Apple reveals inner workings of iPhone 5s Touch ID scanner
The consumer electronics giant explains how Touch ID keeps users' fingerprints safe.
Apple has published a white paper that reveals exactly how the Touch ID biometric scanner works on its latest iPhones.
The feature works by using what Apple calls a "Secure Enclave". This generates and communicates encrypted temporary information to the rest of the phone, ensuring that fingerprint data is left unexposed to the rest of the system.
Secure Enclave only stores data from scanned prints and not the actual images. With the secure boot process, the Enclave, a co-processor inside Apple's A7 chip, verifies and signs data independently of other iOS software and hardware. Apple said even if a device is compromised the data held in the Secure Enclave is completely inaccessible.
"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space," the document said.
"Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter."
And while the A7 processor deals with data from Touch ID, this information is encrypted by the scanner, making it unreadable to the rest of the phone. Only Secure Enclave can authenticate the data.
"It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave," the document reads. "The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption."
Researchers at FireEye recently published a post about how keyboard presses, physical button presses, and TouchID interaction can be tracked on iOS devices, even if they are not jailbroken, with a simple monitoring app. The researchers said this information could be used to mount an attack on such a device and get access to the devices's input data.
Meeting the future of education with confidence
How the switch to digital learning has created an opportunity to meet the needs of every student, alwaysFree Download
The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana
Cost savings and business benefitsFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
Why PCaaS is perfect for modern schoolsFree Download