Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document

Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

touchid
According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.

Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.

It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

Top Rated Comments

(View all)
Avatar
87 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Score: 34 Votes (Like | Disagree)
Avatar
87 months ago
And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
Score: 23 Votes (Like | Disagree)
Avatar
87 months ago
I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
Score: 20 Votes (Like | Disagree)
Avatar
87 months ago

Because you're on an Apple-based website?


I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
Score: 12 Votes (Like | Disagree)
Avatar
87 months ago

Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?


Samsung will fix it when Apple shows them how.
Score: 11 Votes (Like | Disagree)
Avatar
87 months ago

Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?

Because you're on an Apple-based website?
Score: 11 Votes (Like | Disagree)

Top Stories

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

Google Reportedly Pays Apple $8-12 Billion Per Year to be Default iOS Search Engine

Sunday October 25, 2020 2:59 pm PDT by
The United States Justice Department is targeting a lucrative deal between Apple and Google as part of one of the U.S. government's largest antitrust cases, reports The New York Times. On Tuesday, the Justice Department filed an antitrust lawsuit against Google, claiming the Mountain View-based company used anticompetitive and exclusionary practices in the search and advertising markets to ...

iPhone 12 Pro Allows You to Measure Someone's Height Instantly Using LiDAR Scanner

Saturday October 24, 2020 11:12 am PDT by
iPhone 12 Pro models feature a new LiDAR Scanner for enhanced augmented reality experiences, but the sensor also enables another unique feature: the ability to measure a person's height instantly using the Measure app. You can even measure the seated height of a person in a chair, according to Apple. When the Measure app detects a person in the viewfinder, it automatically measures their...

MagSafe Charger Only Charges at Full 15W Speeds With Apple's 20W Power Adapter

Monday October 26, 2020 3:38 pm PDT by
Alongside the iPhone 12 and 12 Pro models, Apple introduced a new MagSafe charger that attaches to the magnetic ring in the back of the devices, providing up to 15W of charging power, which is double the speed of the 7.5W Qi-based wireless charging maximum. Apple does not provide a power adapter with the $39 MagSafe charger, requiring users to supply their own USB-C compatible option. Apple...

Early iPhone 12 Tests Show Ceramic Shield is Stronger and More Scratch Resistant Than iPhone 11 Glass

Friday October 23, 2020 1:21 pm PDT by
Apple's new iPhone 12 models are protected by a Ceramic Shield cover glass that has nano-ceramic crystals infused right into the glass to improve durability. According to Apple, Ceramic Shield offers four times better drop protection than the glass used for the iPhone 11 models. YouTube channel MobileReviewsEh conducted some tests on the iPhone 12 using a force meter to compare its performance ...

iPhone 12 Six-Foot Drop Test Results: Ceramic Shield More Durable But Not Damage Proof

Monday October 26, 2020 5:00 am PDT by
Apple's new iPhone 12 and iPhone 12 Pro feature a new Ceramic Shield screen that Apple says offers 4x better drop performance. To test that claim, Allstate Protection Plans put the two models through a range of breakability tests and recorded the results. In a face down sidewalk drop test at six feet, the iPhone 12 suffered small cracks and scuffed corners and edges, leaving sharp grooves in ...

Bloomberg: New AirPods and AirPods Pro Coming in 2021, AirPods Studio Delayed, Third HomePod Model Also Possible

Monday October 26, 2020 3:34 am PDT by
Apple plans to update its AirPods line next year with two new models including third-generation AirPods and second-generation AirPods Pro, according to a new report from Bloomberg. The Cupertino, California-based technology giant is working on two new models: third-generation entry-level AirPods and the second version of the AirPods Pro earbuds, according to people familiar with the plans. ...

Report: Apple Silicon iMac Featuring Desktop Class 'A14T' Chip Coming First Half of 2021

Tuesday October 27, 2020 4:14 am PDT by
The first iMac powered by Apple Silicon is set to arrive in the first half of next year and will feature a desktop class "A14T" chip, according to Chinese-language newspaper The China Times. Codenamed "Mt. Jade," Apple's first custom-made desktop processor will be twinned with its first self-developed GPU, codenamed "Lifuka," both of which are being produced using TSMC's 5-nanometer process, ...

iPhone 11 Pro Outlasts iPhone 12 and 12 Pro in Extensive Battery Life Test

Friday October 23, 2020 8:36 am PDT by
Arun Maini today shared a new side-by-side iPhone battery life video test on his YouTube channel Mrwhosetheboss, timing how long the new iPhone 12 and iPhone 12 Pro models last on a single charge compared to older models, with equal brightness, settings, battery health, and usage. All of the devices are running iOS 14 without a SIM card inserted. In the test, the iPhone 11 Pro outlasted both ...

Apple Warns MagSafe Charger Can Leave Circular Imprints on Leather Cases

Friday October 23, 2020 3:23 pm PDT by
If you keep your iPhone in a leather case while charging with Apple's new MagSafe Charger, the case might show circular imprints from contact with the accessory, according to a new Apple support document published today. Apple's leather cases for the iPhone 12 and iPhone 12 Pro are not available until November 6, but a MacRumors reader has already shared a photo of a circular imprint on...