[PET] UK proof of age PET pilot

Tom Ritter tom at ritter.vg
Thu Oct 18 17:32:42 BST 2012


Based on the description, it seems the system would be vulnerable to
forgery if someone reverse engineers the details of the encryption on
the card.  They'd be able to create their own stickers that said
anything.  Even if they used a secret as part of the encryption key,
that secret would need to be on the checking systems also, which would
be vulnerable to theft/bribery.

... Unless, the birthdate was first encrypted with the user's
fingerprint hash, and then signed by a private key of the government,
with the corresponding public key on the verification systems...

-tom


More information about the PET mailing list