This post is still in a 'beta' stage and more information will be added to it as we find out more about Touch ID.
Apple has embedded a fingerprint sensor into the iPhone 5s's Home Button as a way to bypass the lock screen's passcode. This is Touch ID.
All fingerprint information is encrypted and stored in the A7 chip. Touch ID it does stores "mathematical representation" of fingerprints.
The iPhone 5s has an advanced security architecture called the Secure Enclave - within the A7 chip that protects and verifies fingerprint matches. Apple said the Secure Enclave is "walled off from the rest of A7 and as well as the rest of iOS", meaning only Touch ID has access to fingerprint data.
TouchID has 4 header files:
PSBiometricIdentity.h SBUIBiometricEventMonitor.h SBUIBiometricEventObserver.h BiometricKitDelegate.h
Which can all be found at: developer.limneos.net.
The main class is BiometricKit which is a singleton class (+manager).
The PSBiometricIdentity.h is responsible for the settings of TouchID which can be found in settings >General > TouchId & Passcode > Touch ID. The 2 SpringBoardUIServices headers are responsible for scanning and detecting the finger on the lock screen; they use the delegate methods to for example match the finger like in the -(void)matchResult:(id)arg1; method.
If you log the argument of that method you will get something around the lines of: -[<SBUIBiometricEventMonitor: 0x17867c3c0> matchResult:<BiometricKitIdentity: 0x1782562f0>] . That <BiometricKitIdentity: 0x1782562f0> is the name of the finger that was just scanned and verified. Now we know from Apple that Touch ID is stored on the A7 Processor chip inside the 5s in a secure enclave. What do we not know? How much storage is their in this secure enclave? Is it variable?...
You can also Google "Biokit.h", and from the Gist you can see the headers of the BiometricKit.framework. (You can also dump them yourselves, it is shipped with the iPhoneOS 7.0 SDK on Xcode and of course on an iPhone 5s.) You will find more interesting classes, such as:
- BiometricKitIdentity (representing the enrolled fingerprints with name, UUID, etc.)
- BiometricKitMatchInfo (contains presumably the actual fingerprint digital representation with up to 15 "topology nodes", returned from BiometricKitDelegate's - (void)matchResult:(BiometricKitIdentity *) withDetails:(BiometricKitMatchInfo *))
- BiometricKit, its delegates and other XPC stuff
- (void)biometricEventMonitor:(SBUIBiometricEventMonitor *) handleBiometricEvent:(unsigned) from SBLockScreenManager would be invoked always after the screen is on and a fingerprint is registered. One exception is when the user enters the TouchID settings under Preferences.app, where the app took control of all the callbacks, and we have to lock and unlock the screen again in order to receive messages from the aforementioned callback again.
The same issue happens if you hook up to the BiometricKitXPCClient's - (void)matchResult:(BiometricKitIdentity *) withDictionary:(NSDictionary *);; or use the good old delegate way with [BiometricKit manager]. I'm still trying to figure out how to revive that, if you found any way around this please do share with us.