How Do Fingerprint Scanners Work?

Fingerprint Scanners Feature 2

Since fingerprint scanners first appeared on smartphones in 2011 they’ve become pretty much a standard feature. They’re fast, convenient, and relatively secure, since fingerprints are unique enough that the odds of anyone having a similar enough print to unlock your phone are very low, unless someone cares enough to design a convincing duplicate of your fingerprint.

There’s not just one type, though: some scanners rely on light, others on electricity, and still others on sound to map the ridges and valleys of your fingers. Capacitive (electronic sensors) are popular in smartphones because they’re accurate, small, and fast, but optical and ultrasonic technologies have the advantage of enabling in-display scanning. But what’s actually going on in those milliseconds right after you put your finger on a scanner?

Fingerprint Scanners Fingerprint

Optical fingerprint scanners

Fingerprint Scanners Optical

The most basic type of fingerprint scanner works along the same lines as a digital camera. To oversimplify the process a bit, it just takes a picture of your finger and sends that picture off for processing. The following is the general idea:

  1. The scanner shines a bright light onto your finger using LEDs and takes a picture.
  2. If the average pixel value of the photo is too dark or light, it adjusts the exposure and tries again.
  3. It also checks for good resolution by seeing if dark and light areas are alternating in a way that’s consistent with clearly-defined ridges and valleys.
  4. If the picture is clear, the image can be processed!

This type of scanner is most common in places like police stations, airports, and secured entrances, but isn’t often used in smartphones, which favor smaller, more secure capacitive sensors.

The exception is smartphones that have in-display fingerprint scanners, some of which use optical or ultrasonic sensors under the screen to get an image. Even here, though, optical sensors tend to lose out to ultrasonic scanners, which are slower but have the advantage of not being vulnerable to 2D images of fingerprints.

Capacitive fingerprint scanners

Fingerprint Scanners Capacitive Diagram

When you put your finger on a capacitive scanner, it’s using tiny amounts of electricity to measure the distance between different parts of your finger and the scanner. Inside the scanner are rows of tiny capacitors, each of which can carry an electrical charge. If one of the capacitors is below one of your fingertip’s ridges, it can hold more charge since it’s coming into contact with your skin. If it’s below a valley, the capacitor will remain in contact with air, which doesn’t allow it to store much extra charge.

Fingerprint Scanners Capacitive Example

You can somewhat think of these capacitors as pixels in a camera. If one is holding more of a charge, that can be interpreted as a ridge area, while the others are read as valleys. Taken as a whole, this gets you an image of a fingerprint that’s just as accurate as one from an optical sensor and even more secure, since tricking it would require a 3D model of the fingerprint rather than just a 2D one. This, combined with its smaller size, makes it a popular choice among smartphone manufacturers.

Ultrasonic fingerprint scanners

Fingerprint Scanners Qualcomm Ultrasonic

If you can read fingerprints with light and electricity, why not sound? Ultrasonic scanners fire out a high-frequency pulse of sound that then bounces off the user’s fingertip back to the receiver, a sensor that can measure mechanical stress. That sensor is looking at the intensity of the returning pulse at different points on the finger and can use that data to calculate where the ridges and valleys are. It’s a little bit like the way a bat navigates by making high-pitched noises and listening to the echoes – the returning sound carries some important data about distance and size.

Because sound waves can measure the depth of the valleys in a fingerprint, the resulting map is 3D, which makes ultrasonic scanners even more precise and secure (if a bit slower) than capacitive models. They can also work as under-display fingerprint scanners, as the sound waves can easily travel through glass, making them a more secure alternative to optical versions.

Analyzing, storing, and using the fingerprint

Fingerprint Scanners Analysis Encoding.png

After the image is captured, whether through light, electricity, or sound, the software needs to check if the fingerprint matches with an authorized user. Figuring out fingerprint matches, whether you’re a human or a computer, is largely done by looking for things called “minutiae” – points of the fingerprint where something relatively interesting happens, like a place where ridgelines terminate or split.

Each of these features is assigned a position relative to the other detected minutiae, and using the distance and angle between each item, the scanner software can make sort of a map that can be represented as a number. That number is essentially the encoded fingerprint.

Any data that your phone stores about your fingerprint, even if it’s just the maps of minutiae, is generally locked away in a secure environment, isolated from other apps that might try to get access to that information. Any apps or websites you use your fingerprint to access won’t ever actually receive your fingerprint data. They’ll only get a confirmation from your device that the fingerprint that was scanned matches one of those in storage.

Are fingerprint scanners secure?

Fingerprint scanners aren’t the most foolproof way to control access to something since they can often be tricked by good models, anything from a 2D picture to a 3D prosthetic. They are improving, and the security protocols for handling fingerprint data are fairly strong (as long as they’re being followed), but if you’re really worried about someone getting physical access to your phone, fingerprints aren’t the strongest lock. As ultrasonic sensors improve, though, they’ll probably get faster and more secure, and having them embedded under the display is a very neat perk.

Image credits: Fingerprint (PSF), Crime scene fingerprint, capacitive fingerprint sensor, Xiaomi Redmi Note 3, fingerprint reader, Qualcomm

6 comments

  1. I recommend the author also discuss the potential errors in scanners including, but not limited to:

    1. A scanner’s inability to consistently locate/recognize the correct scanned fingerprint
    2. What to do when your scanner fails to locate/recognize the print and unlock the phone.
    3. How your scanner might be fooled and what steps one could take to prevent a phone from being incorrectly unlocked (other than two-stage verification)

    We seem to get hyped on some new technology and fail to ‘think it through’. The ignorant end-user can then be the victim who ends up spending time and money raising an issued that should have been contemplated by the manufacturer/supplier.

    Let’s take some time to field test a product before selling it – greed ALWAYS cheats the end-user.

    1. “We seem to get hyped on some new technology and fail to ‘think it through’.”
      If you do “think it through” and point out the negative aspects, you are accused of being a Luddite, being out of touch, being stuck in the last millennium, etc etc etc. Besides, if you waste time “thinking it through”, the market is already saturated by similar products and, even though your product may be superior, you can’t make a dent in the market.

      “The ignorant end-user”
      Are the early-adopters ignorant or do they egotistically just want the bragging rights?

      “greed ALWAYS cheats the end-user”
      As Gordon Gecko famously said “GREED is good.”
      Whatever gave you the idea that products are marketed for the benefit of the user/client/consumer? Products are marketed so that COMPANIES can make money. If the product happens to be useful, that is by accident rather than by design.

    2. I checked around and we don’t have an article specifically on fingerprint scanner security yet! The topics you mention would be well-suited to that, since there are all kinds of ways to fool the scanner. Fingerprint scanners really aren’t a case of hyping or dishonesty, though–they honestly provide pretty decent security, and the technology is always being improved.

      For point number 2, I think if your phone doesn’t recognize the fingerprint it’s most likely a hardware problem or an issue with a dirty sensor/wet finger.

      1. “they honestly provide pretty decent security”
        When it comes to security, “pretty good” ain’t good enough. I suppose Equifax, CapitalONE, Target had pretty decent security. :-)

  2. Good article, Andrew. Regarding whether fingerprint scanners are secure, there’s more than the technical considerations about how the fingerprint data are protected. Functionally, it’s much safer (and convenient) to unlock a phone with a fingerprint when there are others around than to use a swipe pattern, a PIN code, or a password which can be easily observed. While technical aspects of security are fundamental to good security, threat assessment must include relevant use cases to be of real value.

    1. Thanks Art! Great point–that’s one reason that I personally use fingerprint unlock most of the time and only switch it to a PIN/passcode if I feel like I need to.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.