Apple Platform Security Guide updated with Unlock with Apple Watch, Magic Keyboard details

Apple has updated its Platform Security Guide, providing more information about how the Unlock with Apple Watch feature in iOS 14.5 and Touch ID on the iMac Magic Keyboard works.

The company routinely updates the security guide to incorporate information about new features. The Platform Security Guide contains detailed and in-depth information about Apple's privacy and security mechanisms.

For example, the update on Monday sheds new light on the secure channel between the Magic Keyboard with Touch ID and the Secure Enclave in an M1 iMac.

Before a Magic Keyboard is able to unlock a Mac, Apple says that it needs to be securely paired to the machine. Apple says the Secure Enclave in the iMac and the PKA block in the Magic Keyboard exchange public keys and use other cryptographic mechanisms to attest to their identities. Once a pair is successful, it encrypts all traffic between the two devices.

According to Apple, that channel is "established in the factory by using a unique key shared between" the iMac and the keyboard. Apple says it's the same mechanism that's used to create a channel between a Secure Enclave and a built-in fingerprint sensor.

Apple has also offered new details on the cryptography behind the Unlock with Apple Watch feature in iOS 14.5, which allows users to more easily unlock an iPhone with Face ID if they're wearing a mask. There's also new information about the security parameters that govern the use of the feature.

The feature uses the same mechanism as auto unlock for Mac. The guide states that a mutually authenticated station-to-station (STS) protocol that uses long-term keys that are established when the feature is enabled. Once two devices are paired, unique and ephemeral keys are negotiated for each unlock request.

Apple says the tunnel is negotiated directly between the Secure Enclave is both devices. That means all cryptographic material is kept within that secured box.

The distance between the two devices must also be two to three meters or less. An iPhone must also have been unlocked at least once since the Apple Watch was placed on a user's wrist and unlocked. The Apple watch must not be in bedtime mode, and sensors must be able to determine whether the nose and mask of the user are covered.

The last update to the Platform Security Guide came in February. At the time, Apple expanded the guide to nearly 200 pages and added features about Apple Silicon, car key security, and password monitoring, as well as information about Apple's Security Research Device program.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.