WWDC 2018 takes place June 4 to June 8 in San Jose, California.
Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document
Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).
Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.
According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.
Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.
Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.
According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.
It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.
The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.
Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.
[ 91 comments ]
Top Rated Comments
(View all)
56 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
56 months ago
And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
56 months ago
I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
56 months ago
Because you're on an Apple-based website?
I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
56 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Because you're on an Apple-based website?
56 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Samsung will fix it when Apple shows them how.
56 months ago
I love the Touch I.D. I think Apple got it right, and for all those who hate on it, they just don't understand that security at its best is still just an obstacle for the determined.
I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.
_____________
Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
I can't wait to see my friends with their S5's with their straight smudges up the middle of their screens 24/7. Really classy stuff.
_____________
Duels to the death are still allowed in Paraguay as long as both parties involved are registered blood donors.
56 months ago
How so ?
So your saying something that is out in the open is no less secure than something that's kept ?
Isn't telling people what security that's used and exactly how it works, gives them an advantage to try and attack what they would otherwise have to find out for themselves (hence more secure) because they don't know ? Regardless of the method used for security.
Its like picking a lock vs telling someone how to (it may not be easy based on what security, but at least telling peple, you have something to go on, vs nothing at all)
The strongest encryption standards we currently use are also public and well documented. Everybody can learn exactly how they work. Yet they are secure enough that banks rely on them. Ever wonder why?
Hiding how something works, aka security through obscurity, is not good security.
56 months ago
In an effort to make MacRumors more kid-friendly, I will review some of the new vocabulary words introduced in this article:
Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.
:p
Enclave (noun) - a portion of territory within or surrounded by a larger territory whose inhabitants are culturally or ethnically distinct.
:p
56 months ago
Because you're on an Apple-based website?
I'd agree with you if he said something like
How come no one here cares about security when Samsung does it yet when Apple does it we all FLIP?
But he made no mention of this website specifically so it's safe to assume he meant "in general".
And from my observation looking at comments of plenty of tech websites (that aren't Apple-focused), it's true that way more people were skeptical about Touch ID's security than they were about about the GS5's fingerprint scanner.
And that's despite the fact that:
[LIST=1]
* Apple explained the security enclave stored on the A7 and the fingerprint hash thing whereas Samsung didn't say whether they had similar security mechanisms. Only thing they said is that it was "encrypted", but that's a given. Exactly how it's encrypted is what matters, and Samsung didn't really explain that.
* Unlike Apple which took the decision to give no third-party access to Touch ID, Samsung immediately announced third-party partnerships. Not only that but a third-party partnership with PayPal, which doesn't exactly have the cleanest ethical track record.
So now, does that mean more people have double standards against Apple than they do about Samsung?
I think the answer is Yes.
But it's not anything against Apple specifically, just against people/brands with a lot of mainstream attention/appreciation. People love to hate what's loved.
You can clearly see that Samsung is getting there too however. Their brand has gained so much recognition in the past few years that you can already see people having double standards against Samsung more than against other Android OEMs.
You didn't see that amount of hate towards TouchWiz, cheap plastic, marketing budgets and such only a few years ago, even though Samsung's approach didn't change that much. What did change, however, is Samsung's mainstream popularity and perception.
The amount of negativity something/someone gets is nowhere proportional to how actually bad it is, otherwise it wouldn't seem like Justin Bieber is the most hated human on earth. It's more of a popularity thing, and indirectly a way for people to validate their choices, find common opinions with other people, and just generally feel better about themselves.
[ Read All Comments ]
Apple is closing its Apple Store located in Atlantic City, New Jersey, which will affect 52 employees who currently work at the store and will need to be relocated, reports Bloomberg.
Apple has...
For this week's giveaway, we've teamed up with WaterField Designs to offer MacRumors readers a chance to win the company's Atlas Executive Athletic Holdall, a bag that's ideal for...
Apple today launched the latest sale on Beats by Dre products, including markdowns on the BeatsX, Powerbeats3, Solo3 Wireless On-Ear Headphones, and Studio3 Wireless Over-Ear Headphones. Make sure...
Twitter is testing a new "Data saver" toggle on iOS devices, as one user shared on the social media platform this morning. For users in the test, the data saver setting is housed at the very...
A special "Decade Collection" range of Beats Headphones are currently being promoted by online retail merchants ahead of scheduled availability on June 4, suggesting Apple will officially...
Apple's AirDrop feature lets you wirelessly send and receive files between nearby Macs as well as to and from local iOS devices. It's usually accessed from the sidebar of an open Finder...
Since November 2017, AT&T has offered customers the chance to get the 32GB Apple TV 4K at no extra cost when they sign up and pay for either four months or three months of DirecTV Now. Since this...
Mophie today announced the launch of the Charge Stream Travel Kit, which is a wireless charging kit that's designed for use while traveling, as the name suggests.
Designed for the iPhone X,...
