yep, and wouldn't it be a paradise for a malicious person to install software on that authentication machine which sniffs off the biometrics and sends that to his server?
> yep, and wouldn't it be a paradise for a malicious person to install software on that authentication machine which sniffs off the biometrics and sends that to his server?
Sure. But, using that data to impersonate someone by creating a 3D or silicone model of your fingerprints/iris need a good amount of resources that your average Joe does not possess. Given enough resources, any means of authentication could be easily exploited.
Honestly, I am not being snarky, but could you please suggest a better authentication mechanism, that is more secure, but can be used easily by people who can't read/write or live in slums, or in small villages, and don't run into issues like forgetting the crypto key or losing the auth device?
If someone guesses a password, you can change the password. If someone gets a viable replay of a fingerprint or iris scan, you can't change it.
I wonder if a formalized "delegation of identity" system could solve the "missing key" problem.
When you have your key, you'd be able to issue a "I trust this person/firm to reliably identify me" certificates to others. This could potentially be trusted friends/family/co-workers or even official "recovery services" that had different means to verify identity.
So if you lose your key down the road, you can bring one of these people along, and the fact they had your certificate, and vouched that they had identified you, and that would be considered legally equivalent to presenting your actual key, or allow the start of a key-reissue process.
Registering other people who are able to identify you is an interesting idea, although it would fail for the hermits/paranoid who don't know/trust anybody and who would be screwed if they lost the key.
On the other hand, people trusted by other people are not necessarily trustworthy. If desperate or estranged they may sell out their friends/family for a little cash.
Really, not losing documents (at least not frequently) is one of the core requirements of bureaucracy. Permanent and semi-permanent documents are the basis of a modern society. It's no use trying to institute any laws when you can't count on people taking care of important items.
