Sections

Services

Information

UK United Kingdom

iPhone 5S fingerprint scanning: thumbs up or down?

Technology to acquire and use biometric data such as fingerprints has been around for several decades and has made its way from forensic investigation to laptop computers – and now, with this week’s introduction…

Say hello to your new iPhone passcode – so how do fingerprint scanners work? dhammza

Technology to acquire and use biometric data such as fingerprints has been around for several decades and has made its way from forensic investigation to laptop computers – and now, with this week’s introduction of iPhone 5S, to smartphones.

Will it be useful and is it here to stay?

Biometric basics

Biometric systems capture biometric patterns (a person’s identifying characteristics or traits) using a sensor, such as a camera or scanner.

There are two main phases of the process:

  1. Enrolment phase: features are extracted from a sample (such as a fingerprint) to create a template for the user.
  2. Verification phase: when a sample is later presented to the system, features of that sample are matched against the template. If the match is strong enough, the claim of identity is accepted - otherwise, it is rejected.

Implementations of such systems face many challenges because of variations and imperfection in the presentation of the pattern between enrolment and verification.

CPOA

For example, with fingerprint scanners, a different part of the fingertip may be imaged and it may be rotated.

Besides, some people lose their fingerprint patterns because of burns, and working hands may sometimes be dirty. On top of these, the accuracy of a biometric such as a fingerprint is not anywhere near that of DNA analysis.

Sensor technology and algorithms have, however, improved tremendously over the past couple of decades. Costs have come down and computing power on phones has increased. Time may now be ripe for biometrics on personal devices.

Picking up patterns

Apple iPhone 5S utilises new fingerprint scanning technology – using low frequency radiowaves to map the patterns in the inner dermis (the layer of the skin just below the outer layer, or epidermis, shown in the image below).

Wikimedia Commons

The scanned image of the fingerprint will be unaffected by damage to the outer skin layer.

Although patterns on the outer layer involve ridges, valleys and minutiae that can be easily copied from prints left on objects such as door handles or coffee cups and used to create artificial fingerprints, such attacks on security will be more difficult with new technology.

However, the false accept and false reject rates of the new fingerprint image, and the algorithm that Apple uses to verify identity with it, are not known. They can be expected to be equal or better than the use of a four-digit code (or one in 10,000).

Why use fingerprint scans?

A very good reason for fingerprint technology to find its way on the phone now is the need for increased security since smartphones are used to make online purchases. Many consumers prefer to turn off phone lock codes.

Pink Sherbet Photography

Fingertip based verification is done without any extra effort on the part of the consumer and is user-friendly. Transactions such as purchases from iTunes are completed using an identity code (such as the AppleID) and a corresponding password.

Entering the password usually takes a few seconds and the fingerprint verification could make it unnecessary to enter a password as frequently as it is required now without compromising on security.

Further, passwords entered in public places using the keypad, or as a traced pattern on the screen of a phone, are susceptible to be lost by “looking over the shoulder” and fingerprints are not revealed in the same manner.

Another reason for the use fingerprints on phones so much later than their use on laptops may be attributed to the availability of sufficient computing power on a phone.

Multiple users

Mr Jaded

Will the introduction of fingerprint scanners make it more difficult for members of the same family to share an iPhone?

Although published information about the fingerprint scanner on the iPhone indicates that it can store the prints of several fingers, it is not clear to us if it is possible to register more than one user on the system.

Fingerprints, like any other biometric data, cannot be replaced if stolen.

It is also not clear how much of the fingerprint – raw image data or templates or encrypted versions of these – will leave the device and be stored on a cluster or central server. Loss of such data can have serious consequences to security of financial assets and to privacy.

The use of multi-factor authentication and logging of transactions helps lower the risk to security. The risk to privacy is probably a small price to pay for having information right at your fingertips and completing transactions faster than a few keystrokes!

Sign in to Favourite

Join the conversation

16 Comments sorted by

  1. George Michaelson

    Person

    Thumbs down. Its imbuing a false sense of security. 2 factor auth could make it semi-viable but as a basic un-locker, its the weak padlock on the strong key to the strong padlock.

    OTOH its cool technology. Arguably the same issues apply to the Moto-X always-on face camera.

    I am unsure I could personally do the RFID embedded dogchip thing, but it has some compelling features. Maybe RFID rings and wristbands get to a good place faster.

    report
    1. Robert Tony Brklje
      Robert Tony Brklje is a Friend of The Conversation.

      retired

      In reply to George Michaelson

      Honestly if you want to be safer the best bet is a two password system. One password is the correct one and the other password is an alert. The alert allows the transaction but notifies the police of the password being entered under duress.
      As for a thumbs up or down, that is just plain silly, wait three months and see if it is a thumbs up or down. So for a new product, no choice, not really a good idea as it is not worth buying until you can see how well it actually works versus Apple's way over the top advertising as news, saturation propaganda.
      A nothing new phone and the propaganda levels are so far over the top it is just making the product look stupid.

      report
  2. Chris Booker

    Research scientist

    You know given that this release comes just days after the news that the NSA, GCHQ, etc. have been deliberately targeting mobile phones, having a phone which will keep a copy of your fingerprint really seems like a dangerous idea.

    report
  3. John H

    Writer

    It is not clear to me if the digital print is encrypted stopping, or making it more difficult, for certain authorities to get access to private date. Are we being sold a pup and a dangerous one at that?

    report
    1. Andy Saunders

      Consultant

      In reply to John H

      Most fingerprints are stored as templates, after a one-way (non-reversible) transform. A lot of data is discarded, it's impossible to reverse a template to make the original print.

      What happens with the template after that, though..... who knows.

      report
    2. Bill Budd

      Lecturer, Researcher

      In reply to Andy Saunders

      Exactly Andy, what makes a fingerprint a unique identifier is that it is unique to you. Only you have it, so only you can use it.

      Once you turn it into a digital form then it is no longer unique to you. It has been replicated and stored and so can potentially be used by anyone. It doesn't really matter that it cannot be reversed or unencrypted (although I very much doubt this!).

      Personally, I would be a little more convinced about this new security 'feature' if Apple could provide me with…

      Read more
  4. robert roeder
    robert roeder is a Friend of The Conversation.

    retired

    The latest revelations tell us that the NSA has cracked the encryption on all mobile phones, blackberries fell at last. Apple has assured customers that they will not record data. iphones have a built in backdoor the spooks have access. The potential for abuse of biometric data..well.. who remembers the practice of police verbals, isn't technology so wonderfully convenient.

    report
  5. Christopher Nheu

    logged in via Facebook

    Given that there is security risks involved, what are the convenient alternatives to biometrics? Having multiple, slightly altered passwords and pin numbers just aren't cutting it anymore.

    report
    1. Mike Brisco

      Scientist at Flinders University of South Australia

      In reply to Christopher Nheu

      Writing letters with a pen on paper. Enclosing a cheque. Putting them in an envelope with a wax seal

      Y'know, the stuff that was good enough for 150 years?!?

      report
  6. CH Soames

    Cytogeneticist

    "...risk to privacy is probably a small price to pay..."

    The small, unassuming inchstones lining the highway to hell; another one down.

    report
    1. Mike Brisco

      Scientist at Flinders University of South Australia

      In reply to CH Soames

      Agreed.

      Ultimately, the authoritative version of what Mike Brisco is and does, will be the one held on NSA's computer, or GCHQ's computer.

      What I actually did, and what I remember and what type of person I am - irrelevant.

      report
  7. James Hulse

    health professional

    Now we've got the NSW Govt praising Pinochet. Just sayin'...

    report
  8. anonymous naughtiness

    hacktivist

    And how much more cheap labor in china will apple need to exploit to make this possible? And how do we know that they wont store our fingerprints?

    report
  9. Andrew Partridge

    self-employed

    The fingerprint data never leaves the sensor, and in all likelihood is encrypted within the sensor using a key unique to that sensor. So it's a safe and convenient way to verify your identity to your phone. Much better than a passcode because nobody can spy on you entering it. And nobody really wants to enter a passcode every time they pick up their phone, so the fingerprint method has to be better because it will be used.

    report
    1. Mike Brisco

      Scientist at Flinders University of South Australia

      In reply to Andrew Partridge

      ---so it should take just a few minutes for the American government to crack it.

      And once they've done that -- let's see who else gets hold of the know-how.

      report
  10. Mike Brisco

    Scientist at Flinders University of South Australia

    I'm going to get a writing pad, a book of stamps, - then buy a gold-plated fountain pen to write cheques again.

    The US government and its five-eyes partners, just made e-commerce unsafe. Pity. I was just getting used to ordering bike parts from N Ireland.

    report