Apple Details Touch ID, 'Secure Enclave' In Updated Online Security Document

Apple’s Touch ID might seem ultra-secure to you and me (and way more so than our old “1234” passcodes), but businesses dealing in sensitive information seem to need a little more convincing. To meet concern over the security of the fingerprint scanning Home button, Apple has updated its “iPhone in Business” Web page, detailing both Touch ID and the “Secure Enclave” that works alongside the feature.

In a new PDF, titled “iOS Security,” Apple reiterates that Touch ID and its Secure Enclave store only data from scanned fingerprints, rather than actual images. Using a secure boot process, the Enclave – a coprocessor inside of Apple’s A7 processor – verifies and signs information independently of other iOS hardware and software. Even if an iOS device is compromised, Apple stresses that the contents of this Secure Enclave are entirely inaccessible:

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.

As such, even though the 64-bit A7 processor deals with data collected from Touch ID, the information sourced from the fingerprint scanner is encrypted and can’t be read by the A7 chip; only the Secure Enclave can provide authentication:

It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

It’s an interesting document, and if you have concerns over Touch ID, it should put your mind at rest. As mentioned, you can find Apple’s new iOS Security PDF online at its iPhone in Business Web page.

Apple is maintaining its Touch ID manufacturing method and will include the fingerprint scanner on its next-generation iPhone handset, the so-called “iPhone 6,” later this year. The jailbreak scene has developed a number of innovative uses for Touch ID in recent months, and we’d love to see some of these implemented within Apple’s iOS.

See also: Documents 5 By Readdle Features New iOS 7 Design, Inter-App Add-Ons And More, Spiderweb Software Releases Fantasy RPG Sequel Avadon 2: The Corruption HD For iPad, and Toca Boca Lets Kids Take Care Of 15 Cute And Cuddly Critters In Toca Pet Doctor.

Related articles