Apple has shared some information around how Touch ID and its Secure Enclave keeps information private in an updated security document newly posted to its “iPhone in Business” microsite. The new info provides an inside look at how exactly the Secure Enclave generates and communicates encrypted and temporary identification information to the rest of the system to make sure that fingerprint data is never exposed to anything beyond itself.
Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay…
View original post 895 more words