• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Integrating touch Id with sign up-in process in client-server based app
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integrating touch Id with sign up-in process in client-server based app


  • Subject: Re: Integrating touch Id with sign up-in process in client-server based app
  • From: Jens Alfke <email@hidden>
  • Date: Thu, 16 Jul 2015 15:31:44 -0700

> On Jul 16, 2015, at 2:10 PM, Devarshi Kulshreshtha <email@hidden> wrote:
>
> My question is - is there any way we can use touch ID to validate user at
> server, say by sending and validating his biometric information at server?

No. The biometric data never leaves the locked-down trusted module inside the CPU; it’s completely inaccessible unless you physically tear the chip open and do some very sophisticated probing. That’s a good thing. Sending biometric data around is very insecure, and if it’s compromised the user is screwed because they can’t very well get a new set of fingerprints.

All TouchID lets your app do is store data in a Keychain item such that it can’t be retrieved later unless the user physically presents their fingerprint. So _after_ your app has authenticated itself to the server the first time, you can store the resulting shared secret (password, key, token, whatever) securely so that it can only be retrieved using Touch ID.

—Jens
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


References: 
 >Integrating touch Id with sign up-in process in client-server based app (From: Devarshi Kulshreshtha <email@hidden>)

  • Prev by Date: Re: C Sharp?
  • Next by Date: Re: NSSecureCoding with containers (or, is NSArray lying?)
  • Previous by thread: Integrating touch Id with sign up-in process in client-server based app
  • Next by thread: Helper App - xcode
  • Index(es):
    • Date
    • Thread