Consider the trackpad. The ones in Windows laptops are rarely (if ever) their best feature, but they nevertheless remain ubiquitous. Synaptics is one of the biggest names in trackpads, and today it announced a new one called the "SecurePad" that integrates a fingerprint reader into the trackpad itself rather than as a separate component.
The SecurePad will have a small, 4mm by 10mm sensor on the trackpad's surface that can scan a "fingertip placed at any angle on the sensor." Said sensor will be available in a variety of different Synaptics trackpads, including the TouchPad, ClickPad, and ForcePad, and those trackpads will all be available in a variety of sizes. LED lights will provide feedback and allow the sensor to be used in dark environments.
Fingerprint data traveling between the sensor and the "host processor" is encrypted to prevent the information from being accessed by other apps (Apple uses a similar sort of encryption with TouchID, and it prevents user apps from accessing fingerprint data in transit). We've contacted Synaptics to see if storing and reading fingerprints securely requires a separate chip to be installed in laptops that use the SecurePad and to get more detail on how this encryption works—we'll update this article if we receive a response.
Finally, the SecurePad supports the Unified Authentication Framework (UAF) developed by the FIDO Alliance, a group that hopes to replace passwords with public and private key pairs "unique to the laptop, the user account, and the online service" that you're signing into. As reported by Engadget, FIDO published a final draft specification for UAF just yesterday, so OEMs and online services can both begin to work to support the standard if they'd like. FIDO's extensive list of members suggests that UAF could see pretty wide adoption eventually—ARM, Qualcomm, Microsoft, Google, Bank of America, Discover, MasterCard, Visa, PayPal, Lenovo, and Samsung are just a few of the most recognizable names on the FIDO board, and the list of "sponsor" and "associate" level members is even longer.
Of course, any fingerprint scanner works fine on paper—the problem with most of them is that they're inconsistent and frustrating to use in practice, and Synaptics' history with inconsistent and frustrating trackpads means we'll need to use the SecurePad before we can declare it more than a novelty. We're all for reducing the pain of passwords, but any solution to the problem needs to be easy to use, too.
The SecurePad is available to OEMs starting today, which means it will likely show up in shipping products at some point in 2015.
Update: Synaptics tells us that there will be two separate versions of the SecurePad, one that sends the data from the fingerprint scanner to the CPU for confirmation and decryption and one that works a bit more like Apple's TouchID. In the version that uses the CPU, the device driver apparently handles communication between the SecurePad, the processor, and the software.
In the other version, the SecurePad's controller stores recorded fingerprints and directly decrypts data sent from the fingerprint sensor without sending anything to the system's main CPU. Synaptics describes this as a "match on chip" configuration, since the recorded and scanned fingerprint data never actually leaves the chip. This controller simply passes a "yes" or "no" to the software requesting authentication.
In both cases, all data involved (including the simple "yes" and "no" answers sent to the software) are encrypted using AES-128, the smallest of the three AES key sizes (larger keys can be 192 or 256 bits in length).
reader comments
71