Re: REVIEW: "Biometrics for Network Security", Paul Reid

From: Richard S. Westmoreland (richardsw_at_suscom.net)
Date: 10/04/04


Date: Mon, 4 Oct 2004 09:52:49 -0400


"Bruce Barnett" <spamhater103+U041001232907@grymoire.com> wrote in message
news:cjl7cl$mbc$1$208.20.133.66@netheaven.com...
> rslade@sprint.ca (Rob Slade, doting grandpa of Ryan and Trevor) writes:
>
> > BKBIOMNS.RVW 20040527
> >
> > "Biometrics for Network Security", Paul Reid, 2004, 0-13-101549-4,
>
>
> How does he prevent replay attacks?
>
> Some use smartcard technology with match-on-card software.

I suppose one method of securing the biometric authentication from replay
attacks, is to build into the biometric reader itself one time session IDs.
A person puts their thumb on the reader, which then generates an ID that is
used to encrypt the biometric data (and the ID itself). The data is
decrypted at the server along with the ID (using the server side's expected
ID), the ID is matched up in the database to confirm validity of the
biometric data. Then the biometric is matched up, and the person is
authenticated.

That should prevent any kind of replay attack, and streamline the process
without the need of an additional smart card.

>
> --
> Sending unsolicited commercial e-mail to this account incurs a fee of
> $500 per message, and acknowledges the legality of this contract.

Ever made any money from this? ;-)

--
Richard S. Westmoreland
http://www.antisource.com