Today, Qualcomm announced its new FIDO-compliant ultrasonic fingerprint scanning technology that can record a much more accurate 3D image of the fingerprint's outer skin layer, compared to fingerprint scanning technologies based on capacitive sensors (such as Apple's Touch ID).
"Mobile devices increasingly store our most valuable and sensitive information, while passwords alone do not provide the protection consumers deserve," said Raj Talluri, senior vice president, product management, QTI. "Snapdragon Sense ID 3D Fingerprint Technology's unique use of ultrasonic technology revolutionizes biometrics from 2D to 3D, allowing for greater accuracy, privacy and stronger authentication. We are very proud to bring the mobile industry's first ultrasonic-based biometric authentication technology to mobile device manufacturers and their customers, who will benefit from the improved and differentiated user experience."
Until Apple's Touch ID arrived, nobody cared enough to use fingerprint scanning for authentication in the consumer space, and the previous low-accuracy technologies proved unpopular.
Even though there have been fingerprint scanning technologies in other devices such as notebooks or even smartphones, Apple did it right not just by using a more advanced and accurate technology that isn't a hassle for consumers to use, but the company also put it exactly in the place where most iPhone users would put their fingers anyway -- the home button.
The high accuracy played a role, but what gave Touch ID a large adoption on the iPhones that supported it was the fact that the users didn't have to do anything differently than normal, other than setting it up initially.
Although there have been some scares about fingerprint data being easily copied even from online photos, right now that's not a huge concern, because the fingerprint data is tied to the phones themselves. Someone who would want to authenticate with your cloned fingerprint data would also need your phone.
If or when Apple will start letting iOS devices owners authenticate to online services with their fingerprint, that's when we can start getting worried about the fingerprint data being stolen, cloned and spoofed. Consumers would wish that the fingerprint scanning technology is much more advanced in order to make it almost impossible for thieves to replicate that fingerprint data. Fortunately, such a solution is already here, thanks to Qualcomm's just announced Sense ID technology.
Apple's Touch ID uses a capacitive sensor technology that measures the different capacitance values in the ridges and valleys of the user's fingerprint when a charge is applied to the Touch ID circuit. The sensor creates an image of all of those values, applies a cryptographic hashing algorithm to the data, and then stores that hash in the Secure Enclave, a secure hardware zone on the phone's chip.
Apple's Touch ID works quite well in general, although not always. When fingers are wet, sweaty or oily, the accuracy can drop significantly.
Qualcomm's Sense ID technology brings the following advantages over Apple's Touch ID:
It's compliant with the FIDO Alliance's UAF (Universal Authentication Framework). The FIDO standard brings much of the tech industry together behind a single authentication standard meant to replace passwords.
This may not be a major issue initially for Apple users, because they're only using Touch ID to authenticate to the phone and to Apple Pay, but when this sort of authentication is also used for online services, the online world will be forced to use two different standards instead of just one: FIDO and Apple's own standard. This will create fragmentation, and some developers may end up supporting only one of the two standards, to the detriment of the users of the unsupported standard.
Sense ID can work through glass, plastic or metal. This means OEMs can simply put it behind the phone's screen, instead of creating a special button for it. Because many Android OEMs have already removed their buttons from the front of the phone, they had to put the fingerprint scanner on the back of the device.
That's not an ideal place, and it can end up frustrating the phone's owner. If it can be put instead behind the screen's virtual "unlock button," this should work more smoothly. This sort of thing can be done only because Qualcomm uses ultrasonic technology that can penetrate most materials.
Perfectly clean fingers not necessary. For the same reason Sense ID works through glass and metal, the technology can also capture the fingerprint's image through sweat or hand lotion with no issues.
Cloning-proof fingerprint template. Because the ultrasonic technology can penetrate the finger's skin layers at a deeper level, cloning or spoofing the fingerprint should be much harder to achieve from a simple online picture.
There are a few similarities between Qualcomm's Sense ID technology and Apple's Touch ID. For one, they both seem based on a custom version of ARM's TrustZone technology, which represents a "secure world" separated from the "insecure" operating system, where things such as the fingerprint template, passcodes or DRM keys are kept securely. Qualcomm calls this zone the "SecureMSM," while Apple calls it the "Secure Enclave." Both technologies send the fingerprint data through a dedicated connection to the secure storage zone.
Qualcomm said that the fingerprint data also stays on the device (so it's not stored in a cloud somewhere), but it's not clear whether it's the actual fingerprint data that is stored, or a hash of it, like Apple's Touch ID.
Qualcomm's Sense ID technology will be available in devices in the second half of this year and will arrive with chips such as the Snapdragon 810 and Snapdragon 425. With the biggest mobile chip company making such technology, it shouldn't take long before many other smartphones come with fingerprint scanning technology that's at least as good as Apple's Touch ID, helping more people secure their devices in a easy way.