An Apple patent published today by the U.S. Patent and Trademark Office describes "Biometric capture for unauthorized user identification", by using an iPhone or iPad's Touch ID feature, camera, and other sensors.
The proposed system augments typical Touch ID verification by capturing and storing information about a potential thief after six fingerprint unlocking attempts have failed and the wrong passcode is inputted 10 times (after which a "cool down" period or a complete data wipe is activated, depending on user setting).
In another variation, a single failed authentication triggers the capture of fingerprint data and the device takes a picture of the user via the front-facing camera.
In yet other embodiments, the system can be configured by the user to enable or disable various triggers and scenarios in which the biometric capture protocols are activated. The patent also specifies how other data could be logged in the background to supplement the biometric capture, including time stamps, device location, speed, air pressure, audio data, and more.
After capture, the data is stored either locally on the device or sent to a remote server for evaluation, while purges of data are activated when the system determines that it is no longer required.
In suggested uses that are likely to be controversial, Apple describes how the server-side aspect of the system could potentially cross-reference the captured biometric and photo information with an online database containing information of known users. Currently, the fact that Touch ID fingerprint data is stored locally and not in a centralized database is considered to be a significant security benefit to users.
There's no reason to believe Apple will implement the forensic technology in an upcoming consumer product, but the patent does highlight Apple's continuing research into how to harden security on mobile devices beyond passcode screens and Touch ID.