TouchIdSensor
Latest
Why a disembodied finger can't be used to unlock the Touch ID sensor on the iPhone 5s
When a lot of folks think of fingerprint-scanning technology, they often assume there's a single way to do it, but nothing could be further from the truth. There are actually more than a half-dozen different technologies -- and combinations thereof -- that various devices employ to read prints, with varying levels of reliability, and yes, some of them would indeed work with a finger you chopped off of a dear friend, but the Touch ID sensor on the iPhone 5s isn't one of them. Based on what Apple has revealed regarding Touch ID and what the company's own patents have suggested, the sensor in the iPhone 5s utilizes two methods to sense and identify your fingerprint: Capacitive -- A capacitive sensor is activated by the slight electrical charge running through your skin. We all have a small amount of electrical current running through our bodies, and capacitive technology utilizes that to sense touch. This is also the same technology used in the iPhone's touchscreen to detect input. Radio frequency -- RF waves do not respond to the dead layer of skin on the outside of your finger -- the part that might be chapped or too dry to be read with much accuracy -- and instead reads only the living tissue underneath. This produces an extremely precise image of your print, and ensures that a severed finger is completely useless. This means that the Touch ID sensor should be remarkably accurate for living creatures, but it also means that only a finger attached to a beating heart will be able to unlock it. So, should someone run up to you, hack off your finger, grab your iPhone and attempt to unlock it, there's virtually no chance it's going to work. Once the tissue is dead -- which, in the case of someone chopping your finger off without your consent, should happen within a matter of minutes -- two things will happen. First, the finger will lose all electrical charge and will fail to even activate the sensor, and secondly, if by some chance the sensor could be artificially activated, the RF reader that is searching for a print will find no living tissue and fail, leaving the device locked. It's important to note that in order to utilize Touch ID you must also set up a passcode, which acts as a back-up method to unlock your device. If someone really wanted to break into your device, chances are they'd be able to obtain your passcode more easily than actually slicing off a finger. However, if by some miracle the person snatching your finger had a compatible human host waiting for your finger to be transplanted onto their body -- and if they managed to complete the procedure before the tissue died -- you might have cause for concern. Oh wait, that's utterly insane, so no, you have nothing to worry about.
Touch ID is huge for businesses and employees, but for different reasons
Apple's newly revealed iPhone 5s sports a number of improvements over its predecessor, but if there's one feature that truly sets the device apart from other iPhones (if not from all previous smartphones), it's Touch ID. The Touch ID sensor built into the home button of the 5s can read your fingerprint as an alternative to swipe-to-unlock or PIN/password entry. You can use this digital wizardry to make iTunes purchases and unlock the phone itself. This futuristic tech might be a fun tool for the average smartphone user, but the feature will truly shine when it enters the corporate scene. A big problem The business world is fighting a two-front war in the name of security: Companies are doing their best to keep information locked down (both to comply with internal policies as well as government-mandated privacy efforts like HIPAA), while at the same time corralling employees that see convenience as the only priority. Businesses large and small have relied on applications like Microsoft's Exchange ActiveSync for years to set up secure mailboxes for employees running a wide array of devices. These days, smartphones are a huge area of concern thanks to the relative ease with which they are lost (compared to a laptop, for example) as well as a user base savvy enough to find ways around the policies in question. Mobile-device management tools (like Mobileiron, AirWatch and Apple's own MDM controls in OS X Server and iOS) are an essential part of the equation as enterprises balance productivity and bring-your-own-device policies with security and corporate priorities. "Hello all," a forum post on AndroidCentral begins. "My work recently implemented a new policy where the phone must be unlocked if using the exchange server email. My issue with it is I now loose [sic] my slide to unlock to the camera or other options based on the roms. Is there any way around it?" This isn't an isolated case of an employee seeking out loopholes to company security efforts -- it's happening every day, and it's not isolated to Android. A cursory search of jailbreak apps for iOS immediately produces options for bypassing company-enforced device locks. Users who seek out these solutions aren't doing so because they want to put sensitive business information -- or their own jobs -- in jeopardy; it's just a pain to type in a four-plus digit code every time they check their email or update their corporate social network. Similarly, the businesses that implement these lockdowns aren't necessarily the ones making the call; legal and regulatory constraints, in certain fields, may take priority. The Health Insurance Portability and Accountability Act (HIPAA), for example, mandates all healthcare employees who may have patient data on their smartphones -- including names, contact info, photographs and medical records -- set up passcodes and screen time-out features to ensure sensitive data isn't leaked. An elegant solution But now, on a mainstream smartphone platform, there will be a flagship device that offers both the convenience of a one-touch unlock and an unrivaled level of security. Touch ID addresses the concerns of businesses while giving users fewer reasons to seek out workarounds, and at the moment there is quite simply nothing to rival it. It's a win / win. Or a win / win / win if you count Apple, which stands to gain a lot of fans in the business security sector. Forward thinking indeed.
A look at the iPhone 5s Touch ID fingerprint sensor
One of the biggest features of the iPhone 5s announced yesterday is the Touch ID fingerprint sensor that is used for user authentication. Rich Mogull at TechHive has written the definitive Q&A about the sensor built into the iPhone 5s, and there are some fascinating things to know about the future of mobile security. The first thing Mogull points out is that the Touch ID sensor is based on a capacitance reader, which makes use of the fact that the outer layer of your skin is non-conductive while the subdermal layer is conductive. Mogull notes that when you touch the sensor, "it measures the miniscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image." The ring around the sensor, which is embedded in the home button, is used to turn on the sensor and reduce signal errors. As Mogull says, the capacitance design is less easy to spoof than an optical reader (which a photocopy of a fingerprint can fool), less fragile and less prone to error due to smudged glass. Some internet wag has already created a meme that states that Apple would nab fingerprints to create a huge "name to fingerprint" database. Well, that's not possible. The fingerprint is run through an algorithm to create a fingerprint template, a mathematical representation of your fingerprint. Mogull believes that the template is then run through a cryptographic hashing algorithm and combined with a random or unique number to further scramble the data. Apple mentioned during the keynote yesterday that the fingerprint data is neither transmitted to the company nor stored on their servers. Instead, it is stored only on the iPhone 5s. Whenever your fingerprint is scanned, the phone does the same template creation and compares the result with the stored hash. Mogull points out that while fingerprints are more secure because they are impossible to guess, fingerprints and passcodes are still examples of single-factor authentication. A more secure system would require a passcode and a fingerprint. Passcodes are still required if you damage your finger or break the Touch ID sensor. As for using Touch ID with iCloud and the iTunes Store, Mogull thinks that Apple will store the passwords for those services in the iOS keychain, using your fingerprint to authorize access. OS X and iOS handle stored passwords this way, and it emphasizes Apple's comment that the fingerprint data never leaves the device. Mogull's bottom line is that Touch ID could be game-changing, in that it makes security invisible. Apple noted during the keynote that it thinks of the iPhone to be a "key," so it wishes to eventually make your phone and fingerprints be the keys to just about everything in your life. Imagine door locks or home alarms that are locked or armed with a fingerprint, or payments that can be authorized with a tap of a finger. In the long run, Touch ID might be the most important feature of the iPhone 5s and future Apple devices.
Daily Update for September 10, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Alleged iPhone 5S render shows new home button / 'Touch ID sensor'
We're just a few hours away from Apple's big iPhone press conference, and Nowhereelse.fr has just posted this render (from a "very reliable" source) that claims to show the iPhone 5S. The most notable change shown is of course, the home button, seemingly minus the usual squarish target and called the "Touch ID sensor". That is expected, considering repeated rumors (check out our roundup) including an apparent confirmation tonight from the Wall Street Journal, that Apple's next flagship phone will include a fingerprint sensor. Whatever the truth is, it will be unveiled at 1PM ET, and we'll be there liveblogging every minute. Update: Yes, that's it! Check out all of the official info on the iPhone 5s and its Touch ID fingerprint authentication system right here.
