Touch ID is far, far more important than most people have realised – the core message behind a Quora post by the CEO of a card payment service. We can expect to learn far more “in the next few months, and that’s likely to eventually include both Touch ID Macs and use of the fingerprint system for mobile payments.
In the torrent of the billions of words already written about Touch ID very, very few people have really understood just how revolutionary this really is. Apple not only has developed one of the most accurate mass produced biometric security devices, they have also solved critical problems with how the data from this device will be encrypted, stored and secured.
Brian Roemmele, CEO of 1st American Card Service, said that Apple’s attempt to solve the problem of how to develop a truly secure access system goes all the way back to a patent application in 2008, but it was only through the A7 chip – specifically created by ARM with mobile payment security in mind – that the company finally had a gold-standard solution. And its applications will go far beyond iPhone unlock and iTunes purchases …
Let’s start with understanding just how secure the Touch ID system really is. The video Apple released explaining how Touch ID works referred to a ‘Secure Enclave’ within a A7 chip. Such terms are sometimes used metaphorically, but Roemmele says there is no exaggeration going on here.
There are numerous reasons Apple moved to the A7 processor. One reason is the hardware requirements of Touch ID. To economically create the Secure Enclave, Apple needed a processor that is already aware of the concept of encryption and security at a native level and has the dedicated hardware to make a segregated and secure area with in the processor architecture.
The chip effectively creates two distinct environments – normal and secure:
The key to the security is that this is not just conceptual, handled at a software level, but is a fundamental part of the design of the hardware: embedded right into the A7 chip. What is shown here is ARM’s own approach, known as TrustZone. Apple’s Secure Enclave will use the same approach, but may well be an Apple-specific implementation: understandably, neither Apple nor ARM is going to comment on this. But here’s what TrustZone looks like at a hardware level:
The chip is running two completely separate systems, with the biometric data handled only within the secure world, and a simple yes/no response handed to anything running in the normal world. So when you authenticate an iTunes purchase with your fingerprint, neither iTunes nor the app has any access to the fingerprint data: all it knows is whether the secure world passed back a yes or a no. That’s standard for any secure system, but it’s the first time that such an approach has been built in at the hardware level.
Thus we can really see just how deep the security runs in DNA of the A7 processor. The deep level hardware based secure architecture is rather rock solid. It would require a rather large magnitude of hardware hacking to even attempt access to the data stored in the Secure Enclave.
And mobile payment? That was the key driver behind this, and iTunes is – as we’d hoped – merely the first stage.
There are dozens of applications and use cases on the roadmap and I am certain a developer economy will build around this amazing technology. One that is very clear is retail payments and Apple will have quite a number of unique ways they will solve real problems for merchants and iPhone users. I can say this aspect of Touch ID will be more magical then what we have seen thus far. There will be connections to iBeacons and the amazing technology Apple just acquired through Passif.
One can argue that some of this is just one man’s view – albeit someone who ought to know a thing or two about the topic – but it’s clear that mobile payment was the core application behind ARM’s work. It would be more surprising if Apple didn’t plan to use it in this way than if it did.
The piece also hints at use of Touch ID for iCloud – and that means Macs getting Touch ID too. It was always likely, of course, even just for the unlock, but this makes it pretty much a given.
Apple’s soft-launch of the technology with very limited applications at first also makes perfect sense if Apple plans to get into the mobile payment game itself. With a massive user-base, the iBeacon & Bluetooth LE combo that goes way beyond NFC and this level of security, it’s not hard to imagine that Apple’s next move could be to effectively become … a bank.
FTC: We use income earning auto affiliate links. More.
This (“Apple, fingerprint sensors, and the Apple TV”) https://medium.com/tech-blogging/271ed785d97 tells a slightly different story but also suggests that TouchID is a really BIG deal.
I’m sure that will happen too.
Hmmm, and Apple how $140Billion odd sitting in “The Bank”… Hmm…
D’oh! Typo :( and Apple HAVE $140Billion… PEBKAC error there ;)
Once again Apple will set the standard for mobile payment and security, this reason is why Android needs, eventually, to become a closed system or evolve into a hybrid sort of closed/open system. Maybe I’m wrong…. don’t know really…. time will tell.
I won’t be buying an iPhone this time round and so am looking forward to purchasing a TouchID iPad later this year. Hope they make it happen.
I am sincerely hoping for an iPad with TouchID that allows multiple user profiles, activated by the fingerprint…
Not true!! I appreciate it. :-)
Dan, I would be very surprised if you don’t get your wish on that issue.
I was absolutely amazed at how stupid some people can be. When Touch ID first came out I immediately thought of how this could be integrated with iCloud Keychain to render any form of password effectively obsolete. Yet all of them treat Touch ID as a “fancy useless feature of unlocking and we are doing fine with passcode”. I’ll wait for Apple to bitch slap them — better yet, there is hardly a company that rivals Authentec’s biometric technology. Let’s see how Samsung copies this one.
I doubt macs gets this, for one reason mainly, the phone id can be bridged to any unit around you, since you carry it around with you and is the smallest accessory its perfect to be your id.
Should be hard to pair with other things, like your computer, you need to logon to your bank on the computer, from the phone through wifi or bluetooth, send your id to your computer and login. I can see this happening.
If a device requires passwords or a key, it will have Touch ID
not necessarily convinced all of us failed to appreciate the significance
A lot of us had hopes for mobile payment, but I haven’t seen the whole package put together in this way – otherwise there would have been a lot of stories on announcement day saying ‘Apple, the bank’ …
If the author is right and all the chip replies with is YES or NO, this would be a useless system for anything that requires security. This would mean the fingerprint data cannot be used to encrypt or authenticate a user.
On a jailbroken phone, one could simply hijack the API and make it always return YES and get access to everything.
Even if it didn’t respond with a YES and NO, but with some kind of hash of the fingerprint, which would be used as a password or key for encryption it would be bad, because this key would be the same for each application for each fingerprint. Therefore if application A knows the key, it could use it to unlock data of application B.
The only system I can think of, which would make sense is if an app requests a fingerprint and gives some data to the chip, the chip makes some calculations using the fingerprint data and the passed over data and returns the result. This result is then checked whether it is correct by using it as a key to decrypt something. If it decrypts successfully the correct fingerprint was used and the user can be authenticated.
I am far from a cryptography or security expert, but common sense tells me this. If apple is using a YES and NO response I would be very worried about using it for anything and I doubt apple would ever implement APIs and give developers access to it.
I think Apple knows what they are doing, not to down your integrity , but Apple has some of the Smartest individuals in The world working for them
The ‘yes/no’ is a convenient phrase, the reality will of course be something more specific
The “yes” or “no” will come from the chip itself. This is the point you missed. You can’t easily hack the ABI (that’s not a typo) and I’m pretty sure even if you could you would most likely need more time than someone to realize their phone is stolen, and remote wipe it. Now the phone is no longer trusted and it’s game over for Mr./Ms. Villain.
You’re describing asymmetric encryption (i.e. Public/Private keys) which digital certificates and technologies like SSL (https) are built upon. It’s very likely this is what is employed in hardware as this technology is considered secure and extremely difficult with today’s hardware technologies to break assuming appropriate key lengths are employed.
Essentially the YES response is hashed and signed by the private key, and only the public key can successfully decrypt that signature to get the hash and check the received YES response exactly matches the signature hash value.
lets hope you are right. If that is the case there is no reason not to give apps API access to it. That’s my only concern.
“I am far from a cryptography or security expert, but ”
You should have probably stopped right there..
that is why Apple recommends that you do not jailbreak your iPhone. if you jailbreak it and your biometric data is compromised then that is on you and not on Apple. iOS is secure as it is and Apple knows what they are doing
There would also have been lots of stories about how Apple’s new technology was an even bigger failure. Just because Wall Street and much of the press seems to hate Apple these days. Success may be the cause of this hate. I just don’t know. Why else would so many people adore a foreign company that steals Apple’s intellectual property and is run by a convicted criminal who bought his way out of incarceration by paying political big shots?
There is however a significant drawback that should not be withheld. Fingerprint sensors are highly person specific. While with the currently applied authentication method, I can share some apps among the family, eg. I do live in Germany, my sister lives in Redwood city CA, I could share my 99$ Navigon App with her, that she uses while travel ling here in Europe, while I can use her USA version of the program, by using her account. So you may share some apps among several family members. With physical proof or authentication requirement, albeit a convenient way of identifying a user, this will not be possible anymore unless the user is in your proximity ( which is more a dream come true for developers and salesman than for endusers!)
I can see how this may be a concern but you will also still have the option of typing in the password. Also the Touch ID is only on the device. iTunes has no way of knowing your sisters print on your phone. It will allow you to use your print since you are already authorized to use that account.
@Andreas No one is taking away the ability to use a password and I would assume that would always remain an option. The only difference is that now you can also use your fingerprint which is more convenient than entering your password every time.
Would be a great way to implement multi-accounts on iOS though….
The ability to become a bank is an interesting thought experiment. I would imagine they’d be happy connecting our apple IDs to bank numbers, not credit cards. Then they could sidestep or capture much of the 2.5% fees we all pay to use our credit and debit cards.
Seriously, I can’t wait to put down my $400 to opt into Apple’s new NSA fingerprint database program.
If you think NSA will be able to access fingerprints, then you are ignorant of how this system works. Go read about it again. Not my jobs to explain and educate you.
LMAO THE NSA HAS ACCESS TO EVERYTHING… MAYBE YOU NEED TO READ THE DOCUMENTS EDWARD SNOWDEN LEAKED AND EDUCATE YOURSELF… THE MAN WAS FORCED TO FLEE THE USA AND HIS LIFE IS IN DANGER… MAYBE YOU NEED TO ASK YOURSELF WHY… RICK IS SPOT ON…
Touch ID now and retina scan later will secure our future.
The trusted computing technology described here is not at all new, e.g. almost all the Nokia devices have it deployed for ages (search expression: “Trusted Execution Environment”). There is indeed an untapped potential here as application developers are very rarely aware of these capabilities.
http://www.cs.helsinki.fi/group/secures/mobiletee-may28.pdf
Nokia’s version is not totally secure. Apple’s is. Nokia’s version (and HP’s) is hard to use and often fails. We’ll soon see if Apple’s version is easier to use. Nokia’s is, in short, a pain. Apple’s looks pleasant, well integrated and very useful.