a7

Touch ID is far, far more important than most people have realised – the core message behind a Quora post by the CEO of a card payment service. We can expect to learn far more “in the next few months, and that’s likely to eventually include both Touch ID Macs and use of the fingerprint system for mobile payments.

In the torrent of the billions of words already written about Touch ID very, very few people have really understood just how revolutionary this really is.  Apple not only has developed one of the most accurate mass produced biometric security devices, they have also solved critical problems with how the data from this device will be encrypted, stored and secured.

Brian Roemmele, CEO of 1st American Card Service, said that Apple’s attempt to solve the problem of how to develop a truly secure access system goes all the way back to a patent application in 2008, but it was only through the A7 chip – specifically created by ARM with mobile payment security in mind – that the company finally had a gold-standard solution. And its applications will go far beyond iPhone unlock and iTunes purchases … 

Let’s start with understanding just how secure the Touch ID system really is. The video Apple released explaining how Touch ID works referred to a ‘Secure Enclave’ within a A7 chip. Such terms are sometimes used metaphorically, but Roemmele says there is no exaggeration going on here.

There are numerous reasons Apple moved to the A7 processor.  One reason is the hardware requirements of Touch ID.  To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture.

The chip effectively creates two distinct environments – normal and secure:

main

The key to the security is that this is not just conceptual, handled at a software level, but is a fundamental part of the design of the hardware: embedded right into the A7 chip. What is shown here is ARM’s own approach, known as TrustZone. Apple’s Secure Enclave will use the same approach, but may well be an Apple-specific implementation: understandably, neither Apple nor ARM is going to comment on this. But here’s what TrustZone looks like at a hardware level:

detail

The chip is running two completely separate systems, with the biometric data handled only within the secure world, and a simple yes/no response handed to anything running in the normal world. So when you authenticate an iTunes purchase with your fingerprint, neither iTunes nor the app has any access to the fingerprint data: all it knows is whether the secure world passed back a yes or a no. That’s standard for any secure system, but it’s the first time that such an approach has been built in at the hardware level.

Thus we can really see just how deep the security runs in DNA of the A7 processor.  The deep level hardware based secure architecture is rather rock solid.  It would require a rather large magnitude of hardware hacking to even attempt access to the data stored in the Secure Enclave.

And mobile payment? That was the key driver behind this, and iTunes is – as we’d hoped – merely the first stage.

There are dozens of applications and use cases on the roadmap and I am certain a developer economy will build around this amazing technology.  One that is very clear is retail payments and Apple will have quite a number of unique ways they will solve real problems for merchants and iPhone users.  I can say this aspect of Touch ID will be more magical then what we have seen thus far.  There will be connections to iBeacons and the amazing technology Apple just acquired through Passif.

One can argue that some of this is just one man’s view – albeit someone who ought to know a thing or two about the topic – but it’s clear that mobile payment was the core application behind ARM’s work. It would be more surprising if Apple didn’t plan to use it in this way than if it did.

The piece also hints at use of Touch ID for iCloud – and that means Macs getting Touch ID too. It was always likely, of course, even just for the unlock, but this makes it pretty much a given.

Apple’s soft-launch of the technology with very limited applications at first also makes perfect sense if Apple plans to get into the mobile payment game itself. With a massive user-base, the iBeacon & Bluetooth LE combo that goes way beyond NFC and this level of security, it’s not hard to imagine that Apple’s next move could be to effectively become … a bank.