Next, a microprocessor in the smart card extracts a few specific details, called minutiae, from the digital image of the fingerprint. Minutiae include locations where the ridges end abruptly and locations where two or more ridges merge, or a single ridge branches out into two or more ridges. Typically, in a live-scan fingerprint image of good quality, there are 20 to 70 minutiae; the actual number depends on the size of the sensor surface and the placement of the finger on the sensor. The minutiae information is encrypted and stored, along with the cardholder’s identifying information, as a template in the smart card’s flash memory.

At the start of a credit card transaction, you would present your smart credit card to a point-of-sale terminal. The terminal would establish secure communications channels between itself and your card via communications chips embedded in the card and with the credit card company’s central database via Ethernet. The terminal then would verify that your card has not been reported lost or stolen, by exchanging encrypted information with the card in a predetermined sequence and checking its responses against the credit card database.

Next, you would touch your credit card’s fingerprint sensor pad. The matcher, a software program running on the card’s microprocessor, would compare the signals from the sensor to the biometric template stored in the card’s memory. The matcher would determine the number of corresponding minutiae and calculate a fingerprint similarity result, known as a matching score. Even in ideal situations, not all minutiae from the input and template prints taken from the same finger will match. So the matcher uses what’s called a threshold parameter to decide whether a given pair of feature sets belong to the same finger or not. If there’s a match, the card sends a digital signature and a time stamp to the point-of-sale terminal. The entire matching process could take less than a second, after which the card is accepted or rejected.

The point-of-sale terminal sends both the vendor information and your account information to the credit card company’s transaction-processing system. Your private biometric information remains safely on the card, which ideally never leaves your possession.

But say your card is lost or stolen. First of all, it is unlikely that a thief could recover your fingerprint data, because it is encrypted and stored on a flash memory chip that very, very few thieves would have the resources to access and decrypt. Nevertheless, suppose that an especially industrious, and perhaps unusually attractive, operator does get hold of the fingerprint of your right index finger—say, off a cocktail glass at a hotel bar where you really should not have been drinking. Then this industrious thief manages to fashion a latex glove molded in a slab of gelatin containing a nearly flawless print of your right index finger, painstakingly transferred from the cocktail glass.

Even such an effort would fail, thanks to new applications that test the vitality of the biometric signal. One identifies sweat pores, which are just 0.1 millimeter across, in the ridges using high-resolution fingerprint sensors. We could also detect spoofs by measuring the conduction properties of the finger using electric field sensors from AuthenTec Inc., of Melbourne, Fla. Software-based spoof detectors aren’t far behind. One of us (Jain) is currently leading an effort at Michigan State University, in East Lansing, in which researchers are differentiating the way a live finger deforms the surface of a sensor from the way a dummy finger does. With software that applies the deformation parameters to live scans, we can automatically distinguish between a real and a dummy finger 85 percent of the time—enough to make your average identity thief think twice before fashioning a fake finger.