apple touchid iCloud patent

Thursday, the United States Patent and Trademark Office published a very interesting and curious patent application by Apple which describes a technology seeking to synchronize Touch ID fingerprint data between devices through iCloud.

Titled “Finger biometric sensor data synchronization via a cloud computing device and related methods,” the invention would permit biometric data to be collected on a primary device, say your iPhone, and then uploaded to iCloud for dissemination to secondary devices.

To protect user privacy, users would first need to validate their Apple ID account information before enrolling a fingerprint via Touch ID, explains AppleInsider. Encrypted fingerprint data would then get uploaded to iCloud for beaming down to secondary devices, where it would be decrypted.

“Linking of biometric and account verification data is mandatory,” writes the publication. The invention would allow a secondary device to use Touch ID without requiring users to repeat the enrollment process.

In addition to that, Apple’s proposed solution could be used to allow dedicated Apple Pay terminals equipped with a touchscreen, speaker and their own Touch ID sensor to verify a user’s fingerprint information and process transactions, without the need for the primary device.

In a nutshell, you would be able to approve Apple Pay purchases at the point of sale by scanning your thumbprint, using a Touch ID-equipped POS terminal and without having to actually have your iPhone present.

apple touchid iCloud patent 002

Apple states that the POS terminal would not download your actual fingerprint from iCloud, instead sending its own “to-be matched biometric data to iCloud or a user’s iPhone for processing.”

In another embodiment, biometric data would be transferred from one device to another only over local wireless technologies such as NFC, Bluetooth and peer-to-peer Wi-Fi connections.

At any rate, such a solution would represent a major departure from the existing implementation that stores your fingerprint profile (not the actual fingerprint scans) in a Secure Enclave on the main processor.

As I’m sure you know by now, Apple proudly states that no fingerprint data ever leaves your device, nor is it being synced through the cloud or exposed to third-party applications, or to any other software or hardware component of the system for that matter other than the Touch ID sensor itself.

Due to potentially far-reaching ramifications in case of an iCloud hack, we’re pretty sure Apple will think twice before introducing TouchID syncing via iCloud as the company must be 100 percent certain that its invention is bullet-proof from a security standpoint.

Source: USPTO via AppleInsider

  • Shawn

    This makes me question Apple’s stance on them being unable to access the stored data in the secure enclave.

    • Fanboy 

      Everything has vulnerablities. No software is 100% safe, even if it’s 99.999999999% safe a company like Apple can’t take a risk for that 0.00000000001%

    • Hahaha, my first thought exactly!

    • Hotrod

      My thoughts exactly

  • Ian Leon

    I don’t like this

  • Chang in Charge

    nope I don’t want my fingerprints in the cloud no thanks Apple.

  • Virus

    iCloud already been hacked before no way am i having my finger prints in the cloud

    • To my knowledge (correct me if I’m wrong) iCloud hasn’t actually been hacked only users accounts have due to poor security.

      In regards to this article this leaves me to believe that fingerprint data would never actually be stored on iCloud just transported:

      Apple states that the POS terminal would not download your actual fingerprint from iCloud, instead sending its own “to-be matched biometric data to iCloud or a user’s iPhone for processing”

      TLDR; This is just a patent at the moment but if Apple were to make this a reality it sounds like fingerprint data would only be transported via iCloud to an iOS device for authentication but never actually stored.

  • James G

    “We dont store your fingerprint data. Period.”

    Introduces patent to upload and store fingerprint data.

    • It is clear they meant “We dont store your fingerprint data. Period. Yet.”

      • Hotrod

        Well put

    • James G

      I guess for now it’s just a patent. Doesn’t mean they’ll do it.

  • Haha, I knew this was bound to happen. The value is always bound to change while the data remains the same.

    • Jad Boukai

      I have no idea why everyone is even like finding any trouble with this. The government already has our fingerprints… It’s not like they need help from Apple

      • True they do but with this they can tie it to social media and life habits.