February 28, 2014 -
“[The Touch ID] reads fingerprints from any angle and learns more about a user’s fingerprint over time, with the sensor continuing to expand the fingerprint map as additional overlapping nodes are identified with each use,” the whitepaper explains.
According to the whitepaper, the sensor can be trained to recognize up to five different fingers, but fingerprint data is not available to other apps or third parties.
“With one finger enrolled, the chance of a random match with someone else is 1 in 50,000. However, Touch ID allows only five unsuccessful fingerprint match attempts before the user is required to enter a passcode to obtain access.”
As for fingerprint recognition, the company says the sensor is only active when the capacitive steel ring that surrounds the Home button detects the touch of a finger.
Reported previously in BiometricUpdate.com, in November 2013, the USPTO published a patent filed by Apple for its Touch ID sensor.
According to the company, “the 88-by-88-pixel, 500-ppi raster scan is temporarily stored in encrypted member within the Secure Enclave while being vectorized for analysis, and then it’s discarded after. The analysis utilizes subdermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint The resulting map of nodes never leaves iPhone 5S, is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple of backed up to iCloud or iTunes.”
Decrypted class keys are held in memory and are lost if the device is rebooted. In addition, says the company, the Secure Enclave will discard keys after 48 hours or 5 failed Touch ID recognition attempts.
Apple was an early player with an embedded fingerprint sensor, but the space is heating up with new competition. Earlier this week, Samsung launched its Galaxy S5 with an embedded fingerprint sensor.