In the latest release of its iOS Security document spotted by TechCrunch, Apple offers a number of details about the function and processes of the Touch ID fingerprint recognition system offered on its iPhone 5s. The document describes the Secure Enclave, “a coprocessor fabricated in the Apple A7 chip,” which manages safely matching active fingerprints read by Touch ID against registered fingerprints saved by the user. While much of how Touch ID behaves was revealed last fall when the iPhone 5s was introduced and through experience, the white page does list more specifics than have previously been made available…
According to Apple, a single registered fingerprint creates a 1 in 50,000 chance of a successful random match with someone else’s print.
Apple describes the Secure Enclave’s system for safely managing identities while keeping the data separate from the rest of the system through encrypted memory and a hardware random number generator.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
Apple goes on to describe the role which the A7 plays in authorizing Touch ID:
Communication between the A7 and the Touch ID sensor takes place over a serial peripheral interface bus. The A7 forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
As many Touch ID users have probably discovered, some instances require passcode use over Touch ID. The document points out exactly when Touch ID cannot be used and passcode input is required:
The passcode can always be used instead of Touch ID, and it’s still required under the following circumstances:
-iPhone 5s has just been turned on or restarted
-iPhone 5s has not been unlocked for more than 48 hours
-After five unsuccessful attempts to match a finger
-When setting up or enrolling new fingers with Touch ID
-iPhone 5s has received a remote lock command
You can read the full iOS Security document for information regarding app security, network security, and more here.
Also worth noting, Samsung announced its Galaxy S5 smartphone with its own fingerprint reader with developer access so we asked readers this morning if Apple should allow iOS developers the opportunity to take advantage of Touch ID.