In a new document published by Apple (link), we finally learn the details about bout TouchID functions and the exact process of the TouchID finger recognition system.
Since the release of the iPhone 5s, we have seen a steady stream of information explaining TouchID and its security level. We know the scanned information is stored in a non-reversible fashion on a special "enclave" built into Apple's latest A7 chip. We know from experience that even the cable is authenticated with its paired TouchID sensor to prevent man-in-the-middle type attacks. This whitepaper takes our understanding to the next level.
They provide additional details about the secure enclave and how it separates the sensitive fingerprint information from the rest of the system's memory through encryption and a built in random number generator.
"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted
with a key tangled with the UID and an anti-replay counter" Page 6
For the statistics junkies among you, Apple claims the possible rate of false positive is 1 in 50,000. This means there is a 1 in 50,000 chance a stranger will be able to unlock your device.
We know that even with TouchID, there are circumstances where the iPhone 5s still demands we enter our Apple ID (passcode). Apple clarifies when this happens:
"iPhone 5s has just been turned on or restarted
• iPhone 5s has not been unlocked for more than 48 hours
• After five unsuccessful attempts to match a finger
• When setting up or enrolling new fingers with Touch ID
• iPhone 5s has received a remote lock command"
I found this document a good and interesting read. Of course I'm really into security so that might have something to do with it.