Apple has a new patent published by the USPTO today that shows off a system through which Touch ID information could be
collected on a primary device, and then transferred via iCloud to a
secondary device for use in authentication, or to set up said device
presumably without repeating the enrolment process. It could also be
used to allow dedicated Apple Pay terminals with their own Touch ID
sensors to verify user fingerprint information and process transactions
without even needing the primary device to be present.
The system describes various ways in which the Touch ID data may be transferred from device to device securely – Apple currently touts as one of Touch ID’s features the fact that any biometric data lives only on the device, and only on a secure, isolated portion of the chipset that isn’t made available to the rest of the device. But the patent offers a number of options to maintain security, including requiring that a user authenticate via iCloud to securely store their Touch ID information for transfer, or even sending info gathered on the second device back to the original for matching and authorization, meaning the actual original data is never transferred wirelessly in any form.
Apple also lays out how transferring data from one device to another might operate only over local wireless tech, including NFC and Bluetooth, as well as ad hoc Wi-Fi connections directly between devices. This could help ensure greater security, and make sure the system complies with regulations about how biometric data can be transferred between devices.
One of the more intriguing aspects of the patent describes a use case
in which the second device in the Touch ID info transfer is actually an
Apple Pay-enabled terminal with a fingerprint reader. This would mean
that a user could use Apple Pay at such locations without having to
actually have their phone present. The information gathered on the
terminal could be sent back to the original device for checking against
the locally stored record, with a unique encryption code generated each
time, again ensuring that no user information is at risk for
interception or redirection.
Apple’s Touch ID system could be a great fit for iCloud integration, but the tech was introduced with a heavy emphasis on the fact that the info is stored locally and never transmitted in any way. Getting rid of the set-up process when a user upgrades is indeed a great convenience factor, and theoretically allowing a user on an iPad they don’t normally use trigger identity-based features via Touch ID authentication is also an interesting use case, however. And Apple Pay showed that Apple could figure out a way to use Touch ID information to prompt action on a second device, without opening a security gap, so perhaps the next step is something like what’s described in this new patent.
The system describes various ways in which the Touch ID data may be transferred from device to device securely – Apple currently touts as one of Touch ID’s features the fact that any biometric data lives only on the device, and only on a secure, isolated portion of the chipset that isn’t made available to the rest of the device. But the patent offers a number of options to maintain security, including requiring that a user authenticate via iCloud to securely store their Touch ID information for transfer, or even sending info gathered on the second device back to the original for matching and authorization, meaning the actual original data is never transferred wirelessly in any form.
Apple also lays out how transferring data from one device to another might operate only over local wireless tech, including NFC and Bluetooth, as well as ad hoc Wi-Fi connections directly between devices. This could help ensure greater security, and make sure the system complies with regulations about how biometric data can be transferred between devices.
Apple’s Touch ID system could be a great fit for iCloud integration, but the tech was introduced with a heavy emphasis on the fact that the info is stored locally and never transmitted in any way. Getting rid of the set-up process when a user upgrades is indeed a great convenience factor, and theoretically allowing a user on an iPad they don’t normally use trigger identity-based features via Touch ID authentication is also an interesting use case, however. And Apple Pay showed that Apple could figure out a way to use Touch ID information to prompt action on a second device, without opening a security gap, so perhaps the next step is something like what’s described in this new patent.