a7

Touch ID is far, far more important than most people have realised – the core message behind a Quora post by the CEO of a card payment service. We can expect to learn far more “in the next few months, and that’s likely to eventually include both Touch ID Macs and use of the fingerprint system for mobile payments.

In the torrent of the billions of words already written about Touch ID very, very few people have really understood just how revolutionary this really is.  Apple not only has developed one of the most accurate mass produced biometric security devices, they have also solved critical problems with how the data from this device will be encrypted, stored and secured.

Brian Roemmele, CEO of 1st American Card Service, said that Apple’s attempt to solve the problem of how to develop a truly secure access system goes all the way back to a patent application in 2008, but it was only through the A7 chip – specifically created by ARM with mobile payment security in mind – that the company finally had a gold-standard solution. And its applications will go far beyond iPhone unlock and iTunes purchases … 

Let’s start with understanding just how secure the Touch ID system really is. The video Apple released explaining how Touch ID works referred to a ‘Secure Enclave’ within a A7 chip. Such terms are sometimes used metaphorically, but Roemmele says there is no exaggeration going on here.

There are numerous reasons Apple moved to the A7 processor.  One reason is the hardware requirements of Touch ID.  To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture.

The chip effectively creates two distinct environments – normal and secure:

main

The key to the security is that this is not just conceptual, handled at a software level, but is a fundamental part of the design of the hardware: embedded right into the A7 chip. What is shown here is ARM’s own approach, known as TrustZone. Apple’s Secure Enclave will use the same approach, but may well be an Apple-specific implementation: understandably, neither Apple nor ARM is going to comment on this. But here’s what TrustZone looks like at a hardware level:

detail

The chip is running two completely separate systems, with the biometric data handled only within the secure world, and a simple yes/no response handed to anything running in the normal world. So when you authenticate an iTunes purchase with your fingerprint, neither iTunes nor the app has any access to the fingerprint data: all it knows is whether the secure world passed back a yes or a no. That’s standard for any secure system, but it’s the first time that such an approach has been built in at the hardware level.

Thus we can really see just how deep the security runs in DNA of the A7 processor.  The deep level hardware based secure architecture is rather rock solid.  It would require a rather large magnitude of hardware hacking to even attempt access to the data stored in the Secure Enclave.

And mobile payment? That was the key driver behind this, and iTunes is – as we’d hoped – merely the first stage.

There are dozens of applications and use cases on the roadmap and I am certain a developer economy will build around this amazing technology.  One that is very clear is retail payments and Apple will have quite a number of unique ways they will solve real problems for merchants and iPhone users.  I can say this aspect of Touch ID will be more magical then what we have seen thus far.  There will be connections to iBeacons and the amazing technology Apple just acquired through Passif.

One can argue that some of this is just one man’s view – albeit someone who ought to know a thing or two about the topic – but it’s clear that mobile payment was the core application behind ARM’s work. It would be more surprising if Apple didn’t plan to use it in this way than if it did.

The piece also hints at use of Touch ID for iCloud – and that means Macs getting Touch ID too. It was always likely, of course, even just for the unlock, but this makes it pretty much a given.

Apple’s soft-launch of the technology with very limited applications at first also makes perfect sense if Apple plans to get into the mobile payment game itself. With a massive user-base, the iBeacon & Bluetooth LE combo that goes way beyond NFC and this level of security, it’s not hard to imagine that Apple’s next move could be to effectively become … a bank.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

34 Responses to “Why Touch ID is bigger news than any of us appreciated”

  1. This (“Apple, fingerprint sensors, and the Apple TV”) https://medium.com/tech-blogging/271ed785d97 tells a slightly different story but also suggests that TouchID is a really BIG deal.

  2. Hmmm, and Apple how $140Billion odd sitting in “The Bank”… Hmm…

  3. Once again Apple will set the standard for mobile payment and security, this reason is why Android needs, eventually, to become a closed system or evolve into a hybrid sort of closed/open system. Maybe I’m wrong…. don’t know really…. time will tell.

  4. Dan Eaton says:

    I won’t be buying an iPhone this time round and so am looking forward to purchasing a TouchID iPad later this year. Hope they make it happen.

  5. Not true!! I appreciate it. :-)

  6. Dan, I would be very surprised if you don’t get your wish on that issue.

  7. james0328 says:

    I was absolutely amazed at how stupid some people can be. When Touch ID first came out I immediately thought of how this could be integrated with iCloud Keychain to render any form of password effectively obsolete. Yet all of them treat Touch ID as a “fancy useless feature of unlocking and we are doing fine with passcode”. I’ll wait for Apple to bitch slap them — better yet, there is hardly a company that rivals Authentec’s biometric technology. Let’s see how Samsung copies this one.

  8. I doubt macs gets this, for one reason mainly, the phone id can be bridged to any unit around you, since you carry it around with you and is the smallest accessory its perfect to be your id.

    Should be hard to pair with other things, like your computer, you need to logon to your bank on the computer, from the phone through wifi or bluetooth, send your id to your computer and login. I can see this happening.

  9. not necessarily convinced all of us failed to appreciate the significance

    • Ben Lovejoy says:

      A lot of us had hopes for mobile payment, but I haven’t seen the whole package put together in this way – otherwise there would have been a lot of stories on announcement day saying ‘Apple, the bank’ …

  10. If the author is right and all the chip replies with is YES or NO, this would be a useless system for anything that requires security. This would mean the fingerprint data cannot be used to encrypt or authenticate a user.

    On a jailbroken phone, one could simply hijack the API and make it always return YES and get access to everything.

    Even if it didn’t respond with a YES and NO, but with some kind of hash of the fingerprint, which would be used as a password or key for encryption it would be bad, because this key would be the same for each application for each fingerprint. Therefore if application A knows the key, it could use it to unlock data of application B.

    The only system I can think of, which would make sense is if an app requests a fingerprint and gives some data to the chip, the chip makes some calculations using the fingerprint data and the passed over data and returns the result. This result is then checked whether it is correct by using it as a key to decrypt something. If it decrypts successfully the correct fingerprint was used and the user can be authenticated.

    I am far from a cryptography or security expert, but common sense tells me this. If apple is using a YES and NO response I would be very worried about using it for anything and I doubt apple would ever implement APIs and give developers access to it.

    • I think Apple knows what they are doing, not to down your integrity , but Apple has some of the Smartest individuals in The world working for them

    • Ben Lovejoy says:

      The ‘yes/no’ is a convenient phrase, the reality will of course be something more specific

    • The “yes” or “no” will come from the chip itself. This is the point you missed. You can’t easily hack the ABI (that’s not a typo) and I’m pretty sure even if you could you would most likely need more time than someone to realize their phone is stolen, and remote wipe it. Now the phone is no longer trusted and it’s game over for Mr./Ms. Villain.

    • Justin Menga says:

      You’re describing asymmetric encryption (i.e. Public/Private keys) which digital certificates and technologies like SSL (https) are built upon. It’s very likely this is what is employed in hardware as this technology is considered secure and extremely difficult with today’s hardware technologies to break assuming appropriate key lengths are employed.

      Essentially the YES response is hashed and signed by the private key, and only the public key can successfully decrypt that signature to get the hash and check the received YES response exactly matches the signature hash value.

    • ctyrider says:

      “I am far from a cryptography or security expert, but ”

      You should have probably stopped right there..

    • that is why Apple recommends that you do not jailbreak your iPhone. if you jailbreak it and your biometric data is compromised then that is on you and not on Apple. iOS is secure as it is and Apple knows what they are doing

    • There would also have been lots of stories about how Apple’s new technology was an even bigger failure. Just because Wall Street and much of the press seems to hate Apple these days. Success may be the cause of this hate. I just don’t know. Why else would so many people adore a foreign company that steals Apple’s intellectual property and is run by a convicted criminal who bought his way out of incarceration by paying political big shots?

  11. There is however a significant drawback that should not be withheld. Fingerprint sensors are highly person specific. While with the currently applied authentication method, I can share some apps among the family, eg. I do live in Germany, my sister lives in Redwood city CA, I could share my 99$ Navigon App with her, that she uses while travel ling here in Europe, while I can use her USA version of the program, by using her account. So you may share some apps among several family members. With physical proof or authentication requirement, albeit a convenient way of identifying a user, this will not be possible anymore unless the user is in your proximity ( which is more a dream come true for developers and salesman than for endusers!)

    • I can see how this may be a concern but you will also still have the option of typing in the password. Also the Touch ID is only on the device. iTunes has no way of knowing your sisters print on your phone. It will allow you to use your print since you are already authorized to use that account.

    • @Andreas No one is taking away the ability to use a password and I would assume that would always remain an option. The only difference is that now you can also use your fingerprint which is more convenient than entering your password every time.

    • Would be a great way to implement multi-accounts on iOS though….

  12. The ability to become a bank is an interesting thought experiment. I would imagine they’d be happy connecting our apple IDs to bank numbers, not credit cards. Then they could sidestep or capture much of the 2.5% fees we all pay to use our credit and debit cards.

  13. Rick Guasco says:

    Seriously, I can’t wait to put down my $400 to opt into Apple’s new NSA fingerprint database program.

    • If you think NSA will be able to access fingerprints, then you are ignorant of how this system works. Go read about it again. Not my jobs to explain and educate you.

      • Bryan Smith says:

        LMAO THE NSA HAS ACCESS TO EVERYTHING… MAYBE YOU NEED TO READ THE DOCUMENTS EDWARD SNOWDEN LEAKED AND EDUCATE YOURSELF… THE MAN WAS FORCED TO FLEE THE USA AND HIS LIFE IS IN DANGER… MAYBE YOU NEED TO ASK YOURSELF WHY… RICK IS SPOT ON…

  14. Bob Forsberg says:

    Touch ID now and retina scan later will secure our future.

  15. The trusted computing technology described here is not at all new, e.g. almost all the Nokia devices have it deployed for ages (search expression: “Trusted Execution Environment”). There is indeed an untapped potential here as application developers are very rarely aware of these capabilities.
    http://www.cs.helsinki.fi/group/secures/mobiletee-may28.pdf

    • Nokia’s version is not totally secure. Apple’s is. Nokia’s version (and HP’s) is hard to use and often fails. We’ll soon see if Apple’s version is easier to use. Nokia’s is, in short, a pain. Apple’s looks pleasant, well integrated and very useful.