updated 01:10 am EST, Thu February 27, 2014
Apple changes and adds to mobile device management programs
Ahead of the release of iOS 7.1, expected in the middle of next month, Apple has proceeded with an overhaul of its existing Mobile Device Management (MDM) platforms for educational, enterprise and institutional clients. It launched a new Volume Services web site earlier this month, and has now activated a number of features on that site, kicking off a big push for large-scale iOS deployments.
The changes only affect companies and institutions that deploy iOS devices en masse to employees, but the changes are significant. There is a new "zero-touch" configuration tool, allowing IT admins to set and lock profiles and data over-the-air in such a way that can't be easily undone. Also much changed is Apple's Volume Purchasing Program (VPP) for institutional media and app buying, and the Apple ID for Students program, which allows children younger than Apple's minimum age to acquire Apple IDs in conjunction with a specific institution with parental approval. Enrolment for the various programs is now handled through a new, easier web page.
Details of Touch ID, Secure Enclave detailed in new white paper
Apple on Wednesday released a new white paper explaining technical details behind both its TouchID technology (acquired from AuthenTec) and the "Secure Enclave" in the A7 processor that protects the fingerprint data. First found by TechCrunch on the "iPhone in Business" page of Apple's website, the paper reveals that the enclave is actually a co-processor built into the chip, featuring its own secure boot sequence and separate software update mechanism, and "maintains the integrity of Data Protection even if the kernel has been compromised."
Each Secure Enclave is given its own UID that is not available to the rest of the system, nor known to Apple. It creates a key that is used to encrypt its portion of the iPhone's memory space. The paper also confirms that the Touch ID system continues to learn more about the user's fingerprint after the initial training period, adding newly-identified overlapping nodes to the original fingerprint map. Once the original and new information is processed, the original raster scan is discarded.