Here’s How Apple Protects Touch ID Fingerprint Data


Apple (NASDAQ:AAPL) has released an iOS security white paper that reveals the extraordinary precautions the company has taken to ensure the security of the iPhone 5S Touch ID fingerprint scanner data, TechCrunch reports. When Apple first unveiled its biometric authentication system last year, some industry watchers raised questions about the potential security risks associated with storing an image of a user’s fingerprint on a mobile device.

Sen. Al Franken wrote an open letter to Apple CEO Tim Cook last year outlining his concerns about the possibility that a hacker could steal a user’s identity by acquiring his or her fingerprint. However, in the new security document, Apple outlined how it protects users’ fingerprint images by encrypting the data and storing it in a separate “secure enclave” in the A7 chip.

Said Apple in the security document: “The Secure Enclave is a coprocessor fabricated in the Apple A7 chip. It utilizes its own secure boot and personalized software update separate from the application processor. It also provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.”

Not only is the data stored in the secure enclave protected from other operations performed by the A7 processor, the encrypted information is also inaccessible to Apple. “Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple,” according to Apple. “When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space. Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.”

Of course, the secure enclave must still communicate with the Touch ID scanner in order to determine if the fingerprint image that is detected matches one of the device’s registered fingerprints. However, even the communication between the scanner and the secure enclave is vigorously protected by layers of encryption.

“Communication between the A7 and the Touch ID sensor takes place over a serial peripheral interface bus,” Apple says. “The A7 forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrapping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.”

Besides providing details about the inner workings of the Touch ID fingerprint scanner, Apple also noted that a passcode is required along with a fingerprint for additional security in some situations. For example, if a device has not been used for more than 48 hours, a user’s alphanumeric passcode must also be entered. Although an individual’s fingerprint works well as a convenient method for accessing a device, Apple noted that it is not as secure as a memorized passcode.

“With one finger enrolled, the chance of a random match with someone else is 1 in 50,000,” said Apple. A passcode is required after five unsuccessful attempts to unlock a device with a fingerprint, making it even more unlikely that a random stranger would be able to unlock a user’s device with his or her fingerprint.

More from Wall St. Cheat Sheet:

Follow Nathanael on Twitter @ArnoldEtan_WSCS