How Apple will keep your fingerprints safe in the iPhone 5S

When Apple unveiled the iPhone 5S last week, it also unveiled Touch ID, a feature that allows users to unlock the smartphone and make purchases through the home button's new fingerprint scanner.

Using a device that recognizes users has security implications, as Microsoft acknowledged in the wake of the Xbox One announcement, where it unveiled the next-gen Kinect's "always listening" feature.

In the video above, Apple senior vice president of hardware engineering, Dan Rico, explains how the company will store fingerprint information securely using a technology Apple calls Secure Enclave.

"All fingerprint information is encrypted," Rico explains in the video above, "and stored inside the Secure Enclave in our new A7 chip. Here, it is locked away from everything else, accessible only by the Touch ID sensor. It's never available to other software, and it's never stored on Apple's servers or backed up to iCloud."

"Apple needed a processor that is already aware of the concept of encryption and security at a native level"

A recent post on Quora by Brian Roemmele cites ARM documentation to explain how Apple uses the 64-bit A7 processor to create the Secure Enclave.

"To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture," Roemmele wrote.

He also cites an ARM white paper from 2008 called "ARM Security Technology" (PDF link) that describes the TrustZone architecture, which stores secure information embedded on the processor where only trusted software can access it.

"Many embedded devices are now storing a large amount of user data, including sensitive information such as synchronized email, mobile banking details, and mobile payment credentials," section 6.2.2, "Mobile Payment," reads. "This user data can be protected, requiring the entry of passcode before it can be used, however once unlocked it is vulnerable to any weakness in the underlying software environment.

"Migrating the data storage, data manipulation, and even the passcode entry, into the Secure world makes sense for many applications that make use of user data."

Read These Next

Latest Discussions

X
Log In Sign Up

forgot?
Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5353_tracker