New Patent Reveals Apple's "Secure Enclave" Processor for Touch ID and Possible Fingerprint Accessory
When Apple introduced the new iPhone 5S with its Touch ID fingerprint scanner feature, Dan Riccio, Senior VP Hardware Engineering stated at the 2:19 mark of Apple's introductory video that "All fingerprint information is encrypted and stored inside a secure enclave in our new A7 chip. Here it's locked away from everything else, accessible only by the Touch ID sensor. It's never available to other software, and it's never stored on Apple servers or backed up to iCloud." One of Apple's latest patent applications published by the US Patent and Trademark Office reveals the mechanics and thinking behind this "secure enclave" and more.
Touch ID's Secure Enclave Processor
Jumping to the heart of this patent we look to Apple's patent FIG. 5 noted below where we see the Touch ID's exemplary system that can be used to execute one or more exemplary processes. Apple states that the exemplary system can include a sensor that can include a separate encryption/security feature/module (not shown).
The processor includes an application processor and a secure enclave processor (SEP) noted in the figure below as patent point # 520. Each of these processors can include multiple processors, multiple cores, or reside on the same processor. The application processor can be a general processor, responsible for several processing tasks of the device it resides within. The secure enclave processor can be specially and/or specifically designed and/or configured to perform encrypted tasks, such as encrypting data associated with an authorized user's fingerprint/ID-pattern.
A potential drawback of the system is that the AP is unsecured or partially unsecured, and certain exemplary fingerprint template maps may contain sufficient information for a malicious unauthorized user or thief to reverse engineer the exemplary template to construct a pattern that could unlock the device (e.g., sufficiently mimic an authorized user's fingerprint pattern).
For example, an unauthorized user could intercept a decrypted template from the unsecured AP and use the template data to construct an artificial object with associated properties (e.g. properties that when scanned would produce data that matched the intercepted template).
Overcoming a Potential Security Risk
In order overcome this potential security drawback, Apple's invention includes a process of collapsing the full maps into a sort of checksum, hash function, or histogram. For example, each encrypted ridge map template can have some lower resolution pattern computed and associated with the ridge map. One exemplary pattern could be a histogram of, e.g., the most common angles (e.g., a 2 dimensional (2D) array of common angles). The exemplary pattern could include in each slot an average value over a respective vector of the map. The exemplary pattern could include in each slot a sum of the values over a respective vector of the map. The exemplary pattern could include the smallest or largest value within a respective vector of the map, or could be a difference between a largest and a smallest value within the respective vector of the map.
Numerous other exemplary embodiments are also possible, and any other exemplary pattern calculation can be used, where the exemplary pattern includes enough associated information to narrow the candidate list, while omitting enough associated information that the unsecured pattern cannot or cannot easily be reverse engineered into a matching texture.
In an exemplary process for this exemplary embodiment, a scanned object can have a ridge map calculated from the scanner input, e.g., in the SEP. This encrypted ridge map can then have an unencrypted pattern calculated (according to the implemented protocol) and sent to the AP. This pattern can be compared to patterns associated with the stored encrypted templates, which can be calculated in real-time or preferably be stored to reduce computation. Several of the templates may be different, but have the same or similar associated patterns, since two different templates may have values the same or similar in the areas used to determine the lower resolution patterns. This way the AP may return multiple positive results (and might also return a single match or no matches as determined with the scanned pattern to be compared). The SEP can then access the encrypted ridge maps associated with any patterns identified by the AP as matching. The SEP can then compare the ridge map of the scanned pattern with the small subset of possible matches, instead of the entire library of possible matches. This exemplary embodiment can therefore greatly speed up the computation of map matching by leveraging the powerful AP, while maintaining encrypted security of the stored ridge maps.
Apple's patent FIG. 6 is an exemplary process for efficiently and securely matching a scanned pattern.
Possible Future Touch ID Accessory
Apple notes that patent FIG. 2 depicts an electronic device (iPhone) that may incorporate a fingerprint sensor, e.g., a capacitive sensor. The electronic device may be a mobile telephone, a tablet computing device, a notebook computer, a personal digital assistant, a desktop computer, a portable media player, and the like. Later on they note that "In certain exemplary embodiments, the device can include a separate attachment, such as external scan accessory 240."
Patent Credits
Apple credits Wayne Westerman, Byron Han and Craig Marciniak as the inventors of patent application 20130308838 which was originally filed in Q1 2013.
A Note for Tech Sites covering our Report: We ask tech sites covering our report to kindly limit the use of our graphics to one image. Thanking you in advance for your cooperation.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. Revelations found in patent applications shouldn't be interpreted as rumor or fast-tracked according to rumor timetables.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments.
Comments