USB connected fingerprint scanners

pts.
Tags:
Security products
While discussing testing biometrics (fingerprint scanners) for single factor authentication, one of the sales reps indicated his device encrypted the fingerprint (scan) prior to sending to the computer via a usb connection. I was wondering if this sounds true as the scanner would need additional hardware "buit in" to accomplish this. The second question is can a usb keystroke logger be used to capture the scan and play it back (man in the middle analogy)? I have researched the questions but not found any solid answers....

Answer Wiki

Thanks. We'll let you know when a new response is added.

A – TWO factor Authentication PLEASE! GATTACA’s DNA test with immediate apprehension is okay for single factor, but anything less is not suitable for ‘secure’ networks. NTFS logons have both user and system credentials for two factors.
B – A scanner that encrypts the fingerprint so that it is a different hash for each submission would be a good thing. [Anything on the USB bus can query time and date which with component ID lends itself to a onetime hash.] A scanner with thermistor to verify the finger is warm is a good thing. A USB recorder to capture packets is conceivable, but replaying to fool the reader’s softare would not be trivial. Since they have physical access probably not you most important worry. A scanner that does NOT try to image the fingerprint is a good thing.
C – In amplification of the last statement preceding – The database of scanned fingerprints should NOT be evidentiary. Our job is authenticating users and protecting the network and its data. NOT collecting fingerprints for what ever government agency shows up with a warrant.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MarkN50
    Do you know if there are any vendors who actually do encryption at the scanner? I think the extra electronics would make it easier to do the encryption at the software level.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following