Thursday, the United States Patent and Trademark Office published a very interesting and curious patent application by Apple which describes a technology seeking to synchronize Touch ID fingerprint data between devices through iCloud.
Titled “Finger biometric sensor data synchronization via a cloud computing device and related methods,” the invention would permit biometric data to be collected on a primary device, say your iPhone, and then uploaded to iCloud for dissemination to secondary devices.
To protect user privacy, users would first need to validate their Apple ID account information before enrolling a fingerprint via Touch ID, explains AppleInsider. Encrypted fingerprint data would then get uploaded to iCloud for beaming down to secondary devices, where it would be decrypted.
“Linking of biometric and account verification data is mandatory,” writes the publication. The invention would allow a secondary device to use Touch ID without requiring users to repeat the enrollment process.
In addition to that, Apple’s proposed solution could be used to allow dedicated Apple Pay terminals equipped with a touchscreen, speaker and their own Touch ID sensor to verify a user’s fingerprint information and process transactions, without the need for the primary device.
In a nutshell, you would be able to approve Apple Pay purchases at the point of sale by scanning your thumbprint, using a Touch ID-equipped POS terminal and without having to actually have your iPhone present.
Apple states that the POS terminal would not download your actual fingerprint from iCloud, instead sending its own “to-be matched biometric data to iCloud or a user’s iPhone for processing.”
In another embodiment, biometric data would be transferred from one device to another only over local wireless technologies such as NFC, Bluetooth and peer-to-peer Wi-Fi connections.
At any rate, such a solution would represent a major departure from the existing implementation that stores your fingerprint profile (not the actual fingerprint scans) in a Secure Enclave on the main processor.
As I’m sure you know by now, Apple proudly states that no fingerprint data ever leaves your device, nor is it being synced through the cloud or exposed to third-party applications, or to any other software or hardware component of the system for that matter other than the Touch ID sensor itself.
Due to potentially far-reaching ramifications in case of an iCloud hack, we’re pretty sure Apple will think twice before introducing TouchID syncing via iCloud as the company must be 100 percent certain that its invention is bullet-proof from a security standpoint.
Source: USPTO via AppleInsider