Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,545
30,856



Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

touchid.jpg
According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
Click to expand...
Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.
It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Click to expand...
Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

Article Link: Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document
 
Article Link
https://www.macrumors.com/2014/02/26/touch-id-secure-enclave-document/
Klae17

Klae17

macrumors 65816
Jul 15, 2011
1,227
1,578
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
 
\-V-/

\-V-/

Suspended
May 3, 2012
3,153
2,688
Klae17 said:
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Click to expand...
Because you're on an Apple-based website?
 
D

Derekeys

macrumors regular
Sep 17, 2012
191
425
Philadelphia, PA
I love the Touch I.D. I think Apple got it right, and for all those who hate on it, they just don't understand that security at its best is still just an obstacle for the determined.

I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.

_____________

Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
 
DaveN

DaveN

macrumors 6502a
May 1, 2010
906
757
\-V-/ said:
Because you're on an Apple-based website?
Click to expand...

I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
 
T

Tech198

Cancelled
Mar 21, 2011
15,915
2,151
I always take for granted how companies can be so sure of themselves ad they just post up a complete document on how it all works, going by their own secure stuff they are obviously sure enough to bet on its safe, otherwise they wouldn't post it to begin with ...

Truth this, while these documents are all ok, Samsung and others don't need every bit of info here, as they seem to get into ;'hot water' on their own.

Besides, didn't Apple do a patent on this ? Apart from being just a reference, the fact that everyone now knows exactly how it works, what is stopping people having a lawsuit ?

tickle,, the NSA raises their glasses to triumph.
 
taptic

taptic

macrumors 65816
Dec 5, 2012
1,341
437
California
And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
 
B

brendu

Cancelled
Apr 23, 2009
2,472
2,703
\-V-/ said:
Because you're on an Apple-based website?
Click to expand...

I haven't seen people on other tech sites or android sites questioning samsungs system. Just either bashing Samsung for copying or complaining about how apple is evil... I really am interested in how Samsung handles security when they allow apps to use fingerprints for certain features. It sure doesn't seem very secure.
 
seamer

seamer

macrumors 6502
Jul 24, 2009
426
164
Klae17 said:
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Click to expand...

Samsung will fix it when Apple shows them how.
 
C

currentinterest

macrumors 6502a
Aug 22, 2007
682
664
All I have read is that they use "local encryption" whatever that means in this context. Doesn't sound all that secure to me, but I am far from knowledgable on this subject.
 
N

nwoodward

macrumors newbie
Feb 17, 2014
4
0
Is the s5 even secure? I have read no article beside how it has a fingerprint sensor. Apple did a good job ensuring security.

Just wondering, what do the apps get from Samsung - a yes or no? Or the actual code?
 
Michael Scrip

Michael Scrip

macrumors 604
Mar 4, 2011
7,929
12,480
NC
Klae17 said:
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Click to expand...

It would be nice if Samsung documented what exactly is going on with their fingerprint security.

When does the Galaxy S5 launch?

It might be an important thing to cover.
 
\-V-/

\-V-/

Suspended
May 3, 2012
3,153
2,688
DaveN said:
I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
Click to expand...
I've noticed that as well on tech sites in general.
 
Rogifan

Rogifan

macrumors Penryn
Nov 14, 2011
24,145
31,200
Michael Scrip said:
It would be nice if Samsung documented what exactly is going on with their fingerprint security.

When does the Galaxy S5 launch?

It might be an important thing to cover.
Click to expand...

Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
 
AngerDanger

AngerDanger

Graphics
Staff member
Dec 9, 2008
5,452
29,003
In an effort to make MacRumors more kid-friendly, I will review some of the new vocabulary words introduced in this article:

Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.

:p
 
goobot

goobot

macrumors 603
Jun 26, 2009
6,487
4,376
long island NY
Rogifan said:
Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
Click to expand...

Well just because the devs can use it doesn't mean it isn't secure. iOS cydia tweaks can't actually access the fingerprint data yet can use the fingerprint scanner.
 
Kariya

Kariya

macrumors 68000
Nov 3, 2010
1,820
10
...and now Samsung will copy it and implement it in the all-new Galaxy S5 coming in 6 months or less.
 
W

WestonHarvey1

macrumors 68030
Jan 9, 2007
2,773
2,191
My 5S's sensor appears to be deteriorating in recent weeks. I've gone from at least a 90% success rate to a 10% success rate. I have redone my prints multiple times. It seems like I get better results if I clean the home button every time, but you shouldn't have to do that, and it makes me suspect a hardware failure.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom