Apple reveals inner workings of iPhone 5s Touch ID scanner
The consumer electronics giant explains how Touch ID keeps users' fingerprints safe.
Apple has published a white paper that reveals exactly how the Touch ID biometric scanner works on its latest iPhones.
The feature works by using what Apple calls a "Secure Enclave". This generates and communicates encrypted temporary information to the rest of the phone, ensuring that fingerprint data is left unexposed to the rest of the system.
Secure Enclave only stores data from scanned prints and not the actual images. With the secure boot process, the Enclave, a co-processor inside Apple's A7 chip, verifies and signs data independently of other iOS software and hardware. Apple said even if a device is compromised the data held in the Secure Enclave is completely inaccessible.
"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space," the document said.
"Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter."
And while the A7 processor deals with data from Touch ID, this information is encrypted by the scanner, making it unreadable to the rest of the phone. Only Secure Enclave can authenticate the data.
"It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave," the document reads. "The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption."
Researchers at FireEye recently published a post about how keyboard presses, physical button presses, and TouchID interaction can be tracked on iOS devices, even if they are not jailbroken, with a simple monitoring app. The researchers said this information could be used to mount an attack on such a device and get access to the devices's input data.
The case for a marketing content hub
Transform your digital marketing to deliver customer expectationsDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now
IT faces new security challenges in the wake of COVID-19
Beat the crisis by learning how to secure your networkDownload now