iPhone 5S fingerprint scanning: Thumbs up or down?

Sep 13, 2013 by Wageeh Boles & Vinod Chandran
Say hello to your new iPhone passcode – so how do fingerprint scanners work? Credit: dhammza

Technology to acquire and use biometric data such as fingerprints has been around for several decades and has made its way from forensic investigation to laptop computers – and now, with this week's introduction of iPhone 5S, to smartphones.

Will it be useful and is it here to stay?

Biometric basics

Biometric systems capture biometric patterns (a person's identifying characteristics or traits) using a sensor, such as a camera or scanner.

There are two main phases of the process:

1. Enrollment phase: features are extracted from a sample (such as a fingerprint) to create a template for the user.

2. Verification phase: when a sample is later presented to the system, features of that sample are matched against the template. If the match is strong enough, the claim of identity is accepted – otherwise, it is rejected.

Implementations of such systems face many challenges because of variations and imperfection in the presentation of the pattern between enrolment and verification.

For example, with fingerprint scanners, a different part of the may be imaged and it may be rotated.

Besides, some people lose their fingerprint patterns because of burns, and working hands may sometimes be dirty. On top of these, the accuracy of a biometric such as a fingerprint is not anywhere near that of DNA analysis.

Sensor technology and algorithms have, however, improved tremendously over the past couple of decades. Costs have come down and on phones has increased. Time may now be ripe for biometrics on personal devices.

iPhone 5S fingerprint scanning: Thumbs up or down?
Credit: CPOA

Picking up patterns

Apple iPhone 5S utilises new fingerprint – using radiowaves to map the patterns in the inner (the layer of the skin just below the outer layer, or epidermis, shown in the image below).

The scanned image of the fingerprint will be unaffected by damage to the outer skin layer.

Although patterns on the outer layer involve ridges, valleys and minutiae that can be easily copied from prints left on objects such as door handles or coffee cups and used to create artificial fingerprints, such attacks on security will be more difficult with new technology.

However, the false accept and false reject rates of the new fingerprint image, and the algorithm that Apple uses to verify identity with it, are not known. They can be expected to be equal or better than the use of a four-digit code (or one in 10,000).

Why use fingerprint scans?

A very good reason for fingerprint technology to find its way on the phone now is the need for increased security since smartphones are used to make online purchases. Many consumers prefer to turn off phone lock codes.

Fingertip based verification is done without any extra effort on the part of the consumer and is user-friendly. Transactions such as purchases from iTunes are completed using an identity code (such as the AppleID) and a corresponding password.

Entering the password usually takes a few seconds and the fingerprint verification could make it unnecessary to enter a password as frequently as it is required now without compromising on security.

Credit: Wikimedia Commons

Further, passwords entered in public places using the keypad, or as a traced pattern on the screen of a phone, are susceptible to be lost by "looking over the shoulder" and fingerprints are not revealed in the same manner.

Another reason for the use fingerprints on phones so much later than their use on laptops may be attributed to the availability of sufficient computing power on a phone.

Multiple users

Will the introduction of make it more difficult for members of the same family to share an iPhone?

Although published information about the fingerprint scanner on the iPhone indicates that it can store the prints of several fingers, it is not clear to us if it is possible to register more than one user on the system.

Fingerprints, like any other , cannot be replaced if stolen.

It is also not clear how much of the fingerprint – raw image data or templates or encrypted versions of these – will leave the device and be stored on a cluster or central server. Loss of such data can have serious consequences to security of financial assets and to privacy.

The use of multi-factor authentication and logging of transactions helps lower the risk to security. The risk to privacy is probably a small price to pay for having information right at your fingertips and completing transactions faster than a few keystrokes!

Explore further: Technology and data analytics should transform municipal government, professors say

Related Stories

IDair has a fingerprint scanner from standoff distance

Jun 24, 2012

Researchers are exploring better designs in biometrics to meet business and government demands for reliable identification and verification tools. Out of the many biometric technologies that continue to be ...

Shifty, but secure eyes

Aug 29, 2012

A biometric security system based on how a user moves their eyes is being developed by technologists in Finland. Writing in the International Journal of Biometrics, the team explains how a person's saccades, their tiny, ...

Recommended for you

HP supercomputer at NREL garners top honor

1 hour ago

A supercomputer created by Hewlett-Packard (HP) and the Energy Department's National Renewable Energy Laboratory (NREL) that uses warm water to cool its servers, and then re-uses that water to heat its building, has been ...

Turner channels removed from Dish amid pact spat

2 hours ago

Channels such as Cartoon Network and CNN are no longer part of Dish's programming lineup as a deadline has passed for the satellite TV provider and Turner Broadcasting to renew their distribution agreement.

Google's streaming music service adds mood to mix

2 hours ago

Google's music-subscription service will try to anticipate its listeners' mood swings as it amplifies its competition with Pandora, Spotify and other popular services that play tunes over the Internet.

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

alq131
3 / 5 (2) Sep 13, 2013
So now we turn over biometric data to the government. It's interesting the most recent revelation that the NSA provides raw data to Israel (purportedly from Snowden's files). So while the US government cant directly take data for tracking US citizens, there's no reason that Israel couldn't scrub this data (about US citizens) and then bounce back persons of interest (US citizens) So now we give our and foreign agencies our fingerprints, location history, web history, passwords, etc....

Big brother is here, but we opened the door and invited him in for coffee and a chat.
CiDhed
not rated yet Sep 13, 2013
"and now, with this week's introduction of iPhone 5S, to smartphones. "

It's been on several smartphones before, research before submitting.
daggoth
3 / 5 (2) Sep 13, 2013
They point out any positive, no matter how remote, but completely leave out the obvious negatives...pathetic.
packrat
1.8 / 5 (5) Sep 13, 2013
The phone has a nice smooth surface - someone steals the phone using a pair of gloves - scans user fingerprint off surface - use 3d printer and soft rubber compound to print fingerprint - runs print over the phone scanner. Should take a thief less than 30 minutes max to unlock one.

That might work or it might not but I can guarantee you there will be people trying it or some version of it as soon as they get one of the phones. If someone does get it to work a 'how-to' will be all over the net within 24 hours.......
dtxx
1.8 / 5 (5) Sep 13, 2013
I don't like biometrics at all. The device must store a copy of your print, in whatever hashed form, to compare against. If that data is stolen or compromised, you are screwed. If my password or encryption key gets stolen, I can get a new one. Short of plastic surgery designed to alter fingerprints (yes it exists) or more gruesome methods like disfigurement by branding, how would you ever change your fingerprint or be able to use it for security again after it was stolen?
Moebius
1.5 / 5 (4) Sep 15, 2013
Another issue that was reported with the fingerprint sensor was it's durability. The technology from the company that Apple bought was known to not be durable. I just read an article that says they have sapphire covering the camera lens and the fingerprint sensor so I am guessing Apple solved the durability issue.

Moebius
1.8 / 5 (4) Sep 15, 2013
to dtxx, I don't think it's storing your fingerprint. It has an algorithm that looks for markers in certain places and converts that to some kind of data. Also that would mean even a slight change to the algorithm would render all previous fingerprint data useless.
packrat
1 / 5 (3) Sep 23, 2013
I was right. Not the same method but pretty much the same result in creating a fake fingerprint.

http://www.edn.co...-hacked-

short edn article on how it was done.......