Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




13067 posts

Uber Geek

Trusted
Lifetime subscriber

# 177338 30-Jul-2015 12:52
Send private message

So... When you power your phone up, it asks for your PIN. You cannot unlock using your fingerprint.

This seems to fly in the face of using your fingerprint which cannot be guessed as opposed to your PIN which can. So why is it done that way?





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
84 posts

Master Geek


  # 1355241 30-Jul-2015 12:57
One person supports this post
Send private message

If you work in corporate IT like I do it serves the purpose of making you say the words "No I don't know what your PIN is, yes, that does mean it will wipe" on a weekly basis.

5136 posts

Uber Geek

Trusted
Microsoft

  # 1355246 30-Jul-2015 13:03
Send private message

Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.


“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.

iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.

Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”

 
 
 
 




13067 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1355275 30-Jul-2015 13:27
Send private message

It still seems like it replaces new tech with old tech.

I could perhaps see why they might insist on BOTH...





2288 posts

Uber Geek

Subscriber

  # 1355277 30-Jul-2015 13:31
Send private message

IIRC this was put in place as a fix to people somehow being able to access the phone without knowing the PIN or having access to your severed finger.

I would think the vast majority don't really restart their phone all that often unless flying anyway. 

1272 posts

Uber Geek

Trusted

  # 1355288 30-Jul-2015 13:49
Send private message

I have a passcode using letters instead (9 characters with a couple of numbers also). I only occasionally have to enter it and I think it should be much more secure than a 4 digit PIN. Touch ID is great!

Cheers,
Joseph

2712 posts

Uber Geek


  # 1355297 30-Jul-2015 14:03
Send private message

nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.


“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.

iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.

Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”


Why does any of this prohibit using Touch ID immediately after restart?

2712 posts

Uber Geek


  # 1355300 30-Jul-2015 14:08
2 people support this post
Send private message

I find it more annoying that you have to enter your Apple password in the app store to re-enable Touch ID there as well after a reboot.

 
 
 
 


335 posts

Ultimate Geek


  # 1355302 30-Jul-2015 14:11
One person supports this post
Send private message

Paul1977:
nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.


“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.

iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.

Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”


Why does any of this prohibit using Touch ID immediately after restart?


Um...Nathan explained it in the first sentence of the post you quoted.

2712 posts

Uber Geek


  # 1355304 30-Jul-2015 14:18
Send private message

uglyb0b:
Paul1977:
nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.


“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.

iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.

Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”


Why does any of this prohibit using Touch ID immediately after restart?


Um...Nathan explained it in the first sentence of the post you quoted.


Yes... but what in the information he quotes leads to that conclusion?

EDIT: It makes sense if the secure enclave itself is locked with the pass code, but the information doesn't actually say that is the case.

And this doesn't explain having to enter it in the app store again to re-enable Touch ID there.

5136 posts

Uber Geek

Trusted
Microsoft

  # 1355333 30-Jul-2015 14:38
3 people support this post
Send private message

not understanding something doesn't make it illogical

unlocking with fingerprint sensor does not just unlock the phone, it provides the password for you.  To do that that is has to know the password first, so you have to enter it.

The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece  - the pincode.  

Its probably handy for you too to be asked the pin from time to time so you don't forget it.

2712 posts

Uber Geek


  # 1355383 30-Jul-2015 15:34
Send private message

nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece  - the pincode.


That's what i was getting at with my above edit, but never saw this in any official info that I had read. That makes sense, thanks.

But what about when you first purchase an app after a restart? The Secure Enclave is accessible at this point, but it still won't let you use Touch ID until you enter your Apple ID password. Is there a technical reason for this?

323 posts

Ultimate Geek

Trusted
Spark NZ

  # 1355391 30-Jul-2015 15:44
Send private message

It also asks for it if you haven't unlocked the phone for 48hrs.

I think it's useful for a number of reasons, top 2 based on experience is
a.  Asking for the passcode every so often prevents the user forgetting their PIN ( yes it happens)
b. Fingerprint sensor stopped working on a iPhone 5S, so only way to access the phone was to restart it and enter PIN.


2712 posts

Uber Geek


  # 1355393 30-Jul-2015 15:49
Send private message

jaidevp: It also asks for it if you haven't unlocked the phone for 48hrs.

I think it's useful for a number of reasons, top 2 based on experience is
a.  Asking for the passcode every so often prevents the user forgetting their PIN ( yes it happens)
b. Fingerprint sensor stopped working on a iPhone 5S, so only way to access the phone was to restart it and enter PIN.



I'd forgotten about that. I wonder if the Secure Enclave locks itself after 48 hours, making this a requirement?


3095 posts

Uber Geek

Trusted
Subscriber

  # 1355410 30-Jul-2015 16:49
Send private message

Paul1977:
nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece  - the pincode.


That's what i was getting at with my above edit, but never saw this in any official info that I had read. That makes sense, thanks.

But what about when you first purchase an app after a restart? The Secure Enclave is accessible at this point, but it still won't let you use Touch ID until you enter your Apple ID password. Is there a technical reason for this?


That's because at that point, it doesn't have your Apple ID password.  It needs you to provide it so it can verify with Apple that the password is correct (which it does by irreversibly hashing it and sending the hash).  Without the password, it can't generate a hash, therefore preventing you accessing Apple services that require positive identification.  As Apple doesn't have any of the Touch ID data, they cannot use that to verify.

366 posts

Ultimate Geek

Trusted

  # 1355413 30-Jul-2015 17:12
Send private message

jaidevp: It also asks for it if you haven't unlocked the phone for 48hrs.

I think it's useful for a number of reasons, top 2 based on experience is
a.  Asking for the passcode every so often prevents the user forgetting their PIN ( yes it happens)
b. Fingerprint sensor stopped working on a iPhone 5S, so only way to access the phone was to restart it and enter PIN.



You can enter the PIN normally without restarting it.. If fingerprint sensor doesn't work you just enter the PIN right there and then. I know this as the Touch ID sensor on my 5s is not good at all. 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.