Connect with us

Fingerprint Lock Busted!

Discussion in 'Electronic Design' started by Boris Mohar, Sep 18, 2006.

Scroll to continue with content
  1. Now we can stop cutting off people's fingers and heating them in the
  2. greysky

    greysky Guest

  3. I think someone posted a similar hack done by a uni professor here a
    few years ago.
  4. My money would be on Adam and Jamie!

    Dave :)
  5. To many scripts on this page...

    Why does anyone think a fingerprint system is safe ?
    Because the FBI once claimed the (rolled!)
    fingerprints are unique to 1 in 1E9 ? This claim has
    never been proven, by the way. I once was involved :

    The results weren't that good, and solutions tricky.

  6. We have a biometric fingerprint scanner ID system at our work and the
    IT guys set it to take only a 6 point measurement. The system is
    capable of taking up to 15 points, but they don't want to be called out
    to troubleshoot it for every second person.

    Dave :)
  7. ian field

    ian field Guest

    Talking of PCBs, and its likely less of a problem with the relentless march
    of SMD, when I used to handle a lot of PCBs my fingerprints were
    unreadable! - I'd have stood less chance of gaining authorised access than
    the most amateur hacker!!!
  8. Heh: My only real job today was to update the fault database with the
    solution to a problem and a few patches.
    My password had expired (does every 30 days for "security reasons" i.e. job
    security at IT "services").
    Asked for new password, got it after a few hours, it did not work so
    re-raise the error but by then Bombay has gone home!
    Oh well, tomorrow is a new day and I will bring a book!

    Love that Outsourcing; I feel more productive every day - by comparison that
  9. Mike

    Mike Guest

    You're off by a few orders of magnitude, Rene. 88 orders, in fact. The FBI
    claims 1 in 1E97.

    Isn't that amazing? What's even more amazing, though, it that they think
    they _have_ proven it.
    Epstein, Robert, "Fingerprints Meet Daubert: The Myth of Fingerprint Science
    is Revealed," So. Cal. Law Review, vol 75:605, 2002, p.630.

    If your original number, 1 in 1E9, was correct, then (extending the birthday
    paradox to 1E9 possible birthdays) in any city of 38,000 people, the odds
    are greater than 50% that two people would have identical fingerprints. It
    doesn't exactly inspire confidence in the system, does it?

    -- Mike --
  10. IIRC, that's greater than the number of particles in the universe. Doubt it.

  11. Got to read it yet.

    But still much better than a simple signature.
    Or could you keep 40k people apart by just looking
    at them ?

  12. The last time I was involved, we would have been thrilled
    to even be be able to verify 1e6 FAR @ 1e2 FRR or so.
    It looks far simpler than it really is hands on.

  13. Mike

    Mike Guest

    I agree, Rene. I'm not a fingerprint expert, but a brief review of the
    fingerprint literature is devoid of the keywords I thought I would find.
    There's no mention of noise, distance, noise enhancement, error rate, or
    anything else that a communication engineer would expect to see. I was truly
    amazed to see that the fingerprint community believes that the error rate of
    the fingerprint identification process is zero.

    Latent prints are often highly filtered to "enhance" the high frequency
    components so an identification can be made. Even though that should lead to
    errors, the fingerprint community seems to be completely ignorant of the
    effects of high pass filtering on noise.

    -- Mike --
  14. Mike,
    there are basically two communities. One is the law
    & law enforcement community and to them a fingerprint is
    error free, and their view is little to not opposed.
    And then there is there is the community of automated
    fingerprint authentication devices. They have numbers
    such as false acceptance ratio, false rejection ratio
    traded against each other. They are very catious to
    sell the technology. Imagine your bank's automated
    teller card is enhanced with your finger print. You're
    on the way to the opera with your beloved and just need
    some spare cash. The machine cannot match you finger
    print for whatever reason, you're not going to the
    opera an the evening is spoilt. That makes a lengthy
    call to the bank the next business day. So if every
    thousendth withdrawal fails, that would make another
    5 storey call center. You may grasp some sense for
    reality in this community then.

  15. "Rene Tschaggelar" wrote ...
    And the "match" results (whether manual or automatic)
    are examined in detail by humans. At the very least by
    the defense attorney (or their experts) if not also by the
    prosecution expert(s).
    Where it is expected to run (instananeously) on inexpensive,
    mass-produced hardware with some reasonable accuracy.
    In the opinion of people who need serious security, the
    technolgoy ain't there yet.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day