Details of Apple's Fingerprint Recognition

This is interesting:

Touch ID takes a 88×88 500ppi scan of your finger and temporarily sends that data to a secure cache located near the RAM, after the data is vectorized and forwarded to the secure enclave located on the top left of the A7 near the M7 processor it is immediately discarded after processing. The fingerprint scanner uses subdermal ridge flows (inner layer of skin) to prevent loss of accuracy if you were to have micro cuts or debris on your finger.

With iOS 7.1.1 Apple now takes multiple scans of each position you place finger at setup instead of a single one and uses algorithms to predict potential errors that could arise in the future. Touch ID was supposed to gradually improve accuracy with every scan but the problem was if you didn’t scan well on setup it would ruin your experience until you re-setup your finger. iOS 7.1.1 not only removes that problem and increases accuracy but also greatly reduces the calculations your iPhone 5S had to make while unlocking the device which means you should get a much faster unlock time.

Tags: , , , ,

Posted on April 29, 2014 at 6:47 AM29 Comments

Comments

z April 29, 2014 7:03 AM

I wonder what the legal implications are for using fingerprints rather than a passphrase. In the US (at the moment), you can simply refuse to give over your passphrase. Can you refuse to touch your fingerprint scanner too? Case law has set a precedent that you cannot be forced to hand over your password to LE due to self incrimination; it has said nothing about fingerprints, as far as I know. I bet this will be challenged, unless the precedent is about providing access to unencrypted data rather than just the password.

Yeah, I know. There shouldn’t be a difference, but who knows anymore…

James April 29, 2014 7:23 AM

One potential solution to the fingerprint unlock demand would be to purposely fail the fingerprint scan five times to trigger the passcode unlock. This could be done by using the wrong finger. Perhaps a good reason to use a non-traditional finger (i.e. not your dominant hand thumb or index finger).

Restarting the phone also switches the phone to require the passcode or passphrase providing a simple way to remove the ability to unlock the phone even if law enforcement demands you do it with Touch ID.

http://support.apple.com/kb/HT5949?viewlocale=en_US&locale=en_US

Jacob April 29, 2014 8:01 AM

@ z:

The protection granted to passwords in the US is due to them being a “content of the mind”, and under the 5th amendment is protected by the constitution – with some caveats e.g. the gov doesn’t know apriori the metadata of the encrypted material (see http://www.wired.com/images_blogs/threatlevel/2013/04/encryption-case.pdf).

However, fingerprints, being a physical characteristics of a person like blood chemistry etc. do not convey such a protection.

Daniel Serodio April 29, 2014 8:39 AM

If it reads “subdermal ridge flows”, how can it be foiled by a printed copy of the fingerprint as demonstrated by the CCC hack?

TravisD April 29, 2014 9:04 AM

I would seem like it would be trivial to enable both Finger and PIN, giving 2-factor authentication as an option. That would make many very happy I imagine…

Buck April 29, 2014 9:24 AM

@James

One potential solution to the fingerprint unlock demand would be to purposely fail the fingerprint scan five times to trigger the passcode unlock.

Restarting the phone also switches the phone to require the passcode or passphrase providing a simple way to remove the ability to unlock the phone even if law enforcement demands you do it with Touch ID.

Try that and you’ll risk receiving an additional charge of obstruction… :-\

Baz April 29, 2014 1:30 PM

There’s nothing there about checking whether the finger is still live or not. Having anything valuable locked by this method is an invitation to be dismembered. And using an alternative lock is no safeguard, how will your thief know whether to take your hand or not?

aiken April 29, 2014 1:49 PM

Baz is right, in the same way that locking anything valuable with a password is an invitation to be beaten with a rubber hose.

Daniel Boulet April 29, 2014 2:15 PM

I’ve been using Touch ID for a few months now. At least as of the version of iOS just before 7.1.1, there is still a passcode (I haven’t upgraded to 7.1.1 yet). In fact, one is required to enter the passcode when unlocking the phone the first time after power cycling the phone. Not sure if this is to ensure that you remember the passcode (seems unlikely as it could be quite a while between power cycle events) or to ensure that iOS has the passcode in memory. The latter seems fairly likely given that Apple published a technical article describing how iOS secures the contents of its flash memory a while back; one aspect was that the phone’s passcode was used to add an extra layer of encryption to those parts of the flash-based filesystem not required when the phone is locked.

Bob S. April 29, 2014 3:09 PM

I don’t like a finger print system simply because that’s the type of data the police state, secretly or not, strongly desires for it’s data bases.

Also, mentioned here is the need to enter for a passcode every so often regardless of the print option, and of course that it took very little time at all for hackers to hack it….

I understand now the print is converted to hash code and then deleted, but I wonder what would happen after it’s up and running for awhile and the government secretly or not demands that prints be copied to the federal data base…for our own good. Seems like a simple code update to me.

Also, the concept that bio-metrics are not protected by law or Constitution is important. Have we already forgotten the “No Trust” model?

There must be a better and more simple way.

MyTwoCents April 29, 2014 9:00 PM

Until iOS 7.1, the fingerprint sensor was a bit spotty. Couldn’t get the damn thing to work consistently. If my fingerprint failed to read 5 times in a row… plausible deniability 😉

Annoyed April 29, 2014 10:49 PM

I think the 5th Amendment protection might actually apply if there were a lawyer brave enough to challenge the court’s opinion.

Most people refer to Justice Stevens’ example about providing the key to a lockbox (search page for “Justice Stevens Dissenting”):


A defendant can be compelled to produce material evidence that is incriminating. Fingerprints, blood samples, voice exemplars, handwriting specimens, or other items of physical evidence may be extracted from a defendant against his will. But can he be compelled to use his mind to assist the prosecution in convicting him of a crime? I think not. He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe—by word or deed.

however with the proliferation of fingerprint ID systems, this could present grounds to argue that the purpose of the fingerprint exceeds that of simple identification.

Consider the quote above where it says He may in some cases be forced to surrender a key. One could argue that a fingerprint to identify a suspect (simple ident.) is different than a fingerprint used to unlock a device (a key) thereby possibly affording you 5th Amendment protection.

The courts are currently deciding wether a cellphone requires a search warrant and from the opinions I’ve heard they seem to believe they do, now that cellphones carry so much personal information.

It stands to reason that if a fingerprint is now a key to that information that the court would also have to revisit the definition of a fingerprint.

Thomas April 29, 2014 10:49 PM

I just want to know why it doesn’t flash fingerprints up on the screen while running the matching algorithm like it does on CSI…

… 88×88 500ppi …

that’s about 4.4 mm, seems a little small.

@James

This could be done by using the wrong finger

You could almost use different parts of the same finder with a small scan-area like that.

Clive Robinson April 30, 2014 2:40 AM

@ Annoyed,

For me the important part of the judgment you quote is “by word or deed”.

Whilst the judgment was about information in memory the judge did not specify the memory to be either brain or muscle.

So even though the persons fingerprint is available to the authorities they should not be able to force the user into using their finger to unlock the phone because that can be argued as “by deed”. Similar argument can be made for any biometric that involves a physical activity on behalf of the person, such as looking into an eye scanner.

Thus we need to look at biometric usage slightly differently as designers, the use should also involve more than a very simple mechanical action such as placing a finger on a scanner or putting an eye up to a scanner.

Thus if a finger print scanner is embedded in or at the edge of a touch sensitive screen the user should “match and swipe” where thd finger scan provides the first “match” biometric and the user then slides their finger in some pattern on the touch screen to provide the second “swipe” memory component.

Perhaps we should also enlargen the “Something you are, something you have or something you know” to specificaly include “something you do” in recognition of muscle memory activities.

zoli April 30, 2014 2:54 AM

try to use during rollout more, e.g. even 5 fingers…and finally all of them will be accepted for lockout.
try not only hand fingers…not only fingers (e.g. ear…)

keshet April 30, 2014 4:27 AM

How about multiple finger setup?
– If it scans my left ring finger it unlocks
– If it scans my right thumb then it erases sensitive information
– If it scans my left thumb then it disables fingerprint unlock
– etc.

Bob S. April 30, 2014 5:51 AM

Yes,the Supreme Court will decide if police can ransack and rifle through cell phone data incident to arrest. Those kinds of searches were supposed to be so that the officer could find potential weapons.

Of course a cell phone is not a weapon. But, the police search them anyway. And that’s the real problem. Unless Big Daddy is standing there watching Big Brother they just go ahead and make up the law as they go. Then they wait the usual number of years for the various courts to rule on their intrusions and violations. And many times since the situations relate to much reviled drug dealers the court decides for the police while conveniently forgetting about all the innocent persons who will suffer for their poor judgement.

Meanwhile, the next new technology appears, and there goes Big Brother taking every possible liberty to dominate his adversary of the moment.

When is too much simply too much?

Wm April 30, 2014 6:47 AM

Looking forward to the future headline:

APPLE FOUND TO BE SECRETLY PASSING USER FINGERPRINTS TO FBI

Brazil April 30, 2014 8:00 AM

In Brazil, for example, when you become 18, you have to take your State ID. It’s done in each state police, giving some documents and your fingerprints of all your fingers. The same applies when you want a passport. So, government will have your fingerprints, not hard to “print” it and use in the phone.

TIM April 30, 2014 8:27 AM

@ keshet

Sounds like the old silent alarm function by using the correct PIN (e.g. to unlock a door) plus an additional number (to call for help, silently).

I think this would be a nice feature … left thumb for regular access … right thumb for granting access and sending an alarm message with GPS to a security-service or directly the police or someone else.

z April 30, 2014 8:36 AM

Thanks for the Wired link; I hadn’t seen that.

@Clive Robinson

Regarding designs, I agree. It should also be combined with something you know just to be safe. It doesn’t have to be long–a 4 or 6 digit PIN might be good enough and still convenient–but it should be carefully designed to defeat brute force attacks if the attacker has access to the fingerprint.

Either way, I’m sure we will see a Supreme Court case regarding this issue sooner rather than later.

Nick P April 30, 2014 10:08 AM

@ Wm

“APPLE FOUND TO BE SECRETLY PASSING USER FINGERPRINTS TO FBI”

I hadn’t thought about it. That’s a good idea.

Anura May 1, 2014 12:19 PM

Fingerprints for authentication make me kind of nervous anyway. If I lose my password, I lose my data too, but my password has little value to me in and of itself. My hand, however, is very useful to me beyond being a tool for authentication. Plus, it’s a lot easier to change my password than to change my fingerprints if they are ever compromised.

printed May 1, 2014 12:38 PM

At least one isn’t likely to leave any fingerprints on the device, right? I mean, in case it gets stolen or something.

As for others getting a hold of fingerprints–beyond the obvious “grab the glass after he’s had a drink”, modern imaging can do this at a distance. The interesting question is if, say, $50k worth of equipment would have a range of 10m or 100m (or more?).

Alex May 2, 2014 2:31 PM

If Apple (and the others) would only spend this energy making the phones more responsive and have more battery life….

Robert.Walter May 2, 2014 6:06 PM

@Alex, yes, because apple only had one engineer working to solve all technical issues. /s

trsm.mckay May 6, 2014 11:45 AM

@Anura: Fingerprints are not the same as passwords. If a compromise requires you to change your fingerprint, than the system is designed wrong (and yes, there are a lot of incorrect designs out there). Fingerprints should not be thought of as secret, just obscure at best (after all in the normal course of life you leave a lot of them laying around).

Fingerprints (and other biometrics) are best thought of as “presence” detection. In some cases it may be reasonable to drop knowledge based authentication for presence based authentication; but need to take into account that there are different vulnerabilities, mitigations, and recovery methods.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.