Here’s How Apple Protects Touch ID Fingerprint Data
Apple (NASDAQ:AAPL) has released an iOS security white paper that reveals the extraordinary precautions the company has taken to ensure the security of the iPhone 5S Touch ID fingerprint scanner data, TechCrunch reports. When Apple first unveiled its biometric authentication system last year, some industry watchers raised questions about the potential security risks associated with storing an image of a user’s fingerprint on a mobile device.
Sen. Al Franken wrote an open letter to Apple CEO Tim Cook last year outlining his concerns about the possibility that a hacker could steal a user’s identity by acquiring his or her fingerprint. However, in the new security document, Apple outlined how it protects users’ fingerprint images by encrypting the data and storing it in a separate “secure enclave” in the A7 chip.
Said Apple in the security document: “The Secure Enclave is a coprocessor fabricated in the Apple A7 chip. It utilizes its own secure boot and personalized software update separate from the application processor. It also provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.”
Not only is the data stored in the secure enclave protected from other operations performed by the A7 processor, the encrypted information is also inaccessible to Apple. “Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple,” according to Apple. “When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.”