Re: Driver for Microsoft USB Fingerprint Reader

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[email protected] wrote:
I utterly fail to see why multiple, generally knowledgeable people are
claiming that encryption in a fingerprint scanner is desirable.

As far as I can tell, the only thing you want is AUTHENTICATION - you
want proof that you are getting a "live" scan taken from a user
who's present, and not a replay of what was sent last week.

This is called "freshness" and is usually provided by including a
random "nonce" (known in other contexts as "magic cookie") in the
authenticated data.

The Digital Persona readers apparently use a challenge-response authentication scheme for the encryption. I think I know the challenge-sending and response-reading command structure but have not yet examined their effect on the encrypted fingerprint data.

Not that I expect "A-1 Computer Corporation" in Shenzhen to have a clue
about these things, but you'd think that Microsoft would have one or
two competent employees left on the payroll.

Now theres an interesting story in this area. The Microsoft fingerprint readers are based on Digital Persona devices, and actually they seem to be completely identical. But when comparing bus traffic for the DP devices vs the MS devices, the DP devices send encrypted fingerprint data and the MS devices send it as unencrypted 8-bit greyscale.

Anyway, further investigation shows a 1 bit difference in the firmware uploaded to each device, and I have confirmed that this bit turns encryption on and off.

IOW, MS's device are capable of encryption but they explicitly turned it off at the firmware level.

Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux