I have got it. They have to send a text message to the dinner lady from
their own registered mobile number. It is true that they could lend their
mobile - I somehow doubt it as they would know that they were unlikely to
see it again.
A similar system is, I believe, used to gain access to events.
Having said that I am not sure how many 8-year-olds would have mobiles.
Nick Landau
----- Original Message -----
From: "Lee Gardiner" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, January 19, 2007 10:31 AM
Subject: Re: [data-protection] School fingerprinting: Warning: likely to r
aise blood pressur e
> Also not forgetting the fact that most kids can't remember their PE kit
> let
> alone a unique reference number! Now if it was a friend's mobile
> number...
> That's a different story! TGIF
>
> Lee
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Griffiths, Ian
> Sent: Fri 19 January 2007 10:26
> To: [log in to unmask]
> Subject: Re: [data-protection] School fingerprinting: Warning: likely to
> raise blood pressur e
>
> Presumably because the issue is not robustness of the system or even how
> integrated the school is with the wider national systems. I think the
> school
> will have chosen to go with this because it speeds up dinner time. The
> similarity in the notion of a unique number is a little inaccurate. The
> UPN
> has only very rudementary modulus integrity checks and I wouldn't want to
> use that for authenticating a student - its too easy to guess.
>
> The fingerprint number I would suspect is generated as a result of a
> one-way
> hashing algorithm which is designed not to be decrypted. These are
> actually
> not unique - there is a very small possibility that two distinct inputs
> would cause the same number to be generated. This is so minutely small
> that
> it would not be a worry for one single school. It is fairly standard
> practice in systems like this to do this as you only store the hash, not
> the
> number. You only need run the algorithm again when your pupil returns the
> next day and if the result is the same as the one you stored, you give
> them
> lunch. Generally this would be done for passwords so that the password is
> not stored and cannot be reverse engineered from the hash. Less of an
> issue
> here as the number is no use anyway and that itself is the result of some
> maths on a picture, which is very lossy indeed in terms of the amount of
> data that is discarded in capture.
>
> The above paragraph of course is largely irrelevant to users. I suspect
> they've been told this as it sounds fancy and will allay their fears of
> being cloned.
>
> Regarding the cost of fingerprinting, I'm sure there is a case for
> reducing
> the staff time in administering such things and I would quite strongly
> argue
> that pressing your finger on a plate is a lot quicker and less error-prone
> (and therefore quicker) than asking 9 year olds for a
> 13 digit number which the staff then type in somewhere.
>
> Ian
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Scourfield, Brenda
> Sent: 19 January 2007 09:42
> To: [log in to unmask]
> Subject: Re: [data-protection] School fingerprinting: Warning: likely to
> raise blood pressur e
>
>
> I'm not in the education sector but why don't they use the UPRN (Unique
> Pupil Record Number) that will stay with the child for the length of
> his/her
> education. Saves the cost of fingerprinting.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask] All user commands
> can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses using Sophos
> anti-virus software.
>
> www.mimesweeper.com
> www.sophos.com
> **********************************************************************
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|