iPhone 5s puts the spotlight on biometrics
In September, Validity's chief technology officer Sebastien Taveau was cited by Business Insider in a piece that noted Apple had been "filing patents on biometric security since at least 2009." Taveau said that "Apple has been working on it for more than two years and they have extremely competent engineers."
Apple was also said to have worked with Australian component firm Microlatch. The company's managing director and founder Chris Burke was cited as saying Apple had approached the company at least two years ago in an effort to investigate fingerprint technology and users' reactions to it.
While some Android vendors had added fingerprint sensors to their phones, including Motorola and Fujitsu, the feature wasn't being widely used and wasn't working reliably enough for Motorola to continue supporting it.
But now that Apple has popularized the technology on its iOS flagship, Synaptics sees its acquisition of Validity as a way "to strengthen its portfolio of touch-based technologies with the diversification into fingerprint-sensing capabilities."
Synaptics is currently a leading supplier of PC touchpads, including Apple among its customers; it also supplies the chips that power most smartphone touch screens apart from Apple's. The sharp decline in PC growth at the hands of Apple's iPad and other mobile devices that have shifted from a pointer-based interface to multitouch appears to be a contributing factor in the company's efforts to diversify its offerings via Validity.
Apple takes AuthenTec out of reach
AuthenTec had been supplying most of the world's capacitative fingerprint sensors, which have been embedded in Windows notebooks and tablets for many years. However, After Apple acquired the firm for $356 million in July 2012, it stopped selling the sensors to third parties.
Biometric Update cited reports last year describing those customers as being "in a state of panic" as they tried to find alternative suppliers.
Samsung was particularly affected, as it used AuthenTec sensors in its notebooks and relied on the company's VPN software for its Android phones. Apple subsequently sold AuthenTec's Embedded Security Solutions division to Inside Secure. That left Samsung looking for a replacement fingerprint sensor vendor.
Alternative mobile sensors are not as advanced
Samsung was reported to be working with Validity in an effort to put a fingerprint sensor in its Note 3 phablet over the summer.
The company's efforts to support the sensor were leaked in a report identifying a "FingerprintService.apk" Android app associated with the new device, but the Note 3 was announced without the feature the week before Apple debuted its iPhone 5s with Touch ID, based on the AuthenTec acquisition.
Both Apple and Samsung were said to have run into severe production problems in developing a fingerprint sensor suitable for use on a mobile device, but Apple launched the feature in volume and Samsung hasn't at all. Samsung executives have since backpedaled on their support of fingerprint login, describing it as simply a technology the company is watching to see how it unfolds.
"We never officially admitted that Samsung was weighing the fingerprint system" - Samsung
"We never officially admitted that Samsung was weighing the fingerprint system," a Samsung official was cited by the Korean Herald as saying. "We are not yet developing the technology."
Part of Samsung's problem is that there are few suppliers with suitable technology. Korea's Crucialtec was described by that same report as being more than a year behind AuthenTec in its fingerprint scanning technology. That firm currently supplies a sensor for Pantech phones, but uses a swipe-scan system rather than the nearly instantaneous, flat pad sensor Apple is using in its iPhone 5s.
Describing the disadvantages of swipe sensors, Nelly Porter, Microsoft's head of Windows Security told CITEWorld , "they're not intuitive. You have to swipe your finger, not too fast and not too slow and not over to the left and not over to the right but just in the right place so the sensor can compose the stripe image. That's users having to work for the technology, not having the technology work or them."
Nobody wanted it until Apple delivered it
While there are a variety of companies that build fingerprint sensors, few companies have the expertise that AuthenTec had as the world's leading producer of the sensors and the identity management behind them, and most are inferior swipe scan systems or use simpler optical or thermal sensing.
Developing and selling the advanced technology required for a reliable, fast sensor is expensive; in an SEC filing prior to Apple's acquisition, AuthenTec noted that it had developed new fingerprint technology and had attempted to shop it around to "several leading consumer electronics companies."
However, none of the companies AuthenTec approached expressed an interest in using the technology apart from Apple, which began a conversation with the firm in late 2011. AuthenTec stated that the main reason Apple was the only interested party appears to have been the cost involved.
Fraught with security risks
Incorporating fingerprint authentication is more complicated than simply including a sensor. Apple outlined how its own Touch ID feature was deeply integrated with the Secure Enclave Processor architecture within its new A7 Application Processor, which securely stores print data in a way that is inaccessible from apps, and even from the rest of the system, a protection designed to maintain security even if the operating system were compromised via a vulnerability.
AuthenTec was fully aware of the risks involved with poorly integrated fingerprint solutions. In 2010, the firm had itself acquired UPEK, another significant fingerprint technology vendor. Two years later, UPEK's product to log into Windows laptops was revealed to store users' Windows login passwords insecurely in the Registry, allowing a hacker with physical access to easily retrieve passwords to all accounts that had enabled fingerprint login.
AuthenTec stopped selling the software, but it was installed on a wide range of Windows laptops, including models from Acer, Asus, Compal, Dell, Gateway, Lenovo, Samsung, Sony and Toshiba.
In order to match Apple's Touch ID security, Android vendors like Samsung will also need to overhaul the hardware and software security of their devices. Samsung is already struggling to secure Android with its "Knox" solution (above) for adding secure app sandboxing to a few specific Galaxy models, as well as a third party "LoJack" subscription service designed to work similar to Apple's new Activation Lock in iOS 7.