Non-practicing entity Identity Security on Monday filed a lawsuit against Apple, claiming the tech giant’s Secure Enclave technology, present in nearly every major product line, infringes on four owned patents.
Lodged with the patent holder-friendly U.S. District Court for the Western District of Texas, Identity Security’s suit takes issue with Apple’s Secure Enclave, an on-device technology that protects sensitive user data by isolating it in a dedicated subsystem. The system is integrated into Apple’s system-on-chip designs currently deployed in iPhone, iPad, Apple Watch, Mac, Apple TV and HomePod.
Identity Security claims Apple’s implementation of a secure enclave in its various hardware solutions infringes on U.S. Patent Nos. 7,493,497, 8,020,008, 8,489,895 and 9,507,948, each of which details methods of improving user security by creating a digital identity that resides on a unique microprocessor device. Password and biometric protection are also mentioned in the intellectual property, as is encryption and the possibility of integrating such solutions with digital payments.
The IP owned by Identity Security lists use cases as including secure storage and communication of a user’s name, digital picture, address, date of birth, social security number, driver’s license number, digital photograph, biometric information, credit card information, bank account information, incorporation name, date and place of incorporation, name of a corporate officer, corporate partner, and a database administrator name. Patent claims in part detail implementations for corporations, not necessarily consumers.
All four patents list Aureliano Tan, Jr. as their inventor and were initially assigned to Integrated Information Solutions in applications dating back to 2000.
Apple’s Secure Enclave debuted in 2013 with iPhone 5S as a way to safely store a user’s fingerprint data. That year also saw the introduction of Apple’s first biometric authentication apparatus — Touch ID.
As later detailed by Apple in a technology white paper, the Secure Enclave is a coprocessor built into the company’s SoC designs. The component requires its own boot sequence and software update mechanism and is responsible for “all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has been compromised.”
Starting with the A11 and S4 processors, Secure Enclave now includes a “memory-protected engine and encrypted memory with anti-replay capabilities, secure boot, a dedicated random number generator, and its own AES engine,” according to Apple. Its processor runs a customized version of the L4 microkernel.
Identity Security does not make note of real world applications of its four owned patents, suggesting the technology was never licensed.
The suit seeks damages, court fees, and an ongoing royalty.