Apple is researching ways to allow multiple users to benefit from Touch ID, or similar biometric systems, while keeping the protection of the current secure enclave.
Apple’s T2 security processor is based around a secure enclave which stores biometric data about a user. Whether that user is unlocking their Mac, or making a purchase, the secure enclave is asked to confirm that they are who they say they are.
Without divulging any of the stored data, the T2 processor can confirm or deny a request. So the Mac or the retailer has the certainty they need to proceed, without the user’s privacy being compromised.
This works very well for individual users, but it becomes more complex when multiple people want to access the same Mac, or other system, to do different things. Unlocking for one user could mean letting them access the whole machine, while unlocking for another might limit them to their own user account and a subset of the possible features.
It doesn’t actually sound as if it could be that much more difficult, but newly-revealed patent application “Provision of Domains in Secure Enclave to Support Multiple Users,” shows that it is. Rather than just being a case of the secure enclave comparing, say, a finger print to any of those previously stored, there are complicated issues around these levels of access.
Read more at AppleInsider.com