How Apple will keep your fingerprints safe in the iPhone 5S

When Apple unveiled the iPhone 5S last week, it also unveiled Touch ID, a feature that allows users to unlock the smartphone and make purchases through the home button's new fingerprint scanner.

Using a device that recognizes users has security implications, as Microsoft acknowledged in the wake of the Xbox One announcement, where it unveiled the next-gen Kinect's "always listening" feature.

In the video above, Apple senior vice president of hardware engineering, Dan Rico, explains how the company will store fingerprint information securely using a technology Apple calls Secure Enclave.

"All fingerprint information is encrypted," Rico explains in the video above, "and stored inside the Secure Enclave in our new A7 chip. Here, it is locked away from everything else, accessible only by the Touch ID sensor. It's never available to other software, and it's never stored on Apple's servers or backed up to iCloud."

"Apple needed a processor that is already aware of the concept of encryption and security at a native level"

A recent post on Quora by Brian Roemmele cites ARM documentation to explain how Apple uses the 64-bit A7 processor to create the Secure Enclave.

"To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture," Roemmele wrote.

He also cites an ARM white paper from 2008 called "ARM Security Technology" (PDF link) that describes the TrustZone architecture, which stores secure information embedded on the processor where only trusted software can access it.

"Many embedded devices are now storing a large amount of user data, including sensitive information such as synchronized email, mobile banking details, and mobile payment credentials," section 6.2.2, "Mobile Payment," reads. "This user data can be protected, requiring the entry of passcode before it can be used, however once unlocked it is vulnerable to any weakness in the underlying software environment.

"Migrating the data storage, data manipulation, and even the passcode entry, into the Secure world makes sense for many applications that make use of user data."

More from Polygon

The horror of Five Nights at Freddy's

  • Dark Souls 2: Crown of the Old Iron King Overview

  • Spacecom: a fast 4X built for multiplayer

  • Pillars of Eternity builds on role-playing classics

  • Tour the 1 KB hard drive built inside Minecraft

Latest Discussions

X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Polygon username and password

As part of the new Polygon launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Polygon going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Polygon username and password

As part of the new Polygon launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Polygon going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5353_tracker