January 16, 2015 -
Apple recently announced that the U.S. Patent and Trademark Office has granted its patent application for an iCloud-based fingerprint storage and cross-device syncing solution, a system that could potentially eliminate manually setting up Touch ID and power next-generation Apple Pay-enabled POS terminals, according to a report by Apple Insider.
In the patent application, entitled “Finger biometric sensor data synchronization via a cloud computing device and related methods,” Apple details how fingerprint data may first be gathered on a primary device and uploaded to iCloud to distribute among secondary devices.
As a security measure, the process integrates user fingerprint with account verification data, which is comprised of an Apple ID and password combination.
In the initial setup up of an iPhone 5s or 6, iOS may prompt the user to validate their Apple ID account data before enrolling a fingerprint via Touch ID. It then encrypts and uploads the data to iCloud, a process that may be reversed depending on the implementation.
Once this is set up, iCloud can send user-specific information to a second iOS device to validate and perform different functions.
To ensure that this works, Apple’s system obtains a “to-be matched” fingerprint from the second device’s Touch ID module, along with to-be matched account verification data.
Users can only download the enrollment fingerprint if they have successfully matching sets of data and the originals are stored on iCloud. The process of matching can be executed on the original device, second device or in the cloud.
The patent application also specifies an alternate and more secure option where two devices can connect and transfer biometric data over local wireless links, such as NFC or Bluetooth, using the same key-based encryption.
The patent also outlines a use case scenario involving mobile-based purchases similar to the Apple Pay payment service in which the second device in the system would serve as a point of sale terminal featuring a touchscreen, speaker and fingerprint sensor.
The user’s biometric data is sensed and matched in a manner similar to the above scenario, and is then used to authorize the purchase.
Though the application does not provide any further details, the method would likely be activated from the user’s device through NFC or other secure protocol.
The POS terminal does not necessarily need to download the user’s fingerprint, but instead it can send its own to-be-matched biometric data to iCloud or the user’s iPhone.
Apple will likely further test the method for any security holes that could arise in wireless computing and cloud storage services before completely adopting the system, especially in light of last fall’s hacks that included an iCloud security breach.
The patent was initially filed in July 2013 with former AuthenTec CTO Greg Kerr listed as its inventor. Apple acquired AuthenTec in 2012 and later branded the company’s technology as Touch ID in the iPhone 5s.
Previously reported, Apple announced that the US Patent and Trademark Office has granted the company a series of 48 patents, including a major invention relating to a multimode fingerprint scanner, specifically designed for financial transactions.