Touch ID and A7 Secure Enclave Detailed in Updated Apple Security Document

by

Apple today posted an updated security document [PDF] on its iPhone in Business site, offering details on the inner workings of both Touch ID and the "Secure Enclave" built into Apple's A7 processor (via TechCrunch).

Since its 2013 release, Touch ID has faced scrutiny over privacy concerns from both users and government officials, and while Apple has previously offered few details on how Secure Enclave works, it has assured users that the system stores only fingerprint data rather than images.

touchid
According to the updated security document, Secure Enclave is a coprocessor within the A7 chip that uses a secure boot process to ensure that its separate software is both verified and signed by Apple. All Secure Enclaves can function independently even if a kernel is compromised and each one contains a unique ID inaccessible to other parts of the system and unknown to Apple, preventing the company or any other third parties from accessing data contained within.

Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave's portion of the device's memory space.

Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter.

Fingerprint data collected from Touch ID is stored within the Secure Enclave, which is used to determine a match and then enable a purchase. While the A7 processor collects data from the Touch ID sensor, it is unable to read it because it is encrypted and authenticated with a session key built into Touch ID and the Secure Enclave.

It's encrypted and authenticated with a session key that is negotiated using the device's shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption.

Along with details on the function and security of the Secure Enclave, the document contains details on Touch ID, most of which have been previously published by Apple in other documents and literature on the feature. It also offers some specifics on the security of fingerprint capturing and a reminder that fingerprint data is accessible only to the Secure Enclave and never sent to Apple or backed up to iTunes or iCloud.

The document's section on Touch ID and the Secure Enclave ends with a detailed description of how both Secure Enclave and Touch ID work together to unlock an iPhone 5s, which is well worth a read for users interested in how the technology functions.

Apple's updated security document has been added as part of a larger redesign of the IT section of its iPhone in Business site, which now features a cleaner design with navigation icons at the top of the page.

Related Forum: iOS 7

Popular Stories

Apple Creator Studio

Apple Introduces New 'Creator Studio' Bundle of Apps for $129 Per Year

Tuesday January 13, 2026 6:11 am PST by
Apple today introduced a new Apple Creator Studio bundle that offers access to six creative apps, as well as exclusive AI features and content, as part of a single subscription. In the U.S., pricing is set at $12.99 per month or $129 per year. Here are the six apps included with an Apple Creator Studio subscription:Final Cut Pro on the Mac and iPad Logic Pro on the Mac and iPad Pixelmator...
Read Full Article344 comments
Low Cost MacBook Feature A18 Pro

Apple Is Expected to Launch These Four MacBooks in 2026

Friday January 9, 2026 8:17 am PST by
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop. Subscribe to the MacRumors YouTube channel for more videos. ...
Read Full Article118 comments
iOS 18 Siri Personal Context

Apple Confirms Google Gemini Will Power Next-Generation Siri This Year

Monday January 12, 2026 7:38 am PST by
In a statement shared with CNBC today, Apple confirmed that Google Gemini will power the next-generation version of Siri that is slated to launch later this year. "After careful evaluation, we determined that Google's technology provides the most capable foundation for Apple Foundation Models and we're excited about the innovative new experiences it will unlock for our users," the statement...
Read Full Article267 comments
iPhone Top Left Hole Punch Face ID Feature Purple

10 Reasons to Wait for This Year's iPhone 18 Pro

Thursday January 8, 2026 2:56 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article75 comments
iOS 26

Here's What's New in iOS 26.3 So Far

Monday January 12, 2026 1:15 pm PST by
Apple today seeded the second beta of iOS 26.3, nearly a month after the first beta. So far, the update includes a couple of new features for iPhones. iOS 15.3 through iOS 18.3 were all released in late January over the years, so it is thereby likely that iOS 26.3 will be released towards the end of this month as well. The update is compatible with the iPhone 11 series and newer. Below,...
Read Full Article46 comments
iOS 18 Siri Personal Context

Elon Musk Reacts to Apple and Google Teaming on Gemini-Powered Siri

Monday January 12, 2026 11:38 am PST by
Elon Musk today expressed concern about Apple and Google partnering on a more personalized version of Siri powered by Google's generative AI platform Gemini. "This seems like an unreasonable concentration of power for Google, given that [they] also have Android and Chrome," wrote Musk, in a post on X. Musk serves as CEO of xAI, the company behind Gemini competitor Grok. It is unlikely...
Read Full Article224 comments
fcp pcp iwork creator studio

These Apple Apps Will No Longer Receive All New Features Without a Subscription

Tuesday January 13, 2026 10:50 am PST by
If you are not interested in subscribing to the new Apple Creator Studio bundle introduced today, you will officially start to miss out on some new features. Apple said some "exciting new intelligent features and premium content" in Final Cut Pro, Pixelmator Pro, Keynote, Numbers, Pages, and Freeform will only be accessible with a Creator Studio subscription. In the U.S., a subscription...
Read Full Article355 comments
Apple Intelligence iPhone 16

Google Gemini Partnership With Apple Will Go Beyond Siri Revamp

Monday January 12, 2026 8:48 am PST by
Apple and Google today announced that Google Gemini will help power not only a more personalized version of Siri, but a range of future Apple Intelligence features. "Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google's Gemini models and cloud technology," the companies said, in a statement. "These...
Read Full Article231 comments
iOS 26

iOS 26.2.1 Update Coming Soon for iPhones

Monday January 12, 2026 8:19 am PST by
iOS 26.3 will likely be released to the public later this month, but it appears that Apple is preparing to push out another software update in the interim. Apple's software engineers have started testing iOS 26.2.1, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. The update will likely be released at some point this week or next week. ...
Read Full Article31 comments

Top Rated Comments

Klae17 Avatar
Klae17
155 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Score: 34 Votes (Like | Disagree)
taptic Avatar
taptic
155 months ago
And the new Galaxy S5, in cooperation with Android, immediately sends your fingerprint to Google headquarters! No hassle guaranteed!
Score: 23 Votes (Like | Disagree)
Nunyabinez Avatar
Nunyabinez
155 months ago
I would have preferred that they called it the "Fortress of Solitude" rather than the "Secure Enclave."
Score: 20 Votes (Like | Disagree)
DaveN Avatar
DaveN
155 months ago
Because you're on an Apple-based website?

I posted a question concerning obvious Android fanaticism on the Android Police site some months ago. The amount of hate posts received in response to what was a simple and honest question was astounding. Bottom line is that Apple Fanbois are much more civilized and even tempered than are Fandroids, IMHO.
Score: 12 Votes (Like | Disagree)
seamer Avatar
seamer
155 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?

Samsung will fix it when Apple shows them how.
Score: 11 Votes (Like | Disagree)
\-V-/ Avatar
\-V-/
155 months ago
Good timing with the new Samsung S5 Touch-wipe-button. Hey how come no one cares about security when Samsung does it yet when Apple does it we all FLIP?
Because you're on an Apple-based website?
Score: 11 Votes (Like | Disagree)
Read All Comments