While shopping for a USB fingerprint scanner for my PC, I found two types:
*match-on-host*, which lets the computer read the fingerprint scan’s data to verify your biometrics,
and *match-in-sensor*, which verifies your biometrics in the scanner itself then tells the computer that it succeeded.
Wouldn’t it be possible to make a USB device pretending to be a fingerprint scanner which responds to the computer’s request to scan with a pre-programmed success response? There must be some way for the computer to know whether a fingerprint scanner actually verified a fingerprint other than simply receiving a “yes it matches,” or it would be trivial for a bad actor to make a master key for any computer with biometric login and a USB port.
Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with? or vice versa?
In: Technology
Usually you trust the computer and the sensor, but you don’t trust the person using the sensor at the end. Are you imagining a scenario where you trust the computer but you don’t trust the sensor?
Latest Answers