Have smartphone fingerprint readers heat sensors

This is how fingerprint sensors work

Numerous smartphones are now equipped with biometric functions to make access by strangers more difficult. Even if a PIN or password is considered secure, it is comparatively difficult to forge a fingerprint. The Chaos Computer Club was able to crack the first use of Touch ID in the iPhone 5s in 2013 by taking a high-resolution photograph of a fingerprint, printing it out and filling it with white wood glue.

Even if every fingerprint is theoretically unique in the world, even with identical twins, there is a certain error rate that results from the principle of recognition. Because usually only a partial section is used to compare fingerprints, but not the entire possible fingerprint, which is why similarities between two different fingerprints are potentially significantly greater and lead to the error rate.

In the meantime, the technology behind the fingerprint sensors has even found its way into entry-level models, as the Gigaset GS170 or Archos Neon 45 prove. Most of the models available in the mid-range are also equipped with a fingerprint sensor, and in the premium range the technology is practically part of the basic equipment.

Reason enough for teltarif.de to take a closer look at the technology used.

Three methods, one goal

Without it, almost no longer works: The fingerprint sensor in the smartphone
Image: teltarif.de There are currently three different technologies for recognizing fingerprints for smartphones, two of which are currently in use: the optical and the capacitive method. Both have in common that they first take a picture of the fingerprint and use it as a comparison when trying to unlock the device. The third method is based on ultrasound and is still in the middle of development.

The only difference between the two methods currently used is the way in which the image of the fingerprint is made and then checked.

Optical sensor

The basis of every optically working fingerprint sensor is a charge-coupled component below the sensor surface, which is commonly referred to as a CCD. In principle, this is a sensor like the one used in simple digital cameras or camcorders.

The light-sensitive diodes placed on the chip convert a recorded image into electrical signals with the help of an analog-to-digital converter, a kind of digital pattern, which in turn is processed by the sensor software. Such an optical fingerprint sensor usually has its own light source, but the image is stored inverted for better processing. The darker an image area, the more the light is reflected. Dark areas represent papillary ridges - the familiar pattern of a fingerprint, or finger grooves - while light areas are the spaces between the grooves. Schematic representation of an optical fingerprint sensor
Image: Humboldt-Universität Berlin / lecture fingerprint systems During the unlocking scan process, the CCD sensor takes a new image of the finger that is currently placed in order to compare it with the stored fingerprint. If the illumination is too low or too strong, the luminosity of the integrated light-emitting diodes is adjusted to take a better picture for comparison. Using various algorithms, the original and the image are compared with one another to determine whether they are the same imprint.

Capacitive sensor

In principle, a capacitive sensor works in a similar way to its optical counterpart: It records a (digital) pattern of the papillary ridges of the finger. However, not with the help of light-emitting diodes, but with electrical voltage. For this purpose, an array of thousands of tiny capacitor cells is housed on the sensor chip, the electrical charge of which changes when the finger is placed on a conductive silicon layer as a plate. Together with the conductive finger surface, these cells form a capacitor, from which a capacitive charge image is created. This in turn arises from the papillary lines on the skin surface of the finger, because the air layer between the skin, the grooves and the conductive surface does not affect the voltage of the capacitor cells at all.

Using an operational amplifier with an integrated circuit - also known as an op-amp - and a simple analog-to-digital converter, the electrical signals can finally be converted into a digital image. From here on, a capacitive fingerprint sensor works like an optical sensor: The scanned pattern is compared with the template, analyzed and, if it matches, the device is unlocked. Schematic representation of a capacitive fingerprint sensor
Image: Vivek Hegde / Slideshare Since the prices for capacitive fingerprint sensors were still very high in the early days, some manufacturers tried to reduce costs by reducing the number of capacitor cells. Such sensors can be recognized by the fact that the finger has to be swiped over them. Examples of this are the Galaxy S5 and the Galaxy Note 4 from Samsung.

Diffusion, ultrasonic principle

Wide spread

While an optical sensor for recognizing fingerprints is technically the simplest construction, these are no longer used at all in mobile devices these days. The reason for this is that an optical scanner can be tricked with a simple print of a fingerprint on paper. A simple, high-resolution photo is enough. An electrically conductive fingerprint is a lot more difficult to forge, if not impossible, as the Chaos Computer Club has proven time and again with Apple and Samsung smartphones.

In addition, the space required is considerably larger compared to capacitive technology. In times when smartphones are getting thinner and thinner, such a large sensor would be a huge disadvantage in the competition. In addition, due to mass production and progressive development, the costs for capacitive fingerprint sensors have fallen to such an extent that this technology can be installed in simple form in smartphones in the lower price ranges without any problems. Due to the high error rate in the recognition, which in turn caused several attempts to recognize fingerprints and the resulting criticism from users, the approach of an optical fingerprint sensor in smartphones has not become widely accepted.

Capacitive sensors, in which the finger is placed, have again established themselves because they are the easiest to use. In addition, further functions have been added over the last few generations, ranging from simple swiping gestures to pressure sensitivity. The US company Synaptics, which specializes in touchpads and their control software, has a sensor in its portfolio with the FS4600, for example, which can also function as a capacitive control button. Say, as a back or menu button for Android devices, for example.

Ultrasonic sensor

Not quite ready for the market yet, but has been under discussion for a long time as a third method for recognizing fingerprints is an ultrasound process. The advantage of this technology lies in the fact that such a sensor fits easily under the display glass, which in theory allows new device designs. The touchscreen itself becomes a fingerprint sensor and is not limited to a small, defined area in the form of a button. Virtually the entire display could be used to unlock with a fingerprint. It can also be used to scan dirty and dry fingers, which is not possible with either optical or capacitive sensors.

In order to recognize the fingerprint, an ultrasonic wave is emitted which, depending on the nature of the finger surface, is reflected and thrown back or absorbed by the skin. A characteristic finger pattern can be created via the sensor's receiving module based on the reflected sound waves. Here, however, the mechanical stress of the surface is registered and not listened to with a microphone - even if sound waves may imply this for some. The result is a 3D model of the finger surface the longer the finger is scanned. In this way, an ultrasonic unlocking sensor is considered even safer and harder to outsmart compared to a capacitive fingerprint sensor.

It is not yet possible to say when the first devices with an ultrasonic sensor will be available. Qualcomm and Vivo have at least demonstrated a first working prototype. Fingerprint recognition is still slow compared to competing technologies, which is why the first commercially available smartphones cannot be expected until 2018 at the earliest. LG and Samsung are working on their own solutions to install fingerprint sensors in the display. However, Samsung has significant problems with the even illumination of the display, which is also the reason that, contrary to initial rumors, the Galaxy Note 8 does not yet have a fingerprint sensor built into the display. The Galaxy S9 should also appear in the display without the technology.

Security and cryptography

However, a sensor alone does not make a good overall package. The software and additional ICs (integrated circuits) to analyze the scanned data play a major role in the simple use of a fingerprint sensor. Almost every manufacturer uses its own algorithms and ICs, which manifests itself in the different functions, speed and hit rate of the sensors. Specifically, such adapted algorithms search for branches, ends, spirals and interruptions in the papillary grooves and where they connect. These features are called minutiae and are ultimately the details that are used when comparing the fingerprint.

Restricting a fingerprint to up to 40 minutiae, limited to the fingertip, results in lower computing power required. In addition, a finger does not have to be exactly in the middle of the sensor and it can also be dirty. In short, recognition is accelerated because the entire fingerprint does not have to be analyzed every time. Functionality for the secure storage of data such as fingerprints in the ARM TrustedZone module
Image: ARM (TrustZone Whitepaper) Permitted fingerprints for unlocking are stored in a separate chip in the built-in ARM processor of the device, which is known as the Trusted Execution Environment (TEE) or TrustedZone. This chip communicates directly with security-critical hardware such as a fingerprint sensor and can only be addressed via the TEE's client APIs. This effectively puts a stop to spoofing attacks. Among other things, website logins that require a fingerprint work in this way. Additional cryptographic protocols from the FIDO alliance (Fast IDentity Online) are used here.

Read in another article why an iris scanner in a smartphone is not a reliable substitute for fingerprints.