Farpoint Group Technical Note — November 2008
everyone else. Fingerprints as the second factor thus provide convenience with no compromise in overall network and information security, and fit nicely into consumer-oriented devices with minimal (if any) training and support requirements. Note, by the way, that the first factor in a two-factor solution can be a particular mobile device itself – meaning, as we’ll see below, that passwords can now (securely, of course) be stored and unleashed on the fly at a user’s direction with a simple swipe of a fingertip.
Given their uniqueness to a given individual, the fact that we always have (in most cases) ten of them with us at all times, and the reality that the required recognition technology is now small (including the required software footprint) cheap, accurate, simple, power-efficient, and flexible enough for even mobile-device applications, we believe that fingerprints will rapidly emerge as the ideal solution to the mobile authentication challenge.
Two final points: First, standards (always desirable in IT) for fingerprint recognition exist and have been broadly adopted; these are important for interoperability among applications using scanned data. Key standards include ISO/IEC 19794-2 (Information technology – Biometric data interchange formats, Part 2: Finger minutiae data), Federal Information Processing Stan- dard (FIPS) 201, Personal Identity Verification of Federal Employees and Contractors, and ANSI INCITS 378-2004 (Information technology - Finger Minutiae Format for Data Inter- change). These standards have been broadly adopted and proven secure by governments and international law enforcement agencies around the world. Not all products available today have adopted these standards, however, and a high degree of caution would as always be advised in considering non-standard implementations.
And second, Farpoint Group and others close to the technology and its applications expect the market for fingerprint recognition implementations in mobile devices to skyrocket in coming years. Fingerprint sensors in laptops are already becoming popular: market researcher Frost and Sullivan estimates that 20% of notebook computers shipped in 2008 will have integral finger- print sensors. The potential market for cellular handsets is much larger - on the order of one bil- lion units are shipped every year. Assuming just 5% of this market adopting fingerprint technol- ogy would result in 50 million units alone. Market researcher the Kerton Group, in their 2008 research brief Market Trends for Fingerprint Sensors in Mobile Handsets, reports a representa- tive of Nokia stating that 10% of Nokia’s phones could ship with fingerprint capability within 2-3 years, assuming fingerprint solutions achieve Nokia’s desired price point. The Kerton Group further expects that eight million cell phones will ship with fingerprint scanners in 2008, and states that 43 distinct phone models have launched with fingerprint scanners since the be- ginning of 2007.
Fingerprint Recognition and Mobile Security Applications
Historically, of course, fingerprint recognition is best known in government-class identification applications (such as security clearances and military IDs), and, of course, for their long history of application in crime labs and other forensic settings. The technology has also been success- fully applied in physical security (building access) and time-and-attendance applications as well. But with today’s availability of small, cost-effective, and reliable implementations of fin-
Fingerprint Recognition and Mobile Security