Friday, July 14, 2017

11 Myths about fingerprint sensors and mobile ID

Photo of smartphone authentication testing
Photo Credit: ElectronicDesign

Smartphones and PC’a are highly attractive targets for cyber crime. The use of biometric identification has grown to protect mobile device users, but misconceptions remain about the security of fingerprint sensors and multifactor authentication.


  1. It’s easy to spoof a fingerprint
    Actually, it’s technically and logistically challenging to spoof a fingerprint. The time and work involved makes this hack more likely to be attempted with a high value target. New anti-spoofing algorithms make it even harder to succeed in spoofing a fingerprint.
  2. Optical scanners are less secure than other scanners because they store the whole fingerprint image
    The current standard for smartphones and PC’s using optical scanners is to create a “template” of your fingerprint that stores detailed information on key parameters. The rest of the scan information is discarded. The template is encrypted and stored. If someone was able to extract and decrypt the data, it would be useless in recreating your original fingerprint image.
  3. A fingerprint image can be recovered and used to access a stolen phone 
    As in #2 above, the actual fingerprint image is not stored on your mobile device, so your actual fingerprint image can’t be stolen from your mobile device and used to create a biometric ID.
  4. Multifactor biometric authentication on mobile devices is hard/expensive to do
    Phones and mobile devices already have fingerprint scanners and cameras. Other features including iris and voice recognition will follow. It's true that creating an algorithm to combine multiple biometric data into a single “trust score” is difficult and complex – a mix of science and art. This technology is rapidly advancing and expected to be available in the marketplace later this year.
  5. Contextual factors aren’t enough for mobile security
    Contextual factors – location, proximity, room monitoring – aren’t enough to provide mobile security yet, but in combination with biometric authentication, they can provide a strong and user friendly solution. An example, a smart watch that stays unlocked until you take it off.
  6. Fingerprint sensors have to be in the home button, or on the back of smartphones
    New fingerprint sensors can fit within the power button on the side of a smartphone. New sensors can also work under the glass so that no physical home button is needed.
  7. Bio authentication is just for security
    Bio authentication can also be used to customize user preference settings. For example, a car rearview mirror with iris scanner can authenticate a driver, customize the rearview mirror, driver’s seat and steering wheel positions, and adjust the music selection to user preferences.
  8. Optical scanners are too big and power hungry to be used in fingerprint sensors
    Technological advances have made fingerprint sensors small and efficient enough for mobile devices, while at the same time new algorithms are allowing more refined and detailed data from the fingerprint scan to be stored in the fingerprint template.
  9. All fingerprint solutions are equal, so cost should be the deciding factor
    Fingerprint sensors are available for a range of different technologies, security levels, power consumption and software solutions. The solution is really two part: sensor and software working together to strengthen security. Going the cheapest route could possibly expose phone makers or parties in the mobile payment system to liability if security features are shortchanged.
  10. Biometrics are too difficult/expensive the business environment
    Biometric authentication is far more secure than usernames and passwords. It also lessens the need for frequent password changes, or calls to IT for support. Biometrics are easier to support and maintain, making them more efficient and convenient in today’s cloud based business world.
  11. Encryption is enough to protect a fingerprint template file
    Encryption protects the fingerprint template as it’s stored. The data must also be protected when it’s decrypted and tested for a match. Several solutions are available with a tradeoff between cost and security:
    • Match on host – the host processor tests for a match
    • Separate secure element  – the match is tested on a separate integrated circuit, usually with its own secure memory
    • Match in sensor – the matching algorithm is embedded in the fingerprint sensor itself. This allows for authentication before the system boots up for access/use.


11 Myths About Fingerprint Sensors and Multifactor Authentication

By Anthony Gioeli, Jul 11, 2017 for ElectronicDesign / Industrial Automation

No comments:

Post a Comment