The use of handprints in authentication dates back to 1858 when Sir William Herschel, Chief Magistrate, introduced the identification via handprint for his civil service employees in India. It took about 4o years for a fingerprint scientific classification system to emerge – in 1892 Sir Francis Galton developed minutiae for all ten fingers that are still being used in our time.
Fast forward to the 20th century and we find the fingerprinting system in use by many law enforcement structures. The year 1969 marked the beginning of exact automation in this field, for which the FBI cooperated with the National Institute of Standards and Technology (NIST). The automated U.S. fingerprinting system became known as the AFIS, becoming IAFIS (Integrated AFIS) in 1999: a database of collected fingerprints for criminal checks, employment, social services programs and so on.
Fingerprint as a smartphone authentication method
The fingerprint authentication migrated into the telecommunications world when Motorola launched on 22 February 2011, just before getting absorbed by Google, the first phone with a fingerprint scanner. The Atrix phone shipped with what was then considered an extraordinary feature – a brand new fingerprint reader placed on top of the phone.
Apple’s iPhone 5S took this feature to mainstream and associated it with its 2013 smartphone. Its fingerprint recognition system, Touch ID, serves both for unlocking the mobile device and for authenticating on App Store and iTunes. The Touch ID second generation debuted in 2013, being twice as faster.
HTC One Max followed in late 2013 with its fingerprint recognition system that identifies up to three fingers.
Samsung continued the trend by bringing the fingerprint recognition feature into his Samsung Galaxy Alpha 4G in 2014.
Although fingerprint scanning in smartphones is based on various technologies, the concept is basically the same: why rely on passwords for authentication, when the fingerprint ID can make sure no one besides the right person accesses a protected device? Of course, there are also disadvantages, such as the risk of criminals obtaining a fingerprint mold or picture and using it to fool the scanner.
Used either as the sole means of authentication, or as part of MFA, this biometrics method gradually gained traction, being also embedded for certain laptop types.
USB fingerprint scanners are also available for purchase on the market at an approximate price of $100.
Fingerprint scanners explained
- As the above-given source explains, there are two types of scanners, optical scanners and capacitance scanners.
The optical scanner stores the reference image of a fingerprint, taken by using an electrical signal when the finger is placed on top of the incorporated glass plate, and compares it against ulterior images to see if it fits. Its core component is the charge-coupled device (CCD) also known as the light sensor system (as in digital cameras).
The capacitance scanners use electrical current instead of light in the process of image display. Each sensor consists of an array of cells, connected to an integrator, built around a inverting operational amplifier. The finger acts as a capacitor plate when placed on the sensor-embedded surface and the fingerprint voltaic map (rather than actual image) is recorded/compared with the stored pattern – for validation.
Capacitance scanners are harder to trick. Where the optical scanner could be fooled by using the image of the fingerprint, the capacitance scanner requires the actual fingerprint mold in order to work, since it perceives the valleys and ridges specific to human fingertips.
- Another classification for fingerprint scanners would be embedded (into various devices) and autonomous.
The most popular autonomous scanners on the market apparently are the Verifi P2000 (non-optical), Fingkey Hamster II (optical) and the BioMini (optical). When choosing the desired fingerprint recognition device, pay attention to its DPI (500 and higher), its weight (especially if you need to move it around) and its dimensions.
In what embedded or integrated scanners are concerned, there are currently a lot of smartphones and tablets that possess this feature.
Here you may find a list of fingerprint scanners-enabled smartphones dating from December 2015. It features iPhones, Samsung smartphones, Motorola, HTC and various other mobile phones – and its declared aim is to have summarized all the available smartphones endowed with fingerprint readers (25 entries).
When it comes to just Android phones competing for the best fingerprint scanner protection, Samsung Galaxy Note 5 leads in this top, a top that also accommodates the OnePlus 2, the Meizu MX5 or the ZUK Z1 phone.
On the lower end of the spectrum, the ZTE Blade A1 has been crowned as the worldwide cheapest fingerprint authentication smartphone (under $100).
Lenovo also revealed in January that all 2016’s Moto-branded smartphones will come with incorporated fingerprint scanners.
The cyber-security issues of fingerprints storage
On a more prudent note, some have raised the question of better cyber-security guarantees needed for these devices that end up storing the users’ fingerprint images.
When storing such sensitive data on a device, identity theft might loom at the horizon. Unlike passwords, a person’s fingerprints remain the same and potentially serve in unlocking any account or device that has this authentication method preset. They cannot be changed or annulled, and once compromised the person is unable to use this authentication method ever again. Various phone types provide various degrees of protection for the stored fingerprints; however even the high-end devices keep unencrypted fingerprints in local storage (Android phones, for example).
Therefore stealing someone’s fingerprint image or mold could provide a universal entry point to various digital locations.
Considering this, tech-embedded flaws and backdoors considerably increase the risks when phones have stored fingerprints in their memory. Recently, two researchers from Michigan State University proved that a mobile phone’s fingerprint sensor can be hacked in a matter of minutes, even excluding the backdoor entry possibility – imagine that!
Fingerprint authentication will most likely reach a larger scale of use with the upcoming IoT deployment, which makes new ubiquitous standards even more crucial when it comes to ensuring a better security. Otherwise, this authentication method is a risk factor, wrapped in a false sense of security – a trap.
