[Cryptography] About those fingerprints ...

Ramsey Dow yesmar at me.com
Wed Sep 11 14:31:34 EDT 2013

On Sep 11, 2013, at 6:16 AM, Andrew W. Donoho <awd at DDG.com> wrote:
> 	Yesterday, Apple made the bold, unaudited claim that it will never save the fingerprint data outside of the A7 chip.

If you watch the video at http://www.apple.com/apple-events/september-2013/, Dan Riccio says at 61:08 that all fingerprint data is encrypted and stored in a "secure enclave" in the A7 SoC. The data is said to be accessable only by the TouchID sensor. He states that it is never available to other software, it's not stored on Apple servers, or backed up to iCloud. Although technical details are lacking at the moment, this "secure enclave" sounds a lot like a TPM to me. How will this be any different than storing a BitLocker key in TPM?

While it is true that NSA TAO has the capability of penetrating individual iPhones to potentially retrieve this data, it would be much easier to collect those fingerprints from other sources, like your house, or if you drive, the DMV database.

-- Ramsey

More information about the cryptography mailing list