The launch of this iPhone, providing users the ability to access and authenticate the device with biometric sensors, brought several concerns from security researchers. Apple’s updated security document will answer some of those remaining concerns.
The added information reveals how the Touch ID sensor functions, and also provides additional details on Secure Enclave that is responsible for storing and keeping the data private for users. For average iPhone users, the information can be complex to understand, but it should drive more faith into the security ability of the Touch sensor ID.
The A7 processor stored in the iPhone 5s has its own Secure Enclave that regulates and authenticates data that is tracked and passed by the touch ID hardware from the user’s end. During manufacturing, the Enclave is given a unique identifier that is kept separate from the iOS system and it can’t be accessed by anyone or anything. Even Apple can’t provision this identifier, and it can be used to generate a new key in the start-up that ‘encrypt the Secure Enclave’s portion of the device’s memory space’.
The document now also has details on the fingerprint image, provided during the print registration, is handled by the device. An 88*88 pixel representation of the fingerprint is provided by the touch ID sensor, which then sends it to the Secure Enclave, where it is transformed into a decryption key and then discarded without any information storage or backup. The decrypted keys get discarded after 48 hours interval of five Touch ID access failed attempts.
If you are interested in Touch ID security, you can read the entire document.