Match-on-Host (MOH) technology, which is the industry standard, comprises of the fingerprint sensor reading the biometric fingerprint data and sending it to the host processor or other external processor for processing.
The Match-on-Host architecture divides the functional requirements between the sensor IC that captures the fingerprint data and a separate controller IC (typically the application processor on a mobile device) that is used to operate the software to make the fingerprint match. The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.
Smart cards are widely used to deploy secure and cost effective identity management systems. Integration of biometrics into the smart card leads to a strong two-factor authentication (2FA) system through the match on host process.
An alternative to MOH is Match-in-Sensor or Match-on-Card (MOC), which isolates fingerprint operations away from the host OS in the sensor itself. In the case of Match-in-Sensor, if the host is completely compromised by a successful attack of any type or origin, it is extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario.
