, Tax System. I'm a party in the following transaction. What do you give to or take from it?") that can be automated to the lowest level, entire areas of online security go away. Perfect DRM would be another side-effect, as would be the automatic enforcement of IP licences, of all types from very restrictive to uncloseably open.
You both raise valid points on the topic of biometrics. As I am actively a graduate student of software engineering, I have conducted significant research in the area of biometric technologies. More specifically as to how they can be tailored into electronic financial mediums. It seems as Rupert points out that no single device is fail safe. The only true method we have available consists of channel gating each bit of authentication until a specified formula of matches can be validated through a repository gateway. In essence biometric devices should act to increase security while also alleviating the time/work correlation of existing authentication methods.
I see tremendous opportunities in this market as there is yet (at least in my humble opinion) to come a catalyst by which the chasm from concept to mass market deployment can be crossed. As a landscape for innovative technology, the biometrics sector is ripe for development.
Cheers,
Eric E
MyMobiSafe.com
