This post is still in a 'beta' stage and more information will be added to it as we find out more about Touch ID.
Apple has embedded a fingerprint sensor into the iPhone 5s's Home Button as a way to bypass the lock screen's passcode. This is Touch ID.
All fingerprint information is encrypted and stored in the A7 chip. Touch ID it does stores "mathematical representation" of fingerprints.
The iPhone 5s has an advanced security architecture called the Secure Enclave - within the A7 chip that protects and verifies fingerprint matches. Apple said the Secure Enclave is "walled off from the rest of A7 and as well as the rest of iOS", meaning only Touch ID has access to fingerprint data.
TouchID has 4 header files:
PSBiometricIdentity.h SBUIBiometricEventMonitor.h SBUIBiometricEventObserver.h BiometricKitDelegate.h
Which can all be found at: developer.limneos.net.
The main class is BiometricKit which is a singleton class (+manager).
The PSBiometricIdentity.h is responsible for the settings of TouchID which can be found in settings >General > TouchId & Passcode > Touch ID. The 2 SpringBoardUIServices headers are responsible for scanning and detecting the finger on the lock screen; they use the delegate methods to for example match the finger like in the -(void)matchResult:(id)arg1; method.
If you log the argument of that method you will get something around the lines of: -[<SBUIBiometricEventMonitor: 0x17867c3c0> matchResult:<BiometricKitIdentity: 0x1782562f0>] . That <BiometricKitIdentity: 0x1782562f0> is the name of the finger that was just scanned and verified. Now we know from Apple that Touch ID is stored on the A7 Processor chip inside the 5s in a secure enclave. What do we not know? How much storage is their in this secure enclave? Is it variable?...
BiometricKit.framework is the main TouchID private framework compiled only for arm64. You can also Google "Biokit.h", and from the Gist you can find the headers for the BiometricKit.framework. (You can also dump them yourselves, it is shipped with the iPhoneOS 7.0 SDK on Xcode and of course on an iPhone 5s.) Note that if you decide to use the BiometricKit class and the BiometricKitDelegate in your own app, the app needs the entitlements of com.apple.private.biometrickit.allow and com.apple.private.bmk.allow.
BiometricKitIdentity represents the enrolled fingerprints on the device. Properties for the user-defined name and UUID are available. You can get an array of all identities with [[BiometricKit manager] identities:nil].
BiometricKitMatchInfo contains presumably the actual fingerprint digital representation with up to 15 "topology nodes", returned from BiometricKitDelegate's - (void)matchResult:(BiometricKitIdentity *)result withDetails:(BiometricKitMatchInfo *)details. Both parameters would be nil if no match is found.
Getting scan results
- (void)biometricEventMonitor:(SBUIBiometricEventMonitor *) handleBiometricEvent:(unsigned) from SBLockScreenManager would be invoked always after the screen is on and a fingerprint is registered. One exception is when the user enters the TouchID settings under Preferences.app, where the app took control of all the callbacks, and we have to lock and unlock the screen again in order to receive messages from the aforementioned callback again.
This issue happens if you hook up to the BiometricKitXPCClient's - (void)matchResult:(BiometricKitIdentity *)result withDictionary:(NSDictionary *)dictionary; or if you go the good old delegate way with [BiometricKit manager]. I'm still trying to figure out how to revive that, if you found any way around this please do share with everyone.