I have been perseverating about Biometrics of late. My biggest problem is one everyone seems to know about but vendors are reluctant to address: key revocation. You can replace a token and a password, but you can't (practically) replace your iris or the like. This created a (perceived by me) dual problem:

• Spoofing attacks are getting more sophisticated. Will we end up in a patch-loop where entities implementing biometrics will need to regularly 'patch' (firmware & hardware replacement) their biometric readers?
• Are biometrics only a short-term authenticator until they can be effectively copied and arbitrary copies made?

Some of these questions were partially answered by Bori Toth a Biometric specialist at Deloitte UK by describing how key revocation could occur with an iris.

There are ways of simulating password aging and revocation for biometrics as well. This is fairly straightforward with iris recognition as IrisCodes do not have a spatial metric and as such the 256 data bytes can be scrambled into any order [256!=10^507 different permutations just for 1 eye (!)] - this means you can have an IrisCode for your driver's license, one for your taxes and one at the local gym etc, using the same eye yet all codes would be different, changeable, revocable and incompatible (unless of course you retrieve the permutation key). As fingerprint templates do have a spatial metric (i.e. they are a bit like a map), things are not that "simple" but I heard of approaches to achieve similar goals for fingerprinting as well.

Her and her team's publications can be found here. The paper entitled "Biometric liveness detection" is particularly interesting.