At 5:01 PM -0500 11/4/02, Phillip H. Griffin wrote:
Sam Schaen wrote:
"Phillip H. Griffin" wrote: [snip]
Biometric information seems destined to become the financial identifier that one day replaces the social security number. There's much interest in using it to try to combat identity fraud, said to be the fastest rising crime. On another front, a DOD pilot is to use a biometric extension in a smart card certificate.
[snip]
As someone responsible for documenting the DOD PKI certificate profile and verifying that numerous certificates have satisfied that profile, I can say with assurance that there is no biometric data in the certificate itself.
With somewhat less assurance, since I am not intimately familiar with the process, it is my understanding that the fingerprint indicia are stored centrally--not even on the smart card containing the certificates.
Sam Schaen
I omitted "said" above in "is to use". Hearsay on my part from a vendor involved in producing product.
Phil
maybe wishful thinking on the part of a vendor ...
Steve
I don't think so. I got the idea that it was an on card matching situation and that it was X.509 certificates, not attribute certificates to be used. But I'm not involved in the work.
For biometrics, I see certificate formats as just another package for the data. I certainly don't envision biometrics becoming part of path processing for example. And the biometric data components are often encrypted or otherwise obscured, the details available only to a given vendor. But header information, such as validity information, quality or type, are becoming standardized and benefit from being signed.