Show Menu

Biometric Fingerprint Technologies Cheat Sheet by

security     technologies     biometric     fingerprint


Finger­print user authen­tic­ation is safer and easier than requiring users to create, remember, and protect passwords, making it a preferred approach of merchants, banks, users, and third-­party cleari­ngh­ouses. Techno­logical advances has spawned several different forms of finger­print recogn­ition.

Match-­on-­Host: The Current Standard

Sensing involves positively identi­fying the user by making a match with a known and secured “template” or record of the user’s finger­print. The sensor is used initially to capture the data that creates the user’s record in an “enrol­lment” process, and then gets used during every subsequent access attempt to capture finger­print data to compare with the stored template.


Virtually every implem­ent­ation of finger­print sensing today performs the matching process directly on the host system, whether a smartp­hone, tablet, PC, or a dedicated device purpos­e-built for security. As a result, the Match-­on-Host archit­ecture splits the functional requir­ements between the sensor IC that captures the data and a separate controller IC (often the applic­ation processor on a mobile device) used to run the software to make the actual match.

The use of host resources is a natural starting point for any new techno­logy. For this reason, first-­gen­eration finger­print sensors were simple devices limited to a single task: collecting the finger­print data that would then be used by software running in the host to authen­ticate the user.

The functions performed in software include identi­fic­ation of finger­print charac­ter­istics, creation of a secure biometric asset (the finger­print template), storage of the asset, and matching a newly created finger­print template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the finger­print data.

Two major selling points of the Match-­on-Host archit­ecture have been its low cost and short design-in time, which have enabled finger­print sensing to be added to devices quickly and cost-e­ffi­cie­ntly.

Match-­in-­Sensor: The Next Generation

Archit­ecture integrates the matching and other biometric management functions directly into the sensor IC. The IC contains a high-speed microp­roc­essor, storage for instru­ctions and data, secure commun­ica­tions, and high-p­erf­ormance crypto­graphic capabi­lities.


Because integr­ating multiple functions is the raison d’être of integrated circuits, this advance might not seem worthy of being designated a “next-­gen­era­tion” advance. Match-­in-­Sensor archit­ecture applies both to the system and to the protection of a user’s unique biometric inform­ation. System­-level security is enhanced with a range of improv­ements, including:

Fingerprint data and execution enviro­nment of the finger­print matcher that are physically isolated from the host’s operating system, affording immunity from hacks or malware on the host.
The sensor performing biometric identi­fic­ation autono­mously, without reliance on input from the host that might be compro­mised.
Input parameters for the matcher that are the live finger­print inform­ation, which is captured, encrypted, processed, and protected on the sensor chip and its enrollment templates.
Ability to accurately verify authen­ticity, because the identi­fic­ation result is signed using a sensor­-sp­ecific private key derived from the hardware.
Creation, storage, and management of crypto keys that represent the identity creden­tials being shared­—these keys are also used to sign creden­tials to prevent malware with false inform­ation.

Even if the host is completely compro­mised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identi­ty-­aut­hen­tic­ation subsystem will remain secure even under a worst-case scenario.

With regard to the user’s biometric inform­ation, protection is enhanced through a number of features. First, the finger­print data, including all of the featur­es/­cha­rac­ter­istics extracted from it and all created templates, is processed only within the sensor’s on-chip CPU and storage. None of this inform­ation is ever shared or exposed to the host device. In addition, the enrollment database is located on private flash memory, isolated and physically accessible only by the sensor. Furthe­rmore, the enrollment templates are encrypted and signed by the sensor using propri­etary algorithms and strong crypto­graphic keys before being stored in the private flash memory.

Download the Biometric Fingerprint Technologies Cheat Sheet

2 Pages

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          More Cheat Sheets by Davidpol

          10 Little-Known Rules in the Art of Listening Cheat Sheet
          The Twelve Steps of QAPI Cheat Sheet