Believing privacy to be a fundamental human right, Apple has been designing technologies to keep users' personal information safe. One such technology was the popular Touch ID, the fingerprint sensing system introduced back in 2013 that allowed faster, easier and secure access to supported Apple devices. It wasn't the first time that fingerprint sensing technology was deployed in a consumer product. But it did popularise the technology, resulting in most of the smartphone markers adopting fingerprint sensors.
Explaining what led Apple to design this technology, the Cupertino giant explained that in the early years of iPhone, it had built the best-addressed file encryption system in the consumer market. Apple called it data protection where the system itself was incredibly sophisticated and enabled things like protecting multiple classes of data so that the device could download and encrypt data, even while it was blocked or supported entirely unattended software updates while maintaining the full strength of data protection for the user. All the user has to do to take advantage of this was to set a passcode as it was used as a part of the process to derive cryptographic keys that then powered the rest of the data protection process.
However, Apple was alarmed to discover that all the investment it had made into data protection was not protecting the majority of its users. Only about 49 per cent of the users were setting a passcode, which meant that the remaining 51 per cent were not benefiting from the data protection mechanism. When Apple dug in to understand the reason, the findings revealed that users unlock their devices a lot - on an average about 80 times a day. And about half of its users simply didn't want the inconvenience of having to enter their passcode into their device, at times. At that time, in 2012-2013, the default passcode length for iPhone was four digits, which happens to be six today.
Apple realised that it needed to come up with a mechanism that's fast and secure, and doesn't involve typing in the passcode. That's when Apple introduced Touch ID, which was easy, fast and secure. The way that biometric authentication worked on Apple platforms was that the user must set a passcode to be able to use the biometrics. And just as Apple thought, there was a much higher adoption of biometric-based TouchID. Apple says over 92 per cent chose to use Touch ID and had therefore set the passcode, which in turn meant users were able to use Apple's data protection encryption system.
The recently updated 200-page-long Apple Platform Security Guide extensively explains how secure the TouchID is. The document explains that when the fingerprint sensor detects the touch of a finger, it triggers the advanced imaging array to scan the finger and sends the scan to the Secure Enclave. This communication between the processor and the TouchID sensor takes place over a serial peripheral interface bus.
The processor forwards the data to the Secure Enclave but can't read it. It's encrypted and authenticated with a session key that's negotiated using a shared key provisioned for each TouchID sensor and its corresponding Secure Enclave at the factory. For every Touch ID sensor, the shared key is strong, random, and different. The session key exchange uses AES key wrapping, with both sides providing a random key that establishes the session key and uses transport encryption that provides both authentication and confidentiality (using AES-CCM).
While the fingerprint scan is being vectorised for analysis, the raster scan is temporarily stored in encrypted memory within the Secure Enclave and then it's discarded. The analysis utilises subdermal ridge flow angle mapping, a lossy process that discards "finger minutiae data" that would be required to reconstruct the user's actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can be read only by the Secure Enclave. This data stays on the device. It isn't sent to Apple or backed up to the cloud.