Apple wants your fingerprints in the cloud
Patent filing could see coffee bought in a snap
Apple wants to collect and store your fingerprints to spread its payment service and simplify download authorisation.
Cupertino aspires to upgrade its TouchID with the capability to collect, encrypt and upload fingerprints to Apple servers so that users can verify their identities with a single print matched to those stored online.
This would enable users to pay for coffee by scanning a finger or verify downloads on iDevice payments, according to a patent filing spotted by AppleInsider.
"In one example, the device function may be a financial transaction ... when a finger of the user which was previously enrolled on the first electronic device is sensed and matched, the processor may now determine that the given payment account is authorised to charge the particular transaction," Apple wrote in the patent filing.
"... the first processor may also be capable of encrypting the enrolment finger biometric data, and the second processor may also be capable of decrypting the enrolment finger biometric data."
Verification could also occur over wireless such as near field communication rather than from iCloud.
Apple does not comment on patent filings so the security implications remained speculative.
Biometric vendors claim often that collected fingerprints were stored as reference points and in formats that reduce the impact of the theft of biometric data.
Cupertino would need to exercise stringent controls given concerns around loss of biometric data, however attacks that focused on cloning fingerprintshave been limited in terms of the real threat posed due to the need to lift perfect prints and the complexity of replication. ®
Sponsored: Global DDoS threat landscape report