For the technically inclined

Apple Reveals More Details of Touch ID for iPhone, iPad & beyond (Patently Apple)

Generally, capacitive fingerprint sensors may be used to determine an image of a fingerprint through measuring capacitance through each capacitive sensing element of a capacitive sensor. Thus, fingerprint ridges provide a higher capacitance in an underlying capacitive sensing element than do fingerprint valleys.

Capacitive fingerprint sensors come in at least two varieties, namely active and passive. Active capacitive sensors are often used in electronic devices to provide biometric security and identification of users.

A long discussion, based on Apple patent filings, of what Apple’s future fingerprint technology may look like follows.

More iTouch hack push-back

Why I Hacked Apple’s TouchID, And Still Think It Is Awesome. (Lookout)

Despite being hacked, TouchID is an exciting step forwards for smartphone security and I stand by our earlier blog on fingerprint security. Hacking TouchID gave me respect for its design and some ideas about how we can make it strong moving forward. I hope that Apple will keep in touch with the security industry as TouchID faces its inevitable growing pains. There is plenty of room for improvement, and an exciting road ahead of us if we do this right.

Read the whole thing. It’s good.

Our post on the CCC hack are here.

UPDATE:
Touch ID was hacked, but no one cares (ITWeb)

It’s Official: New iPhone really does have a fingerprint reader

Well, the rumors were true. Apple has included a fingerprint sensor in its newest iPhones. It’s hard to escape the conclusion that his is a big deal for mobile biometrics even though the biometric capability in the iPhone is limited to unlocking the device. Still, that’s not nothing and I expect that eventually, app developers will be given access to the reader. 
Even if they aren’t, Apple’s addition of fingerprint a sensor probably foreshadows their inclusion by all sorts of handset manufacturers. Motorola already has a history there; Samsung certainly won’t be left behind as mobile ID surges forward; Microsoft/Nokia + Windows 8 will almost certainly join the fray; moreover, we’d expect all of those companies to have a more laissez faire attitude than Apple toward turning future fingerprint hardware over to third party developers.*

*The preceding paragraph was revised on 24 Sept. 2013 it originally read, “Even if they don’t, Apple’s addition of fingerprint a sensor probably foreshadows their inclusion by all sorts of handset manufacturers. Motorola already has a history there and Samsung certainly won’t be left behind as mobile ID surges forward. “

Fingerprint sensors market $255 million by 2018

Global fingerprint sensors market the most popular form of biometric technology — The global fingerprint sensors market has been forecast to hit a value of US$255 million by 2018, driven by technological advancements and growth in several Internet applications. Social networks’ demand for a robust mechanism for securing the digital identity of users represents another important growth driver. (Companies & Markets)

Mobile fingerprint biometrics: Show me the sensor

Meet the Australian biometrics company working with Apple on ID technology (Smart Company Australia)

The head of an Australian biometrics company which scored a key contract with Apple says the future of mobile technology will be closely linked with fingerprint scanning and other ID tech, especially as phones and payment systems become entwined.

See yesterday’s post. Here’s a snippet.

Perhaps the greatest hurdle to mobile biometrics has been a mobile hardware chicken-and-egg problem.

So far, speculation about Apple’s future plans notwithstanding, and the short-lived Motorola Atrix, mobile handset manufacturers haven’t been willing to drive up handset costs by adding biometric sensor hardware to a device when there aren’t any applications that use it. Application developers won’t develop applications that can’t be deployed.

Barring a reversal where handset manufacturers add hardware to the devices, the only way out for biometric application developers is to use hardware that is already standard issue on mobile platforms. Besides using the touch-screen for some sort of behavioral biometric application, that means using the phone’s microphone for voice and camera for face, and now, perhaps, palm-based biometrics.

A lot of very smart people are talking like mobile device + fingerprint + NFC + payments is going to happen. Fingerprint sensors have to start showing up on mobile devices first, though.

Fingerprint Sensor Innovation

Worlds First Non-Optical, FBI Certified Four-Finger Scanner (Press Release)

The [Thin Film Transistor] TFT sensor has an active image area of 3.0 x 3.2, a resolution of 500dpi, and is less than 1mm thick. Ultra-Scan has begun miniaturization of the sensor control electronics to a single Application-Specific Integrated Circuit (ASIC) that, when complete, will result in an integrated sensor and control electronics package measuring 3.5 x 3.5 x 0.25, powered by USB, and suitable for a variety of mobile fingerprint collection applications.

In the business, we call a multi-fingerprint reader a “slap” reader — well, some of us do anyway.

For now, the least costly single print readers, and all the slap readers I know of, are optical readers with a glass platen and some sort of internal light source for capturing an image of a fingerprint. This form factor dictates a certain hardware depth dimension, usually two inches or more. As for the single print readers, in many many applications a two inch hardware depth isn’t a deal-breaker and price is an object. With the slap readers, even though they’re expensive and heavy there are enough applications where only a slap reader will do.

So for a single print reader, if a customer can accept the depth, price comes down.  If a customer has to have a slap reader, they have to accept the depth associated with optical sensors.

As mentioned above, there are a whole lot of applications where optical sensors make the most sense. Mobile, however, isn’t one of them. In mobile hardware, two inches of depth is a deal breaker at any price. Mobile devices will definitely be integrating these thin film transistor-type sensors (I’ve also seen non-optical hardware called semiconductor scanners, and capacitive readers).

Shrinking the depth of a slap reader while increasing the maximum size of a capacitive reader opens up all sorts of possibilities for mobile devices such as the capability of having the back of a mobile phone recognize users’ partial palm print as they hold the device naturally.

This seems like a pretty big deal but my guess is this type of fingerprint sensor is going to be hugely expensive for a while. But that’s the way these things go. They’re expensive before they’re cheap.

Fujitsu Releasing Windows Tablet with a Fingerprint Reader

Updated and bumped…

Fujitsu Is Bringing New Tablet to Legal Market (Law.com)

Because of its computer-level power, the Stylistic Q702’s battery life is a fraction of the iPad’s; however, an optional attachable keyboard dock bumps the battery up to about nine hours. Meanwhile, it comes with a number of security-related features, including HDD and BIOS password protection, an embedded TPM (Trusted Platform Module), and a biometric fingerprint scanner.

Tablets are working their way into business process in several large sectors of the economy. Typical username/password authentication is even less convenient on tablets than computers with keyboards.

UPDATE:
Fujitsu, DoCoMo and NEC: let’s go and get some chips (Mobile Entertainment)
Japanese giants form JV to make processors and reduce dependency on third parties. Fujitsu says its new LTE hardware will offer near field communication (NFC) and biometrics.

“It brings together data from all the sensors.”

It looks like the US Military is developing the Mother of All (Data)bases — a military intelligence MOAB, if you will.

Integrated Intelligence Framework Takes Shape (GlobalSecurity.org)

This state-of-the-art battlefield intelligence, reconnaissance and surveillance architecture will enable analysts from every service to take data from multiple military and government sensors and databases and compile them into a single, easy-to-access format, he explained.

DCGS-Army, already fielded in Afghanistan as it undergoes operational testing and evaluation, provides a glimpse into that intelligence enterprise.

“It brings together data from all the sensors,” Wells said, regardless of whether they’re based in space, on aircraft or on the ground — even biometric data collected by a soldier at a local forward operating base — and incorporates it into a single platform.

See also:
What if? Online Real-Time Searchable Sensor Data

The original MOAB is here. (You Tube)

Fingerprint at a Distance

New fingerprint reader captures prints from 6 meters away (al.com)

IDair makes a machine that Burcham says can photographically capture a fingerprint from as far away as six meters in enough detail to match against a database. Add facial and iris-recognition technology, Burcham said, and you have the basis for a good biometrics system that can control access to any building or room within a building.

Who needs this level of security? “Sooner, rather than later, we’re all going to need it,” Burcham said in a recent interview at his office at Huntsville’s HudsonAlpha Institute for Biotechnology.

Biometric Systems: Hacking from the Outside In

Behind all the techno-jargon, Biometric bugs too dangerous for public? (ZDNet) is about biometric lock picking.

In the software world, if your system has a weakness, you can just fix the software, push out an update, and voila, all is well. If, however, your sensor hardware is buggy (i.e. the lock is easy to pick), you face the much more painful prospect of fixing/replacing each sensor.

Read the whole thing. The topic is very interesting from a technical point of view and does a good job of not overly hyping the issue.