Subject: Re: PAM stinks
To: None <firstname.lastname@example.org>
From: Thomas Michael Wanka <Tom@Wanka.at>
Date: 10/04/2001 11:20:54
On 3 Oct 2001, at 17:35, Miles Nordin wrote:
> That's not what I've been hearing from ongoing discussions about
> face-fishing and biometrics at airports. The performance of a system
> is quantified by a grid of four probabilities:
this is a differnt story. These devices are made to identify a few
people. They are more the "the database contents must match the
scanner data" devices so the database contents are compared to
the scanner images. Authentication systems have to work the other
way round: the scanner images must match the database contents.
It *is* a difference to compare a few hundred pictures in the
database with a scanned picture ot to compare a scanned image
with thousands of database entries.
At least in some european countries it was not legal to store e.g.
readable and/or exportable fingerprints of all your users. So eg.
fingerprint readers from fujitsu-siemens store the fingerprints in an
encrypted way to make it impossible for someone to calculate the
fingerprint data from the stored data! From what I have seen so far,
if you set the accuracy of fingerprint scanners to more than 80%,
you will need tens of tries before you get a positive authentication!
Remember: for your computer system no wrong person must be
authenticated but it is acceptable that the right person has to try
two or more times before access is granted. At the airport the
"right" person (the potential terrorist) must not be allowed to pass
but it is acceptable that "wrong" persons accidentially match the
profile and need to be examinated "by hand". These are complete
different systems, not just a question of accuracy.