So... When you power your phone up, it asks for your PIN. You cannot unlock using your fingerprint.
This seems to fly in the face of using your fingerprint which cannot be guessed as opposed to your PIN which can. So why is it done that way?
![]() ![]() ![]() |
|
nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.
“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.
iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.
Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”
Paul1977:nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.
“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.
iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.
Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”
Why does any of this prohibit using Touch ID immediately after restart?
uglyb0b:Paul1977:nathan: Until you are logged back in to your phone, Touch ID can’t communicate with the Secure Enclave, making password entry a necessity.
“Touch ID doesn’t store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation.
iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS.
Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can’t be used to match against other fingerprint databases.”
Why does any of this prohibit using Touch ID immediately after restart?
Um...Nathan explained it in the first sentence of the post you quoted.
nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece - the pincode.
jaidevp: It also asks for it if you haven't unlocked the phone for 48hrs.
I think it's useful for a number of reasons, top 2 based on experience is
a. Asking for the passcode every so often prevents the user forgetting their PIN ( yes it happens)
b. Fingerprint sensor stopped working on a iPhone 5S, so only way to access the phone was to restart it and enter PIN.
Paul1977:nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece - the pincode.
That's what i was getting at with my above edit, but never saw this in any official info that I had read. That makes sense, thanks.
But what about when you first purchase an app after a restart? The Secure Enclave is accessible at this point, but it still won't let you use Touch ID until you enter your Apple ID password. Is there a technical reason for this?
jaidevp: It also asks for it if you haven't unlocked the phone for 48hrs.
I think it's useful for a number of reasons, top 2 based on experience is
a. Asking for the passcode every so often prevents the user forgetting their PIN ( yes it happens)
b. Fingerprint sensor stopped working on a iPhone 5S, so only way to access the phone was to restart it and enter PIN.
|
![]() ![]() ![]() |