iPhone 5s Touch ID – a whole new revolution in security and payments

I cant emphasize enough how Apple’s iphone 5s touch ID is important for the security industry in general and payments in particular.

“Late in 2011 and early in 2012, the Company discussed new technology with several leading consumer electronics companies to gauge potential market interest for such a product. For a number of reasons, including cost, Apple was the only potential customer that expressed substantive interest in pursuing further development of and a commercial agreement with respect to this technology.” – AuthenTec, 2012

Yes, you read that correctly, every company that had even a parting interest in fingerprint scanners, passed on working with AuthenTec in a meaningful way, even Google.  This statement was part of a filing to the US Security And Exchange Commission.

When all companies missed the trick, Apple acquired Authentec in 2012 and the best brains in business saw a bigger vision behind this acquisition which has led to multiple inventions and patents since then. Let me tell you how all this started and about the man behind this dream. You guessed it right, ‘Steve Jobs.’

Steve Jobs hated logins and passwords, and he was going to do something about it. It was the late winter of 2007 and while many of us were just starting to get used to the iPhone and all the ways it was changing the world,  Steve Jobs was already planning a completely new paradigm for a future iPhone release.  Although Steve loved the “Slide To Unlock” feature he knew that the steps involved and the time it took to unlock the screen when a passcode is being used was unacceptable.  Steve predicted that as the iPhone became more indispensable and formed the center of our lives, it would be used perhaps hundreds of times per day, not just as a phone, but as our primary connected computer.  Additionally early data from iPhone users proved that only a very small percentage even bother using a passcode, that included Steve.

Steve and Apple engineers went about crafting a way to solve this problem and along the way they discovered that there could be a lot more use cases this new system could address.  By September 9th, 2008 Apple began to file one of the first few patents addressing this technology.touch id

Steve and the team were forming one of   the early foundational premises for the Touch ID: to secure what will become your most important device and to elegantly open the phone with just a tap of a finger.  However, it became very clear that this level of security could be extended to a wide number of uses including payments.

Talking about security, it turns out that less than fifty percent of iPhone users activate a pass code on the lock screen. There are quite a number of reasons for this.  The largest reason is that these users are interacting with the iPhone perhaps a hundred times per day.  It becomes ridiculous at some point to spend the 5 seconds each time to unlock the phone.  And thus this creates a rather large problem.  About eighty percent of lost iPhones did not have a pass code lock.  Unless the owner activated and is fast at using Find My Phone, all levels of information about this user is now compromised… including pictures, texts, address books, financial data and just about all aspects of our lives.  With the Touch ID activated along with Activation Lock security aspect in iOS 7, lose your iPhone 5s and it is 100% worthless to anyone but you.

I had written sometime back that this Apple acquisition is not really just about security, it is also about NFC, Mobile Wallets, Payments, new ways to pay and a new iPhone Home Button.Touch id learning screen

Fingerprints and clouds

If we observer, our mobile devices started out being just a cellular phone and in relatively short they have become the central hub of just about every experience that can interact with electronics and software.   We all now retain more and more of our “life” on these mobile devices.  As this decade runs out we will not even distinguish the mobile wording.  They will almost literally be a part of us.  This is rapidly creating two very significant trends:

  1. The Personal Device Cloud: These are devices that transmit and receive information from the iPhone.  This includes iBeacons, Bluetooth devices, WiFi devices, NFC devices, and image based devices.
  2. The Personal Data Cloud: This is information that is generated on the iPhone (pictures, text audio), from the personal device cloud, from the Internet (login/passwords, etc), medical information, payment card information, etc.

Most of us already are carrying a number of personal data clouds.  It started with the simple phone book and now spans to every element of data one can imagine.  Apple’s new vision is to create a secure environment so that as we all accumulate more data that the security grows with it.  Sharing these data has been getting easier but securing it has been getting tougher.

The personal device cloud revolution is just starting and can already see use of product like the Nike Fuel Band, the Jawbone Up, and of course smart watches.  These devices typically use Bluetooth to connect the iPhone and present raw and/or processed data that would be passed on to an app and perhaps to a proprietary cloud.  With iBeacons and the APIs that will connect to this technology, all of us will rather rapidly create even more personal data generated by our personal device cloud.  This can span from medical data to data from our cars and everything in between.  The personal device cloud and the personal data cloud must be secured.

One-finger tap and the logins to all of your apps are covered

As app developers convert to Apple’s new Touch ID API, one single finger tap at the home screen and all of your logins and passwords for each app will already be sent within microseconds pressing the app icon.  The time saved from this feature alone is quite substantial.

Apple has presented just the tip of the iceberg on how Touch ID will be used.  Over time Apple will create far more use cases.  And just like how most of us did not miss a mechanical keyboard on iOS devices, in the next few years we will become so accustomed to the Touch ID that we will not be able to remember “slide to unlock”.

Touch ID:  Data are locally encrypted and never leaves your iPhone

Touch ID is using a new Secure Enclave as part of the A7 processor.   The data generated by Touch ID are encrypted and stored in this area but never sent over the Internet or to iCloud.  The Secure Enclave is a genius move by Apple as it fully discounts many fears that our fingerprints will be sent around the world. In addition, the Secure Enclave will play a central point in Apple’s payment strategy.

Additional Security

To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (example full battery drain) or hasn’t been unlocked for 48 hours. This is a genius feature that is meant to set a time limit for criminals if they try to find a way to circumvent the fingerprint scanner.

Payments the Apple way

touch id payment card terminalApple has had a grand history of getting payments just right. This experience was perfected on the iTunes online store and was extended at the Apple retail store.   We will see Apple using Touch ID already in use on the online store and soon at the Apple Retail stores.  This will be the test bed example of just how powerful Touch ID will be for retail payments.  In “Apple Time” we will start to see more pieces released that will allow any retail merchant to have access to this payment system.

The Secure Enclave will replace the Secure Element when the full payment aspects of this system is slowly and methodically deployed.  Additionally there is a rather important patent that telegraphed the capacitance ring but also is telegraphing NFC.  Apple has great plans in this direction.

Simple yet powerful innovation

With one disarmingly simple addition to the iPhone, Apple has once again redefined how we all will view our mobile devices.  But just like many Apple revolutions, it may take some time for most of us to understand this is really a revolutionary change.
One of the first iPhone revolutionary milestones was quite visionary: convince the world that they will come to appreciate typing virtual keys displayed on a glass screen rather then mechanical keys so small that we just about needed pixie fingers to have any proficiency. Back in the ancient days of 2007 there were a tremendous number of critics.  We don’t hear too much from them today.  Perspectives changed—we changed.

One last thing

Steve left what amounts to a “playbook” of features and technologies he thought was important to Apple.  This playbook is packed full of innovations that are just mind blowing.  Apple thus far is innovating on many levels.  It seems that Apple has followed through on Steve’s one last thing(s).

Stay tuned for more payment news, analysis and startup stories on Lets Talk Payments.

Brian

Brian Roemmele, is a mobile payments expert and an avid blogger at Quora. His profile can be found at http://www.quora.com/Brian-Roemmele. Brian is an Apple enthusiast and has deep interests in writing about new technology in payments.