Fingerprint scanners aren’t just reserved for the very top-tier of smartphones these days, even your reasonably priced mid-ranger can come packing in the additional security hardware. Technology has moved on a lot from the early days too, so here’s a look at how the latest fingerprint scanners work and what the differences are.
Optical fingerprint scanners are the oldest method of capturing and comparing fingerprints. As the name suggests, this technique relies on capturing an optical image, essentially a photograph, and using algorithms to detect unique patterns on the surface, such as ridges or unique marks, by analysing the lightest and darkest areas of the image.
Just like smartphone cameras, these sensors can have a finite resolution, and the higher the resolution, the finer details the sensor can discern about your finger, increasing the level of security. However, these sensors capture much higher contrast images than a regular camera. These scanners typically have a very high number of diodes per inch to capture these details up close. Of course, it’s very dark when your finger is placed over the scanner, so optical scanners also incorporate arrays of LEDs as a flash to light up the picture come scan time. Such a design is a bit bulky for a smartphone though, where slim form factors are important.
The major drawback with optical scanners is that they aren’t difficult to fool. As the technology is only capturing a 2D picture, prosthetics and even other pictures of good enough quality can be used to fool this particular design. This type of scanners really isn’t secure enough to trust your most sensitive details to.
Much like the early days of the resistive touchscreen, you won’t find optical scanners used in anything but the most cost effective pieces of hardware these days. With increasing demand for tougher security, smartphones have unanimously adopted superior capacitive scanners.
The most commonly found type of fingerprint scanner used today is the capacitive scanner. Again the name gives away the core component, providing you’re familiar with a little electronics, the capacitor.
Instead of creating a traditional image of a fingerprint, capacitive fingerprint scanners use arrays tiny capacitor circuits to collect data about a fingerprint. As capacitors can store electrical charge, connecting them up to conductive plates on the surface of the scanner allows them to be used to track the details of a fingerprint. The charge stored in the capacitor will be changed slightly when a finger’s ridge is placed over the conductive plates, while an air gap will leave the charge at the capacitor relatively unchanged. An op-amp integrator circuit is used to track these changes, which can then be recorded by an analogue-to-digital converter.
Once captured, this digital data can be analysed to look for distinctive and unique fingerprint attributes, which can be saved for a comparison at a later date. What is particularly smart about this design is that it is much tougher to fool than an optical scanner. The results can’t be replicated with an image and is incredibly tough to fool with some sort of prosthetic, as different materials will record slightly different changes in charge at the capacitor. The only real security risks come from either hardware or software hacking.
Creating a large enough array of these capacitors, typically hundreds if not thousands in a single scanner, allows for a highly detailed image of the ridges and valleys of a fingerprint to be created from nothing more than electrical signals. Just like the optical scanner, more capacitors results in a higher resolution scanner, increasing the level of security, up to a certain point.
Due to the number larger number of components in the detection circuit, capacitive scanners can be a little pricey. Some early implementations attempted to cut the number of capacitors needed by using “swipe” scanners, which would collect data from a smaller number of capacitor components by quickly refreshing the results as a finger is pulled over the sensor. As many consumers complained at the time, this method was very finicky and often required several attempts to scan the result correctly. Fortunately, these days, the simple press and hold design is far more common.
The latest fingerprint scanning technology to enter the smartphone space is an ultrasonic sensor, which was first announced to be inside the Le Max Pro smartphone. Qualcomm and its Sense ID technology are also a major part of the design in this particular phone.
To actually capture the details of a fingerprint, the hardware consists of both an ultrasonic transmitter and a receiver. An ultrasonic pulse is transmitted against the finger that is placed over the scanner. Some of this pulse is absorbed and some of it is bounced back to the sensor, depending upon the ridges, pores and other details that are unique to each fingerprint.
There isn’t a microphone listening out for these returning signals, instead a sensor that can detect mechanical stress is used to calculate the intensity of the returning ultrasonic pulse at different points on the scanner. Scanning for longer periods of time allows for additional depth data to be captured, resulting in a highly detailed 3D reproduction of the scanned fingerprint. The 3D nature of this capture technique makes it an even more secure alternative to capacitive scanners.
Algorithms and cryptography
While most fingerprint scanners are based on very similar hardware principles, additional components and software can also play a major part in differentiating how products perform and what features are available to consumers.
Accompanying the physical scanner is a dedicated IC that deals with interpreting the scanned data and transmitting this in a useful form to your smartphone’s main processor. Different manufacturers use slightly different algorithms to identify key fingerprint characteristics, which can vary in speed and accuracy.
Typically these algorithms look for where ridges and lines end, or where a ridge splits in two. Collectively, these and other distinctive features are called minutiae. If a scanned fingerprint matches several of these minutiae then it will be considered a match. Rather than comparing the whole fingerprint each time, comparing minutiae reduces the amount of processing power required to identify each fingerprint, helps avoid errors if the scanned fingerprint is smudged, and also allows the finger to placed off-centre or be identified with only a partial print.
Of course, this information needs to be kept secure on your device and saved well away from code that could compromise it. Rather than uploading this user data online, ARM processors can keep this information securely on the physical chip using its Trusted Execution Environment (TEE) based TrustZone technology. This secure area is also used for other cryptographic processes and to communicate directly with secure hardware platforms, such as a fingerprint scanner, to prevent any software snooping. Approved pieces of none personal information, such as a password key, can only be accessed by applications using the TEE client APIs.
Qualcomm’s take on this is built into its Secure MSM architecture while Apple talks this up as the “Secure Enclave”, but it is all based on the same principle of keeping this secure data on a separate part of the processor that cannot be accessed by apps operating in the regular operating system environment. The FIDO (Fast IDentity Online) Alliance has developed strong cryptographic protocols that use these protected hardware zones to enable password-less authentication handshakes between hardware and services. So you can log into a website or online shop using your fingerprint without your unique data ever having to leave your smartphone. This is accomplished by passing digital keys rather than biometric data to servers.
Fingerprint scanners have become quite a secure alternative to remembering countless user-names and passwords, and the further roll out of secure mobile payment systems means that these scanners are likely to become a more common and crucial security tool in the future.