<i>Stolen cellphones could also be rendered useless by programming them to disable themselves if they detect that the user of the phone is not the legitimate owner.</i><p>"911? I need help! A man has just collapsed at the bus stop! I'm calling from his ... hello? Hello? Well, shit."
One problem with biometric identification is that the device reading data (fingerprints, eye "prints", etc.) from the person has to be trusted by the entity deciding the legitimacy of the user. If I have a digital copy of your fingerprints and I "own" the fingerprint reader trusted by your bank/whatever, I can pretend to be you. Given that people generally own the phones they use, I wonder if this barrier to fraud is any less expensive or more effective than existing security schemes. For example, have something/know something methods (RSA random number generator keychain dongles coupled with a known passcode) that are much easier to implement and don't rely on network effects -- For people to buy earprint phones, they have to be commonly used as a form of auth, but enough people must own them for banks, etc. to consider such a scheme.<p>Business idea: A problem with the RSA dongle thingy is that a person would have to carry one for EVERY entity with which he authenticates himself. I'm sure some sysadmins already have a pocket full of this things. What if there was a 3rd party that would offer have something/known something authen services? Or, more generally, authen services with a variety of security levels? Then, a person would just carry around his "Windows Live" dongle and could authenticate with all his banks, etc. Not a good startup idea as it takes a powerful entity to surmount network effects, but it would solve a real problem for real people.
There's a few problems with this, people regularly hand their phones to people who aren't themselves and if the phone disables itself every time this happens, I don't think this technology would ever catch on. The solution to avoid this is that you'd have to report the phone stolen... at which point the phone company can just ask you for your IMEI, which is a 15 digit code (usually hidden under your battery, or enter *#06#) you're supposed to write down in your handset manual. With this code and a report that your phone is stolen, the phone company will ban the IMEI number and the phone is useless (unless the person wants to spend $50 getting your handset unlocked and then $10 to get a new sim card and then $10 to put time on a stolen phone, which when you're stealing phones, I doubt you'd go to that trouble).<p>On CDMA phones it's your MEID number, which if reported will ban the device, but as CDMA's are tied to one network it means the phone is permanently useless.<p>So honestly, I don't see how this technology is useful in protecting a cell phone from being stolen. My wife's taken my cell for days, I don't really want my phone getting locked because of it, and when I was younger (before I got a cell) my parents always handed me one of theirs if I was going to be out late, which I'm sure many parents still do today. And if you need to report the cell stolen, then it's pointless because there's already well established systems for getting cell phones banned from a network.
Better than a password, I would venture to say that this would closer resemble a public/private key system. Suppose the bank could run several tests, and learn the tendency with which your ear reacts, rather than recording a single response. I am making some assumptions about how the ear works, but I'm going to guess that it doesn't send the same response to every stimulus.<p>For authenticating, the bank could then send a randomized sound every time, and listen for an expected response, which is in effect your ear's signature on the input sound. This way, a thief wouldn't be able to bypass the system by simply obtaining a recording of your ear; he would have to be able to mimic its responses.