November 13, 2015 -
In a report in Electronic Design, Synaptics’ VP of marketing Anthony Gioeli addresses the two common fingerprint authentication methods — Match-on-Host and Match-in-Sensor — and ultimately makes a convincing argument for the latter technique.
Match-on-Host technology, which is the industry standard, comprises of the fingerprint sensor reading the biometric fingerprint data and sending it to the host processor or other external processor for processing.
This architecture divides the functional requirements between the sensor IC that captures the fingerprint data and a separate controller IC (typically the application processor on a mobile device) that is used to operate the software to make the fingerprint match.
In this fingerprint authentication technique, all of the processing and matching work is done on the host platform itself.
This architecture offers the advantages of being affordable and having short design-in time, enabling fingerprint sensing to be integrated into devices a fairly rapid and cost-effective manner.
These benefits of Match-on-Host have led to innovations in related areas, such as the Fast Identity Online (FIDO) Alliance’s formation of the Universal Authentication Framework (UAF).
Despite this, the Match-on-Host technique is far less secure than the Match-in-Sensor architecture.
Match-in-Sensor technology is a fully encapsulated system-on-a-chip (SoC) architecture in which the fingerprint matching and other biometric management functions (fingerprint enrollment and pattern storage) are directly integrated into the sensor IC.
The architecture offers an advanced level of security that protects both the system and a user’s unique biometric data.
The fingerprint data is completely protected by several key practices: the data is processed only within the sensor’s on-chip CPU and storage, the enrollment templates are encrypted and signed by the sensor, and finally, they are stored in the private flash memory.
If the system is ever successfully breached by an attack, the hacker will be unable to steal any of the user’s biometric data.
In the end, Synaptics’ Gioeli makes a strong case for the use of Match-in-Sensor fingerprint technique as it does not require biometric data to be shared between the fingerprint module and the host device, which reduces the chance of biometric data being stolen in the case of a successful breach.