[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Crypto basic income

On Sun, 24 Sep 2017 16:41 Guilherme Campos asked:

>  - Do you think it will be possible, at some point, to have some sort of
>   biometric public key infrastructure, where public and private keys are
>   directly pegged to a persons biometric details?
>   - Could biometrics completely replace the need for passwords?
>   - If compromise of biometric details occurs, how would one go around to
>   solve this, since it's not possible to, for example, create a new
>   fingerprint for a person?

I think one needs to consider what is meant by a "compromise of biometric details.” It should be possible to build devices that scan biometric features in ways that assure an actual person is present and being properly scanned. The iPhone X face scanner seems like a step in that direction. I can envision an authentication booth at a bank, say, that scanned multiple biometrics, with trusted human supervision to minimize possible fakery, and maybe record a signed video of the process to be kept for future reference. People who are unable to come to the bank, due to illness, etc., could be visited by notaries with portable scanners. 

The problem is still safe storage of any private key or other secret generated from the biometric data.  It maybe be good enough for the authentication booth to sign ones public key, with the ability to use another authentication booth to generate a new key and revoke the old one if there is reason to suspect compromise, i.e. payments don’t show up. It the guaranteed income is paid weekly, say, only a few weeks' loss might be at risk and that might be acceptable.  

Arnold Reinhold
The cryptography mailing list
cryptography AT metzdowd.com