Home button fingerprint sensor in 'iPhone 5S' would give Apple a new leg up on the competition - Page 2

Same place all the NFC terminals are that would make it worth bothering with. 

Exactly. NFC just hasn't taken off. It's not quick enough to use as an Oyster card replacement on the London Underground for example and it simply isn't needed for contactless payments either, so what's the point?

How about intergrateing the fingerprint reader with 1password. the reader would worl with login and iOS and 1password would work with the apps.  Time to buy 1password?

They can just integrate it into the ON button like my old Atrix 4G.

The Motorola Atrix had a fingerprint reader in the power button. Did this guy do his research?

Does anyone else notice that this guy's refresh/release schedule is weighted very heavily in the 3rd & 4th quarters? I recall Apple staggering their product releases for a more even level of sales throughout the year.

My speculation (because that's all this is at this point, even if you're an "analyst") is that we won't see a fingerprint sensor until the iPhone 6. It's too soon, Apple just bought Authentec in the fall.  The iPhone 5S design is likely nearly finalized.

 

Adding it to the 6 instead allows them to go through a bunch of prototypes and really figure out the best way to do it.  Plus the case redesign would help them make room if necessary.  Have you seen how thin the iPhone 5 home button is?  I'm not convinced they could add a fingerprint sensor without a major redesign of the inside layout of the phone.

 

It also gives Apple more time to refine passbook.

 

That of course leaves the question, what will be the new feature of the 5S?

Screen integration would mean completely replacing the hardware used now. This isn't something that I would suspect to happen anytime in the near future. Now that being said, they could make use of the on-board camera for identity verification... perhaps in conjunction with the finger print reader.

There is some integration with this already.  Walgreens for example has their loyalty card on Passbook.  I'll agree the rollout hasn't been as fast as I would like, but I still like the potetional of passbook

 

First off, does whoever made this picture realize that the phone on the right isn't a Windows phone, but actually an HTC Android phone?  Second, there's already been several phones out there (including Android phones) to make use of fingerprint scanners...

 

I'm not sure if it will happen but in fact, the fingerprint tech they just bought was for exactly this, integrating the scanning tech right into a regular screen.  Since they've been rather intimately involved in the design of their screens lately, even to the point of investing in factories and so forth, it's at least a possibility.  It wouldn't take years or anything either.  Presuming the fact that it works, it would just be adding the sensor layer to the next round of screens produced.  

 

Also, you should know that using a camera to identify the users face is basically a joke. It doesn't actually work.  

It's a boondoggle and not really anything to do with "security" per se at all.  

 

For reasons to many to mention that have been discussed over and over again ... the Home button is not going anywhere.  It's a central part of the entire design, everyone likes it, and removing it would serve no purpose.  

 

Also ... edge to edge screens?  What have you been smoking?  

Increased password vulnerability ranked number one among Deloitte Canada’s top 10 predictions for this year. “Over 90% of user-generated passwords will be vulnerable to hacking in seconds,” the firm predicts.


http://blogs.wsj.com/canadarealtime/2013/01/15/dont-count-traditional-pcs-out-just-yet/?mod=e2tw

This is only one problem with it, and that's a doozy

the fact that i have to download and utilize the Walgreens app on my phone, then transfer the data from the Walgreens app to the Passbook app.  This is why it fails, too many apps and too many taps to get the job done.

 

How should it happen.  You sign up in store for a loyalty card (Petsmart, Walgreens, Best Buy, Subway, etc.) using your email address.

They send you an email with the loyalty card, tap "add to passbook"...done.

 

Next time you're at that store, bring up passbook and you have a digital wallet showing your points history and rewards, any additional coupons that can be scanned at the register.  Done!

 

I don't think either of those things are possible unless 1. Apple has invented some new advanced battery technology, and/or 2. Apple will roll out IGZO-based LCD and/or OLED panels this year.  The reason why the iPad 3rd / 4th gen are thicker than the iPad 2 is because all those pixels require more power.  More power requires either a better and/or a larger battery.  Apple didn't have better battery technology, so they made the battery bigger.

 

But IGZO conductors are vastly more efficient than the current amorphous silicon technology.  40 times better conductivity plus better transparency means far more power-efficiency, since the thousands of "invisible wires" to all those pixels will require far less power.  It will be interesting to see if Apple and Sharp are ready to ship IGZO-based OLED screens in volume, or if they'll simply upgrade the traditional LCD + backlight technology with IGZO (for now).

Mack book pro retina was just redesigned,,, another redesign again this year... Does not compute!
New design iphone 5? Why would it be called iphone 5 if it is new design?

Finger orint sensor is cool. I dont see the concern of the first comment posted here.
It can be a local process of authentication on the device... Independent of remote sites.
Plus i feel it will be mainly for authentication of the phone user to get past lock screen... And apps on iphone.
If it ever gets expanded to act as log in authentication for remote sites.. It will just be fantastic.

Apple TV.. If they dont do a full blown TV... I expect apple tv to introduce some major functionality enhancements expected from a full blown tv!

 

The AMC app works exactly like that.  You should try it.  It's free.

 

Come to think of it, Starbucks and Fandango do too.  Right there in Passbook.  

 

In fact, Apple's iOS 6 page has all the details that you've apparently missed:

 

 

Here ya go.  Enlighten yourself: http://www.apple.com/ios/whats-new/#passbook

Everything you say now is moot.

Firstly it's as secure as you want it to be. If you go for 1234 then clearly you are gonna have issues.

Secondly, no matter what alternative security you put on there, you will have to keep the standard login in case the tech doesn't work.

 

Imagine you have an accident and your hands are covered in blood. Phone won't unlock, you are in trouble.

Just think if Android owners could only log into their phone with their amazing face recognition unlocking, there would be about 100 million people who would have an unusable phone. How I laughed at the Android owners I know, trying to impress by demonstrating FR unlocking 7 or 8 times with a fail each time.

 

Sometimes it's easier to log in normally. it's only 4 digits to unlock your phone.

The iPhone needs a fingerprint scanner as much as it needs NFC.

 

For now...

"Unless every website, every program, every piece of hardware that you use integrates this technology, it's not going to work. For this to completely replace usernames and passwords, there will have to be a lot of up-front work on the user's part and the developer's as well. you're still going to need back-up passwords and usernames for cases where you don't have your phone (like on a PC/Mac) or internet cafe. It's just too complex of a situation."

You are completely missing the point. It is NOT replacing a username/password (or passcode in the case of the phone lock) as an authentication mechanism. It likely would just automatically input the information, using your fingerprint to confirm your identity. Very similar to the auto-fill feature in modern browsers. It wouldn't require any special integration from websites or application developers.

 

Numbered above to reply:

 

1) It may be cool tech, but scary/creepy.

 

I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint.  Fingerprints are used to track criminals, not "regular" folks, egads.

 

2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem.  For that, you get props.

 

Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device.  With ANY app, period.  Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app.  Once your data has reached their servers, you might as well consider it public information.  It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.

 

I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.

 

3) This makes some sense.  The problem is in keeping that data local to the device.  I just don't know how it's possible to be assured of that over time.

 

4) I don't agree.  It would then be a single point of failure for virtually anything and everything you do on your mobile device.  Never a good idea from a security standpoint.  But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues.  Very sad.

 

why not make the home button the same as the screen, much like the glass trackpad? Actually, if they made the home button as a mini trackpad, that would allow swipe gestures also. 

Lest anyone think biometrics are "safe".  Read this article at news.com.au:

 

Theft of Fingerprints Easier than Cutting Off a Finger, Security Experts Warn

 

Of course there's always the cut off your finger method as well.

 

People need to stop and think about this:

- when your password is compromised, you can make a new one in 5 minutes.

- what do you do when your fingerprint is compromised?  

 

There's no alternative except returning to passwords, because you can't change your body.  At that point you are back to using passwords AND your fingerprint has been compromised, so you are unequivocally worse off than before.

 

It doesn't surprise me that many people aren't thinking about this, it does surprise me that it seems almost no one is.

...could be difficult for competing Android and Windows Phone devices to copy...

 

 

This is a gratuitously insulting statement. Samsung is one of the most innovative companies on the planet, they have a tried and true strategy already in place. They simply copy it now and work out the detail later in the courtroom.

 

Well that was not encouraging lol 

 

I gather Apple could use this as a soft passcode approach, whereby a password would be required to access sensitive data on the phone or to unlock it.  However, if the data is kept only on the phone, then the phone would have to be hacked to gain the biometric data, and having a hacked phone circumvents the need to gain the biometric data to hack the phone. Although if getting to your biometric data is the objective and the phone is easier to hack than a back, then that is a problem also. 

 

I guess to be sure, we need finger, voice, retina, and a password. Or no phone at all :P 

 

I agree. That has worked well thus far, why change it? :P 

 

Oh, and much cheaper than all that pesky R&D stuff. 

The other thing to consider though is that people have to remember passwords and because of the rise in computing power, we need longer and longer ones:

http://news.cnet.com/8301-1009_3-57558223-83/no-password-is-safe-from-this-new-25-gpu-computer-cluster/

"Using a brute force method, the cluster is capable of guessing every single eight-character password containing letters, numbers, and symbols in 5.5 hours. The cluster is running Virtual OpenCL, a platform that makes the GPUs believe they're all functioning together in a desktop computer"

And they wouldn't use brute force normally so you can bet even longer passwords are feasible these days.

I don't like usernames and passwords either and static data like biometrics is not enough. Biometrics would work if the scanner could test vital signs. In other words, you'd only pass a retinal scan if the scanner could verify that it was sampling an actual eye and not being tricked with just the data. But obviously computers can be tricked in many ways so that's a very difficult problem to overcome.

If we stick with passwords, we're going to need something a lot better than just remembering longer phrases. At the very least to save time typing it in.

One approach to get round the passwords might be the following:

- there could be a very large encryption key in a file on a smartphone or computer protected with a simple gesture or code
- there would be a similarly large key on the server
- when you go to authenticate something online, they'd send a random message to you that has been operated on using the server key
- you would then take that message, type in your simple passcode and allow your smartphone to operate on the message using your local key
- once the server gets the message back again, it can tell the local key and server key match

This is basically what can be used for SSH authentication:

https://wiki.archlinux.org/index.php/SSH_Keys

but it protects your local keys behind a simple protection.

No server exploits are possible because a hacker would only get a single key. If someone steals your phone or computer, they'd have to guess the gesture or keycode to decrypt the larger key and still have to figure out what services the person used and possibly their username. By that time, the victim of the theft simply gets a new key issued without having to guess a new passcode or gesture. Multiple complex keys can be stored behind a basic local barrier and this barrier could even be a biometric one. This biometric data would never be sent to a server. Biometrics plus a simple pass key or gesture would be even stronger.

I personally get tired of using password schemes. I make up unique passwords for about 20 or so services and then write them in a local encrypted dmg with a strong code in case I forget but it's such a pain having to remember them all. The benefit to passwords and biometrics alone is that you always have them with you so you could log into a service from another computer but I think we're going to have to start using longer computer generated keys and they can be put on SD cards if needs be.

Nowhere in the article does it say that usernames and passwords would be replaced globally across all apps in the phone. Nor does it state so. This could start by simply replacing a passcode to unlock your phone, which would be quite handy. Of course it would be nice to go password-less across the board. That is not mentioned or implied here.

Yes, in its simplest form, it would be an authentication process as soon as you tap the home button without requiring a passcode. The extension to simplifying online passwords is just a need that it might be able to help with in some way. Apple's advantage has always been doing the software and hardware together so there can be uses beyond the unlock. It can be used to authenticate App Store purchases or any number of things if it's done in the right way.

 

Fingerprint/Faceprint systems do not store images of your finger/face. They store a small set of "vectors" extracted from the image by the recognition algorithms, which are then encrypted. Even if you decrypted the vectors, you would not be able to recreate the original finger/face image. In addition, the "feature space" of a finger/faceprint is much larger than that of a typical password (which might be only six characters long, consisting of only letters and numbers for a "space" of 26 to the 6th power. These vectors are akin to the hashes that password based systems store. Compromising such a system does not reveal passwords, just the hashes for them. If the hash key is large enough, it is computationally impractical to work out the original password, unless it's in any of the widely available online dictionaries. The vastly larger feature space of a set of finger/face vectors makes brute force decryption impractical. As your fingerprint vectors would never leave the phone, there would be no chance of building dictionaries of them on the web.

 

The benefit of Authentec's sensing technology is that it requires a physical finger. It is not an optical sensor, so a photograph of a fingertip cannot fool it.

 

When you present your finger/face to a recognition system, it extracts the vectors from the image it takes of your finger/face and computes a degree of fit with those vector sets it knows. If the system accepts a large number of authorized users (for example a building security system), it must find the best fit from amongst a large collection of vector sets, which often produces recognition errors. If the system is simply checking for the presence of one or two owners, recognition accuracy can be quite high.

 

To use a fingerprint sensor as the key to opening a Keychain like password system makes sense to me. The vagaries of various website and app password systems can be handled by the internal plumbing of Keychain. Rather than annoying me with constant prompts to enter my user/admin password, a quick press of the home button (or some region of the screen) seems both easier and less prone to hacking. You can't look over my shoulder to learn the physical characteristics of my fingertip. You can see what I type.

It seems to me that if true the fingerprint scan would only be used to unlock your iPhone - and perhaps leap into Siri. It doesn't make sense to me that you would be asked to press the home button when visiting a web page or within an app in lieu of entering a password, as pressing the home button returns you to the home screen and always has done. It seems like a good idea to me, especially since in order to access work email on my phone the company imposes a long Passcode lock policy. I'm also shocked at how many people I know who have no Passcode lock at all on their phone, despite the sheer amount of information stored on iPhones from email to banking etc.

I am getting real big of the home button to support multi touch gestures.(same tech. in Mac trackpad.

 

Well it wouldn't be a button if it was part of the screen.  One of it's uses is that it allows blind people to use the phone.  It has to be a physical button for that to work.  

 

The home button is an archaism. The era of edge-to-edge button-less design is coming and nothing can stop it.

 

 

No personal insult intended here but this is all paranoid nonsense IMO.  Why exactly would this be "creepy"?  

 

I remember this was a common point of view in the 1970's but I think we've kind of moved on from there.  I also think your assessment of what information can be extracted from the phone by app developers to be over-the-top and likely based more on fear than facts.  

 

My only concern with this tech is the fact that the ones I've tried always want you to use the fingerprint on your index finger, and I don't happen to have one.  So that's always kind of frustrating. I trust Apple will give us the option of which finger to use however, as they usually think of things like that.   

 

Only if you believe everything you read on the web verbatim.  Which it seems you do.  

 

Wait a minute ... you just read what I wrote on the web and you *didn't* believe it.  

 

Hmmm .... It must be that you just believe everything you read that has cool renders and video attached.  

Yeah, that's it.  

What if this isn't about security so much as recognizing when a finger is placed on a certain area. To create a 'virtual' home button rather than a physical one. They could move the hard reset to say pressing both volume buttons at the same time or some such. Or that could be taking a screen shot and do it with the sleep button for the reset.

 

Well, there is no way to store your passwords on the phone.  Unless you are foolish enough to put them in a text file.  

So it's not like possession of the phone equals possession of access to your bank.  

 

I like your analysis of the home button as fingerprint scanner issue though.  I think you are 100% correct on that. 

This reminds me of the fingertip pattern unlocking that was popular on touch PDAs for a short while around the turn of the century.

 

A whole mini-industry and lots of scientific research sprang up over what patterns were most secure, etc.  

 

Then, of course, people belatedly noticed that their fingers left a grease trail that showed what the unlock pattern was.  D'oh!!   Since a stylus was usually used for every other interaction, the unlock pattern was clear as a bell.

 

After that, pattern unlocking disappeared as a security option for a long time.   Even Apple didn't use it for security, but instead just used it for simple unlock.

 

--

 

Re: fingerprints.  Cheap visual sensors can be fooled.  Better ones look for live person hints, like perhaps body heat.  Some have very fine capacitive sensors that actually map out the live person's fingerprint ridges.   In other words, a picture or even a cut-off finger won't work.

 

In any case, as others have pointed out, they shouldn't worry about a bio-metric theft or sales situation.  This kind of info is usually kept only inside that particular device.  If you use a different device, you'll need to enter your fingerprint again.

 

Complete nonsense.

 

Common sense will.