Fingerprint user authentication is safer and easier than requiring users to create, remember, and protect passwords, making it a preferred approach of merchants, banks, users, and third-party clearinghouses. Technological advances has spawned several different forms of fingerprint recognition.
Match-on-Host: The Current Standard
Sensing involves positively identifying the user by making a match with a known and secured “template” or record of the user’s fingerprint. The sensor is used initially to capture the data that creates the user’s record in an “enrollment” process, and then gets used during every subsequent access attempt to capture fingerprint data to compare with the stored template.
Virtually every implementation of fingerprint sensing today performs the matching process directly on the host system, whether a smartphone, tablet, PC, or a dedicated device purpose-built for security. As a result, the Match-on-Host architecture splits the functional requirements between the sensor IC that captures the data and a separate controller IC (often the application processor on a mobile device) used to run the software to make the actual match.
The use of host resources is a natural starting point for any new technology. For this reason, first-generation fingerprint sensors were simple devices limited to a single task: collecting the fingerprint data that would then be used by software running in the host to authenticate the user.
The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.
Two major selling points of the Match-on-Host architecture have been its low cost and short design-in time, which have enabled fingerprint sensing to be added to devices quickly and cost-efficiently.
Match-in-Sensor: The Next Generation
Architecture integrates the matching and other biometric management functions directly into the sensor IC. The IC contains a high-speed microprocessor, storage for instructions and data, secure communications, and high-performance cryptographic capabilities.
Because integrating multiple functions is the raison d’être of integrated circuits, this advance might not seem worthy of being designated a “next-generation” advance. Match-in-Sensor architecture applies both to the system and to the protection of a user’s unique biometric information. System-level security is enhanced with a range of improvements, including:
Fingerprint data and execution environment of the fingerprint matcher that are physically isolated from the host’s operating system, affording immunity from hacks or malware on the host.
The sensor performing biometric identification autonomously, without reliance on input from the host that might be compromised.
Input parameters for the matcher that are the live fingerprint information, which is captured, encrypted, processed, and protected on the sensor chip and its enrollment templates.
Ability to accurately verify authenticity, because the identification result is signed using a sensor-specific private key derived from the hardware.
Creation, storage, and management of crypto keys that represent the identity credentials being shared—these keys are also used to sign credentials to prevent malware with false information.
Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario.
With regard to the user’s biometric information, protection is enhanced through a number of features. First, the fingerprint data, including all of the features/characteristics extracted from it and all created templates, is processed only within the sensor’s on-chip CPU and storage. None of this information is ever shared or exposed to the host device. In addition, the enrollment database is located on private flash memory, isolated and physically accessible only by the sensor. Furthermore, the enrollment templates are encrypted and signed by the sensor using proprietary algorithms and strong cryptographic keys before being stored in the private flash memory.