On Mon, Dec 01, 1997 at 05:07:11PM -0500, Robert A. Costner wrote: [...]
As wonderful as eye scanning technology may sound, it promises to offer very weak identification and only be reliable in the short run. This is based on the premise that a reproduction of an eye will work as well. Just as a reproduction of a driver's license seems to work for check forgery.
PINs offer security based on the fact that they are a secret. Not a shared secret. For comparison, take a look at the authentication procedure of the SSA and Wells Fargo bank. Over the internet, both want
Social Security Number Date of Birth Mother's Maiden Name
Imagine a bank machine requesting the same info as the only prerequisite for dispensing cash! This info might have been a method of secure authentication about the time I was born, but today, such info is almost common knowledge. This no longer is a secret, too many people have the info. Widespread use of eye scanners will provide the same results. As databases are built, and sold, the raw info becomes available and automated tellers become excellent targets for fake authentications. If you get it wrong, you just walk away.
Eye scans may help aid authentication, but they should not take the place of PINs.
From "Government Computer News", 1997-11-24
Optical character recognition converts an image into usable text. But what if the character you want to recognize is a human being? Try Visionics Corp's FaceIt PC 3.0, which works with a digital video camera to secure a desktop computer against intruders. The GCN Lab staff members were skeptical at first. After all, OCR and voice recognition are still not mature technologies, and face recognition applications are greener still. FaceIt surprised us -- pleasantly. [description of test environment, and test] The software can be set to require a smile or blink from any person attempting access...[I suppose you could stick out your tongue...] ...During testing, the software never misidentified anyone, nor was it fooled if a user wore or removed glasses. Visionics claims that changes in facial hair will not cause misidentification, but we didn't test that claim. http://www.FaceIt.com -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html