The age of digital security is rapidly changing. The days of periodically refreshing one’s password are coming to an end.
In the new world, “YOU” are the password
Biometrics-based authentication has seen a revolution starting with TouchID. With iPhone X, Apple has essentially killed the TouchID and has replaced it with FaceID.
Apple claims that 1 in 50,000 people can unlock an iPhone by having a similar fingerprint, but only 1 in 1,000,000 would have a face similar enough to trick the new system.
What if you wanted to know the “whodunit” details when there is an unauthorized access to your iPhone or other Apple device that is using Biometrics to authenticate?
Apple’s newly approved patent, 9819676, provides some clues around how the company could implement this functionality in the future to discover the “whodunits.”
The case of an unauthorized unlocking attempt not only applies to situations when someone steals your iPhone, but it could be as simple as one of your family members or your teenager trying to use your iPhone without your permission.
Users of computing devices may desire to be able to identify one or more unauthorized users who have attempted to utilize the user’s computing device.
Patent 9819676 Details
According to this patent, your iPhone may determine to capture biometric information in response to the occurrence of one or more trigger conditions.
The trigger condition may be receipt of one or more instructions from one or more other computing devices, detection of potential unauthorized use by the computing device, normal operation of the computing device, and so on.
Once an event has triggered, your iPhone may obtain biometric information and store such biometric data. Such biometric information may be one or more fingerprints, one or more images of a current user of the computing device, video of the current user, audio of the environment of the computing device, forensic interface use information, and so on.
The trigger could happen based on the number of unlocking attempts. For example, if the iPhone receives more than a threshold number of failed authentication attempts (such as five), the iDevice may begin capturing biometric information as it gets such from one or more biometric sensors.
It is also possible that the trigger initializes as soon as your device receives a failed authentication. Your iPhone may immediately capture a fingerprint of the current user of the iPhone (i.e., the user that provided the failed authentication) and takes a picture or video of the current user.
That stored biometric information, collected during the unauthorized access event, can subsequently identify the unauthorized users.
What Happens to that collected information?
Your device then shares that collected information via an email to the email address associated with your Apple ID. Think of it as an Alert notification, triggered when your device discovers unauthorized access.
The collected biometric information can also include other particulars such as the location of the device and the timestamp of the unauthorized attempt.
Users could also establish rule-based mechanisms where the device purges that stored biometric information on a regular basis.
The objective of this patent is straightforward in that it is a mechanism to discourage unauthorized access to your iPhone.
As long as the biometric information is stored locally on the device, it may not be a problem. There could be security and privacy concerns if the biometric info were shared to a server that performed other actions including matching.
As with any patent, it may or may not make it to an actual iPhone in the future. It is however interesting to see how Apple’s engineers are thinking through various use cases related to FaceID and other biometric information.
Apple filed this patent in April 2016 and received approval on Nov 14, 2017. The primary inventors of the patent were Byron Han, Craig Marciniak, and John Wright. All the three inventors worked at the Apple Special Projects group (SPG) at one time or the other.