Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For single or small-n user systems, the best practice that's evolved around this is to not actually send the fingerprint image to the remote server. A trusted security module has a private key and the biometric sensor, and the remote server has the public key. The trusted security module locally validates the fingerprint, and then signs a message that can't be replayed to indicate the fingerprint was presented.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: