While shopping for a USB fingerprint scanner for my PC, I found two types:
*match-on-host*, which lets the computer read the fingerprint scan’s data to verify your biometrics,
and *match-in-sensor*, which verifies your biometrics in the scanner itself then tells the computer that it succeeded.
Wouldn’t it be possible to make a USB device pretending to be a fingerprint scanner which responds to the computer’s request to scan with a pre-programmed success response? There must be some way for the computer to know whether a fingerprint scanner actually verified a fingerprint other than simply receiving a “yes it matches,” or it would be trivial for a bad actor to make a master key for any computer with biometric login and a USB port.
Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with? or vice versa?
In: Technology
>Does the computer store a digital key on the fingerprint scanner to confirm it’s the same hardware that the biometrics were originally set up with
You dont have to use the same hardware that you used to set up. But you need to only let trusted devices input their data. This is done pretty much the same way most encyption works with a key pair that is set up when registering the device with the service and which you need to do anyway because you need to load the matching table on the match-in-sensor device.
Latest Answers