Synaptics' Next-Gen Fingerprint Sensor Security: The FS7600 Match-In-Sensor
Synaptics last month introduced its second-generation match-in-sensor (MIS) solution designed for a wide range of fingerprint sensors including those in PCs and other devices. The new FS7600 MIS relies on a brand-new silicon, which the company claims is designed for maximum performance and security.
The Fingerprint Reader: Sensor Plus Security
Before we proceed to the Synaptics FS7600 sensor, let’s recap the basics about fingerprint readers in general. Contemporary fingerprint hardware/software never keeps the image of a real fingerprint, but stores an abstract/hash of its distinctive features in a proprietary format. Once a new fingerprint sample is captured, the hardware/software compares the hashed data, not the images. This approach helps to improve both user experience and security.
Synaptics offers two types of fingerprint readers: match-on-host (MOH) and match-in-sensor (MIS). An MOH solution performs matching during a process that runs on the host system. A MIS system is completely stand-alone and contains a processor, storage, and cryptographic capabilities, running everything locally and performs matching in an environment physically isolated from the host. It then sends an identification result that is encrypted and signed using a sensor-specific key (this key is important, more on that later) to the host.
The Synaptics FS7600
The Synaptics FS7600 (codenamed Prometheus) is the company’s 2nd generation MIS. Besides the scanner itself, the chip features a 192 MHz processor, a hardware accelerated matcher (which uses what Synaptics calls "Quantum Matcher" algorithms), a hardware accelerated image processing unit, a hardware accelerated encryption engine that supports TLS 1.2 and AES-256, its own internal flash memory for fingerprint database, as well as physical I/O interfaces (USB, SPI, GPIO are supported).
Notably, the FS7600 supports up to a 0.2 mm sensing distance, meaning it can be put under glass, under mylar, or just coated with a protective layer. The FS7600 can also come in different shapes for various kinds of applications and different locations of the scanner on a PC. This includes a 10×10-mm square, a 10-mm circle, or a 4×12-mm rectangle .
Synaptics FS7600: Availability
Synaptics' FS7600 is available to PC makers right now, and is expected to be implemented in future devices. Large OEMs tend to update their PC platforms once a year, so with high-end Coffee Lake systems having just hit the market in the past quarter, the next big window of opportunity for Synaptics to get their sensor adopted by PC vendors will be spread out over the next few quarters.
For their part, Synaptics says that they are going for a wide market approach, targeting both business and consumers. Business users being the more obvious case, particularly because of Windows Hello for Business. As for consumer users, the use cases are a bit more limited at present, as the current Windows Hello fingerprint tech isn't slated to arrive in consumer OSs. Instead a fingerprint sensor would be a forward-looking addition, as Microsoft is working on their FIDO 2.0-based next-gen OS security tech, which unlike Hello will be coming to consumers.
As for non-PC applications, those have much longer product design and retail lifecycles. The FS7600 was designed for both PC and non-PC applications in mind, so while the sensor can be used in other types of devices, it would be quite some time before any such devices would hit the market. Otherwise, for early adopters, an external dongle incorporating the FS7600 is set to be available this month.
PQI MyLockey 2: 32 or 64 GB, FS7600, Available This Month
PQI has been producing Synaptics-based fingerprint readers for various customers for a while now. The company was first to launch a retail product featuring a Synaptics sensor nearly two years ago and is about to start selling its new one.
PQI’s 1st Gen MyLockey released in 2016 relies on Synaptics’ FS4300 MOH solution that supports all the company’s advanced security technologies. Being powered by a host CPU, the MyLockey 1 is of course fast, but it does not support Windows Hello for Business and will not support Microsoft’s next-gen OS-based security.
Its successor is the aptly named My Lockey 2, which is based on the FS7600 MIS solution and comes with embedded 32 GB or 64 GB of memory to store various files.
Since the 2nd Gen PQI My Lockey is also a flash drive, it looks like a flash drive and is not as small as the previous-gen product. Now, if the 1st Gen My Lockey could be installed once and never removed, the 2nd Gen My Lockey will be travelling because it is a drive. In the meantime, if the 1st Gen My Lockey was made of plastic with a metallic frame, the 2nd Gen My Lockey is made entirely of plastic and the construction does not seem to be too rugged.
Keeping in mind how important things on a PC can be, it might be best to use the 2nd Gen My Lockey only locally, which is good enough for desktops.