Subject: Re: PAM stinks
To: None <>
From: Thomas Michael Wanka <>
List: netbsd-advocacy
Date: 10/04/2001 11:20:54

On 3 Oct 2001, at 17:35, Miles Nordin wrote:
> That's not what I've been hearing from ongoing discussions about
> face-fishing and biometrics at airports.  The performance of a system
> is quantified by a grid of four probabilities:

this is a differnt story. These devices are made to identify a few 
people. They are more the  "the database contents must match the 
scanner data" devices so the database contents are compared to 
the scanner images. Authentication systems have to work the other 
way round:  the scanner images must match the database contents.

It *is* a difference to compare a few hundred pictures in the 
database with a scanned picture ot to compare a scanned image 
with thousands of database entries.

At least in some european countries it was not legal to store e.g. 
readable and/or exportable fingerprints of all your users. So eg. 
fingerprint readers from fujitsu-siemens store the fingerprints in an 
encrypted way to make it impossible for someone to calculate the 
fingerprint data from the stored data! From what I have seen so far, 
if you set the accuracy of fingerprint scanners to more than 80%, 
you will need tens of tries before you get a positive authentication! 

Remember: for your computer system no wrong person must be 
authenticated but it is acceptable that the right person has to try 
two or more times before access is granted. At the airport the 
"right" person (the potential terrorist) must not be allowed to pass 
but it is acceptable that "wrong" persons accidentially match the 
profile and need to be examinated "by hand". These are complete 
different systems, not just a question of accuracy.