2017.03.27
The original address
Use Google to translate paragraphs (uploading documents is not accurate), read through and remove device or network jargon, and filter out information that doesn’t mean much to the developer.
• System security: The integrated and secure software and hardware that underpins the iPhone, iPad and iPod Touch. • Encryption and protection: Architecture and design to protect user data if the device is lost or stolen, or unauthorized personnel attempt to use or modify the device. • Application security: The system can be safely secured without compromising the integrity of the platform. • Network security: An industry-standard network protocol that provides secure authentication and encryption for transmitted data. • Apple Pay: Apple performs secure payments. • Internet services: Apple’s web-based infrastructure for messaging, synchronization and backup. • Device Control: Allows you to manage iOS devices, prevent unauthorized use and enable remote erasure if the device is lost or stolen. • Privacy controls: iOS features that can be used to control access to location services and user data.
Here’s a detailed overview:
First, system security
- System security is designed so that software and hardware are secure in all of the core components of every iOS device. This includes the startup process, software updates and security inspiration.
- The tight integration of hardware and software on iOS devices ensures that every component of the system is trusted, as every step from initial startup through iOS software updates to third-party applications is analyzed and reviewed to help ensure that hardware and software are performing optimally and using resources correctly.
1, safe start chain
Each step of the startup process contains components that are encrypted and signed by Apple to ensure integrity, and only after the trust chain has been verified. This includes boot loaders, kernels, kernel extensions, and baseband firmware. This secure boot chain helps ensure that the lowest level software is not tampered with.
2. System software authorization
Apple regularly issues software updates to address recurring security issues and provide new features; These updates are available simultaneously for all supported devices. Users receive iOS update notifications via iTunes on their device and send updates wirelessly, encouraging rapid adoption of the latest security fixes.
3. Safety and environmental protection
The Secure Enclave is A coprocessor built in the Apple S2, Apple A7 and later a-series processors. It uses encrypted memory and includes a hardware random number generator. Secure Enclave provides all encryption operations for data protection key management and maintains data protection integrity even if the kernel has been compromised. Communication between the Secure Enclave and the application processor is isolated from interrupt-driven mailboxes and shared memory data buffers.
4, Touch ID
Touch ID is a fingerprint sensing system for faster and easier access to devices. The technology reads fingerprint data from any Angle and learns more about the user’s fingerprint over time, with the sensor continuing to expand the finger pattern as other overlapping nodes are identified with each use. Touch ID makes it more practical to use longer, more complex passwords because users don’t have to enter them frequently. Touch ID also overcomes the inconvenience of password-based locks, not by replacing it, but by securely providing access to the device within thoughtful boundaries and time limits.
-
Touch ID and Password To use Touch ID, a user must set up their device so that a password is required to unlock it. When Touch ID scans and recognizes a registered fingerprint, the device will unlock without requiring a device password. The password can be used at any time, not Touch ID, and is still required in the following cases: • The device has just been started or restarted. • The device has not been unlocked for more than 48 hours. •Touch ID has not unlocked the device in the past 4 hours. • The device has received the remote lock command. • Five unsuccessful attempts to match fingerprints. • When setting up or registering a new finger using Touch ID.
-
Touch ID can also work with Apple Pay, where Apple performs secure payments. For iOS 9 or later, developers can:
-
Require that the Touch ID API action does not fall back to the application password or device password. In addition to being able to retrieve a representation of the registered finger state, Touch ID is allowed as a second factor in security-sensitive applications.
-
Generate and use ECC keys within Secure Enclave. These keys can be protected by Touch ID. Operation of these keys is always done behind Secure Enclave and after Secure Enclave authorizes use. Applications can access these keys through secKeys using Keychain. SecKeys are simply a reference to the security key, which never leaves.
-
Touch ID can also be configured to approve purchases from the iTunes Store (App Store and iBooks Store), so users don’t have to enter an Apple ID password. Authentication tokens are exchanged between the device and the store when they choose to authorize a purchase. Tokens and encryption are stored randomly in Secure Enclave. This random number is signed using the Secure Enclave key shared by all devices and the iTunes Store. With iOS 10, the Touch ID-protected Secure Enclave ECC key is used to authorize purchases by signing store requests.
-
Touch ID security The fingerprint sensor kicks in only if the capacitive steel ring on the home button detects the touch of a finger, which triggers an advanced imaging array to scan the finger and send the scan to a safe release.
Encryption and data protection
IOS has additional encryption and data protection features to protect user data even if other parts of the security infrastructure have been compromised (for example, on unauthorized modifications of the device).
1. Hardware security function
On mobile devices, speed and power efficiency are critical. Cryptographic operations are complex and can introduce performance or battery life issues if these priorities are not considered in design and implementation. The unique ID (UID) and device group ID (GID) of the device are AES 256-bit key (UID) or application processor and security password compiled (GID) into the manufacturing process. Uuids are unique to each device and are not recorded by Apple or any of its vendors.
2. File data protection
In addition to the hardware encryption features built into iOS devices, Apple uses a technology called Data Protection to further protect the Data in the flash memory stored on the device. Data protection allows devices to respond to common events, such as incoming electricity, as well as to provide a high level of encryption for user data. By default, primary system applications (such as mail, mail, calendar, contacts, photos, and health) use data protection for data values, and third-party apps installed on iOS 7 or later automatically receive this protection.
-
Password By setting the device password, you can automatically enable data protection. IOS supports six-digit, four-digit, and alphanumeric passwords of any length. In addition to understanding locking devices, ciphers provide entropy for certain encryption keys. This means that an attacker with a device cannot access data in a particular protected class without a password. The password is entangled with the UID of the device, so the attempt must be forced on the attacked device. Use a large iteration count to make each attempt slower. The iteration count is calibrated so that an attempt takes about 80 milliseconds. That means it would take 51/2 years to try all combinations of a six-character alphanumeric password using lowercase letters and numbers. The stronger the user password, the stronger the encryption key. Touch ID can be used to enhance this equation by allowing the user to create a password that is stronger than it would otherwise be. This increases the effective amount of entropy in protecting the encryption keys used for data protection without the user experience of opening iOS devices multiple times in a day. To further prevent strong password attacks, the delay is extended after an invalid password is entered on the lock screen. If Settings > Touch ID and Password > Erase Data is turned on, the device will automatically erase after 10 consecutive incorrect attempts to enter the password. This setting is also available as an administrative policy through mobile Device Management (MDM) and Exchange ActiveSync, and can be set to a lower threshold. On devices with Secure Enclave, the delay is performed by the Secure Enclave coprocessor. If the device is restarted during a timed delay, the delay is still enforced and the timer restarts during the current period.
-
Data Protection Class When a new file is created on an iOS device, it is assigned a class by the application that created it. Each class uses a different policy to determine when data is accessible.
-
Keychain data protection Many applications need to deal with passwords and other short but sensitive bits of data, such as keys and login tokens. The iOS key chain provides a secure way to store these items. Keystrings are implemented as SQLite databases stored on the file system. There is only one database; The SecurityD daemon determines which Keychain items each process or application can access. Rather than restricting access to a single process, access groups can share Keychain items between applications.
For keychain projects created by iOS, enforce the following types of protection:
- Accessing Safari saved passwords iOS applications can interact with Safari saved Keychain projects to automate password filling using the following two apis:
# Warnig Look at these two apis
SecRequestSharedWebCredential
SecAddSharedWebCredential
# Warnig Look at these two apis
Copy the code
Only application developers and webmasters have access access permission has been granted and the user has consented. The application developer said he wanted to access Safari’s stored password by adding authorization to the application. The license lists the fully qualified domain name of the site concerned. Websites must place a file on their servers that lists the unique application identifiers of the applications they have approved. When installed with com. Apple. Developer. Yahoo – domains access applications, the iOS will request to each of the sites listed TLS, request file/apple – app – site – association. If the file lists the application identifier of the application being installed, iOS marks the site and application as having a trusted relationship. Only a trust relationship can invoke both apis to prompt the user who must agree to, or update or delete, any password before it can be published to the application.
- Keybags Files and key string data protection keys are collected and managed in Keybags. IOS uses the following key packs: User, device, backup, hosting and iCloud backup.
Third, the App Security
1. Application code signing
Once the iOS kernel is started, it can control which user processes and applications can run. To ensure that all applications come from known and approved source code and have not been tampered with, iOS requires that all executable code be signed using a certificate issued by Apple. Apple signed up for apps on devices like Mail and Safari. Third-party applications must also be authenticated and signed using certificates issued by Apple. Mandatory code signing extends the operating system’s chain of trust concept to applications and prevents third-party applications from loading unsigned code resources or using self-modifying code.
In order to develop and install apps on iOS devices, developers must register with Apple and join the Apple Developer Program. The physical identity of every developer, whether individual or corporate, is verified by Apple before he or she issues a certificate. This certificate enables developers to sign applications and submit them to the App Store for distribution.
2. Run-time process security
Once an application is verified as coming from an approved source, iOS enforces security measures to prevent it from damaging other applications or other systems. All third-party applications are “sandboxed,” so they cannot access files stored by other applications or make changes to the device. This prevents applications from collecting or modifying information stored by other applications. Each application’s files have a unique home directory, which is randomly assigned when the application is installed. If third-party applications need access to information other than their own, they can only use services explicitly provided by iOS.
3, extension,
IOS allows apps to provide functionality to other apps by providing extensions. Extenders are executable binaries dedicated to signing that are packaged in the application. The system automatically detects extensions at installation time and provides them to other applications using a matching system. The area of the system that supports extension is called an extension point. Each extension point provides an API and enforces policies for that area. The system determines which extensions are available based on extension point-specific matching rules. The system automatically starts the extension process as required and manages its life cycle. Rights can be used to limit the extended availability of a particular system application. For example, the Today View widget is only displayed in the Notification Center, and sharing extensions are only available in the Sharing pane. Extension points are today for widgets, sharing, custom actions, photo editing, document providers and custom keyboards.
4. Application groups
When configured as part of an application group, applications and extensions owned by the specified developer account can share content. The developers create the appropriate groups on the Apple Developer portal and contain the required set of applications and extensions. Once configured as part of an application group, an application can access the following:
- A shared disk container for storage will remain on the device as long as at least one application from a group is installed
- Sharing Preferences
- The Shared Keychain Project Apple developer portal ensures that application group ids are unique in the application ecosystem.
5, Data Protection in apps
The iOS Software Development Kit (SDK) provides a set of apis that make it easy for third party and internal developers to adopt data protection and help ensure the highest level of protection for their applications. Data Protection is available for file and database apis, including NSFileManager, CoreData, NSData, and SQLite. Mail apps (including attachments), hosted books, Safari bookmarks, app launch images and location data are also encrypted on their devices using the user’s password-protected key. Calendars (not including attachments), contacts, reminders, notes, messages and photos are protected until the first user is authenticated.
6, HomeKit
HomeKit provides a home automation infrastructure that uses iCloud and iOS security to protect and synchronize private data without exposing it to Apple.
- Data synchronization between device and user
- HomeKit stores data about your home, accessories, scenarios and users on your iOS device. The stored data is encrypted using the key exported from the user’s HomeKit identity key plus a random number.
- HomeKit data can be synchronized between the iOS devices of users using iCloud and iCloud Keychain.
- HomeKit data is also synchronized across multiple users in the same household.
- Home data and applications by applications Access to home data is controlled by the user’s privacy Settings. When a user requests home data, the system asks the user to grant access, similar to contacts, photos, and other iOS data sources. If the user approves, the application can access information such as room names, accessory names, and the room in which each accessory is located.
- HomeKit and Siri Siri can be used to query and control accessories and activate scenes. Siri anonymously provides minimal information about home configuration to provide the names of rooms, accessories, and scenes needed for command recognition. The audio sent to Siri may indicate a specific attachment or command, but such Siri data is unrelated to other Apple features such as HomeKit.
- ICloud Remote access HomeKit Accessories HomeKit accessories can connect directly to iCloud to allow iOS devices to control accessories when Bluetooth or Wi-Fi communication is unavailable. ICloud remote access is designed to control accessories and send notifications without sending attachments or commands or notifications to Apple. HomeKit doesn’t send information about your home via iCloud remote access.
7, SiriKit
Siri uses iOS extensions to communicate with third-party apps. While Siri can access the current location of iOS contacts and devices, Siri checks the user data that allows access to iOS apps with extensions to see if the app has access to that information. Siri only passes the relevant snippet of the original user query text to the extension. For example, if the app doesn’t have access to iOS contacts, Siri won’t be able to resolve relationships in user requests, such as “Pay my mother $10 using PaymentApp.” In this case, the extension’s application will only see the “mother” passed to it through the original speech fragment. However, if the app does have iOS contact access, it will receive iOS contact information from the user’s mother. If a contact is mentioned in the body of a message, such as “Tell my mother MessageApp that my brother is awesome” -Siri won’t solve “my brother,” regardless of the app’s TCC. Content provided by the app may be sent to the server to allow Siri to learn what words users can use in the app. Siri allows siriKit-enabled apps to have a custom set of words specific to the application instance at run time. These custom words are related to the random identifiers discussed in the Siri section and have the same life cycle.
8 HealthKit.
HealthKit from the health and fitness app stores and aggregates data under user permission. HealthKit also works directly with health and fitness devices, such as a compatible Bluetooth LE heart rate monitor and an exercise coprocessor built into many iOS devices.
-
HealthKit stores and aggregates a user’s health data, such as height, weight, distance walked, blood pressure and more. The Data is stored in the Data Protection class Complete Protection, which means the Data can only be accessed after the user enters a password or uses Touch ID to unlock the device. Health data is not synchronized across devices. Health data is included in device backups to iCloud and encrypted iTunes backups. Health data is not included in unencrypted iTunes backups.
-
Data integrity The data stored in the database includes metadata that tracks the source of each data record. This metadata includes an application identifier that identifies which application is being logged.
-
Third party application Access Access to the HealthKit API is restricted by permissions and applications must comply with restrictions on how they can use the data. For example, apps are not allowed to advertise using health data. The application is also required to provide users with privacy policies that detail their use of health data. Access to health data by application is controlled by the user’s privacy Settings. When users request access to health data, they are asked to grant access, similar to contacts, photos, and other iOS data sources. However, with health data, applications are assigned access to read and write data, as well as separate access to each type of health data. Users can view and revoke the permissions they have granted to access Health data in the Sources TAB of the Health application.
-
The Medical ID Card Health application gives users the option to fill out a medical id that contains information that may be important in a medical emergency. Information is entered or updated manually and is not synchronized with information in the health database.
9 ReplayKit.
ReplayKit is a framework that allows developers to add recording and live broadcasting capabilities to their applications. In addition, it allows users to annotate recordings and broadcasts using the device’s front-facing camera and microphone.
10 and Secure the Notes
The Notes application includes a Secure Notes feature that allows users to Secure the contents of specific Notes. The security notes are encrypted using a user-provided password that is required to view the notes on the iOS, macOS, and iCloud websites.
Notes opens a secure session when the user successfully enters a password, either to view or create a security note. Users who forget their passwords can still view security notes or protect other notes if they have touch ID enabled on the device. Users can reset their passwords if they forget their current passwords. This feature allows users to create a new security note with a new password, but does not let them see the previous security note. If the old password is remembered, the previously secure notes can still be viewed. Resetting the password requires the password of the iCloud account. Notes can be shared with others. Note data is encrypted and stored, and CloudKit manages the process by which participants can encrypt/decrypt each other’s data.
11, Apple Watch
The Apple Watch uses security features and technology designed for iOS to help protect data on the device, as well as communication with paired iphones and the Internet. This includes technologies such as data protection and keychain access control. The user’s password is also entangled with the device UID to create an encryption key.
Wi-fi can be used when the Apple Watch is out of Bluetooth range. The Apple Watch will not join a Wi-Fi network unless credentials that have previously been synced to the Apple Watch already exist on a paired iPhone. If the Apple Watch goes beyond the iPhone, any new web credentials on the iPhone are not on the Apple Watch. You can manually lock the Apple Watch by pressing the side button. In addition, motion heuristics are used to automatically lock the device as soon as possible after it is removed from the wrist. Apple Pay is unavailable when locked. Disable Apple Pay if you turn off the automatic lock feature provided by Wrist Detection in your Settings. Use the Apple Watch app on your iPhone to turn off wrist detection. This setting can also be enforced using mobile device management.
The Apple Watch can only be fitted with one iPhone at a time. When the iPhone does not notify, it will notify the instructions to erase all content and data from the Apple Watch.
Enabling finding my iPhone on a paired iPhone also allows the activation lock to be used on the Apple Watch. The activation lock makes it difficult for anyone to use or sell a lost or stolen Apple Watch. Activating the lock requires the user’s Apple ID and password to cancel, delete, or restart the Apple Watch.
Fourth, the Network Security
In addition to the built-in protections Apple uses to protect data stored on iOS devices, there are many network security measures organizations can take to keep information safe when moving to iOS devices.
Mobile users must be able to access corporate networks from anywhere in the world, so ensuring that transmissions are authorized and data protected is critical. IOS uses – and provides developers access to standard network protocols for authentication, authorization, and encrypted communications. To achieve these security goals, iOS integrates proven technology and the latest standards for Wi-Fi and cellular data network connectivity.
On other platforms, firewall software is required to protect open communication ports from intrusions. Because iOS reduces the attack surface by limiting listening ports and removing unnecessary network utilities (such as Telnet, shell, or Web server), there is no need for additional firewall software on iOS devices.
1, the TLS
IOS supports transport layer security and DTLS. Safari, calendar, mail, and other Internet applications automatically use these mechanisms to enable encrypted communication channels between devices and web services. High-level apis (such as CFNetwork) make it easy for developers to use TLS in their applications, while low-level apis (SecureTransport) provide fine-grained control. CFNetwork does not allow the use of SSLv3 and does not allow applications using WebKit (such as Safari) to connect to SSLv3.
- App Transport Security provides default connection requirements so that applications adhere to secure connection best practices when using the NSURLConnection, CFURL, or NSURLSession API. By default, App Transport Security restricts password selection so that only suites that provide forward secrecy are included. The application is able to disable the forward secrecy requirement for each domain, in which case RSA_AES is added to the available cipherset. The server must support TLS 1.2 and forward security
2, VPN,
Secure network services like virtual private networks usually require minimal setup and configuration to work with iOS devices.
IOS also supports VPN support for each application to facilitate VPN connections on a more granular basis. Mobile Device Management (MDM) can specify connections for each managed application and/or a specific domain in Safari. This helps ensure that secure data always travels to and from the corporate network, and that users’ personal data does not. IOS supports always-on VPN, which can be configured as devices managed by MDM and monitored using Apple Configurator or device registration program. This eliminates the need for users to turn on a VPN for protection when connected to cellular and Wi-Fi networks.
3, wi-fi
IOS supports industry-standard Wi-Fi protocols, including WPA2 Enterprise Edition, to provide authenticated access to wireless enterprise networks. WPA2 Enterprise edition uses 128-bit AES encryption to provide users with the highest level of assurance that data is still protected when sending and receiving communications over a Wi-Fi network connection. If a Wi-Fi scan is not associated with a Wi-Fi network, iOS uses a random media Access Control (MAC) address to perform Wi-Fi scan. Please note that the Wi-Fi scanning that occurs when attempting to connect to the preferred Wi-Fi network is not random. IOS also uses random MAC addresses for enhanced Preferred Network Offload (ePNO) scans when the device is not connected to a Wi-Fi network or its processor is asleep.
4, bluetooth
Bluetooth support in iOS is designed to provide useful functionality without increasing access to private data. IOS devices support encryption mode 3, secure mode 4, and service level 1 connections.
5, AirDrop security
IOS devices that support AirDrop use Bluetooth Low Power (BLE) and point-to-point Wi-Fi technology created by Apple to send files and information to nearby devices, including AirDrop enabled Macs running OS X 10.11 or later. Wi-fi radios are used to communicate directly between devices without using any Internet connections or Wi-Fi access points.
When AirDrop is enabled, 2048-bit RSA identities are stored on the device. In addition, the AirDrop identity hash is created from the email address and phone number associated with the user’s Apple ID.
When the user selects AirDrop as the method of sharing items, the device will send AirDrop signals via Bluetooth with low power consumption. Conspicuously, other devices enabled by nearby AirDrop detect the signal and respond with the shortened version’s owner hash.
By default, AirDrop is set to be shared only with contacts. Users can also choose whether they can use AirDrop to share with Everyone or turn it off completely. In contact mode only, the received identity hash is compared to the hash of the person in the initiator’s contacts application. If a match is found, the sending device creates a peer-to-peer Wi-Fi network and advertises the AirDrop connection using Bonjour. Using this connection, the receiving device sends its full identity hash to the initiator. If the full hash still matches the contact, the recipient’s name and photo (if present in the contact) will be displayed in the AirDrop shared table.
With AirDrop, the sending user selects people to share with. The sending device and the receiving device initiate an encrypted (TLS) connection and exchange their iCloud identity certificates. Verify the identity in the certificate against each user’s contact application. The receiving user is then asked to accept incoming messages from the identified person or device. If multiple recipients have been selected, this process is repeated for each destination.
In All mode, the same procedure is used, but if no match is found in Contacts, the receiving device is displayed in the AirDrop send table with silhouette and device name, as in Settings > General > General > Name. Organizations can limit AirDrop’s use of devices or applications managed by mobile Device Management solutions.
Five, the Apple Pay
With Apple Pay, users can use supported iOS devices and Apple Watch to make payments in stores, apps, and on the Web in Safari in a simple, secure and private way. It is simple for the user, and it has integrated security in both hardware and software. Apple Pay also aims to protect users’ personal information. Apple Pay does not collect any transaction information that can be tied back to the user. The payment transaction is between the user, the merchant and the card issuer.
1. Apple Pay component
- Secure Element: Secure Element is an industry-standard authentication chip that runs the Java Card platform and meets the requirements of the financial industry for electronic payments.
- NFC controller: The NFC controller handles the near field communication protocol and communicates between the application processor and Secure Element and between Secure Element and point-of-sale terminals.
- Wallet: Electronic wallet is used to add and manage credit, debit, rewards and memory cards, and make payments with Apple Pay. Users can view other information about their card and its issuer, their issuer’s privacy policy, recent transaction information and more in the e-wallet. Users can also add cards to Apple Pay in Settings Assistant and Settings.
- Secure Enclave: On the iPhone and iPad, as well as the Apple Watch Series 1 and 2, Secure Enclave manages the authentication process and can make payment transactions. It stores Touch ID’s fingerprint data. On the Apple Watch, the device must be unlocked and the user must double click a side button. A double click is detected and passed to an available Secure Element or Secure Enclave, directly through the application processor.
- Apple Pay server: The Apple Pay server manages the status of credit and debit cards in electronic wallets and device accounts stored in Secure Element. They communicate with the device and the payment network server. The Apple Pay server is also responsible for re-encrypting the payment credentials for in-app payments.
2. How does Apple Pay use Secure Element
The security element hosts a specially designed applet to manage Apple Pay. It also includes payment applets authenticated by payment networks. Send credit, debit card or prepaid card data from an encrypted payment network or card issuer to these payment applets using keys known only to the payment network and payment applets’ security domains. This data is stored in these payment applets and secured using Secure Element’s security features. During the transaction, the terminal communicates directly with the security element via a near field Communication (NFC) controller on a dedicated hardware bus.
3. How to use NFC controller for Apple Pay
As a gateway to the security element, the NFC controller ensures that all contactless payment transactions are made using point-of-sale terminals very close to the device. Only payment requests arriving from on-site terminals are marked as contactless transactions by the NFC controller. Once the card holder authorizes a payment using Touch ID or password, or by double-clicking the side button on an unlocked Apple Watch, the contactless response prepared by the Payment widget in Secure Element is specifically routed by the controller to the NFC realm. Therefore, payment authorization details for contactless transactions are contained in the local NFC domain and are not exposed to the application processor. In contrast, payment authorization details for payments in applications and networks are routed to the application processor, but only after Secure Element is encrypted to Apple Pay Server.
4, credit card, debit card and prepaid card configuration
When a user adds a credit, debit or prepaid card (including store cards) to Apple Pay, Apple securely sends the card information, along with other information about the user’s account and device, to the card issuer or the issuer’s authorized service provider. Using this information, the card issuer will decide whether to approve adding the card to Apple Pay.
Apple Pay uses three server-side calls to send and receive communications with the card issuer or network as part of the card configuration process: required fields, check cards and links and configurations. Card issuers or networks use these calls to authenticate, approve, and add cards to Apple Pay. These client-server sessions are encrypted using SSL.
The full card number is not stored on the device or Apple servers. Instead, unique device accounts are created, encrypted, and then stored in security elements. The unique device account was encrypted so that Apple could not access it. The device account number is unique, unlike the usual credit or debit card number, and the card issuer can block its use on magnetic stripe cards, phones or websites. Device accounts in the security element are isolated from iOS and watchOS, are never stored on Apple servers, and are not backed up to iCloud.
There are three ways to put a credit, debit or prepaid card into Apple Pay:
- Manually add the card to Apple Pay
- Add a credit or debit card from a file to Apple Pay from an iTunes Store account
- Add a card from the card issuer’s application
5. Payment authorization
On devices with Secure Enclave, Secure Element only allows payment upon receipt of Secure Enclave authorization. On an iPhone or iPad, this involves confirming that the user is authenticated with Touch ID or device password. Touch ID is the default method if available, but the password can be used at any time instead of Touch ID. After three unsuccessful attempts to match the fingerprint, after five unsuccessful attempts, the password is automatically provided and required. A password is also required when Touch ID is not configured or Apple Pay is not enabled. On the Apple Watch, the device must be unlocked with a passcode and a side button must be double-clicked to make payment.
When a user authorizes a transaction, Secure Enclave sends signature data about the authentication type and details about the transaction type (contactless or in-app) to the security element associated with the authorization random (AR) value. When a user first provides a credit card and is persisted when Apple Pay is enabled, the AR is generated in the Secure Enclave, protected by the Secure Enclave’s encryption and anti-scrolling mechanism. It is safely passed to the safety element by pairing keys. Upon receipt of the new AR value, Secure Element marks any previously added cards as deleted.
Credit, debit and prepaid cards added to the security element can only be used if the security element is granted using the same paired key and the AR value is obtained from the card when added. This allows iOS to instruct the secure password card to make it unavailable by marking a copy of AR as invalid in the following cases:
- Disable the password.
- The user logs out of iCloud.
- The user chooses to clear all content and Settings.
- The device recovered from recovery mode. Procedure
With an Apple Watch, the card is marked as invalid in the following cases:
- The watch password is disabled.
- Watch doesn’t fit iPhone.
- Wrist detection closed.
6. Transaction-specific dynamic security codes
All payment transactions from the payment applets include transaction-specific dynamic security codes as well as device accounts. This one-time code is calculated using a counter that increases for each new transaction and a key that is provided in the payment applet and known to the payment network and/or card issuer during personalization.
7. Contact payment with Apple Pay
If the iPhone turns on and detects the NFC field, it will show the user the relevant credit, debit, prepaid or default card managed in Settings. Users can also go to the e-wallet app and select a credit or debit card, or double-click the home button when the device is locked.
Next, users must authenticate with Touch ID or its password before sending payment information. When the Apple Watch is unlocked, double-clicking the side button will activate the default card for payment. No user authentication and no payment information sent.
Once the user is authenticated, the payment is processed using the device account number and a dynamic security code specific to the transaction. Neither Apple nor users’ devices send merchants full physical credit or debit card numbers. Apple may receive anonymous transaction information, such as the approximate time and location of the transaction, which can help improve Apple Pay and other Apple products and services.
8. Pay Apple Pay within the app
Apple Pay can also be used to make payments within iOS apps and Apple Watch apps. When a user pays for app content with Apple Pay, Apple receives encrypted transaction information and re-encrypts the developer or merchant before sending the key to the developer. Apple Pay retains anonymous transaction information, such as the approximate purchase amount. This information cannot be bound to the user and never includes content purchased by the user.
When an app initiates an Apple Pay payment transaction, Apple Pay Server receives the encrypted transaction from the device before the merchant receives it. Apple Pay Server then re-encrypts the merchant-specific key before forwarding the transaction to the merchant.
When the app asks for payment, it calls an API to determine whether the device supports Apple Pay and whether the user has a credit or debit card that can be paid on a payment network accepted by merchants. The application requests any information needed to process and complete the transaction, such as billing and shipping addresses and contact information. The app then asks iOS to provide an Apple Pay table that requires information about the app, as well as other necessary information, such as cards to be used.
At this point, the application displays city, state, and zip code information to calculate the final shipping cost. All requested information is not provided to the app until the user is authorized to make a payment using Touch ID or device password. Once a payment is authorized, the information provided in the Apple Pay table is transferred to the merchant.
When a user authorizes a payment, a call is made to the Apple Pay Servers for a random password number. When the encrypted payment voucher comes out of Secure Element, it is passed to the Apple Pay Server, which decrypts the voucher, verifies the random number in the voucher and the random number sent by Secure Element, And re-encrypt the key associated with the payment voucher and the merchant ID with the merchant. It then returns to the device and passes it back to the application via the API. The application then passes it to the merchant system for processing. The merchant can then use its private key to decrypt the payment voucher for processing. This, along with Apple’s server signature, allows a merchant to verify that the transaction is for that particular merchant.
The API requires the right to specify supported merchant ids. An application can also include additional data to be sent to Secure Element for signing, such as an order number or customer identity, ensuring that transactions cannot be transferred to different customers. This is done by the application developer. Application developers can specify applicationData on PKPaymentRequest. The hash of this data is included in the encrypted payment data. Merchants are then responsible for verifying that their applicationData hash matches what is contained in the payment data.
9. Pay Apple Pay online
Apple Pay can be used to make payments on websites. In iOS 10, Apple Pay transactions can be made on iphones and ipads. In addition, in MacOS Sierra, Apple Pay transactions can be launched on a Mac and completed on an Apple Pay-enabled iPhone or Apple Watch using the same iCloud account.
Apple’s online payment requires all participating sites to register with Apple. Apple servers perform domain name authentication and issue TLS client certificates. Websites that support Apple Pay need to offer their content over HTTPS. For each payment transaction, the site needs to use a TLS client certificate issued by Apple for a secure and unique business session with Apple servers. Merchant session data is signed by Apple. Once the merchant session signature is verified, the site can query whether the user has a device that supports Apple Pay and whether they have activated a credit, debit or prepaid card on the device. No other details were shared. If users don’t want to share this information, they can disable Apple Pay queries in the Safari privacy Settings on MacOS and iOS.
10. Pause, delete, and delete cards
Users can run watchOS 3 or higher on their iPhone, iPad and Apple Watch to suspend Apple Pay by using Find My iPhone to place the device in Lost mode. Users can also use “Find My iPhone,” “iCloud.com” or use an electronic wallet directly on their device to remove and delete their cards from Apple Pay. On the Apple Watch, you can use iCloud Settings, the Apple Watch app on the iPhone, or remove the card directly from the Watch. The ability to make payments using a card on the device will be suspended or removed from Apple Pay by the card issuer or the corresponding payment network, even if the device is offline and not connected to a cellular or Wi-Fi network. Users can also call their card issuer to suspend or remove their card from Apple Pay.
In addition, iOS will instruct the security element to mark all cards as deleted when the user restores the device using Find My iPhone or using Recovery mode to delete the entire device using Delete All Contents and Settings. This has the effect of immediately changing the card to an unavailable state until Apple Pay Server can be contacted to completely wipe the card from Secure Element. Independently, the security tip flags the AR as invalid so that further payment authorization for a previously registered card is not possible. When the device is online, it tries to contact the Apple Pay server to ensure that all cards in the security element are erased.
Six, Internet Services
Apple has built a powerful suite of services to help users get more utility and productivity out of their devices, including iMessage, FaceTime, Siri, Spotlight Suggestions, iCloud, iCloud Backup, and iCloud Keychain. These Internet services have been established with the same security goals that iOS promotes across the platform. These goals include the secure handling of data, whether resting on a device or traveling over a wireless network; Protect users’ personal information; And threats against malicious or unauthorized information and services. Each service uses its own robust security architecture without compromising the overall ease of use of iOS.
1, the Apple ID
Apple ID is an account used to log in to Apple services such as iCloud, iMessage, FaceTime, iTunes Store, iBooks Store, App Store, etc. To prevent unauthorized access to their accounts, users must keep their Apple ids secure. To help with this, Apple needs strong passwords that must be at least eight characters long, contain letters and numbers, cannot contain more than three of the same characters, and cannot be common passwords. Users are encouraged to go beyond these guidelines by adding extra characters and punctuation to make their passwords more powerful. Apple also asked users to set three security questions that can be used to help verify the owner’s identity when changing account information or resetting a forgotten password. Apple also sends users emails and push notifications when significant changes are made to their accounts; For example, if passwords or billing information has been changed, or the Apple ID has been used to log in to a new device. If anything looks unfamiliar, users are asked to change their Apple ID password immediately.
1. Two-factor authentication
Two-factor authentication is an additional layer of security for Apple ids. It is designed to ensure that only the account owner can access the account, even if others know the password. With two-factor authentication, a user’s account can only be accessed on a trusted device (such as the user’s iPhone, iPad or Mac). To log in for the first time on any new device, you need two pieces of information – an Apple ID password and a six-digit verification code that automatically displays on the user’s trusted device or is sent to a trusted phone number. By entering the code, users verify that they trust the new device and can log in safely. Since only a password is not enough to access a user’s account, two-factor authentication improves the security of a user’s Apple ID and all permissions they store with Apple’s personal information.
Two-factor authentication improves the security of a user’s Apple ID and the personal information stored with Apple. It integrates directly into the authentication systems used on iOS, macOS, tvOS, watchOS, and Apple websites.
2. Two-step verification
Since 2013, Apple has offered a similar security approach called two-step verification. With two-step authentication enabled, the user must be authenticated by temporary code sent to one of their trusted devices and then change their Apple ID account information; Before logging in to iCloud, iMessage, FaceTime, and Game Center; And before buying the iTunes Store, iBooks Store or App Store from a new device. Users can also store their 14-character recovery key in a secure location in case they forget their password or lose their trusted device.
3. Hosted Apple ID
With iOS 9.3 or later, hosted Apple ID functions like Apple ID, but is owned and controlled by educational institutions. The agency can reset passwords, restrict purchases and communications such as FaceTime and Messages, and set role-based permissions for employees, teachers and students. Some Apple services are disabled for hosting Apple ids, such as Touch ID, Apple Pay, iCloud Keychain, HomeKit and Find My iPhone.
4. Review the managed Apple ID
The managed Apple ID also supports auditing, allowing organizations to comply with laws and privacy regulations. You can grant audit permission to a specific hosted Apple ID to an administrator, teacher, or manager account. Auditors can only monitor accounts below them at the school level. That is to say, teachers can supervise students; Managers can audit teachers and students; Administrators can audit managers, teachers and students.
5. Hosted Apple ID and personal device
Hosted Apple ids can also be used with personally owned iOS devices. Students log into iCloud using an institutionally-issued hosted Apple ID and use an additional home user password as the second factor in the Apple ID two-factor authentication process. When using managed Apple ids on personal devices, the iCloud Keychain is not available, and organizations may limit other features, such as FaceTime or Messages. Any iCloud documents created by students after login will be reviewed in accordance with the above rules.
Seven, called iMessage —
Apple iMessage is a messaging service for iOS devices and Macs. IMessage supports text and attachments such as photos, contacts and locations. All users’ registered devices display messages so that calls can continue from any user’s device. IMessage uses the Apple Push Notification service (APN) extensively. Apple does not log messages or attachments, and their contents are protected by end-to-end encryption, so they cannot be accessed between sender and receiver except sender and receiver. Apple can’t decrypt the data.
How does iMessage send and receive messages
The user starts a new iMessage conversation by entering an address or name. If they enter a phone number or E-mail address, the device contacts IDS to retrieve the public key and APN addresses of all devices associated with the recipient. If a user enters a name, the device first uses the user’s contacts application to collect the phone number and E-mail address associated with the name, and then retrieves the public key and APN address from IDS.
The user’s outgoing messages are individually encrypted for each receiver’s device. Retrieves the public RSA encryption key of the receiving device from IDS. APN can only relay 4 KB or 16 KB messages, depending on the iOS version. If the message text is too long, or if it contains attachments such as photos, encrypt it AES using a randomly generated 256-bit key CTR and upload it to iCloud. The AES key of the attachment, its URI (Uniform Resource Identifier), and its sha-1 hash in encrypted form are then sent to the recipient as iMessage content, its confidentiality and integrity protected by normal iMessage encryption, as shown in the figure below.
2, FaceTime
FaceTime is Apple’s video and audio calling service. Like iMessage, FaceTime calls use the Apple Push Notification service to establish an initial connection to a user’s registered device. The audio/video content of FaceTime calls is protected by end-to-end encryption, so no one can access them except the sender and receiver. Apple can’t decrypt the data.
3, up to
ICloud stores a user’s contacts, calendar, photos, documents, and more, and automatically keeps information on all devices up to date. ICloud can also be used by third-party applications to store and synchronize documents as well as developer-defined key values for application data. Users set up iCloud by logging in with their Apple ID and selecting the service to use. ICloud features (including my Photo stream, iCloud drive, and backups) can be disabled by IT administrators by configuring profiles. The service is independent of what is stored and treats all file content the same way, as a collection of bytes.
4, up to the Keychain
ICloud Keychain allows users to securely synchronize passwords between iOS devices and Macs without exposing that information to Apple. In addition to strong privacy and security, the iCloud Keychain’s other major design and architecture goals are ease of use and the ability to recover key chains. ICloud Keychain consists of two services: key synchronization and key recovery. Apple designed iCloud Keychain and Keychain Recovery so that a user’s password is still protected under the following conditions:
- Users’ iCloud accounts were compromised.
- ICloud is compromised by outside attackers or employees.
- Third-party access user account.
5, Siri
By simply speaking, users can ask Siri to send messages, schedule meetings, make phone calls and more. Siri uses speech recognition, text-to-speech, and client-server models to respond to a wide range of requests. Siri supports tasks designed to ensure that only minimal amounts of personal information are used and that personal information is fully protected.
When Siri is turned on, the device creates random identifiers for use with voice recognition and Siri servers. These identifiers are only used in Siri and are used to improve the service. If Siri is subsequently turned off, the device will generate a new random identifier if Siri is restarted.
To facilitate Siri, some user information from the device is sent to the server. This includes information about the music library (song titles, artists, and playlists), the name of the reminder list, and the names and relationships defined in Contacts. All communication with the server is over HTTPS.
When the Siri session starts, the user’s name (from the contact) and rough geographic location are sent to the server. That’s the question Siri can answer with a name or an answer, with a general location, like about the weather.
If a more precise location is needed, for example, in order to determine the location of a nearby movie theater, the server asks the device to provide a more accurate location. This is an example where, by default, information is sent to the server only when strictly required to process a user request. In any case, session information is discarded after 10 minutes of inactivity.
6, Continuity,
Continuity utilizes technologies such as iCloud, Bluetooth and Wi-Fi to enable users to continue activities from device to device, make and receive phone calls, send and receive text messages and share cellular Internet connections.
-
Handoff With Handoff, users can automatically transfer anything they’re working on from one device to the other when their Mac and iOS devices are close to each other. Handoff lets users switch devices and resume work immediately.
-
Switching between local apps and websites Handoff allows iOS native apps to restore web pages in domains legally controlled by the application developer. It also allows native application user activity to resume in the Web browser. To prevent native applications from claiming to recover web sites that are not under developer control, the application must show legitimate control over the domain to be restored. Establish control over the Web site domain through a mechanism for sharing Web credentials. For more information, see “Accessing Passwords saved by Safari” in the “Encryption and Data Protection” section. Before allowing an application to accept user activity switching, the system must verify the application’s domain name control.
-
In addition to Handoff’s basic capabilities, some applications may choose to use apis to enable sending more data over apple-created peer-to-peer Wi-Fi technology in a similar way to AirDrop. For example, Mail applications use these apis to support switching Mail drafts, which may include large attachments.
-
Common Clipboard The common clipboard uses switches to securely transfer clipboard content from a device to a device so that you can copy and paste it on one device to another. Content is protected in the same way as other toggle data and is shared with the common clipboard by default, unless the application developer chooses not to allow sharing. The application can access the clipboard data whether or not the user pastes the clipboard into the application. Using the universal clipboard, this data access is extended to applications running on other devices (established by iCloud logins).
-
Auto-unlock Supports auto-unlock Macs using Bluetooth low power consumption and point-to-point Wi-Fi securely allows users’ Apple Watch to unlock their Mac. Every powerful Mac and Apple Watch associated with an iCloud account must use two-factor authorization (TFA).
-
IPhone SMS Forwarding SMS forwarding automatically sends short messages received on the iPhone to the user’s registered iPad, iPod Touch or Mac. Each device must use the same Apple ID account to log into the iMessage service. When SMS message forwarding is turned on, registration is verified on each device by entering a random six-digit code generated by the iPhone. Once the device is linked, the iPhone encrypts and forwards incoming SMS text messages to each device using the methods described in the iMessage section of this document. The same method is used to send the reply back to the iPhone, which then sends the reply as a text message using the carrier’s SMS transport mechanism. SMS Settings Enable or disable the SMS forwarding function.
-
Instant Hotspot iOS devices that support instant hotspot use Bluetooth low power to discover and communicate with devices that are logged into the same iCloud account. Compatible Macs running OS X Yosemite later used the same technology to discover and communicate with Instant Hotspot iOS devices. When a user selects a device that can be used for a personal hotspot, a request to open a personal hotspot is sent to the device. The device will then use the same per-message encryption to respond with personal hotspot connection information over the same Bluetooth low-energy link.
Safari suggests, Spotlight suggests, Find, # Images and news widgets
Safari Suggestions, Spotlight Suggestions, Find, # Images and News widgets show users suggestions beyond their devices, including Wikipedia, iTunes Store, local news, map results and App Store, to name a few, before the user starts typing. When the user starts typing in the Safari address bar, opens or uses Spotlight, uses Lookup, opens # Images, or uses the news widget from a non-news country, the following context will be encrypted to Apple using HTTPS to provide the user with relevant results:
- The identifier rotates every 15 minutes to protect privacy
- User search query
- Approximate location of their devices, if they have location service location –
Viii. Equipment control
IOS supports flexible security policies and easy-to-implement configurations and management. This enables organizations to protect enterprise information and ensure that employees meet enterprise needs, even if they use devices they provide themselves, for example as part of a bring your own Device (BYOD) program. Organizations can use resources such as password protection, configuration profiles, remote erasure, and third-party MDM solutions to manage device teams and help secure enterprise data even when employees access this data on their personal iOS devices.
1. Password protection
By default, a user’s password can be defined as a numeric PIN code. On devices with Touch ID, the minimum password length is six digits. On other devices, the minimum length is four digits. Users can specify longer alphanumeric passwords by selecting custom alphanumeric codes under the Password options in Settings > Password. Increasingly complex passwords that are harder to guess or attack are recommended for enterprises. Administrators can use MDM or Exchange ActiveSync to enforce complex password requirements and other policies, or they can require users to manually install profiles.
2. IOS pairing mode
IOS uses the pairing model to control access to devices from the host. Pairing establishes a trigram relationship between a device and the host to which it is connected, represented by public key exchange. IOS uses this trust symbol to enable other functions to connect to the host, such as data synchronization. In iOS 9, services that need to be paired can’t start until the device is unlocked. Also, in iOS 10, certain services (including photo syncing) require unlocking the device to start.
The pairing process requires the user to unlock the device and accept the pairing request from the host. After the user completes this operation, the host and device exchange. In IOS 9, pairing records expire if they have not been used for more than six months.
3. Configure force
Configuration profiles are XML files that allow administrators to distribute configuration information to iOS devices. Settings defined by the installed configuration file cannot be changed by the user. If the user deletes the configuration profile, all Settings defined by the profile are also deleted. In this way, administrators can enforce Settings by binding policies to access. For example, a configuration profile that provides E-mail configuration can also specify a device password policy. Users cannot access mail unless their password matches the administrator’s requirements.
Configuration profiles can also be locked to the device to prevent it from being deleted completely, or to allow only password deletion. Since many enterprise users have their own iOS devices, it is possible to remove the configuration profile that binds the device to the MDM server, but doing so also removes all managed configuration information, data, and applications.
You can use Apple Configurator to install configuration profiles directly on your device, download them through Safari, send them by mail, or send them over the air using the MDM server.
4. Mobile Device Management (MDM)
IOS’s support for MDM enables an enterprise to securely configure and manage iPhone and iPad scale-up across the enterprise. MDM features are based on existing iOS technologies such as configuration profiles, in-flight signups, and Apple Push Notification Services (APN). For example, APN is used to wake up the device so that it can communicate directly with its MDM server over a secure connection. Do not transmit confidential or proprietary information through APN. MDM enables IT departments to register iOS devices in an enterprise environment, wirelessly configure and update Settings, monitor compliance with enterprise policies, and even remotely wipe or lock managed devices.
5. Share ipads
The shared iPad is a multi-user mode for educating iPad deployment. It allows students to share ipads without sharing documents and data. Shared ipads need to use a hosted Apple ID issued and owned by the school. Shared ipads enable students to log in to any organization-owned device in multiple student configurations. Student data is divided into separate home directories, each protected by UNIX permissions and sandboxes. When a student logs in, the managed Apple ID authenticates with Apple’s identity server using the SRP protocol. If successful, a device-specific short command access token is granted. If the student has used the device before, they already have a local user account unlocked.
6. Apple School Manager
Apple School Manager is a service for educational institutions that enables them to purchase content, configure mobile device management automatic Device Registration (MDM) solutions, create accounts for students and staff, and set up iTunes U courses. Apple School Manager is web-accessible and designed for technology administrators, IT administrators, staff and teachers.
7. Equipment registration
The Device Registration Program (DEP) provides a quick and simplified way to deploy iOS devices that organizations purchase directly from Apple or through participating Apple authorized resellers and carriers. Device registration is also a comprehensive function of apple School managers in educational institutions.
8. Remote wipe
IOS devices can be remotely deleted by administrators or users. Instant remote wipe is implemented by securely discarding the block Storage encryption key from Effaceable Storage, thus making all data unreadable. Remote erase commands can be initiated by MDM, Exchange, or iCloud. When MDM or iCloud triggers a remote erase command, the device sends confirmation and performs the erase. To remotely erase through Exchange, the device checks in with Exchange Server before performing the erase. Users can also erase their own devices using the Settings app. As mentioned above, the device can be set to automatically erase after a series of failed password attempts.
9. Lost modes
If a device is lost or stolen, the MDM administrator can remotely enable lost mode on the supervised device using iOS 9.3 or higher. When the lost mode is enabled, the current user is logged out and the device cannot be unlocked. The screen displays messages that can be customized by the administrator, such as the phone number of the device to be discovered. When a device is in lost mode, the administrator can request the device to send its current location. When the administrator turns off the “Lost Mode” mode, the only way to exit the mode is to notify the user of the action by locking the message on the screen and an alert on the home screen.
Activate the lock
When Find My iPhone is turned on, you cannot restart the device without entering the owner’s Apple ID credentials. Using an organization-owned device, it is a good idea to monitor the device so that the organization can manage activation locking rather than relying on individual users entering their Apple ID credentials to reactivate the device. On supervised devices, the compatible MDM solution can store the by-pass code when active locking is enabled, which can then automatically clear active locking when the device needs to be erased and assigned to a new user.
By default, the monitored device does not enable activation lock even if the user turns Find My iPhone on. However, the MDM server can retrieve the bypass code and allow activation locking to be enabled on the device. If Find My iPhone is enabled when activation locking is enabled on the MDM server, it will be enabled at this time. If Find My iPhone is turned off when the ACTIVATION lock is enabled on the MDM server, it will be enabled the next time the user activates Find My iPhone.
Ix. Privacy control
1. Location services
Location services use GPS, Bluetooth and crowd-sourced Wi-Fi hotspots and cell tower locations to determine a user’s approximate location. The location service can be turned off using a single switch in the Settings, or the user can authorize access to each application that uses the service. An application may require location data to be received while the application is in use, or allow it to be used at any time. Users can choose not to allow this access and can change their choice at any time in Settings. From Settings, access can be set to never allowed, allowed to be used when, or always, depending on the location of the application’s request. In addition, if an application that readily allows access to the location of use uses this permission in background mode, the user is reminded of their approval and the application’s access permission may be changed.
2. Access to personal data
IOS helps prevent apps from accessing users’ personal information without permission. In addition, in Settings, users can see that they allow access to certain application information and grant or revoke permissions • Contacts • Calendar • Reminders • photos • Sports activities and fitness • Location services • Media library • Social media accounts such as Twitter and Facebook access. • Microphone • Camera •HomeKit • Health • Voice recognition • Bluetooth Sharing If a user logs in to iCloud, apps are accessed to iCloud Drive by default. Users can control access to each app in iCloud from Settings. In addition, iOS provides restrictions that prevent data movement between MDM and user installed applications and accounts.
Apple security Bounty
Apple rewards researchers who share key issues with Apple. To be eligible for the Apple Security award, researchers need to provide a clear concept of reporting and proof of work. The vulnerability must affect the latest iOS and associated latest hardware. The exact amount of payment will be determined by Apple after review. Criteria include novelty, likelihood of exposure, and degree of user interaction required. Once issues are properly shared, Apple can fix the identified issues as quickly as possible. Apple will provide public approval unless otherwise requested.
I feel like I’m going blind