Also not forgetting the fact that most kids can't remember their PE kit let alone a unique reference number! Now if it was a friend's mobile number... That's a different story! TGIF Lee -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Griffiths, Ian Sent: Fri 19 January 2007 10:26 To: [log in to unmask] Subject: Re: [data-protection] School fingerprinting: Warning: likely to raise blood pressur e Presumably because the issue is not robustness of the system or even how integrated the school is with the wider national systems. I think the school will have chosen to go with this because it speeds up dinner time. The similarity in the notion of a unique number is a little inaccurate. The UPN has only very rudementary modulus integrity checks and I wouldn't want to use that for authenticating a student - its too easy to guess. The fingerprint number I would suspect is generated as a result of a one-way hashing algorithm which is designed not to be decrypted. These are actually not unique - there is a very small possibility that two distinct inputs would cause the same number to be generated. This is so minutely small that it would not be a worry for one single school. It is fairly standard practice in systems like this to do this as you only store the hash, not the number. You only need run the algorithm again when your pupil returns the next day and if the result is the same as the one you stored, you give them lunch. Generally this would be done for passwords so that the password is not stored and cannot be reverse engineered from the hash. Less of an issue here as the number is no use anyway and that itself is the result of some maths on a picture, which is very lossy indeed in terms of the amount of data that is discarded in capture. The above paragraph of course is largely irrelevant to users. I suspect they've been told this as it sounds fancy and will allay their fears of being cloned. Regarding the cost of fingerprinting, I'm sure there is a case for reducing the staff time in administering such things and I would quite strongly argue that pressing your finger on a plate is a lot quicker and less error-prone (and therefore quicker) than asking 9 year olds for a 13 digit number which the staff then type in somewhere. Ian -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Scourfield, Brenda Sent: 19 January 2007 09:42 To: [log in to unmask] Subject: Re: [data-protection] School fingerprinting: Warning: likely to raise blood pressur e I'm not in the education sector but why don't they use the UPRN (Unique Pupil Record Number) that will stay with the child for the length of his/her education. Saves the cost of fingerprinting. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses using Sophos anti-virus software. www.mimesweeper.com www.sophos.com ********************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^