How Biometric Fingerprint Authentication Works 

Humans used fingerprints as a method of identification since before 200BC. But for a long time matching the print to the owner was a tedious manual job. In recent years we have seen the boom of easily available fingerprint sensors. 

Most smartphones come with one. Their inclusion allows rapid login and perfect user authentication. But how do fingerprint scanners work? 

While it feels like magic, the process is a sophisticated pipeline of physics, geometry, and cryptography. 

Basic Concepts 

Before we start there are two main things that need to be clear: how a fingerpint is done when looking closely at it and which types of scanners exist and how they work. 

The Basics: Anatomy of a Fingertip 

If you look at your fingertips now, you will notice a series of mostly concentric, intricated lines. These lines are what compose your fingerprint.  

But they are not just lines. Even if at touch feels smooth, they are actually a series of ridges and valleys. This specific composition is what makes fingerprint scanners possible.  

The Basics: Types of Scanners 

There are three main types of scanners currently in use. They are all based around a similar idea but reach the objective through different means. 

1. Optical Scanners: These are essentially specialized digital cameras. When you place your finger on a glass plate, an LED light illuminates the ridges. A light-sensitive microchip captures the reflection. The ridges appear dark, while the valleys (gaps between ridges) reflect more light and appear bright. 

1. Capacitive Scanners: The most common type in modern smartphones. These use tiny electrical circuits. Because your skin is conductive, the ridges of your finger change the electrical capacitance when they touch the sensor, while the air in the valleys does not. The sensor measures these minute voltage changes to map the print. 

1. Ultrasonic Scanners: These emit high-frequency sound waves that bounce off your finger. Since sound travels differently through skin than through air, the sensor creates a 3D map of the ridges, valleys, and even pores. These are highly secure because they can "see" through dirt or sweat and are much harder to spoof with a 2D image. 

From Image to Match 

Now that the basics are out of the way we can dive into how scanners and software's allow secure authentication step by step. 

Step One: Capturing the Image 

The first step is always to obtain a clear image of the fingerprint. Different sensors use different technical means to achieve it and Each implementation has its pros and cons. But in general, modern sensors are highly accurate and deemed reliable by the highest standards.  

Once a finger is pressed on a sensor, the image created aims at accurately mapping ridges and valleys. That’s because the further steps do not rely on matching actual images. Instead, there is a clever use of math and digital mapping to create the conditions for fast and reliable matching. 

Step Two: Digital Processing and Feature Extraction 

The raw image of a fingerprint is used as the starting point for the software. From it there is a process of features extraction. The system looks for specific landmarks called minutiae. 

• Ridge Endings: Where a single ridge simply stops. 

• Bifurcations: Where a single ridge splits into two. 

• Short Ridges (or Dots): Small islands of ridges. 

And uses them to create a mathematical map of your finger. It saves their coordinates and orientation, while ignoring the smoother parts of the fingerprint.  

Since is incredibly unlikely that the user would always press the finger in the exact same position at the exact same angle the registering phase may include multiple images that gets combined to create a more comprehensive map.  

Step Three: Hash Functions and Template Creation 

Once the map is completed, it gets passed through a cryptographic hash function. In this process the map gets “summarized” to a fixed size value. 

The hashing process is nonreversible, meaning that it is not possible from the hash to reconstruct the fingerprint image. This way the hash could be shared between devices or even captured by a malicious actor, but there would be no way for them to recreate the image that generates it.  

Once the hash is created, it is stored and used as the reference against which match live fingerprints captures. 

Step Four: The Matching Algorithm 

When you scan your finger to unlock your device, the system repeats the capture, extraction, and hashing steps.   

Since the same input leads to the same hash, they are a perfect tool to be used in authenticating a user. The software then compares this new hash against the one stored during your initial setup (enrolment). 

Because your finger is never placed in the exact same spot twice, the algorithm doesn't look for a 100% identical match. Instead, it calculates a similarity score. If the number of matching minutiae points exceeds a specific threshold, access is granted. 

While this process sounds extremely complicated, modern sensors can complete it in under a second. Providing a smooth user experience. 

Common Questions 

Here you can find an answer to the most common questions and doubts about fingerprint scanners. 

Where Can You Find Fingerprint Scanners? 

Fingerprint scanners are widely adopted by consumers and industries for a variety of reasons. Mainly they offer a direct and reliable way to verify who is accessing a machine without requiring the user to memorize anything or carry specific tools. 

Are Fingerprint Scanners Trustworthy?  

Yes, fingerprint scanners are extremely trustworthy. Don’t get fooled by the fact that they look for a similarity score and not a perfect match. Modern fingerprint scanners have a False Acceptance Rate, the number of times they erroneously match fingerprints, of less than 1 in 50,000.  

Are Fingerprint Scanners Secure Against Quantum Computing Threats? 

While the Quantum Computing advent is going to create a seismic change for many security systems and will require algorithms to be updated, this is not the case for cryptographic hashing functions.  

Things may change in the future, but in the current state of things it is apparent that the impact of quantum computing on hash functions can be mitigated by simply having larger hashes.