Comment Re:He is not an expert... (Score 1) 303
Couldn't it work like a smart card chip? Meaning: The chip that does the authentication is connected directly to the reader. The reader can communicate only with this specific chip. The chip itself receives the pictures, calculates the hash and stores the hash in its own non-volatile memory. The chip has only two api-calls: "Train" and 'Authenticate'.
With "Train", it would train on a users finger-print and return "DONE" or "NOT SUCCESSFUL". With "Authenticate", it would only return "ACK", or "NACK". I know, I know, the company building the chip would still be able to put in back-doors, etc, but at least this way the finger-print picture or hash would never leave the chip.
Also, best would be to open-source the chip code so that it can be verified. I know, it still doesn't GUARANTEE that the verified source is what is in the chip that is shipped but at least SOME security/privacy check would be in there..