• Your favorite








    , and
  • Apple Details Touch ID and Secure Enclave Functionality in Updated Security Document

    Apple recently posted an updated security document on its iPhone in Business site, offering details on the inner workings of its Touch ID and the “Secure Enclave” built into Apple’s A7 processor. Since its release in 2013, Touch ID has faced scrutiny over privacy concerns from both users and government officials and although Apple has previously offered few details on how Secure Enclave works, it has assured users that the system restores only fingerprint data rather than images.

    Based on the information provided in the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within. The following was mentioned regarding the matter:

    Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

    Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
    Fingerprint data collected from Touch ID is stored within the Secure Enclave and is used to determine a match and then enable a purchase. Although the A7 processor collects data from the Touch ID sensor, it’s unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave. The following was mentioned regarding the matter:

    It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.
    Along with the detailed information on the functionality and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessibly only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud. The documents section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5S is an interesting read for those who are interested in learning how the technology actually functions.

    The Cupertino California company’s updated security document is part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page. The company is looking to push into the enterprise market further and releasing such information is an effort to help gain the trust of IT and security experts.

    Source: Apple (PDF) via TechCrunch
    This article was originally published in forum thread: Apple Details Touch ID and Secure Enclave Functionality in Updated Security Document started by Akshay Masand View original post
    Comments 6 Comments
    1. fleurya's Avatar
      fleurya -
      The timeliness of this information seems to indicate Apple was willing to share it all along, but wanted to play it close to the chest because they guessed (rightly so) that certain competitors (Samsung)would also incorporate a finger print sensor, and Apple wanted to keep their security method to themselves until said competitors released their product, making it too late to copy. Smart move indeed!

      My question is, what has Samsung revealed about how they will keep their customers’ fingerprints secure? Apple at least gave the public the broad strokes of how it works to set minds at ease. Has Samsung said anything? I haven’t seen any stories on it. I would imagine they have incorporated something remotely similar to Apple. Anything less would invite serious concerns of security.
    1. Nuff Said's Avatar
      Nuff Said -
    1. Sage I's Avatar
      Sage I -
      Quote Originally Posted by Nuff Said View Post
    1. Nuff Said's Avatar
      Nuff Said -
      Too long; didn't read
    1. Eonhpi's Avatar
      Eonhpi -
      Good read
    1. MMX007's Avatar
      MMX007 -
      Is there any third party verification or proof on how it works as detailed by Apple? Just curious not that it bothers me - but it will be interesting to know. On another note: how come the Jailbreak community/non apple approved developers have access to the Touch ID???