Synaptics' Next-Gen Fingerprint Sensor Security: The FS7600 Match-In-Sensorby Anton Shilov on August 6, 2018 3:00 PM EST
Fingerprint Spoofing Rejection
Ideally, both types of sensors (match-on-host, match-in-sensor) have to support a sophisticated technology that protects against spoofing. One of the strengths of fingers as identification is that they're hard to spoof, however it's not impossibly so. Meanwhile people leave their fingerprints around on virtually everything, so getting someone's fingerprint is often a lot easier than it would seem. This means a sensor needs to be able to reject items that have a fingerprint but aren't a human finger, such as gelatin or laxtex fingers. Otherwise, as we saw last year, it can be trivially easy to fake-out naive sensors.
Synaptics calls their proprietary solution PurePrint. The company doesn't talk about the technology in too great of detail, but the sensor is connected to a host using a TLS 1.2/AES-256 encrypted connection in order to prevent intercepting or faking a valid fingerprint.
Ultimately, while Synaptics is in both the MOH and MIS businesses, now that they have a MIS sensor they feel is competitive in terms of total matching time, the company is trying rather hard to justify why OEM customers should switch to a more integrated MIS solution. This means tactfully pointing out the security shortcomings of MOH sensors, such as the fact that it requires greater software support on the host OS (a particular challenge for non-PC devices) and the general insecurity of a general purpose system.All of which makes a sealed system preferable.
That said, it is not like MOH sensors are bad though — Synaptics’ Quantum Matcher works in SGX and Windows 10 VBS-protected environments, and neither has been cracked so far. Meanwhile, a high-performance CPU is by definition faster than any tiny IC in an MIS in matching hashes and performing all the other necessary operations. As a result, MOH solutions are typically going to provide a better user experience. Though with the FS7600, Synaptics thinks they're finally able to hit the right balance between security and performance/experience
Final Thoughts and a Glance into the Future
Overall, creating a match-in-sensor fingerprint solution that can perform similarly to match-on-host solutions is an important achievement for Synaptics. This is especially as the as the company looks to further grow their non-core businesses, and bite off a larger piece of the fingerprint sensor market. Of course, necessity is the mother of invention: Synaptics had to design an MIS as fast as the FS7600 because it needed a high-performance sensor compatible with Windows Hello for Business as well as Microsoft’s next-gen OS-based security tech. So for Synaptics the FS7600 is essentially a non-optional product. With that in mind, now that they have the FS7600, Syaptics is looking to compete for design wins in non-PC devices that benefit from a low response time (think door locks, vehicles, etc.).
Though with the FS7600 now complete, Synaptics’ already has an eye towards their own future products. The company is developing its next generation of products, including investigating how to harden their products against ever-improving quantum computers. To that end, the company’s specialists are looking into beyond-AES-256 algorithms that will be "qubit-proven," meaninging they cannot be factored even when a quantum computer is applied.