Secure Elements raise the bar for fingerprint security – Interview with Fredrik Sjöholm, Senior Sales Director, Embedded Market

How do you make payments really secure on a smartphone or an embedded system like a credit card? Precise Biometrics solution is to fit fingerprint authentication in a so called Embedded Secure Element, eSE. “This will stop hackers and fraudsters to break into a fingerprint system”, says Fredrik Sjöholm who spearheads Precise Biometrics’ business development efforts for the embedded market.

A smartphone or an embedded product with a sensor using Precise Biometrics’ software solution can provide top biometric performance. In other words, the likelihood is very low that the system will either incorrectly accept an unauthorized user or for that matter reject an authorized user. But that’s not enough if you want bank-grade security for payment applications

“You need to make it next to impossible for an intruder to hack into the operations performed during fingerprint authentication and access the stored fingerprint templates produced during the initial enrollment of a user”, says Fredrik Sjöholm. Fredrik is an experienced business developer, whose mission at Precise Biometrics is to expand the usage of fingerprint authentication to new markets and use cases, advocating the necessity to ensure highly secure biometric systems.

On mobile phones, the fingerprint authentication process and the storage of fingerprint templates has so far been done in a protected area of the main processor called Trusted Execution Environment (TEE). “That has worked fine on a smartphone where the main use case for fingerprint sensors has been to unlock the phone”, says Fredrik Sjöholm.

With smartphones enabling certain high sensitive applications, such as payments and recently also secure data and speech communication as with the Gionee M6 phone released last autumn, a next level of higher security is required, this is where embedded Secure Elements can offer a solution.

Embedded Secure Elements, or eSE, is the logical solution for securing highly sensitive applications.  An eSE is a separate processor chip designed to run sensitive applications and store the data used by the applications. The eSE is typically designed for specific use cases, such as payment, transportation or access keys. Payment cards contain an eSE to securely run the application authorizing a payment, as well as storing the user’s credentials, such as PIN codes and bank tokens. Mobile phones approved for payments typically use an eSE as complement to the TEE. Due to their secure architecture eSE’s can be certified for their specific use cases; eSE’s for payments are for example certified by the major payment schemes such as EMVCo and China Union Pay.

TEE is designed to protect a vast array of software applications on a processor in a mobile phone. There has been a rapid growth over the last years on the market for embedded devices with limited platforms such as smart cards, door locks, USB tokens and wearables. For these embedded products, containing fewer but highly sensitive use cases such as payments, eSE is the natural option.

“A standard microprocessor together with an eSE is a strong security combination. Fingerprint authentication plays a role by providing secure access to the applications and keys stored on the eSE. This is simply a perfect match”, says Fredrik Sjöholm. In addition, the eSE provides a highly secure solution to store and protect the fingerprint templates.

But until recently it has been a big challenge to run a fingerprint matching solution in an eSE. Embedded SE’s typically are very limited in terms of processing speed and available memory for storing data. Precise Biometrics, however, has successfully managed to solve the problem.

“Thanks to our efficient and light algorithm solutions, we are able to both run the critical part of the matching process and store the fingerprint templates inside an eSE”, says Fredrik.
This solution makes the risk of having your fingerprints stolen highly limited. Also, the risk of someone trying to tamper with the payment process on your card or on the mobile is significantly reduced.

“The fast adoption of biometric authentication solutions in a wide number of applications, will continue to drive the need for eSE’s going forward”, says Fredrik Sjöholm.