> > Law enforcement agencies use some kind of algorithm to convert > > fingerprints to a numeric value, so that they can be easily compared. > > My understanding is that this is only an approximate representation -- > it's not intended to be unique, it's only a method for quickly locating > prints similar to the suspect print. The final comparison between a > print that's on file and a suspect print is done by eye, and is actually > somewhat subjective. Most fingerprint systems convert the fingerprint image into what's called a template. This is a numeric representation, but comparision between two templates is not as simple as "==". Different portions of the template represent different minutae on the fingerprint, and an actual feature matching algorithm still needs to be used. Thus, we cannot hash these templates because there is no way to perform matching on the template hashes. So far nobody has produced an algorithm to reliably extract a symmetric key from a fingerprint without any side information. However, with some extra information it is possible to obscure a private key on a smartcard such that the key is only recoverable given a fingerprint that matches the original. This allows all the biometric processing to happen on a smartcard (and not on an untrusted terminal) without storing the fingerprint itself on the smartcard. An attacker needs both the card and your fingerprint to recover your key. [ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ] [ computer science ]------[ university of maryland, college park ]
