Apple working on technology to finally allow iOS devices to support multiple users

Posted:
in General Discussion
Apple is researching a development of its Secure Enclave technology to securely allow multiple users to share one iPhone or iPad without revealing private info to the other users.

Future iOS devices may allow multiple users to each have their own passcodes
Future iOS devices may allow multiple users to each have their own passcodes


"Provision of domains in secure enclave to support multiple users," is a patent, newly granted to Apple, which is very specifically about securely allowing more than one user to use a device. That could mean Macs as much as it could iOS. Apple even refers to "both single user mobile computing devices and multi-user laptop and desktop computing devices."

Given that the Mac already has multi-user support, though, this patent's more likely aim is to bring that functionality to iOS devices. And above all else, to do so securely.

"A computing device can employ several passcodes and associated encryption keys, where multiple passcodes or encryptions keys may be associated with each different user account on the system," says the patent.

"Before a user can obtain access to data stored on the computing device, the user may be required successfully authenticate via the login screen," it continues. "However, it may still be possible to gain access to data stored on the computing system without knowledge of a username/password or passcode if the data is stored in an unencrypted manner."

"A malicious attacker may be able to extract data directly from the memory," continues the patent. "If the attacker has physical access to the computing system, the attacker can remove one or more storage devices from the system and access those devices via a different system."

So as well as being concerned with recognizing more than one user through "several passcodes and associated encryption keys," Apple wants those keys to "secure data within the computing system."

If Apple does apply this to iOS devices, then naturally every user needs to have their personal information, from logins to Apple Pay details, secured. Yet every user will also need access to certain shared features of the device, such as its web browser, or there's no point them having use of the iPhone at all.

"[Consequently, to] enable multi-user access to the data processing system, group keys can be created, such that via membership within a group on the system (e.g., administrators, users, etc.) can enable different levels of access to the system," says the patent.

Much of the patent's detail centers on "the use of a peripheral processor or processing system that is separate from the system processors." This peripheral processor "is a system on a chip (SoC) integrated circuit that enables various secure peripheral and input/output (I/O) operations."

Apple doesn't want to tie itself down to saying specifically the T2 chip, but it does say this system "can include a secure enclave processor (SEP)."

Detail from the patent showing one configuration of authentication before a user can access data on the device
Detail from the patent showing one configuration of authentication before a user can access data on the device


What it possibly belabors is how that SEP, or similar, limits access to only what the specific user is authorized to use. The SEP can be "the primary arbiter of all data access on the system," meaning that everything must route through this future version of the T2 chip.

As part of this, the patent details methods of how one authorized user can set what another user may see. It discusses how the regular system, or a rogue user, "cannot gain access to resources within the SEP."

Aside from the potential for multiple users to share a device, most of this security is hidden behind the familiar passcode or, possibly, Face ID. What a user might see, though, includes what happens when they enter the wrong passcode.

We're already familiar with the idea that after so many failed login attempts, you get locked out. Apple's patent suggests that before you get to that stage, the system could be deliberately slowed down.

"Passcode throttling can be enabled some single-user mobile computing devices, such as smartphone or tablet computing devices," it says, "to limit the rate in which an unauthorized user can attempt to enter incorrect passcodes."

"As an additional technique, the rate of passcode entry can be throttled after a pre-determined number of incorrect authentication attempts," it continues. "Throttling the rate of incorrect attempts provides various benefits, including limiting the likelihood in which an accidental lockout occurs and frustrating the ability to of a malicious attacker to perform a brute-force passcode attack."

This patent is credited to three inventors, Pierre Olivier Martel, Arthur Mesh, and Wade Benson. Among their many related previous patents is one concerning access of multiple users to data containers on a single device.

The new patent is far from Apple's first research into multiple users on an iOS device. As long ago as 2013, it was applying for a comprehensive patent regarding several users of the same Touch ID-enabled device.
«1

Comments

  • Reply 1 of 27
    GeorgeBMacGeorgeBMac Posts: 10,270member
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
  • Reply 2 of 27
    It’s the right thing to patent. Yet I doubt that we will see it deployed on the iPad. Apple would rather sell everyone their own device. 

    What does make sense, with the convergence of MacOS and iOS, is for you to login to your own “account” on any device, anywhere, to use your apps and work with your data. 

    Similarly, all versions of the Apple Watch should work independently of an iPhone.

    The device should be secondary. 
    watto_cobra
  • Reply 3 of 27
    dysamoriadysamoria Posts: 3,429member
    More complexity. Yay.
    Beats
  • Reply 4 of 27
    dysamoriadysamoria Posts: 3,429member
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    It’s only too late because tech geeks don’t like change.
  • Reply 5 of 27
    This is short-sighted thinking by Apple. What Apple should do is implement a way where I can walk up to someone else's Mac or iOS device, show my biometrics and PIN, and then see my own iCloud data on that device. I'll bet you they are already thinking about it, and maybe even testing it.

    Those of you with half a brain will probably say, "But then the biometric information would have to be store in the cloud." Not necessarily. For example, if I'm wearing an Apple Watch, there could be a protocol where the Watch and the secondary device near me exchange information (securely) so that the authentication is all done locally.

    The data on the secondary device would have to be encrypted locally on a per-user basis, so that when I leave the device nobody can access my data. I'm not sure if Macs or iOS devices currently do that, but they certainly could.

    If Apple doesn't do this, Google should. I hope they are reading this. This is the future.
    edited December 2020 Ofer
  • Reply 6 of 27
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    I actually have two separate drives on my computers, one for OS & programs (SSD) and one for my data (HDD). I also have two user accounts, my admin & my normal user. Just better security disciplines.
    edited December 2020 cornchipwatto_cobra
  • Reply 7 of 27
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    That's never been true. The key to computing is everything is data. There is no separation and never has been. Even at the chip level, say the microcoding of RISC and CISC chips, the CPU instructions are just data to the microprocessor. 

    You know that ebook you're reading? It's not data. It's computer code in a specialized language that is being executed by an interpreter to render the information on the page. 
    edited December 2020 dewmewatto_cobraSpamSandwich
  • Reply 8 of 27
    ID0ID0 Posts: 15member
    I would prefer if Apple would cut the mandatory music upload to iPhone / iPad with iTunes. 
    Just allow uploading music with Files to a local folder which the Music app can use as library.
    edited December 2020
  • Reply 9 of 27
    GeorgeBMacGeorgeBMac Posts: 10,270member
    larryjw said:
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    That's never been true. The key to computing is everything is data. There is no separation and never has been. Even at the chip level, say the microcoding of RISC and CISC chips, the CPU instructions are just data to the microprocessor. 

    You know that ebook you're reading? It's not data. It's computer code in a specialized language that is being executed by an interpreter to render the information on the page. 

    Wrong
    Sorry, but you are 100% wrong.   In the IBM mainframe days keeping data software separate was a sacred rule that was never, ever broken.
    ...  Go ask you mommy.
    edited December 2020
  • Reply 10 of 27
    ID0 said:
    I would prefer if Apple would cut the mandatory music upload to iPhone / iPad with iTunes. 
    Just allow uploading music with Files to a local folder which the Music app can use as library.
    You do not need iTunes to upload music anymore. Just enter “How to upload music to an iPhone” in your browser for the latest options. 
    watto_cobra
  • Reply 11 of 27
    dewmedewme Posts: 3,818member
    I applaud Apple for adhering to security principles to the extreme, as they should for use cases that require extreme security. However, I still believe there is a valid case for allowing shared access to a single computing resource along the same lines as how multiple logins are allowed on macOS and multiple sessions on Windows, with one super-user or administrator having a higher level of privileges and other users having a lower set of privileges as-granted by the administrator. Let's not over design this for families who just want to share a single iPad among family members without each user stomping all over other users apps and data or messing up the configuration of the device. This is a case where the real world user stories/scenarios need to be driving the end result. The "how" part is up to Apple.

    I really don't care how Apple does it, but at the every least the current crop of iPads should absolutely allow for the same level of shared use that current MacBooks allow. Heck, this should have been done years ago.  I also don't care if non-admin users are blocked from accessing certain system services and features, like Apple Pay, without getting approval from the administrator. That would be a feature in my book. Yeah yeah, I know that some lazy ass parents (LAPs) would probably hand over their admin credentials to their out-of-control spawn, but at least they couldn't (or shouldn't but they will) come crying to Apple when their untethered progeny rack up tens of thousands of dollars in loot boxes and in-game purchases.

    I concur with Larryjw with respect to Von Nuemann architectures but would also add that separation of program and data memory isn't even tied to legacy mainframe architectures. There are microcontrollers (like PIC family, Intel 8051, etc.) that have separate data and program memory. The separation of data and program memory has some obvious benefits in terms of avoiding certain types of memory corruption, but that's not the problem that Apple is trying to solve here. Apple is trying to solve issues related to multiple users sharing the same computing resource securely. Even if the underlying architecture separated all program memory from all data memory, there would still be issues to contend with because each of these respective areas, even if globally exclusive from each other, would still be individually shared by multiple users, i.e., multiple users sharing program memory, multiple users sharing data memory.

    All multi-user kernel based software architectures and operating systems, like macOS, Windows, and Unix/Linux go to great lengths to isolate and protect users from each other and isolate users from the kernel. But at some point the same underlying resources including memory and IO are being shared, reused, and switched between users and the kernel in ways that place a lot of trust in the underlying kernel and thread level implementation to do the right thing at all times, both for data that's currently in-use and for data that is at-rest. Suffice it to say that windows of opportunity, in both time and space, for things that need be protected need to be exposed for the task at hand to execute. It's the painstaking responsibility of the software and hardware implementation to manage the opening and closing of these windows for every possible scenario, both planned and unplanned (e.g. exceptions, crashes, etc.) , and to make sure nothing leaks in or out of an open window and that no windows are ever left open. A good example of a "window" that was left open was the Intel CPU speculative execution bug where kernel addresses to discarded speculative execution code were left accessible, an open window, when they should have been discarded and cleaned up, i.e., the window closed. 
    edited December 2020 larryjw
  • Reply 12 of 27
    BeatsBeats Posts: 2,531member
    iPhone is a personal device like a wallet etc. I doubt this is for people sharing one iPhone. I wonder what the main goal here is?

    I could see this for POS systems and devices to order food where multiple employees may be responsible for the same device. I'm lost here.
  • Reply 13 of 27
    larryjw said:
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    That's never been true. The key to computing is everything is data. There is no separation and never has been. Even at the chip level, say the microcoding of RISC and CISC chips, the CPU instructions are just data to the microprocessor. 

    You know that ebook you're reading? It's not data. It's computer code in a specialized language that is being executed by an interpreter to render the information on the page. 

    Wrong
    Sorry, but you are 100% wrong.   In the IBM mainframe days keeping data software separate was a sacred rule that was never, ever broken.
    ...  Go ask you mommy.
    Sorry, my mommy never knew anything about computers -- but I do.

    To the OS, even the IBM mainframe, the loader sees your program as just data. It reads the loader instructions, as data, interpreting the commands, then places those things which have metadata saying this is a program, into memory, and sets registers within the CPU to point to areas which will have an instruction counter. Those segments designated as data will be placed in memory and address pointers initialized, all being executed by interpreters reading this information as data. At certain points, because the OSes are multi-tasking, the OS will swap out those segments designated as data, to allow them to be allocated to other data segments or code, as instructed by metadata, all under control of an interpreter. 

    All systems are almost an infinite regress of interpreters, each reading in stuff as data and depending on metadata, determining which of the many interpreters available to it, is the appropriate interpreter for a given piece of data. 

    You can continue to embarrass yourself by disagreeing with me, but you need to get a clue before you continue to show your ignorance.
    edited December 2020 MplsPwatto_cobra
  • Reply 14 of 27
    MplsPMplsP Posts: 3,260member
    This is long overdue. Android tablets have been able to have multiple users for some time now. I realize they may not have the segmented security described here, but for many users and purposes that doesn’t matter. When my kids were younger I would have loved to be able to have a separate account for them on my iPad. 
    dewmemuthuk_vanalingam
  • Reply 15 of 27
    M68000M68000 Posts: 367member
    Might be good for tablets.  But not liking idea for phones,  phones seem to personal and individual.
    dewmewatto_cobra
  • Reply 16 of 27
    ivanhivanh Posts: 587member
    The original unix and linux distros were multi-user. the iPhone OS and iOSses conversion disabled multiuser mode. I don’t see major obstacles to “enable” the multiuser mode.
  • Reply 17 of 27
    ID0ID0 Posts: 15member
    DangDave said:
    ID0 said:
    I would prefer if Apple would cut the mandatory music upload to iPhone / iPad with iTunes. 
    Just allow uploading music with Files to a local folder which the Music app can use as library.
    You do not need iTunes to upload music anymore. Just enter “How to upload music to an iPhone” in your browser for the latest options. 
    Can you post a link please? The search result promote just some other Mac or Win mandatory software. 
    To refine my question: I attach an hard drive to my iPad and upload music to Files and how to get them into Music app???
    edited December 2020
  • Reply 18 of 27
    Mike WuertheleMike Wuerthele Posts: 6,260administrator
    ivanh said:
    The original unix and linux distros were multi-user. the iPhone OS and iOSses conversion disabled multiuser mode. I don’t see major obstacles to “enable” the multiuser mode.
    You know, minus the whole "secure enclave processor" which is discussed in the patent and article. That, and the fork was 15 years ago, with major deviations to the code base to accommodate said SEP.
    edited December 2020 muthuk_vanalingamwatto_cobra
  • Reply 19 of 27
    larryjw said:
    larryjw said:
    One of the primary guiding principles in mainframe computing was always the separation of software and data.   The two were never, ever mixed.
    Had PC (and now mobile) computing followed that guideline much trouble would have been avoided.

    But, it is too late for that now -- the idea of one big pot for software and data is not only enshrined in technology but in the culture of technology.

    In any case, as iPads (and eventually) iPhones include more PC type functionality, it makes sense that multiple users would make sense (but mostly for the iPad).
    That's never been true. The key to computing is everything is data. There is no separation and never has been. Even at the chip level, say the microcoding of RISC and CISC chips, the CPU instructions are just data to the microprocessor. 

    You know that ebook you're reading? It's not data. It's computer code in a specialized language that is being executed by an interpreter to render the information on the page. 

    Wrong
    Sorry, but you are 100% wrong.   In the IBM mainframe days keeping data software separate was a sacred rule that was never, ever broken.
    ...  Go ask you mommy.
    Sorry, my mommy never knew anything about computers -- but I do.

    To the OS, even the IBM mainframe, the loader sees your program as just data. It reads the loader instructions, as data, interpreting the commands, then places those things which have metadata saying this is a program, into memory, and sets registers within the CPU to point to areas which will have an instruction counter. Those segments designated as data will be placed in memory and address pointers initialized, all being executed by interpreters reading this information as data. At certain points, because the OSes are multi-tasking, the OS will swap out those segments designated as data, to allow them to be allocated to other data segments or code, as instructed by metadata, all under control of an interpreter. 

    All systems are almost an infinite regress of interpreters, each reading in stuff as data and depending on metadata, determining which of the many interpreters available to it, is the appropriate interpreter for a given piece of data. 

    You can continue to embarrass yourself by disagreeing with me, but you need to get a clue before you continue to show your ignorance.

    Apparently you don't either.
    Because programs got executed and data gots processed concurrently didn't mean they got mixed together and stored together like they are on a PC.   Sorry.  That's just how it was.   It was a security feature like many others that got lost when the migration to PCs happened.
  • Reply 20 of 27
    ID0 said:
    DangDave said:
    ID0 said:
    I would prefer if Apple would cut the mandatory music upload to iPhone / iPad with iTunes. 
    Just allow uploading music with Files to a local folder which the Music app can use as library.
    You do not need iTunes to upload music anymore. Just enter “How to upload music to an iPhone” in your browser for the latest options. 
    Can you post a link please? The search result promote just some other Mac or Win mandatory software. 
    To refine my question: I attach an hard drive to my iPad and upload music to Files and how to get them into Music app???
    I don't think you can play music files from the Files folder. Even if you could, transferring files onto a hard drive from a computer, then transferring to an iPad to play them seems like an extra step when you can just plug your iPhone/iPad directly to your computer to transfer the files.

    It is true that you no longer need iTunes, but only if you have a Mac with macOS Catalina or Big Sur. If you have macOS Mojave or older or a Windows PC, you still need iTunes to transfer music: https://support.apple.com/en-us/HT201253
    muthuk_vanalingamwatto_cobra
Sign In or Register to comment.