Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document

Discussion in ' News Discussion' started by MacRumors, Feb 26, 2014.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

    Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

    According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
    Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.
    Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

    The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

    Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

    Article Link: Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document
  2. Klae17 macrumors 6502a


    Jul 15, 2011
    Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
  3. \-V-/ Suspended


    May 3, 2012
    Because you're on an Apple-based website?
  4. Nunyabinez macrumors 65816


    Apr 27, 2010
    Provo, UT
    I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
  5. Derekeys macrumors member

    Sep 17, 2012
    Philadelphia, PA
    I love the Touch I.D. I think Apple got it right, and for all those who hate on it, they just don't understand that security at its best is still just an obstacle for the determined.

    I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.


    Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
  6. DaveN macrumors 6502a


    May 1, 2010
    I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
  7. Tech198 macrumors G4

    Mar 21, 2011
    Australia, Perth
    I always take for granted how companies can be so sure of themselves ad they just post up a complete document on how it all works, going by their own secure stuff they are obviously sure enough to bet on its safe, otherwise they wouldn't post it to begin with ...

    Truth this, while these documents are all ok, Samsung and others don't need every bit of info here, as they seem to get into ;'hot water' on their own.

    Besides, didn't Apple do a patent on this ? Apart from being just a reference, the fact that everyone now knows exactly how it works, what is stopping people having a lawsuit ?

    tickle,, the NSA raises their glasses to triumph.
  8. JHankwitz macrumors 68000

    Oct 31, 2005
    Sure appears to be far more secure than the 4-digit pin for access.
  9. taptic macrumors 65816


    Dec 5, 2012
    And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
  10. brendu macrumors 68020

    Apr 23, 2009
    I haven't seen people on other tech sites or android sites questioning samsungs system. Just either bashing Samsung for copying or complaining about how apple is evil... I really am interested in how Samsung handles security when they allow apps to use fingerprints for certain features. It sure doesn't seem very secure.
  11. seamer macrumors 6502


    Jul 24, 2009
    Samsung will fix it when Apple shows them how.
  12. currentinterest macrumors 6502

    Aug 22, 2007
    All I have read is that they use "local encryption" whatever that means in this context. Doesn't sound all that secure to me, but I am far from knowledgable on this subject.
  13. nwoodward macrumors newbie

    Feb 17, 2014
    Is the s5 even secure? I have read no article beside how it has a fingerprint sensor. Apple did a good job ensuring security.

    Just wondering, what do the apps get from Samsung - a yes or no? Or the actual code?
  14. Michael Scrip macrumors 601

    Mar 4, 2011
    It would be nice if Samsung documented what exactly is going on with their fingerprint security.

    When does the Galaxy S5 launch?

    It might be an important thing to cover.
  15. Plutonius macrumors 603


    Feb 22, 2003
    New Hampshire
    It most likely means that the fingerprint data is encrypted by the iPhone as opposed to sending the RAW data out to be encrypted.
  16. iapplelove macrumors 68030


    Nov 22, 2011
    East Coast USA
    This is good.. Cause it's looking like 2014 is gonna be year of the hacker.
  17. \-V-/ Suspended


    May 3, 2012
    I've noticed that as well on tech sites in general.
  18. Rogifan macrumors P6


    Nov 14, 2011
    Especially considering Samsung has opened it up to developers. I have yet to see an article on any tech site (or any other site for that matter) going into details on how their fingerprint implementation works, how secure it is, what developers can use it for, etc. Maybe that will come when the phone is actually released.
  19. AngerDanger macrumors 68030


    Dec 9, 2008
    In an effort to make MacRumors more kid-friendly, I will review some of the new vocabulary words introduced in this article:

    Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.

  20. Lazy macrumors 6502

    May 27, 2003
    Silicon Valley
  21. goobot macrumors 603


    Jun 26, 2009
    long island NY
    Well just because the devs can use it doesn't mean it isn't secure. iOS cydia tweaks can't actually access the fingerprint data yet can use the fingerprint scanner.
  22. Kariya macrumors 68000


    Nov 3, 2010
    ...and now Samsung will copy it and implement it in the all-new Galaxy S5 coming in 6 months or less.
  23. WestonHarvey1 macrumors 68020

    Jan 9, 2007
    My 5S's sensor appears to be deteriorating in recent weeks. I've gone from at least a 90% success rate to a 10% success rate. I have redone my prints multiple times. It seems like I get better results if I clean the home button every time, but you shouldn't have to do that, and it makes me suspect a hardware failure.
  24. vpndev, Feb 26, 2014
    Last edited: Feb 26, 2014

    vpndev macrumors 6502

    May 11, 2009

    Yeah, right.

    Right after they get their 64-bit CPU working.

Share This Page