Synaptics' Next-Gen Fingerprint Sensor Security: The FS7600 Match-In-Sensor
by Anton Shilov on August 6, 2018 3:00 PM ESTSynaptics last month introduced its second-generation match-in-sensor (MIS) solution designed for a wide range of fingerprint sensors including those in PCs and other devices. The new FS7600 MIS relies on a brand-new silicon, which the company claims is designed for maximum performance and security.
The Fingerprint Reader: Sensor Plus Security
Before we proceed to the Synaptics FS7600 sensor, let’s recap the basics about fingerprint readers in general. Contemporary fingerprint hardware/software never keeps the image of a real fingerprint, but stores an abstract/hash of its distinctive features in a proprietary format. Once a new fingerprint sample is captured, the hardware/software compares the hashed data, not the images. This approach helps to improve both user experience and security.
Synaptics offers two types of fingerprint readers: match-on-host (MOH) and match-in-sensor (MIS). An MOH solution performs matching during a process that runs on the host system. A MIS system is completely stand-alone and contains a processor, storage, and cryptographic capabilities, running everything locally and performs matching in an environment physically isolated from the host. It then sends an identification result that is encrypted and signed using a sensor-specific key (this key is important, more on that later) to the host.
The Synaptics FS7600
The Synaptics FS7600 (codenamed Prometheus) is the company’s 2nd generation MIS. Besides the scanner itself, the chip features a 192 MHz processor, a hardware accelerated matcher (which uses what Synaptics calls "Quantum Matcher" algorithms), a hardware accelerated image processing unit, a hardware accelerated encryption engine that supports TLS 1.2 and AES-256, its own internal flash memory for fingerprint database, as well as physical I/O interfaces (USB, SPI, GPIO are supported).
Notably, the FS7600 supports up to a 0.2 mm sensing distance, meaning it can be put under glass, under mylar, or just coated with a protective layer. The FS7600 can also come in different shapes for various kinds of applications and different locations of the scanner on a PC. This includes a 10×10-mm square, a 10-mm circle, or a 4×12-mm rectangle .
Synaptics FS7600: Availability
Synaptics' FS7600 is available to PC makers right now, and is expected to be implemented in future devices. Large OEMs tend to update their PC platforms once a year, so with high-end Coffee Lake systems having just hit the market in the past quarter, the next big window of opportunity for Synaptics to get their sensor adopted by PC vendors will be spread out over the next few quarters.
For their part, Synaptics says that they are going for a wide market approach, targeting both business and consumers. Business users being the more obvious case, particularly because of Windows Hello for Business. As for consumer users, the use cases are a bit more limited at present, as the current Windows Hello fingerprint tech isn't slated to arrive in consumer OSs. Instead a fingerprint sensor would be a forward-looking addition, as Microsoft is working on their FIDO 2.0-based next-gen OS security tech, which unlike Hello will be coming to consumers.
As for non-PC applications, those have much longer product design and retail lifecycles. The FS7600 was designed for both PC and non-PC applications in mind, so while the sensor can be used in other types of devices, it would be quite some time before any such devices would hit the market. Otherwise, for early adopters, an external dongle incorporating the FS7600 is set to be available this month.
PQI MyLockey 2: 32 or 64 GB, FS7600, Available This Month
PQI has been producing Synaptics-based fingerprint readers for various customers for a while now. The company was first to launch a retail product featuring a Synaptics sensor nearly two years ago and is about to start selling its new one.
PQI’s 1st Gen MyLockey released in 2016 relies on Synaptics’ FS4300 MOH solution that supports all the company’s advanced security technologies. Being powered by a host CPU, the MyLockey 1 is of course fast, but it does not support Windows Hello for Business and will not support Microsoft’s next-gen OS-based security.
Its successor is the aptly named My Lockey 2, which is based on the FS7600 MIS solution and comes with embedded 32 GB or 64 GB of memory to store various files.
Since the 2nd Gen PQI My Lockey is also a flash drive, it looks like a flash drive and is not as small as the previous-gen product. Now, if the 1st Gen My Lockey could be installed once and never removed, the 2nd Gen My Lockey will be travelling because it is a drive. In the meantime, if the 1st Gen My Lockey was made of plastic with a metallic frame, the 2nd Gen My Lockey is made entirely of plastic and the construction does not seem to be too rugged.
Keeping in mind how important things on a PC can be, it might be best to use the 2nd Gen My Lockey only locally, which is good enough for desktops.
5 Comments
View All Comments
jjj - Tuesday, August 7, 2018 - link
Do they use tricks like triggering the unlocking animation after capture but well before processing is done to make it feel faster?What matters is what the user perceives and it can be made to feel like there is practically 0 wait.
Valantar - Tuesday, August 7, 2018 - link
A shame about the form factor for that new My Lockey (I'd rather see them change the name, frankly). That first-gen one is _perfect_ for sticking in the front I/O of a desktop PC. The 2nd gen one is simply asking you to break it, at least over time. "Hey, here's a USB stick where you're supposed to push on one side of its far end multiple times a day." That thing is going to break, and quickly.Also, I get that combining the fingerprint reader with a flash drive is convenient, but given the massive vulnerabilities in USB, it's also pretty dumb. Tying your main mode of authentication (including Windows admin access) to an easily-compromised USB storage device is ... not smart. Conversely, ditching an expensive finger print reader just because you needed to use the flash drive on a non-secure computer would be incredibly wasteful. And, of course, what's the point of a flash drive if you can only use it on one PC?
edzieba - Tuesday, August 7, 2018 - link
Hence why they use TLS over the link between host and device. All the 'broken' USB security means is you cannot rely on the physical link being super-secret-ultra-secure-automatic-double-safe, which merely relegates it to being treated like Ethernet or any other external bus should be anyway.chstamos - Tuesday, August 7, 2018 - link
They should stick these things into mechanical keyboards, they'd be a perfect fit. So far as I know the only keyboard with a fingerprint reader is some designer piece overpriced Microsoft thingy... with chiclet low profile keys.How about REAL mechanical switch keyboards with fingerprint identification? I'd buy one even if it meant eschewing the xmas rgb-led light show on it...
close - Saturday, August 11, 2018 - link
"a sensor-specific key (this key is important, more on that later)"Later in the article? Later in the year? o_O