Apple Files For Patent For Its Apple Pay e-Payment System
Apple has filed for a detailed patent covering its Apple Pay processes that use Near Field Communication (NFC) technology and secure tokens in order to assist in the processing of digital payments using their new e-payment system.
The patent runs through the basics of how the the payment system works. Using a near field communication module a handset like the latest iPhone can locate a point of sale terminal by the electromagnetic field it emits.
The system then runs authentication both on the iPhone device and the point of sale terminal. The authentication on the user device is done first via the Touch ID fingerprint sensor and then using credentials and token-based payment information that is encrypted before sending it across for payment processing. The merchant that actually does the payment processing part of the transaction can then connect to a payment network to check that the credentials match up and log the financial transaction for their records.
An expanding list of payment partners such as Visa, Mastercard, Bank of America, Chase, American Express and Wells Fargo are mentioned as either payment networks or banks that issue debit or credit cards to customers. The system apparently uses both hardware and software encryption to ensure secure information and transfer of payment data.
The patent also mentions that non-connected devices can also conduct some of the payment functions which would include the forthcoming Apple Watch which is already understood to be compatible. A Secure Element chip holds the credit card information securely. However this is only used to create unique digital tokens that can be decoded by a point of sale system. In this way, a hacker cannot intercept the digitized token and make use of it.
The essence of the system is that non-connected devices such as a new iPad with Touch ID and the Secure Element chip can store payment card information and then be disconnected from the internet. The device could then be used with a point of sale terminal to transmit a unique digital token for their purchase even if they're not connected to the internet at that time. In essence then, the Apple Pay system works not unlike a credit card but without the risk of someone cloning the card in a restaurant with a card reading device under the counter.
It remains to be seen whether these point of sale terminals will be hit with malware that reveals the way that the digitized tokens are decrypted and operate. If that were to happen then whilst the hacker may not know the actual credit card numbers which were never actually transmitted to the point of sale terminal, they perhaps could instigate several additional transactions using a hacked terminal. What Apple would do in that case we'll just have to wait and see. The Apple Pay system clearly represents an interesting target for hackers who like a challenge.