Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 26, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

    Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

    [​IMG]
    According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
    Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.
    Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

    The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

    Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

    Article Link: Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document
     
  2. macrumors 6502a

    Joined:
    Jul 15, 2011
    #2
    Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
     
  3. macrumors 68000

    \-V-/

    Joined:
    May 3, 2012
    #3
    Because you're on an Apple-based website?
     
  4. Guest

    keterboy

    Joined:
    Jan 22, 2014
    Location:
    Earth's Core
    #4
    :apple: Awe.Som.Ness. :apple:
     
  5. macrumors 6502a

    Nunyabinez

    Joined:
    Apr 27, 2010
    Location:
    Provo, UT
    #5
    I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
     
  6. macrumors member

    Joined:
    Sep 17, 2012
    Location:
    Philadelphia, PA
    #6
    I love the Touch I.D. I think Apple got it right, and for all those who hate on it, they just don't understand that security at its best is still just an obstacle for the determined.

    I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.

    _____________

    Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
     
  7. macrumors 6502

    Joined:
    May 1, 2010
    #7
    I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
     
  8. macrumors 603

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #8
    I always take for granted how companies can be so sure of themselves ad they just post up a complete document on how it all works, going by their own secure stuff they are obviously sure enough to bet on its safe, otherwise they wouldn't post it to begin with ...

    Truth this, while these documents are all ok, Samsung and others don't need every bit of info here, as they seem to get into ;'hot water' on their own.

    Besides, didn't Apple do a patent on this ? Apart from being just a reference, the fact that everyone now knows exactly how it works, what is stopping people having a lawsuit ?

    tickle,, the NSA raises their glasses to triumph.
     
  9. macrumors 68000

    Joined:
    Oct 31, 2005
    Location:
    Wisconsin
    #9
    Sure appears to be far more secure than the 4-digit pin for access.
     
  10. macrumors 65816

    taptic

    Joined:
    Dec 5, 2012
    Location:
    California
    #10
    And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
     
  11. macrumors 68000

    Joined:
    Apr 23, 2009
    Location:
    USA
    #11
    I haven't seen people on other tech sites or android sites questioning samsungs system. Just either bashing Samsung for copying or complaining about how apple is evil... I really am interested in how Samsung handles security when they allow apps to use fingerprints for certain features. It sure doesn't seem very secure.
     
  12. macrumors 6502

    seamer

    Joined:
    Jul 24, 2009
    #12
    Samsung will fix it when Apple shows them how.
     
  13. macrumors 6502

    Joined:
    Aug 22, 2007
    #13
    All I have read is that they use "local encryption" whatever that means in this context. Doesn't sound all that secure to me, but I am far from knowledgable on this subject.
     
  14. macrumors newbie

    Joined:
    Feb 17, 2014
    #14
    Is the s5 even secure? I have read no article beside how it has a fingerprint sensor. Apple did a good job ensuring security.

    Just wondering, what do the apps get from Samsung - a yes or no? Or the actual code?
     
  15. macrumors 68030

    Joined:
    Mar 4, 2011
    Location:
    NC
    #15
    It would be nice if Samsung documented what exactly is going on with their fingerprint security.

    When does the Galaxy S5 launch?

    It might be an important thing to cover.
     
  16. macrumors 601

    Plutonius

    Joined:
    Feb 22, 2003
    Location:
    New Hampshire
    #16
    It most likely means that the fingerprint data is encrypted by the iPhone as opposed to sending the RAW data out to be encrypted.
     
  17. macrumors 68020

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #17
    This is good.. Cause it's looking like 2014 is gonna be year of the hacker.
     
  18. macrumors 68000

    \-V-/

    Joined:
    May 3, 2012
    #18
    I've noticed that as well on tech sites in general.
     
  19. macrumors G5

    Rogifan

    Joined:
    Nov 14, 2011
    #19
    Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
     
  20. macrumors 68000

    AngerDanger

    Joined:
    Dec 9, 2008
    Location:
    Male
    #20
    In an effort to make MacRumors more kid-friendly, I will review some of the new vocabulary words introduced in this article:

    Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.

    :p
     
  21. macrumors regular

    Joined:
    May 27, 2003
    Location:
    Silicon Valley
    #21
    Rube Goldberg would be proud.
     
  22. macrumors 601

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #22
    Well just because the devs can use it doesn't mean it isn't secure. iOS cydia tweaks can't actually access the fingerprint data yet can use the fingerprint scanner.
     
  23. macrumors 68000

    Kariya

    Joined:
    Nov 3, 2010
    #23
    ...and now Samsung will copy it and implement it in the all-new Galaxy S5 coming in 6 months or less.
     
  24. macrumors 68000

    Joined:
    Jan 9, 2007
    #24
    My 5S's sensor appears to be deteriorating in recent weeks. I've gone from at least a 90% success rate to a 10% success rate. I have redone my prints multiple times. It seems like I get better results if I clean the home button every time, but you shouldn't have to do that, and it makes me suspect a hardware failure.
     
  25. vpndev, Feb 26, 2014
    Last edited: Feb 26, 2014

    macrumors regular

    Joined:
    May 11, 2009
    #25
    rofl

    Yeah, right.

    Right after they get their 64-bit CPU working.
     

Share This Page