In the previous article How Secure is Apple Pay I had made some assumptions on how Apple may go about implementing a secure link between the iPhone 6 and the back end server. I came across this Patent Application and it appears as if most of my guesses on its implementation are indeed true! Here are some of the salient features:
- Apple is using PKI or a similar method to create a Public-Private Key Pair which forms the basis of the secure link.
- Apple calls the hash of data as an alias but it is essentially the same concept of using a Hash algorithm to store the digest and use that to communicate with the server.
- In addition to NFC, Apple also proposes using WiFi or other wireless protocols to establish communication securely with the POS(Point Of Sale) machine.
- POS terminal software has to be enhanced significantly to support Apple Pay.
All the above information as detailed in their patent application is not new. The only novelty is the concept of using NFC in a secure mode of data transaction with a Smartphone. Sony Corporation had implemented a similar system years ago in Japan called Suica and I am reasonably sure it has a lot of Intellectual Property wrapped around this. It remains to be seen if the US Patent Office will approve this application. Additionally, Apple suggests using more than one Wireless interfaces (such as WiFi) to communicate between POS terminal and the iPhone. Keeping WiFi on will drain the battery and I am not sure how many leave it on all the time on their iPhones. Plus how will the user's iPhone know the WiFi password of the router at say a J C Penney Point of Sale Terminal? This part really beats me!
Apple Pay is one of the more compelling reasons to upgrade to iPhone 6 and I believe it still needs to do a lot of work at the Point of Sale(POS) terminal end. It assumes that POS terminals are set up to read encrypted data from a Near Field Communications device (such as the iPhone) and transmit the information in its original encrypted form to the Bank that issued the Credit Card. The server at the Bank and the encryption chip on your iPhone will then have to communicate and establish a secure link using PKI into which the POS terminal will have to tap in to enter amount/ product code etc. Apple has announced the availability of Apple Pay by October but I am sceptical.
I expect some corner cases to be ignored to make the shipment date, which as of today says October. Let us give the benefit of doubt to Apple and assume that Apple Pay will be enabled on October 31st. But Apple left out the year!