The secure enclave processor is built by ARM Ltd. and is a separate socket. Separate socket means completely separate from the rest of the Chip (System on the Chip = SoCs). Crypto hardware is built into many devices these days. Laptops, smart-cards, smartphones,…
- It comes with a bunch of elements necessary to operate as a crypto-processor.
- It has its own crypto-engine, a random number generator, GID/UID-Keys,…
- And the Input/Output connections run directly and only from/to the peripherals like your fingerprint-sensor.
- It only shares the power management, the clocking (for synchronization) and of course the main RAM with the main system.
The touch-sensor scans your unique fingerprint. This biometric is the password-input. Based on this data, a key gets generated (again completely separate from the AP (Application Processor)/main stuff).
Your fingerprint is just the data-input for a key like a SHA-256. And you know…the probability to get a collusion (to guess your input by brute–force) is dependent on all the possible combinations, which are 2^256. This is a number that big…comparable with all the grains of sand on the earth – all the deserts, beaches… And now imagine, that each grain is an earth by itself with grains of sand…now sum all those grains and grains on the grains together, and you know how many possible combinations there are.
The best Cryptography does not help, when you make this dumb mistake
Any private key is only as good as the method used. For example: if you use only the same random number like “6” and leave in the code a message like “hey random number = 6” …Sony PS3 *cough, well than for a hacker 2^256 combinations are not the problem. On the Chaos Communication Congress in 2010 – fail0verflow showed live how they cracked the PlayStation 3 because of a dumb mistake.
The Fingerprint is the input for your private Key
Your public key is transmitted over the networks which you access. Your input/private key which is in itself generated by the input of your fingerprint, is not transmitted. No, your fingerprint is not saved in the way you think it is saved.
The real magic of biometrics
Well, now imagine you combine Touch-ID, With-Face-ID and a Master-key. Suddenly logging in is as easy as swiping with a finger and as safe as tipping in a very long private-active-users-key.
But ease of use is not the important part: With your login –> you indirectly identify as you (you in the sense of “the person having the input data for the public key” and not you as “the person with the fingerprint xyz aka Mr. or Ms. Smith, Lee, Müller, Almasi, Anand,…”) This unique user identification, which is not a de-anonymization of your person, solves any single abuse-problem crypto systems like Eos, Tron and Steem have!
Based on the interaction with devices and the interaction with users, you identify as the person you are on the web. One-person-one vote –> democratization –> decentralization aka. Distribution of power on the social layer –> counteracts the centralization on the technical and stake/wealth-layer.
With the held of unique user identification you can enable UBI (universal basic income), without somebody abusing the system and destroying the idea of a fair system-where thoughts and ideas can prosper.
You can still have unidentified accounts without that feature. You can still troll with them, you can still comment on your own articles. But what you can´t, is self-voting or voting multiple times on governance proposals.
Let me know your critics on this model.
