Fingerprint Sensor Technology And Security Requirements

What’s behind fingerprint sensors and how secure are they?

popularity

Biometrics is a technology that uses a human’s biological features, such as facial characteristics, fingerprint patterns, retina, DNA or behaviors (voice and signature) to authenticate a person’s identification and authorize specific actions. Of all of them, fingerprint analysis technology is the most mature and has the widest acceptance.

Several factors contribute to fingerprint technology’s popularity over other biometrics: it is recognized as a legal representation of a person’s signature, and its reliability as a fingerprint pattern does not change over a person’s lifetime. Most significant is the required low hardware cost and high portability — it only takes 120Byte to 180 Byte (~1kbit) of memory to store a set of unique features (minutiae) that represents a fingerprint.

Fingerprint analysis theory
Fingerprint patterns are first captured either using an optical sensor or a capacitive sensor as shown by the conceptual diagrams below.

fingerprint-sensor-security-fig1

Source: Micro-Electronics (http://bit.ly/1TplVf8)

In either case, once captured, the raw data is processed (segmentation/filtering/ contrast enhancement/re-oriented/gabor filtering/binarization/thinning/feature extraction) to extract the essential data called minutiae. “Bifurcation” and “ridge endings” are two types of minutiae captured in the following diagram.

fingerprint-sensor-security-fig2

Source: Embedded.com (http://ubm.io/2dWH9ph)

A pattern or “map” of the minutiae is stored in a database as a representation of the fingerprint. In essence, what’s stored in the memory is not the fingerprint itself but a set of key minutiae (see below).

fingerprint-sensor-security-fig3

Source: Engadget (cool3c.com) (http://bit.ly/1U9LnHz)

Below is a block diagram illustrating the fingerprint identification process.

fingerprint-sensor-security-fig4

Source: Embedded.com (http://ubm.io/2egHYbnv)

In general, every fingerprint has up to 50 unique minutiae. According to the Henry Classification System, only 13 are needed to identify a unique fingerprint. In digital format, this is equivalent to 120Byte to 180Byte (~ 1Kb) of data, making it easy to store in a limited space, such as a passport, credit card or wearable devices.

Security concerns
Needless to say, the memory media storing such important data should have high security strength against hacking and anti-fuse technology represents an ideal vehicle for such applications. Anti-fuse technology has the highest content protection while being low cost and highly portable, and provides large capacity in a small form factor allowing for a flexible storage scheme depending on the level of security required. For example, a 128Kb anti-fuse memory can provide up to a 100 set database for average security requirements or a 50 set database in high security applications.

Interesting enough, biometrics are not secret. For instance, a person’s facial characteristics are quite public. Fingerprints are similar because they are on everything we touch with our fingers. Thus, hacking into the memory is not the only way to retrieve the fingerprint database.

It is suggested that multi-factor and multi-modal authentication should be used in conjunction with fingerprint analysis. Personal devices such as smartphones, wearables, or RFID cards, therefore, can all be used as means of co-authentication. That is, a set of fingerprints is authenticated only if it is stored in pre-designated devices such as a mobile phone.

Again, anti-fuse memory is an idea solution for this multi-factor/modal authentication scheme because of its highly secure and large memory capacity to store crucial identification data such as keys and calculation algorithms.

TDDI: Fusion of display and touch
The name TDDI — or Touch and Display Driver Integration — was coined by Synaptics in 2014 after acquiring Renesas’ SP Driver division. It is a concept that combines display driver IC and touch sensor IC into one single chip. Another name is Integrated Driver and Controller (IDC) named by FocalTech (+ Orise). Examples of other IC companies in this arena are Melfas, Novatek, Himax and Ilitek(Mediatek/MStar).

The trend to integrate driver IC and sensor IC into one stemmed from the progression of on-cell to in-cell technology (see illustration below). “Cell” is the display panel, which consists of multiple layers including the TFT. When touch sensor layers (TX & RX) are placed on top of the cell, it is called “on-cell.” If the sensor layers are integrated inside the display panel, it is called “in-cell.”

fingerprint-sensor-security-fig5

Source: Digitimes (http://bit.ly/2eOqvYu)

In-cell technology provides many benefits. When touch sensor layers are integrated into the display, there are fewer reflective layers (as shown below), allowing a more transparent, brighter (>10% brighter) and more colorful display. As light throughput is improved, battery life is prolonged.

fingerprint-sensor-security-fig6

Source: EEWorld (http://bit.ly/2f71NRp)

In the case of portable devices, such as mobile phones where every inch counts, a thinner panel means more space for bigger battery and more memory. Combining the driver and touch into one simplifies interconnects, reduces the number of ICs, allows for a one-stop solution and cuts the bill of materials (BOM) and form factor. For a designer, it opens up many possibilities, including better response synchronization between touch and display and allowing for more advanced features.

The diagram below tracks the trend toward TDDI (represented in blue) versus an independent driver and touch IC. By 2017, 2/3 of smart phones panels will incorporate TDDI solutions.

fingerprint-sensor-security-fig7

Source: EEWorld (http://bit.ly/2f71NRp)

Non-volatile memory issues
One of the challenges in combining the two chips into one is the memory needed to store (sensor) user configuration codes and display calibration data.

Typically, touch sensor ICs are fabricated in the sensor voltage (SV) process. Because display ICs are high voltage (HV), integrated TDDI are also HV.

Current TDDI solutions require external flash because embedded non-volatile memory (eNVM) solutions are not available in the HV process. The ultimate solution would be to integrate the memory into the chip that would affect cost, performance, BOM, and offer smaller area with less passive components.

Antifuse solution is considered a leading candidate for such topology. Antifuse technology is readily available and can be easily ported to the advanced HV process with the shortest qualification cycle. Readers may question whether embedded Flash, which allows many times update (erase/program), can be accommodated. For example, in Synaptics 40HV, the requirement is 40 banks of 8Kbit. It can be addressed by an antifuse solution because its bitcell area is small, allowing for the construction of the large density (up to Mbit, segmented for psudo-MTP) required in TDDI applications.