Not All Fingerprint Authentication is Created Equal
Jul 21, 2015
By Ritu Favre
Thomas Jefferson, in the Declaration of Independence, is famously credited with the assertion that all men are created equal. That time-honored position on equality, however, doesn’t necessarily apply to biometric security, because not all fingerprint authentication is created equal.
In the biometrics space, fingerprint authentication protects devices and the data they access, and ensures secure transactions. But whereas the use of fingerprint recognition may be common in those applications, the similarities end there; the technology behind authentication varies, as do the levels of security they provide.
To fully appreciate the distinctions, let me provide a little background.
Biometric techniques for user identification enjoy the advantage of making user authentication more secure while also making the verification process more convenient by eliminating passwords. Fingerprint sensing is by far the easiest and most cost-effective among available biometric techniques.
The simplicity and inherent certainty of fingerprint sensing have made it central to user identification and authentication in mobile devices. Additionally, it plays an increasingly central role in point-of-sale transactions, ranging from retail and banking to facilities access.
The fundamental requirement in fingerprint sensing is making a positive match with a known representation of the user’s fingerprint. The sensor is used initially in an “enrollment” process to store a representation of the fingerprint, which then gets used during every subsequent access and authentication attempt. Note: In order to ensure user privacy, the best practice is to store an encrypted template of the proprietary representation of the fingerprint, and never a copy of the actual fingerprint image itself.
Common today in fingerprint authentication is Match-on-Host technology, where the fingerprint module captures the fingerprint image and sends the data for processing to the host processor or other external processor. While popular today among many smartphone manufacturers, Match-on-Host security, even if it occurs in a trusted environment, is susceptible to malware and other attacks on the host system. This simply isn’t on par with that of a new architecture called Match-in-Sensor technology.
Match-in-Sensor dramatically raises the protection level against on-device threats. Through a purpose-built, fully encapsulated system-on-a-chip (SoC) architecture, Match-in-Sensor isolates fingerprint enrollment, pattern storage and biometric matching — all within the device’s fingerprint sensor. In contrast, Match-on-Host has neither the processing power nor the memory to achieve this, so it must rely on the host (or a separate processing element) to perform the matching function.
With mobile payments depending more and more on fingerprint authentication, there’s an increasing concern among smartphone makers and their users about security risks and threats of attack. Match-in-Sensor technology, therefore, is taking on a greater level of importance to counter those threats.
At Synaptics, we’re very proud to be the industry's first and only provide of fully hardware-encapsulated fingerprint sensors, which allows our customers to offer significantly stronger protection in their products. Data collected and managed by Match-in-Sensor is stored in the sensor itself – completely isolated from the host system, which is vulnerable to hackers. Nor do the sensors store the actual fingerprint image; the sensor instead creates a template, encrypted with 256-bit Advanced Encryption Standard (AES) technology, that can’t be reconstructed. If the host system is compromised, the biometric data is still secure, as it never leaves the fingerprint sensor module.
There’s a range of applications to which Match-in-Sensor technology can provide a powerful level of protection that augments host-based security: smartphones, tablets, personal computers, computer mice and keyboards, docking stations, and automobiles, to name a few. And with legislation underway that dictates security for electronic commerce, financial transactions and health records, the stringency enabled by Match-in-Sensor technology is imperative.
As the industry’s only provider of sensors to feature this emerging Match-in-Sensor technology, Synaptics has earned a prominent position at the forefront of biometrics-based data security. As the deployment of our new Match-in-Sensor progresses, it will become increasingly clear that, while biometric-matching techniques may seem essentially similar, not all fingerprint authentication is created equal.
Senior Vice President and General Manager of Biometrics Products Division (BPD)