Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Biometrics Win Support From the Lazy

Zonk posted more than 8 years ago | from the i-have-to-use-my-finger-to-type-pshh dept.

124

judgecorp writes "We're used to discussions about privacy and security, but amongst users, the real issue is ease of use, according to a survey by Unisys. It's not a huge sample, but ten percent of the users in Asia were happy to be chipped and have done with it." From the article: "Frost & Sullivan security analyst James Turner said while speed of identity verification may be driving people's acceptance of biometrics, the key issue is that biometrics can be a security block, rather than an enabler. Turner added that what is more important in the smartcard debate is ratifying exactly where the identification data is stored. "

cancel ×

124 comments

Sorry! There are no comments related to the filter you selected.

Man I hate having to type in my /. password. (3, Funny)

Whiney Mac Fanboy (963289) | more than 8 years ago | (#15262848)

I wish there was someway for me to use a fingerprint scanner or embedded RFID - that way I could get first post! ;-)

Re:Man I hate having to type in my /. password. (2, Insightful)

Znork (31774) | more than 8 years ago | (#15262949)

Just do with your password like you do with your fingerprints:

Attach it written on a postit note to every cup of coffee you touch.

I'll bet that you (or some random stranger being 'you') will get that first post soon enough.

Re:Man I hate having to type in my /. password. (2, Insightful)

jamshid (140925) | more than 8 years ago | (#15263098)

Yup, it really worries me that we're fighting a losing privacy battle, at least in the US. Let's face it, most people would implant an RFID chip that broadcasts their social security number for a 10%-off coupon at Wal-Mart.

We have to educate people about what it means to provide information to a corporation that can be used as a key into other databases.

Mark, of teh BEAST (1)

Thud457 (234763) | more than 8 years ago | (#15263330)

Blessed are the really lazy, since they'll procrastinate about going down to the government center to take the Mark of the the Beast! - ACs 4:20

Re:Man I hate having to type in my /. password. (1)

maotx (765127) | more than 8 years ago | (#15263166)

I wish there was someway for me to use a fingerprint scanner or embedded RFID - that way I could get first post! ;-)

While I've never used it, I have heard a few interesting things about it.
Try FingerFox [google.com] : an extension for Firefox that supports Microsoft's fingerprint reader. (Google translated from French)

Re:Man I hate having to type in my /. password. (0)

Anonymous Coward | more than 8 years ago | (#15263268)

Yup....the old Stepford Wives Syndrome.

"Honey, it's ago to put that chippy thing in the back of my head, just be sure to take the trash out tonight."

I've believe we've already witnessed where that can lead to.....

["Ah...ah.ah.ah....ahh.umm.." Geo. W. Bush's secret morse code]

2nd post (0, Troll)

Asshat_Nazi (946431) | more than 8 years ago | (#15262871)

i wanna pee on you! 8=====)~~

Where the chip is best stored... (2, Funny)

parasonic (699907) | more than 8 years ago | (#15262887)

...is in the body area most likely to be guarded.

Re:Where the chip is best stored... (0)

Anonymous Coward | more than 8 years ago | (#15262916)

Your palms?

Re:Where the chip is best stored... (0)

Anonymous Coward | more than 8 years ago | (#15262972)

Well, it does start with a P and end with an S.

You usually cup this body part with your palms, using your palms as a shield for its defense. Hint: It's not your palms!!

Re:Where the chip is best stored... (1)

Tackhead (54550) | more than 8 years ago | (#15262969)

> ...is in the body area most likely to be guarded.

1) Bluetooth-enabled RFID-implant-based bioauthentication system.
2) ???
3) PROFIT!

Are you suggesting that the missing link is "Chair"?

Where the chip is best stored...Assets. (0)

Anonymous Coward | more than 8 years ago | (#15263143)

"...is in the body area most likely to be guarded."

The ass?

The problem being... (4, Insightful)

Churla (936633) | more than 8 years ago | (#15262888)

I don't want an RFID which simply spews out "yes this is Churla" to any device requesting my identity because that it far too easy to spoof. Anything transmitted is just a transmission and on the most basic level can be recorded and rebroadcast by someone else.

This brings around the point that you would still need a second means of authentication anyways. meaning either a password/code to enter that you knew, or possibly some biometrics like fingerprints/retina scans. I don't trust facial geometry scanning because it also is dupable easier than stealing a retina.

Re:The problem being... (1)

mikesd81 (518581) | more than 8 years ago | (#15263050)

That's a good point. If RFID tags are to happen, God forbid, protocols have to be in established world wide, and the tag has to be active not just passive. By that I mean that when you go to unlock your office door at work, it needs to send a "Hi, who are you?" signtal to your tag, then YOUR tag has to send "Hello I'm the man that works here". But it has to somehow be encrypted.

It seems that this all more and more a headache in the securtiy department.

Re:The problem being... (0)

Anonymous Coward | more than 8 years ago | (#15263205)

normal encryption would be useless as then all the person has to do to copy the encrupted message and send that just like they would a normal transmission. if there was to be a encryption, it would have to be dynamic. possibly the door sending a signal and your rfid would send a reply message using some sort of algorythm based off on that. this would make it almost impossible to simply copy a transmission as the door signal could change constantly (with some time delay to allow time for rfid to send a return signal). the algorythm would be crackable however with time as someone only needs to record some successful transmission in order to try to reverse engineer the algorthym. rfid would be useless without something changing otherwise.

Re:The problem being... (1)

Delphiki (646425) | more than 8 years ago | (#15263241)

The server and the RFID tag have a secret key that they both know. The server sends out a random number and then the tag is used to send a response that requires both the secret key and the random number to generate. Then spoofing the output of the tag would no longer work. Of course, I don't even know if it's possible to do logic like that on RFID tags, and there's probably another way to break that security anyway.

Re:The problem being... (1)

nasch (598556) | more than 8 years ago | (#15263504)

How would an active tag help security?

Re:The problem being... (1)

mikesd81 (518581) | more than 8 years ago | (#15263669)

It would simply answer the quest for information instead of just broadcasting when it gets hit w/ radio frequencies. Some how a private converstation has to happen w/ encryption of soe sort.

Re:The problem being... (3, Insightful)

jimicus (737525) | more than 8 years ago | (#15263158)

I'm still not convinced that the will exists. With strong keypair-based encryption, unless the RFID has enough intelligence to generate its own keypair, something else is going to have to do that and copy the keys onto the RFID chip.

And you just know someone will keep a copy of all the generated keypairs, and a whole bunch of them will be stolen.

All these are resolveable, technical issues. But they're the kind of thing that gets resolved by academics dedicated to perfecting the theory, not the kind of thing that gets resolved by a company dedicated to getting the per-chip cost down to a fraction of a penny.

the real issue is ease of use... (5, Insightful)

Grrr (16449) | more than 8 years ago | (#15262889)

Mold the technology to the users, not the other way around. Check.

< grrr / >

Re: the real issue is ease of use... (1)

shutdown -p now (807394) | more than 8 years ago | (#15264620)

Why not, if it's easier to achieve and works just as well?

I, for one, don't have a problem with that.

Turn it off? (5, Insightful)

joke_dst (832055) | more than 8 years ago | (#15262903)

The main issue I have with putting chips under my skin is that I can't take it out whenever I want! If there were a convenient way to turn it off I might do it...

(But carrying around a device for turning it off kind of circumvent the whole idea... Then i could just carry an ID card with an off switch instead)

Re:Turn it off? (2, Funny)

Stradenko (160417) | more than 8 years ago | (#15262953)

Chip your hand and wear a nice set of wire-mesh gloves. Put some leather around the wire-mesh and you'd be borderline fashionable.

Re:Turn it off? (2, Funny)

MrHeartbreak (959513) | more than 8 years ago | (#15263049)

Wear a glove everywhere? Kewl!

Trendy, just like Michael Ja... oh, wait.

Re:Turn it off? (1)

Stradenko (160417) | more than 8 years ago | (#15263364)

One should always wear gloves anyway -- wouldn't want to leavy nasty fingerprints everywhere.

Re:Turn it off? (1)

erbmjw (903229) | more than 8 years ago | (#15263046)

If you must have a chip then have them put it in a place that can easily be covered with metal - ie by a braclet or ring.

The jewelry {if it uses enough metal} will effectively block the RFID tag from receiveing and broadcasting signals, as well it won't be highly noticable that you are attempting to block random readers.

Personally I'm not all that impressed with currently embedded chips. MRI machines are not supposed to be used on an unconcious chip embedded person, because of potential problems like the chip overheating and or moving! So you may have a chip that should allow the hospital to access your medical history but, you have to wear a bracelet telling them to not put you in a MRI machine if you are unconcious.

Re:Turn it off? (1)

Maximum Prophet (716608) | more than 8 years ago | (#15263610)

But, if you need that MRI to diagnose the brain aneurysm, they either have to dig the chip out, wasting time, or use another technology that may not be the best at diagnosing your illness.

Re:Turn it off? (2, Interesting)

Epistax (544591) | more than 8 years ago | (#15263103)

How about instead of implanting chips, which can break or become obsolete easily, we implant something that can hold the chips? People get implants all the time which result in things like tubes sticking out, perhaps to regulate pressure or allow draining of some liquid. Pretty disgusting, but life saving.

Well how about an implant that (is hopefully not nearly as disgusting) which allows a chip to be slid in place or out of place? The implant could be a tiny flap of sorts which allows a film to be placed between it and you. That film would be a small flexible chip. Some sort of electric pulse could form an ejection system for removing the chip.

Now I don't know the exact physics of it, but I don't see a problem with it. Any number of ejection mechanisms could easily be tried. The only concern I'd have is infection, but someone out there is bound to have a solution for that, as well a solution to skin completely growing ontop of the device.

Re:Turn it off? (1)

cHALiTO (101461) | more than 8 years ago | (#15263198)

You mean kinda like one of these? [technovelgy.com]

Re:Turn it off? (1)

Eideewt (603267) | more than 8 years ago | (#15263568)

Of course, if you can remove it and lose it that easily, why not just put it on your keychain?

Re:Turn it off? (1)

Epistax (544591) | more than 8 years ago | (#15264163)

Well you'd have to rather deliberately remove it, which would be done to replace it. I mean it's not like it'd make it more comfortable to remove it since what you're feeling is the holder, not the chip. The idea is you'd remove it to change it. I mean, a keychain can be stolen or forgotten. This could be made extremely hard to steal by having unique device interfaces (holder and ejector matched).

I'm not arguing for it. It's creepy to me. I'm just throwing an alternative into the air because no one who has a chip in their skin right now will be happy with the same chip in 20 years (how about 5 years?).

Re:Turn it off? (1)

vertinox (846076) | more than 8 years ago | (#15264610)

The main issue I have with putting chips under my skin is that I can't take it out whenever I want!

Bull hockey. It ain't nothing a shot of tequila, lether belt, and an exacto knife can't fix.

Morbidity (4, Insightful)

Billosaur (927319) | more than 8 years ago | (#15262942)

Mind you... if all they need is a fingerprint and/or data from your RFID implant, a crook wouldn't even need you alive. The RFID chip would supposedly keep working for a while and fingerprints don't depend on you being alive. Retinas would be a different story, since they require a constant blood flow, though I'm not sure what the decay rate is for retinal tissue when you die.

Food for thought.

Re:Morbidity (1)

evil agent (918566) | more than 8 years ago | (#15263043)

Some fingerprint scanners to require signs of life. I seem to remember hearing that some need to detect a heartbeat and/or body heat. Of course, these measures can be circumvented as well...

Re:Morbidity (1)

punkr0x (945364) | more than 8 years ago | (#15263237)

That's pretty cool! I would have loved to be involved in planning that: Military Official: This fingerprint scanner will make sure only authorized personnel can get through this door! Naysayer: But what if someone chops off the hand of an authorized personnel and uses the severed hand to gain access? Official: Not to worry, we're prepared for that! You see, the scanner requires that the finger have a pulse. They can stand here all day poking it with the severed hand, they're not getting in. Authorized Personnel: Awesome...

Re:Morbidity (1)

Maximum Prophet (716608) | more than 8 years ago | (#15263687)

Well, you do have to prepare for all contingencies. (:-)

Seriously, this and skin conductivity also stop someone from having different fingerprints printed onto their fingers with latex.

Re:Morbidity (1)

cHALiTO (101461) | more than 8 years ago | (#15263258)

Some secure fingerprint readers check temperature and skin conductivity, and even for those who don't, a dead finger is usable only for a short period of time. The finger skin stretches pretty quickly after death and the print becomes unusable. You should see what a necrodactilar finger card looks like, they're used for example to identify bodies in accidents or crimes, and it's not at all so easy as identifying a living person. Even if you can use them, it becomes evident when you see the print that the finger was not alive.

Re:Morbidity (3, Interesting)

BigChiefMunkey (870488) | more than 8 years ago | (#15263272)

While this is true, I believe you are on the right track with the retinas. The 'pattern' that they are recognizing is the random pattern that the blood vessels make on your retina. No blood circulating/inflating those vessels..

There are also technologies out that address this specifically with blood vessel patterns in your fingers as well. Although I'd have to think that these would be less accurate than retinas.. You'd think that there more capillaries in your eye than your fingers (although you certainly have a lot of nerve endings and blood in your fingertips.)

Still, all that being said, it is more useful to have 2-factor identification anyway. SomethingYouHave and SomethingYouKnow. Not one or the other, etc.

-bw

Re:Morbidity (1)

orielbean (936271) | more than 8 years ago | (#15263501)

Although in sci-fi, they usually kill the dude, take a picture of the retina, then make contacts w/ the image transferred onto it. Owned... :-( Of course, you'd be dead, so who cares if they ruin your credit at that point...

Re:Morbidity (1)

fish_in_the_c (577259) | more than 8 years ago | (#15263531)

the deeper problem with using biometrics is once a crook figures out a way to deceive a system into thinking they are you. Thus compromising you biometric identity there is usually no way to correct the compromise. ( you can't change your fingerprints.)

That is why biometrics are best considered as an ADDITIONAL level of security beyond passwords.

Three things can establish trust:
1) what you are - biometric
2) something you carry - card ( ref id?)
3) something you know - password or pin

the most secure systems will always require all three anything else is an engineering compromise. Of coarse you can also increase security by increasing the amount of data a imposter would need to get. IE two biometrics, multiple passwords , a card and a key and a
dongle ect.

Another thing to consider is how secure is secure. Most people consider things guarded by an armed guard secure. The guard is a biometric security device. he/she becomes familiar with those who have access and suspicious of unrecognized people. They use a large number of biometric factors to recognize people.

on the other hand there are many military applications which don't consider an armed guard good enough.

Re:Morbidity (1)

Billosaur (927319) | more than 8 years ago | (#15263886)

Three things can establish trust:
1) what you are - biometric
2) something you carry - card ( ref id?)
3) something you know - password or pin

Getting back to the laziness aspect, this is exactly what most people would prefer to avoid. While they carry fingerprints or retinas everywhere, carrying a card means the potential for losing it and having a PIN/password means having to remember it. Most people want a one-shot identification to take place, preferably without them having to lift a finger (I know... I know...)

Anybody with mod points might want to throw the parent an "Insightful."

Re:Morbidity (1)

fish_in_the_c (577259) | more than 8 years ago | (#15264006)

I guess that was what I was trying to get at:
When laziness is your primary concern in building security you build windows 98.

If biometric adoption is being helped by the laziness factor it is because the biometrics systems being build are less secure then password based systems they replace. biometrics can only offer additional security if they are use in combination with some other techniques. Otherwise they offer poorer security because they can't be changed if they are comprised.

Giving someone a smart chip that lets them in and out of a building is less secure then giving them a pass code.

Of coarse ease of use is always opposed to security. The point is the consciously make the decisions about the trade offs.

decay rate (1)

sepharious (900148) | more than 8 years ago | (#15263602)

Requirements for defeating retinal scans: one fountain pen. This [imdb.com] proves it conclusivly. Hollywood NEVER lies.

Re:Morbidity (1)

vertinox (846076) | more than 8 years ago | (#15264768)

Mind you... if all they need is a fingerprint and/or data from your RFID implant, a crook wouldn't even need you alive.

And how this is any different from a guy putting a gun to your head, forcing you to write down your password or PIN, and then shooting you anyways?

There are countless roberies every year were victims are forced at gun point to withdraw monies from ATMs.

Seriously, a thief doesn't want to murder you (most of the time) if he can avoid it. Unless you put up resistance, they just want your money and then flee the scene. Robbing someone can get 10-20 years, but mediocre pursuit by the police. Murder can get you Life or Death Penalty, and high pursuit by the police.

Of course, if they are out to kill you anyways or going on rage to get a crack cocaine fix... Then you are pretty much screwed as it is.

Wait a minute... (4, Insightful)

bensafrickingenius (828123) | more than 8 years ago | (#15262978)

"ten percent of the users in Asia were happy to be chipped and have done with it."

Is being "chipped" biometrics at all? Or am I being a semantics Nazi?

Re:Wait a minute... (1)

BigChiefMunkey (870488) | more than 8 years ago | (#15263328)


You know, I had the same thought. Maybe it is more inclusive than how it is defined in my head.

> I am not left-handed, either!

Crap, I am. Does this mean we've got the bases covered for biometrics, chips, and handedness? heh

-bw

Re:Wait a minute... (1)

AnalystX (633807) | more than 8 years ago | (#15264478)

I was thinking the same thing, but I was willing to assume the article cleared up the confusion. I haven't read the article yet, but a chip is definitely not biometrics.

I give biometrics two thumbs up (0)

Anonymous Coward | more than 8 years ago | (#15263006)

...from my La-Z-Boy chair.

Repeat the Story Enough (3, Insightful)

mpapet (761907) | more than 8 years ago | (#15263024)

times and people will believe it.

Unisys has the most to gain by selling this story. They do these kinds of projects on a regular basis.

I'd be interested to hear how many of their smart card projects actually worked as promised.

is it who the chip says it is? (1)

robinsonne (952701) | more than 8 years ago | (#15263031)

and what's to stop someone from putting someone else's or a duplicate chip in

Re:is it who the chip says it is? (2, Funny)

voice_of_all_reason (926702) | more than 8 years ago | (#15263064)

The career chip police. You gotta do what ya gotta do.

Why implants? (3, Interesting)

XxtraLarGe (551297) | more than 8 years ago | (#15263036)

Why not simply embed a password in a chip on some jewelry like a bracelet or a ring? Something you can take off if you need, and will be aware of if it is missing. Then have a system to deactivate it if it does come up missing or stolen. I for one don't want to have anything implanted in me unless it's a matter of life or death, but I guess the sheeple don't have as much of a problem with it :-(

Re:Why implants? (1)

mikesd81 (518581) | more than 8 years ago | (#15263107)

Now that's a decent compromise, but how would you deactivate the device? Unless it has a some kind of cellular receiver in it that you can just send a signal from anywhere in the world.

Unless of course, you do it from the other end and once you find it's missing you remove the device ID from the system it works on, therefore makint it null and void. So if it is stolen, then someone can try to use it but it won't work because the ID it sends to authenticate won't exhist any more.

Who needs RFID? (3, Insightful)

thebdj (768618) | more than 8 years ago | (#15263041)

RFID isn't lazy. This [slashdot.org] would be the ultimate in lazy and simple. Of course, it would be fun if things start happening randomly once your mind starts to wander.

Excuse me? Lazy? (5, Insightful)

Otter (3800) | more than 8 years ago | (#15263042)

from the i-have-to-use-my-finger-to-type-pshh dept.

I don't think the users are sick of having to type -- they're sick of the situation created by lazy-ass admins who think that you create security by having 30 different accounts, each with >8 characters, with mandatory uppercase, lowercase, numerics and punctuation. Oh, and they all have to be rotated at 60 day intervals and it's easy because you just make up a little story about each of your convoluted passwords, remember all 30 of them and make up a new one and forget the old one every time you change the password!

I just had to change and lengthen my purchasing account password because, y'know, there's a huge problem with h4x0rs ordering office supplies in my name. I'll tell you where I'd like to implant an RFID chip...

Amen --- mod up (no text) (0)

Anonymous Coward | more than 8 years ago | (#15263109)

no text

Re:Excuse me? Lazy? (1)

SatanicPuppy (611928) | more than 8 years ago | (#15264580)

This won't make it any better...You'll just have to have so many chips implanted you'll look like a chip hedgehog.

The problem lies with corporations who are too lazy to set up some kind of integrated security...unfortunately microshaft has one of the most friendly setups, with Active Directory, but it doesn't play well with others, and it has all the problems associated with all the other microsoft products.

So you end up with every application having its own security, and then corporate decides that all passwords have to be 25 characters long with at least 5 characters of sanskrit, and they have to be changed every full moon, and you can't reuse a password within the same neptunian orbital period, and if you type the wrong password three times, you have to call an admin to get yourself unlocked because giving a non-admin unlock privledges would be A MASSIVE SECURITY BREACH.

I admin this one system...Everyone who logs into it, who isn't an admin, needs one password. In order for me to log in to change their password, I need three. And while I'm typing in my damn list of obscenely long and complicated passwords, I have some yammering user on the phone complaining about the password policy.

Trust me, we hate it too. It's the name of the game these days, unfortunately. I don't think implanted chips are the answer though...Mainly because they'll be obsolescent so fast, what's the point?

These lazy people should watch "Charlie Jade" firs (1)

denis-The-menace (471988) | more than 8 years ago | (#15263055)

These lazy people should watch "Charlie Jade" first.
http://www.charliejade.com/ [charliejade.com]

In the show, in the Alphaverse ( a parallel universe with more advanced technology than use) everybody has a chip in their wrist. They use is as a debit card. The corporations/governments use it as population control. If you don't have a chip, you don't exist and anybody can kill you.

BTW: Yes, it's a good show but the pace is slower than lets say BSG.

Hello, Mr. Fragmentate, Welcome to Wal-Mart (3, Insightful)

fragmentate (908035) | more than 8 years ago | (#15263063)

There was that one movie with that one guy that eats placentas... uhm... "Minority Report".

I already don't like when they read my credit card and say, "thank you Mr. Fragmentate." Actually, I don't really want them talking to me in a personal manner at all.

You just know that eventually they'll always just know where you are. "Shame on you Mr. Fragmentate... an NC-7 movie? Tsk." I find it hilarious that a good portion of the people recently surveyed by my company about the "evils of browser cookies" were willing to have an implant in their body, but absolutely would not allow cookies.

I don't get it. A harmless text string implanted on your hard-drive that can track you quite anonymously (the net only knows what you tell it) and that you have direct access to; versus a device implanted in your body that you have absolutely no understanding of, or control over.

It's not THAT hard to whip out the driver's license or state-issued ID. I know they're not "secure" but this article isn't talking about security -- it's talking about convenience.

Re:Hello, Mr. Fragmentate, Welcome to Wal-Mart (1)

punkr0x (945364) | more than 8 years ago | (#15263265)

The guy in Minority Report replaced Tom's eyes so he could pass the retina scanner, right? He ate placentas? Why?

Re:Hello, Mr. Fragmentate, Welcome to Wal-Mart (1)

Bassman59 (519820) | more than 8 years ago | (#15264340)

The guy in Minority Report replaced Tom's eyes so he could pass the retina scanner, right? He ate placentas? Why?

Scientologists eat placentas. EVERYBODY knows that.

Well of COURSE they don't care.... (2, Funny)

Khan (19367) | more than 8 years ago | (#15263076)

...that's because they are godless heathens! ;-)

Famous quotation (4, Funny)

caluml (551744) | more than 8 years ago | (#15263080)

Wasn't it Abe Lincoln that said: "Those that would be be lazy and get an RFID chip inserted into them deserve no privacy - who shot me?"

Re:Famous quotation (1)

morgan_greywolf (835522) | more than 8 years ago | (#15263255)

Benjamin Franklin - "They that would trade essential liberty for a little temporary safety deserve neither."

Could be rewritten/interpreted as "They that would trade essential liberty for a little convenience deserve neither."

That's the problem with people these days -- they don't want to put any effort into anything and so they're more than willing to give away their rights and their privacy if it means they get through the line quicker at Wal*Mart.

*sigh*

Better technique, no implant needed (0)

Anonymous Coward | more than 8 years ago | (#15263087)

http://en.wikipedia.org/wiki/Biometrics [wikipedia.org]
"automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits"

Store a 48-96 bit (6-12 byte) string of alphanumeric information inside of a person's brain. This will be easier than having to keep your implant safe/remember your rfid card/etc, as your brain is always with you. You can also claim that you are using "quantum encryption" to keep the key safe (provided that there are no accidental dumps to the standard i/o devices).

We then train the person, through Pavlovian techniques, to input their security code via their fingers. Biometric key storage and retrevial solved.

After reading the demo in Wired 14.05... (2, Informative)

jpellino (202698) | more than 8 years ago | (#15263105)

...where Jon Westhues cloned an implanted VeriChip (the only FDA approved chip on the market) in 10 minutes with a homebrew device, NO CHIP FOR ME!

Communism (2, Insightful)

armyturtle (603867) | more than 8 years ago | (#15263121)

100% of those 10% surveyed are probably not accustomed to the normal daily freedoms we have as Americans. If you survey 10% of people in China who are used to being oppressed by their government I'm more than certain they'll be more accepting to this idea than 10% of Americans. I hate one-sided/slanted polls because not everyone can think for themselves & there are those who are prone to take a poll for gospel.

Re:Communism (0)

Anonymous Coward | more than 8 years ago | (#15263800)

Amen! MOD PARENT UP!

How come we can't get past "maybe?" (1)

192939495969798999 (58312) | more than 8 years ago | (#15263139)

It seems like all these technologies can do for us is to say "there's a good chance this is me." In order to really ID someone, you can't just take an instant in time -- you'd have to have some way of checking their "story", i.e. how do you validate that their id isn't a fraud? We'd be way better off if we could reject any fake id vs. continuing trying to verify that an ID is in fact the actual person it says it is. If you could always tell a fake, then at the very least you'd have to steal the actual ID to use it, meaning if it was reported stolen fast enough, anyone trying to reuse it is just completely busted.

I'm lazy (4, Funny)

tezza (539307) | more than 8 years ago | (#15263155)

I would have voted against biometrics, but never quite got around to it.

Fuck it... (0)

Adam Hazzlebank (970369) | more than 8 years ago | (#15263178)

1984 style dystopian future sounds like a laugh...

This scares me (1)

propertechdotnet (932592) | more than 8 years ago | (#15263210)

This scares me because surely RFID would tie in to the fact that Slashdot rates my karma as "Terrible". How would society look upon me knowing that?

Chiped off!!! (2, Interesting)

pedalfreak862 (972750) | more than 8 years ago | (#15263218)

The problem was stated in another article where people with laptops are stealing cars with keyless entries. Just think what they could do if they stole your chip info and could access not only your car but every aspect of your life.

Easy to hack (1)

novus ordo (843883) | more than 8 years ago | (#15263219)

remember Demolition Man 2?

you joke is too subtle (0)

Anonymous Coward | more than 8 years ago | (#15263786)

no.

Re:you joke is too subtle (1)

fahrbot-bot (874524) | more than 8 years ago | (#15264371)

[Snipes character wasn't implanted with a chip prior to his escape.]

Stalone says (something like):

so he can't access anything...unless he cuts off someone's hand...
let's hope he doesn't think of *that*

ergo: RFID circumvention would be "easy to hack"
You're correct though, original post is too subtle.

Security without Usability = Insecurity (2, Interesting)

cheesedog (603990) | more than 8 years ago | (#15263226)

I'm a big fan of the thesis recently popularized by O'Reilly's "Security and Usabilty: Designing Secure Systems that People can Use" [amazon.com] , which is this:

If you implement theoretically secure designs, but they suffer from usability problems, you'll end up with a system which is neither secure nor usable.

If, on the other hand, you design your security/authentication mechanisms with usability as a key concern, you'll end up with usable, secure systems.

WTF??? (0)

Anonymous Coward | more than 8 years ago | (#15263266)

Is Slashdot trying to warm us up to personal chipping? This is the second article today that suggests chipping people as acceptable!

Here's my position on the matter and it WILL NOT CHANGE! I will chip ANYONE who chips me. Fair enough?

The chips I am issuing are .380 lead slugs. Bring it!

Biometric outsourcing (0)

Anonymous Coward | more than 8 years ago | (#15263273)

Is this something that we could and should perhaps be doing more cheaply , by sending thumbs offshore? If someone wants to access their data here, it would make more sense to have their thumb or iris in another country with a lower cost. I think in this global economy we're all shareholders whether we like it or not.

If companies here have lower costs, then dat way we can reinvest ur profits back in 2 the company 2 save you even more money.

U send me ur thumb 4 ur outsourced job plz.

Thx.

"The Lazy"? (0)

Anonymous Coward | more than 8 years ago | (#15263278)

Okay, the headline says that biometrics win support from the lazy, but the summary says nothing about lazy people... that is, unless you think that all Asians are lazy....

Well, based on my experience (aka 2 good Asian friends of mine), this might actually be true... Hmm....

Easy means wrong application. (2, Insightful)

LeDopore (898286) | more than 8 years ago | (#15263357)

I've had my credit card info stolen when the swipe machine at a Kinko's was hacked to record everything. That very night I got a call from VISA regarding suspicious account activity; my card was deactivated and they sent me a new one in the mail.

Imagine if I were using a retina or fingerprint scanner instead of a credit card. Replacing my retina/fingerprints isn't nearly as easy.

Biometrics mean you have once chance to keep your identity safe. Afterwards you're screwed for the rest of your life. For this reason I don't think biometrics is going to replace the authentication methods we already have: after a decade of using biometrics, half of us will have had our biometric information stolen and will be back to cards anyways. I'm going to beat the rush and stay with cards now ;)

I *can* think of one potential good way to use biometrics: imagine if your drivers licence, etc, contained a jpeg file of your face that's been digitally signed by the issuing organization. That would make forgery much harder.

In summary, I think biometrics can work for applications where you don't care who sees your identifying info, but for any application where you would need to keep it secret, forget it. Not even good for the lazy.

Re:Easy means wrong application. (1)

nasch (598556) | more than 8 years ago | (#15263644)

3 points. First, biometrics would not replace credit cards, I'm not sure where you got that idea. At most, they would replace the signature "required" to use the card. I can't see how that would do anything but make the card more secure, since currently checkers generally don't give the signature a glance, let alone carefully compare it to the one on the card. So if your credit card information got hijacked and it was protected by biometrics, either the theif would not be able to use it, or you would just get a new card.

Your point about identity theft using biometrics sounds like a good one. The thing is, from what I know about identity theft (not a whole lot) it seems that people are often screwed for life anyway. The fraudster just keeps on writing fraudulent checks and so on, and the victim is never able to get any credit because of it. Anybody have more reliable information on this?

I would only be in favor of widespread biometrics if it's highly reliable and very difficult to spoof. For example, I don't want to get iris-scanned at the gas pump and fall victim to the scam that tried to get you. If a picture of my or access to the validation data is sufficient to steal my identity, I'm not in favor of it.

Biometrics is EVIL (1)

flobberchops (971724) | more than 8 years ago | (#15263410)

I like to keep my body parts on my body thank you very much. They will just chop of my hand to get access now. It has already been done in a number of places.

Religious Issues with Chip? (2, Interesting)

RexRhino (769423) | more than 8 years ago | (#15263422)

I am athiest, so I am not really sure... but wouldn't Christians be upset by being chipped? Doesn't it make people nervous about the whole "Mark of the Beast" thing? I would think that the whole issue of implants would be a non-starter in the U.S., and probably many parts of Europe. But maybe Christians don't mind, if it is implanted in their butt, or their foot, or elbow, or somewhere other than their forehead or right hand. Or maybe Christians don't mind, because in modern U.S. politics the Christian-right supports a lot of things forbidden in Christianity (war and military service, death penalty, etc.)

Seems to me, using fingerprints, or retina scans, or some other "god given" form of ID would be more socially acceptable to Christians... and not really any more difficult to implement than an implate. And it would be harder to fake a retina or fingerprint than a chip.

Re:Religious Issues with Chip? (1)

nasch (598556) | more than 8 years ago | (#15263670)

in modern U.S. politics the Christian-right supports a lot of things forbidden in Christianity (war and military service, death penalty, etc.)
Hope I don't start a flamewar, but... are you sure those are forbidden by Christianity (if we can even say there is a single such thing as Christianity)?

Re:Religious Issues with Chip? (2, Interesting)

RexRhino (769423) | more than 8 years ago | (#15263835)

It is not a flamewar with me, because I don't really care that much about what the rules in Christianity are. But before the Roman Empire adopted Christianity, early Christians would choose to die rather than participate in military service. The whole "Turn the other cheek" and "love thy enemy" thing seems pretty clearly pacifist to me. Even when Jesus was going to be murdered, his disiples were forbidden from saving him.

And when it comes to the death penalty, you can look at the story in the Gospel of John, when the adulterur was to be killed by stoning, and Jesus said "Let him who is without sin cast the first stone".

After Christianity was adopted by the Roman Empire, Christianity was kind of re-interpreted to support the goals of the Empire. But I think you have to seriously stretch the message of the Gospel in order to come to the conclusion that Jesus would approve of military service, war, or the death penalty.

You could argue maybe that self-defense is justifyable under Christianity, but there is a big difference between having a military guarding U.S. borders, and launching a full scale global offensive as the modern Christian-right tend to support.

Re:Religious Issues with Chip? (1)

duffstone (946343) | more than 8 years ago | (#15264289)

Just so the other voice is heard, it's not any different than Muslim's using Jihad (holy war) as an excuse to kill Christians and Jews. I have a hard time believing that the koran justifies violence, military service, and the like...

I'm not hear to flame or to otherwise support Christianity (of which I'm a card carrying believer), I'm just here to point out that Muslims, Jews, and other religions suffer from the same hypocrisy... Don't just single out the Christians in this endeavor. I'm sure the other religions of the world would have just as much opposition to offer to being permanently marked.

-Duff

The hair on the back of my neck is standing up (1)

couch_warrior (718752) | more than 8 years ago | (#15263452)

Being a paranoid type, I tend to overreact to things, but consider the following-
Given the US Governments current plans to consolidate all the data they hold about you into ginormous centralized multi-agency databases-
http://www.whitehouse.gov/omb/egov/c-6-9-ioi.html [whitehouse.gov]
They then intend to secure this data with biometric-containing RFID equipped tokens-
http://www.whitehouse.gov/omb/egov/b-1-information .html#is [whitehouse.gov]
But they intend to use Microsoft MIIS as the security engine-
http://www.microsoft.com/technet/technetmag/issues /2005/11/PostMortem/default.aspx [microsoft.com]
And to save cost they are going to let BANKS issue the RFIDs (the same places that routinely send pre-approved credit cards to your dog)
http://www.bankrate.com/brm/news/cc/20040420a1.asp [bankrate.com]
http://www.thriftyfun.com/tf209806.tip.html [thriftyfun.com]
Put all this together and it becomes frighteningly plausible that the government has little interest in securing citizen data, and a lot of interest in assembling data it can use to control its citizens.
http://www.rense.com/general15/happy.htm [rense.com]
But nobody will complain, becuase totalitarian control of our lives will be, like having a chip implanted, *just so convenient*.
However, for those who are still conscientious, it is possible to comment on the government's plans. But please be restrained and responsible in doing so, ranting and raving will just discredit opposing viewpoints.
http://www.estrategy.gov/lineofbusiness/docs/ioi_r fi.doc [estrategy.gov]

Ah, yes rf (1)

zerosix (962914) | more than 8 years ago | (#15263459)

I guess my thought is, with rf tags it's always trasmitting, it's like yelling out your credit card every time you use it, anyone around can steal the data.

Re:Ah, yes rf (1)

nasch (598556) | more than 8 years ago | (#15263703)

Credit card information would (I hope) be "yelled out" in the same way it is yelled out when you use it on the internet - after being encrypted.

Re:Ah, yes rf (1)

zerosix (962914) | more than 8 years ago | (#15263879)

Yeah, I would hope so as well! I guess my point being that a good system would need to be established before I would trust ANY of my information to be traveling freely through the air regaurdless how the rf device is implimented...I wouldn't want some joe off the street just to be able to 'request' the data either! ;)

Oh dear (0, Offtopic)

jb.hl.com (782137) | more than 8 years ago | (#15263476)

Here come all the trolls saying how it's everyone else's fault for being stupid, and not that they really just don't give a damn so long as their life gets a little easier.

This is a people challenge with a people solution. (2, Insightful)

Smoodo (614153) | more than 8 years ago | (#15263587)

I am constantly surprised by all of the security efforts and fads that come and go. I have observed that security is usually lighter where people know and trust each other and is more complex where people do not know each other. Perhaps security experts would do well to consider how we could improve the relationships we have with people around us.

It's NOT ease of use (3, Interesting)

i am kman (972584) | more than 8 years ago | (#15263593)

I was pretty deeply into the smartcards and biometrics business 7-8 years ago and they had VERY cheap ($2/keyboard on a keyboard) and VERY easy to use embedded keyboard scanners (as well as separate). We built prototypes for folks to easily to computers and web accounts, but it didn't really take off.

Why? Users don't really care - even for bank account logins. Passwords work well enough. Also, everyone 'says' they'd LOVE biometrics, but when you get down to capturing their electronic fingerprint, they start to get nervous.

It's rather like smartcards. While they're superior to credit cards, the credit card system in the US is mature, ubiquitious, integrated, and simple enough that most consumers wouldn't really get a huge benefit. I don't think most identity theft comes from stolen passwords.

Same with biometrics - the technology has been around for 10 years and it's made some headway into niche applications, but it's not going to explode anytime soon unless WalMart or banks requires everyone to use it.

Where, where, where is Waldo? (2, Insightful)

Dark Coder (66759) | more than 8 years ago | (#15263651)

Yeah, right... Where do we put the identification metrics and how is it kept in check from unauthorized usages?

You have your basic triage of information:

1. Consumer/User/
2. Merchant/Provider
3. Arbitrator/Mediator/Authenticator

Each MUST be able to revoke one of the other two for such a successful system. Right now, the biggest problem in today's computing world is the consumer/user cannot revoke.

Without user revokation, the system is ineffectual against abuse (i.e., identity thefts, innocent arrest records, stuck with a Social Security Number)

What is needed is a 3-way public key exchange algorithm (can't even find that in Google).

I was angry (1)

EZLeeAmused (869996) | more than 8 years ago | (#15263668)

when they implanted the RFID next to my scapula, but everyone just said I had a chip on my shoulder.

Sigs instead of IDs (1)

gr8_phk (621180) | more than 8 years ago | (#15263867)

"Turner added that what is more important in the smartcard debate is ratifying exactly where the identification data is stored."

The problem is that no one should store any ID information. The chip needs to provide a digital signature, and the private key needs to exist only in the chip. This completely eliminates spoofing by "listening" to a device or pinging it for ID. I suppose each device should also have an ID, but that should not be used as authentication - just a suggestion as to which public key can verify the signature. OTOH, I'm guessing there are very good reasons to keep the ID and the signing device separate.

But you know... (2, Insightful)

east coast (590680) | more than 8 years ago | (#15264228)

Biometrics Win Support From the Lazy

This is the same reason that beers with twist-off caps is so popular too.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>