Apple has a new patent published by the USPTO today (via AppleInsider) that shows off a system through which Touch ID information could be collected on a primary device, and then transferred via iCloud to a secondary device for use in authentication, or to set up said device presumably without repeating the enrolment process. It could also be used to allow dedicated Apple Pay terminals with their own Touch ID sensors to verify user fingerprint information and process transactions without even needing the primary device to be present.
The system describes various ways in which the Touch ID data may be transferred from device to device securely – Apple currently touts as one of Touch ID’s features the fact that any biometric data lives only on the device, and only on a secure, isolated portion of the chipset that isn’t made available to the rest of the device. But the patent offers a number of options to maintain security, including requiring that a user authenticate via iCloud to securely store their Touch ID information for transfer, or even sending info gathered on the second device back to the original for matching and authorization, meaning the actual original data is never transferred wirelessly in any form.
Apple also lays out how transferring data from one device to another might operate only over local wireless tech, including NFC and Bluetooth, as well as ad hoc Wi-Fi connections directly between devices. This could help ensure greater security, and make sure the system complies with regulations about how biometric data can be transferred between devices.
One of the more intriguing aspects of the patent describes a use case in which the second device in the Touch ID info transfer is actually an Apple Pay-enabled terminal with a fingerprint reader. This would mean that a user could use Apple Pay at such locations without having to actually have their phone present. The information gathered on the terminal could be sent back to the original device for checking against the locally stored record, with a unique encryption code generated each time, again ensuring that no user information is at risk for interception or redirection.
Apple’s Touch ID system could be a great fit for iCloud integration, but the tech was introduced with a heavy emphasis on the fact that the info is stored locally and never transmitted in any way. Getting rid of the set-up process when a user upgrades is indeed a great convenience factor, and theoretically allowing a user on an iPad they don’t normally use trigger identity-based features via Touch ID authentication is also an interesting use case, however. And Apple Pay showed that Apple could figure out a way to use Touch ID information to prompt action on a second device, without opening a security gap, so perhaps the next step is something like what’s described in this new patent.