Apple's Touch ID moves the goalposts for mobile security

Apple SVP Phil Schiller introduces the Touch ID fingerprint reading technology at Apple's most recent iPhone introduction. Credit: Macworld/TechHive

Apple's latest event may seem like a letdown for many Apple watchers. Rumors and leaks had correctly predicted most of the information over the past few weeks, including the colored plastic iPhone 5C and the iPhone 5S adding a new gold color to its lineup.

One of the predicted technologies in the new iPhone 5S was a fingerprint sensor built in the the phone's home button. Touch ID -- as Apple is calling the feature -- can be used to unlock an iPhone 5S. It can also be used as a secure authentication mechanism for other iOS features and applications, such as making a purchase from the iOS App Store, iTunes Store, and iBookstore. It appears that Touch ID may also be able to manage a user's Apple ID information.

The Apple ID is a critical account that accomplishes several important things:

  • Links a user to iCloud
  • Authorizes specific computers or devices to access personal content like music or TV shows
  • Connects a user to certain Apple support options
  • Can be used to reset a user's password to his or her personal Mac if it is forgotten
  • It is central to making app and content purchases to make purchases (as well as to being a assigned app license under the revamped and much more enterprise friendly app licensing options debuting in iOS 7)
  • Perhaps most importantly, it is the basis of the new activation lock security feature in iOS that renders a lost or stolen iOS device useless.

The fact that Apple is linking Touch ID with Apple ID features shows the company has thoroughly tested and trusts the technology. Given that some fingerprint sensor peripherals have issues accurately reading a print, this is an impressive feat. While Apple spelled out the technologies built into the new home button, it didn't provide many details about Touch ID during the event.

But a note in the company's press release about the feature gives some great details about how it works and notes that the system is capable of learning a user's fingerprint from repeated use.

See also: Why Apple's fingerprint sensor is much better than the ones on older laptops 

Built into the home button, Touch ID uses a laser-cut sapphire crystal, together with the capacitive touch sensor, to take a high-resolution image of your fingerprint and intelligently analyze it to provide accurate readings from any angle. Setting up Touch ID to recognize your fingerprint is easy, and every time you use it, it gets better. The Touch ID sensor recognizes the touch of a finger so the sensor is only activated when needed, preserving battery life.

Apple also took pains to ensure that users understand the company isn't recording their biometric data-- a growing concern given this summer's string of revelations about the NSA and its various clandestine programs that appear to compel the cooperation of the technology companies.

All fingerprint information is encrypted and stored securely in the Secure Enclave inside the A7 chip on the iPhone 5s; it’s never stored on Apple servers or backed up to iCloud.

Apple did say that the Touch ID feature is deeply integrated into iOS 7. This could mean that third-party apps will eventually be able to integrate it as a secure authentication tool for accessing a range of personal and enterprise resources (although Apple took pains to say that third-party apps would not be able to access the actual fingerprint information).

In fact, it would be an excellent complement to many enterprise productivity and file/document sharing tools. Rather than have the choice of access Google services or Dropbox with either simply username and password (which is weak) or the limited and somewhat clunky two factor authentication both companies offer (and which proved somewhat disastrous for users after a recent Google update), users could easily rely on a much more secure authentication option.

It's easy to see the feature being extended into enterprise apps or, more powerfully, into enterprise mobile management solutions like those from AirWatch, MobileIron, Centrify, and others. The focus on single sign-on capabilities among many mobile management and mobile document security vendors like Accellion and Acronis is an ideal place for fingerprint authentication. Whether Apple will extend the functionality to that degree remains to be seen, but it seems hard to believe that Apple would keep the functionality to itself when there are so many excellent applications for it.

Touch ID also pairs well with an existing one of the new features of both iOS 7 and OS X Mavericks: iCloud Keychains. Keychains in OS X are secure content repositories. They're mostly used for securely storing user passwords, but they can also store encryption keys, digital security certificates, and secure notes. Each Mac has multiple keychains -- one for each user that is accessed at login (users can actually create multiple keychains if they wish), as well as system-level keychains that store secure information required regardless of which user is logged in or even when no user is logged in. For example, system-level keychains can store passwords for known wireless networks, which may need to be accessed for a user to login if a Mac isn't connected to a wired network, and root certificate authorities that allow a Mac to verify and trust external network sources for certificates like the ones used to secure ecommerce or online banking transactions.

iCloud Keychains allow a user's keychain(s) to sync across multiple devices and Macs and provide a consistent password locker and certificate management solution. They will also be able to store secure data commonly used in ecommerce like a user's credit card number and related information.

Ultimately, the launch of Touch ID in iOS moves the goalposts when it comes to mobile security, particularly when combined with some of the other security and enterprise features Apple has already announced for iOS 7.

Free Insider Download: CITE presentations now available
Join the discussion
Be the first to comment on this article. Our Commenting Policies