January 4, 2016 -
Apple recently filed a patent application that leverages fingerprint authentication for file upload and cloud storage.
The patent, published by the U.S. Patent & Trademark Office is entitled “Finger Biometric Sensor Data Synchronization via a Cloud Computing Device and Related Methods”.
In the patent application, Apple details how fingerprint data may first be gathered on a primary device and uploaded to iCloud to distribute among secondary devices:
“The patent describes a system that includes a device comprising a first finger biometric sensor and a first processor. The first processor may be capable of collecting enrollment finger biometric data from the first finger biometric sensor. The system may further include a cloud computing device capable of uploading and storing the enrollment finger biometric data, and a second electronic device. The second electronic device may include a second finger biometric sensor, and a second processor capable of collecting to-be matched finger biometric data from the second finger biometric sensor, and downloading the enrollment finger biometric data from the cloud computing device based upon matching between the enrollment and to-be matched finger biometric data.”
As BiometricUpdate.com described earlier this year, the process integrates user fingerprint with account verification data, which is comprised of an Apple ID and password combination.
In the initial setup up of an iPhone 5s or 6, iOS may prompt the user to validate their Apple ID account data before enrolling a fingerprint via Touch ID. It then encrypts and uploads the data to iCloud, a process that may be reversed depending on the implementation.
Once this is set up, iCloud can send user-specific information to a second iOS device to validate and perform different functions.
To ensure that this works, Apple’s system obtains a “to-be matched” fingerprint from the second device’s Touch ID module, along with to-be matched account verification data.
Users can only download the enrollment fingerprint if they have successfully matching sets of data and the originals are stored on iCloud. The process of matching can be executed on the original device, second device or in the cloud.
The patent application also specifies an alternate and more secure option where two devices can connect and transfer biometric data over local wireless links, such as NFC or Bluetooth, using the same key-based encryption.
The patent also outlines a use case scenario involving mobile-based purchases similar to the Apple Pay payment service in which the second device in the system would serve as a point of sale terminal featuring a touchscreen, speaker and fingerprint sensor. In that user case, biometric data is sensed and matched in a manner similar to the above scenario, and is then used to authorize the purchase.