Synaptics to Add Inexpensive Fingerprint Reader to Any PCby Anton Shilov on June 2, 2016 10:00 AM EST
- Posted in
- Trade Shows
The importance of biometric authentication is growing these days because passwords, which are easy to remember, are usually not strong enough, whereas complex passwords are hard to remember and enter. While many new mobile devices feature fingerprint reader and some even have an iris scanner, there is a fleet of legacy PCs that do not support any biometric sensors. Synaptics has developed an inexpensive USB dongle, which can add a fingerprint scanner to any PC. The company will offer the device to its customers later this year.
The Synaptics fingerprint USB dongle is based on the company’s Natural ID technology that relies on capacitive touch sensing and SentryPoint security features. The device is small enough to remain unremarkably installed in a USB port, hence, users will not have to carry it separately. Synaptics calls its dongle “Turnkey USB Fingerprint Solution”, but does not disclose the model of its sensor used by the device, or the encryption type supported by the product because there will be several types of dongles with different feature-set.
Synaptics’ latest fingerprint solutions support AES 256-bit encryption, but keep in mind that the scanners and supporting software never store the full image of a fingerprint and support a number of security layers. The hardware and software work together to take an abstract of a fingerprint in a propriety format (using a proprietary alghorithm) and then encrypt this data. Even if the abstract is decrypted, it would be impossible to reconstruct a fingerpritnt. The only security-related information that Synaptics discloses about the dongle is that it is certified by FIDO (Fast IDentity Online) and is compatible with Windows Hello and Microsoft Passport (i.e., Microsoft Windows 10 operating system only).
The USB fingerprint scanner is a finished, ready-to-use device, which Synaptics will offer to partners, who will then be able to either bundle them with their computers or simply resell them to interested parties under their brands. Pricing of the device will depend on exact configurations of the hardware, but should be "well below $50", according to Synaptics.
Synaptics is demonstrating its USB fingerprint scanner at Computex this week, plans to sample the product in Q3 and start to sell them in Q4.
Post Your CommentPlease log in or sign up to comment.
View All Comments
Carmen00 - Thursday, June 2, 2016 - linkExactly. There are plenty of academic studies that demonstrate just how insecure certain kinds of biometric identification can be. And they also demonstrate how trivial it is to bypass it. Unless you wear gloves 24/7, you have to ask yourself just how comfortable you are with leaving your "password" on a lot of surfaces throughout the day.
This isn't knocking all biometric identification. For example, the blood-vessel pattern on the back of my eyeball is fairly secure. But then again, I don't tend to leave that lying around everywhere.
PubFiction - Tuesday, June 7, 2016 - linkWhats up with all the all or nothing people?
It is entirely possibly that millions of people would love a finger print reader to login to comments sections like this one, forums, Amazon etc.... If your finger print is ever compromised you can just stop using it and go back to passwords. You can also happily choose to leave your bank or other very important information as a strong secure password. And even if your finger print is compromised you have 10 to choose from. I personally love finger print readers they save me a lot of time.
Solidstate89 - Thursday, June 2, 2016 - linkThis is of course assuming it's using the same kind of cheap biometric scanner that the other models have used in the past, which I've seen no evidence of one way or the other.
tuxRoller - Friday, June 3, 2016 - linkIt's easy to trick the apple fingerprint sensor as well.
I'd be curious how hard it works be to trick the ultrasonic imaging that Qualcomm uses, though. That's, vaguely, similar to the sensors used at some secure facilities that map some of the venous structures, additionally.
romesh - Monday, June 13, 2016 - linkbring this on my wireless mouse..i'm sold
Coup27 - Thursday, June 2, 2016 - linkI'm pretty worried by the march of fingerprints to replace passwords. I certainly don't know enough about how it work and I am eager to correct this, but surely if a website which stored your fingerprint was hacked there's FA you can do about it all. At least a password can be changed and with password managers all the hassle of passwords is now taken away.
sorten - Thursday, June 2, 2016 - linkYour fingerprint is never sent to a website.
DanaGoyette - Thursday, June 2, 2016 - linkBack when they announced the ForcePad, they claimed they'd be releasing a standalone touchpad, but as far as I can tell, they never actually did. I wonder if this standalone fingerprint reader will likewise fail to ever actually become available?
(Speaking of the ForcePad, I tried one on the HP Elite 1011, and it sucked: the feeback is only in the OS audio, not via haptics; and in Linux, the touchpad wasn't detected as a touchpad.)
sorten - Thursday, June 2, 2016 - linkPeople are having a lot of trouble understanding how password-less auth works. You can read about it here: https://fidoalliance.org/specifications/overview/.
1) log in
2) using a FIDO authenticator, create a public/private key pair on the device.
3) send the public key to the website
4) private key is saved on the device
1) site notices you're a returning user from a registered device
2) site sends a challenge
3) using the local device's authenticator, your device signs and returns the challenge
4) site uses the public key to validate the signed challenge.
So, your fingerprint is never stored. The public key on the site cannot be used to identify you. It can only be used to read signed challenges from your specific device. You have to register each device separately after logging in.
Please stop the fear mongering.
Carmen00 - Friday, June 3, 2016 - linkI note that this still relies on setting up a password first (because we assume that we have a logged-in, authenticated user). I approve!
The tricky words are "using the local device's authenticator". How exactly does the authenticator check that your fingerprint is the correct fingerprint? It must store a hash of the fingerprint to do so - there is no other way. Anyone who obtains the device, and who is able to extract the fingerprint hash, can now "uniquely" identify your fingerprint, if they should run across it at a later date. (If they're smart, what they probably want to do is extract the private key as well, if they can ... assuming that no key rotation takes place, anyway)
One nice thing is that this may (depending on the device) require some serious technical chops. Then again, challenges that require such skills tend to become automated over time - and that's why we have tiny, cheaply-available card-skimmers available for any thief to use today. Who can obtain the device? Co-workers, perhaps. Border security agencies, certainly. Maybe a nanny or au-pair.
By contrast, how do you get my password? You have to beat it out of me - I'm not going to just tell you what it is, and I don't leave it lying anywhere. Good authentication is multi-factor authentication (what you know [password], what you have [paired device], and what you are [biometric]). Moving to only ONE of these factors is less secure. What the industry should be pushing is NOT passwordless auth, it is n-factor auth.