Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 26, 2014, 05:24 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document




Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
Quote:
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.
Quote:
It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

Article Link: Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document
MacRumors is offline   1 Reply With Quote
Old Feb 26, 2014, 05:25 PM   #2
Klae17
macrumors 6502a
 
Join Date: Jul 2011
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
__________________
15" rMBP, 13" MBA iPhone 6+, iPod Nano, Shuffle, iPad Air 2, Apple TV 3s, Mac Pro.
Klae17 is offline   34 Reply With Quote
Old Feb 26, 2014, 05:26 PM   #3
\-V-/
macrumors 65816
 
\-V-/'s Avatar
 
Join Date: May 2012
Quote:
Originally Posted by Klae17 View Post
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Because you're on an Apple-based website?
\-V-/ is offline   11 Reply With Quote
Old Feb 26, 2014, 05:26 PM   #4
keterboy
macrumors regular
 
Join Date: Jan 2014
Location: Earth's Core
Awe.Som.Ness.
keterboy is offline   2 Reply With Quote
Old Feb 26, 2014, 05:29 PM   #5
Nunyabinez
macrumors 6502a
 
Nunyabinez's Avatar
 
Join Date: Apr 2010
Location: Provo, UT
I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
__________________
iMac w/Retina 4GHz; 27" iMac, 3.4 GHz i7; 15" MBP, 2.53 GHz Core 2 Duo; 13" MBA 1.7 GHz i5; iPad (3rd Gen); iPad Mini; iPhone 6+;
Nunyabinez is offline   20 Reply With Quote
Old Feb 26, 2014, 05:31 PM   #6
Derekeys
macrumors member
 
Join Date: Sep 2012
Location: Philadelphia, PA
I love the Touch I.D. I think Apple got it right, and for all those who hate on it, they just don't understand that security at its best is still just an obstacle for the determined.

I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.

_____________

Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
Derekeys is offline   8 Reply With Quote
Old Feb 26, 2014, 05:33 PM   #7
DaveN
macrumors 6502
 
Join Date: May 2010
Quote:
Originally Posted by \-V-/ View Post
Because you're on an Apple-based website?
I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
DaveN is offline   12 Reply With Quote
Old Feb 26, 2014, 05:33 PM   #8
Tech198
macrumors 601
 
Join Date: Mar 2011
Location: Australia, Perth
I always take for granted how companies can be so sure of themselves ad they just post up a complete document on how it all works, going by their own secure stuff they are obviously sure enough to bet on its safe, otherwise they wouldn't post it to begin with ...

Truth this, while these documents are all ok, Samsung and others don't need every bit of info here, as they seem to get into ;'hot water' on their own.

Besides, didn't Apple do a patent on this ? Apart from being just a reference, the fact that everyone now knows exactly how it works, what is stopping people having a lawsuit ?

tickle,, the NSA raises their glasses to triumph.
__________________
13" MBPR, i5, 256Gig SDD, 8 Gig Ram, Apple TV, iPhone 5S 16Gig, iPad 4th Gen 16Gig, Mac Mini 2.3Ghz i7, 1TB HD
"There are no stupid questions, just stupid people."
Tech198 is offline   0 Reply With Quote
Old Feb 26, 2014, 05:33 PM   #9
JHankwitz
macrumors 68000
 
Join Date: Oct 2005
Location: Wisconsin
Send a message via AIM to JHankwitz
Sure appears to be far more secure than the 4-digit pin for access.
JHankwitz is offline   0 Reply With Quote
Old Feb 26, 2014, 05:36 PM   #10
taptic
macrumors 65816
 
taptic's Avatar
 
Join Date: Dec 2012
Location: California
And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
__________________
If you want a cool new feature on a Samsung phone, just suggest it to Apple.
taptic is offline   23 Reply With Quote
Old Feb 26, 2014, 05:36 PM   #11
brendu
macrumors 68000
 
Join Date: Apr 2009
Location: USA
Quote:
Originally Posted by \-V-/ View Post
Because you're on an Apple-based website?
I haven't seen people on other tech sites or android sites questioning samsungs system. Just either bashing Samsung for copying or complaining about how apple is evil... I really am interested in how Samsung handles security when they allow apps to use fingerprints for certain features. It sure doesn't seem very secure.
brendu is offline   5 Reply With Quote
Old Feb 26, 2014, 05:37 PM   #12
seamer
macrumors 6502
 
Join Date: Jul 2009
Quote:
Originally Posted by Klae17 View Post
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Samsung will fix it when Apple shows them how.
seamer is offline   11 Reply With Quote
Old Feb 26, 2014, 05:41 PM   #13
currentinterest
macrumors 6502
 
Join Date: Aug 2007
All I have read is that they use "local encryption" whatever that means in this context. Doesn't sound all that secure to me, but I am far from knowledgable on this subject.
currentinterest is offline   0 Reply With Quote
Old Feb 26, 2014, 05:46 PM   #14
nwoodward
macrumors newbie
 
Join Date: Feb 2014
Is the s5 even secure? I have read no article beside how it has a fingerprint sensor. Apple did a good job ensuring security.

Just wondering, what do the apps get from Samsung - a yes or no? Or the actual code?
nwoodward is offline   1 Reply With Quote
Old Feb 26, 2014, 05:49 PM   #15
Michael Scrip
macrumors 68020
 
Join Date: Mar 2011
Location: NC
Quote:
Originally Posted by Klae17 View Post

Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
It would be nice if Samsung documented what exactly is going on with their fingerprint security.

When does the Galaxy S5 launch?

It might be an important thing to cover.
Michael Scrip is offline   4 Reply With Quote
Old Feb 26, 2014, 05:51 PM   #16
Plutonius
macrumors 601
 
Plutonius's Avatar
 
Join Date: Feb 2003
Location: New Hampshire
Quote:
Originally Posted by currentinterest View Post
All I have read is that they use "local encryption" whatever that means in this context. Doesn't sound all that secure to me, but I am far from knowledgable on this subject.
It most likely means that the fingerprint data is encrypted by the iPhone as opposed to sending the RAW data out to be encrypted.
Plutonius is offline   1 Reply With Quote
Old Feb 26, 2014, 05:53 PM   #17
iapplelove
macrumors 68000
 
iapplelove's Avatar
 
Join Date: Nov 2011
Location: East Coast USA
This is good.. Cause it's looking like 2014 is gonna be year of the hacker.
__________________
15" MBP/iphone 6 Plus 128gb/ipad Air 64gb/ipod nano/apple tv 3rd gen.
iapplelove is offline   0 Reply With Quote
Old Feb 26, 2014, 06:01 PM   #18
\-V-/
macrumors 65816
 
\-V-/'s Avatar
 
Join Date: May 2012
Quote:
Originally Posted by DaveN View Post
I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
I've noticed that as well on tech sites in general.
\-V-/ is offline   4 Reply With Quote
Old Feb 26, 2014, 06:01 PM   #19
Rogifan
macrumors G3
 
Rogifan's Avatar
 
Join Date: Nov 2011
Quote:
Originally Posted by Michael Scrip View Post
It would be nice if Samsung documented what exactly is going on with their fingerprint security.

When does the Galaxy S5 launch?

It might be an important thing to cover.
Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
__________________
"When we se something huge and powerful we aspire to make it small and meaningful." Jony Ive 
Rogifan is offline   1 Reply With Quote
Old Feb 26, 2014, 06:02 PM   #20
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: doing the Dada Polka
In an effort to make MacRumors more kid-friendly, I will review some of the new vocabulary words introduced in this article:

Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.

AngerDanger is offline   6 Reply With Quote
Old Feb 26, 2014, 06:02 PM   #21
Lazy
macrumors regular
 
Join Date: May 2003
Location: Silicon Valley
Rube Goldberg would be proud.
Lazy is offline   1 Reply With Quote
Old Feb 26, 2014, 06:11 PM   #22
goobot
macrumors 601
 
goobot's Avatar
 
Join Date: Jun 2009
Location: long island NY
Quote:
Originally Posted by Rogifan View Post
Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
Well just because the devs can use it doesn't mean it isn't secure. iOS cydia tweaks can't actually access the fingerprint data yet can use the fingerprint scanner.
__________________
Unibody Macbook |iPad|Apple TV 2|Black iPhone 6
goobot is offline   1 Reply With Quote
Old Feb 26, 2014, 06:21 PM   #23
Kariya
macrumors 68000
 
Join Date: Nov 2010
...and now Samsung will copy it and implement it in the all-new Galaxy S5 coming in 6 months or less.
Kariya is offline   1 Reply With Quote
Old Feb 26, 2014, 06:35 PM   #24
WestonHarvey1
macrumors 68000
 
Join Date: Jan 2007
My 5S's sensor appears to be deteriorating in recent weeks. I've gone from at least a 90% success rate to a 10% success rate. I have redone my prints multiple times. It seems like I get better results if I clean the home button every time, but you shouldn't have to do that, and it makes me suspect a hardware failure.
WestonHarvey1 is offline   0 Reply With Quote
Old Feb 26, 2014, 06:44 PM   #25
vpndev
macrumors regular
 
Join Date: May 2009
rofl

Quote:
Originally Posted by Kariya View Post
...and now Samsung will copy it and implement it in the all-new Galaxy S5 coming in 6 months or less.
Yeah, right.

Right after they get their 64-bit CPU working.

Last edited by vpndev; Feb 26, 2014 at 06:45 PM. Reason: add
vpndev is offline   5 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 12:04 PM
Starbucks iOS App Updated to Secure Personal Information [Updated x2] MacRumors iOS Blog Discussion 52 Jan 28, 2014 02:13 PM
Touch ID Patent Applications Show Details Behind 'Secure Enclave' and iPhone 5s Implementation MacRumors MacRumors.com News Discussion 46 Dec 4, 2013 03:51 AM
New Model Offers Detailed Look at Apple's Upcoming 'Spaceship' Campus [Updated] MacRumors MacRumors.com News Discussion 130 Oct 15, 2013 07:57 AM
Apple Highlights New Apple TV 6.0 'Touch Setup' Feature in Support Document MacRumors Mac Blog Discussion 79 Oct 6, 2013 10:12 AM

Forum Jump

All times are GMT -5. The time now is 02:05 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC