Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Touch ID Patent Applications Show Details Behind 'Secure Enclave' and iPhone 5s Implementation
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not a hoax. Just not that worrisome to most people, since it requires getting a clean print of the correct unlock finger from somewhere.
If you were rich or famous or someone with info... or had an evil roommate or really curious friend, perhaps that would be an incentive to go through the trouble, but otherwise phone thieves are more likely to just resell the phone as-is.
As for the technique, it has been known since around the turn of the century, since it was used on similar type fingerprint scanners back then and was well documented. That's how they knew how to fool Apple's version.
It requires stuff that many people already have, like a nice scanner/printer, along with some common electronics hobbyist supplies. It's not rocket science by any means.
Anyway, Touch Id is more about convenience than security. Otherwise it would require BOTH a finger and PIN.
Last edited:
You could use the data from the image as a keyfile, then hash and salt with a standard hash function.
Not needed to unlock a phone, but for using the fingerprint as the key for and Apple ID account might be reasonable.
(They mush hash a key of some sort to associate the fingerprint to authenticate with apple's servers for purchases)
That is the ironic thing about fingerprint id's it fails basic principles about passwords: keeping a physical copy ( written) is a huge no no, yet we leave finger prints around everywhere.
A fingerprint and a pin/password would me much more secure, just less convenient.
It wasn't a hoax but it wasn't really a hack either. Accessing what's stored in the secure enclave without someone's fingerprint, now that would be a hack.
Interestingly, someone did manage to hack into one ARM secure enclave implementation not long ago.
I don't recall all the details, but basically a crypto access key was found by searching memory after rebooting the device. Such things should only be kept in temporary registers, and never stored in RAM.
However, I think everyone learned from that instance.
Well indeed all the pieces are invented
They use these computer vision security and database common techniques to build mechanism to prevent thief.
The problem is if that the DB doesn't have to be on a chip. It could be on a Web server and seeing by this perspective, there's nothing new, you just replacing a encrypted bus by a encrypted network pathl..
You get the Nobel prize for proving there is a parallel universe.
You get the Nobel prize for proving there is a parallel universe.
You mean that if someone patented the wheel for a car someone else can patent the wheel for a truck?
You should search google patents some time. Literally every minor variation wheels has in fact been patented by someone.
In any case. People are always trying to oversimplify patents. Just because someone scanned a fingerprint before, doesn't mean they have done this. It real has nothing at all to do with doing it on a phone (as the other poster said). It is how they capture, process, match, store, etc.
Think about the Smart Cover.
(Well, still I think this will be great if touch ID added to iPads because of Touch ID purchase)
"Can't innovate anymore, my ass!"
Those who know less about something tend to think they know it all. They underestimate the complexity and think things can't possibly be this complicated. Yup, this is on the same level as the Motorola Atrix sensor
I strongly doubt Apple innovated any of these things; they bought a company that did. Buying a company isn't innovation. It is a good investment. No evidence here really of innovation as far as I can tell though.
It'd be great if Fingerworks arrived at a more effective way to pick one's nose. I often find it a struggle.
At best, it works close to 100% of the time.
----------
You're confusing "innovation" with "invention".
"Innovation" is a word everyone uses wrong. Name an innovation. Wrong.
Name another. Wrong.
It's a marketing term that means nothing, because no matter what you think is an innovation, someone else will say it is not.
But saying something is not an innovation also means absolutely nothing.
A reliable fingerprint sensor is a cool feature that I really want to have on my phone, and thanks to Apple, it will likely be on my next iPhone when I upgrade in 2014. To me, that's innovation.
(To you, it's not, but you are nothing to me, so why would I care.)
Not the other way around
It only absorbs fingerprint information; it never emits fingerprint information.
Or, in other words, the main processor sends the information of the fingerprint on the scanner to the secure enclave, which test it against the known fingerprints. The secure enclave does not send the known fingerprint information to the main processor for comparison.
It only absorbs fingerprint information; it never emits fingerprint information.
Or, in other words, the main processor sends the information of the fingerprint on the scanner to the secure enclave, which test it against the known fingerprints. The secure enclave does not send the known fingerprint information to the main processor for comparison.