A newly published Apple patent application uses a secure element in a mobile phone to store cardholder data, NFC to initiate a transaction and Bluetooth or WiFi to complete the processing of a transaction and return coupons and other information to the customer’s device.
A “secure enclave”, believed to employ the same technology used in NFC secure elements and “chip and pin” smart cards, is already included in Apple’s iPhone 5S and used to store the user’s fingerprint template for its recently introduced TouchID biometric verification feature. Apple has not yet included an NFC antenna in any of its devices, however.
In US patent number 20140019367, Method to send payment data through various air interfaces without compromising user data, Apple sets out a system that uses a secure element to store payment card data. This data could then be sent directly from the secure element to the merchant’s POS terminal via NFC in the usual way or, alternatively, NFC could be used only to initiate a transaction.
In this case, once an initial link-up had been established via NFC, payment card data would be sent from the secure element to the application processor and then on to the POS terminal, via WiFi or Bluetooth, in an encrypted format — using an alias, cryptographic data and a shared secret known only by the secure element and a backend processor — since, as Apple explains, “the confidentiality of data sent to the application processor may be compromised, eg, by a rogue application.”
The advantage of this approach, the patent says, is that NFC establishes a secure link quickly and conveniently at a point of sale but:
Transactions that include sending additional data between the POS terminal and the portable device, such as additional payment information, coupon offers, coupon data, and the like, can continue for some time, during which the portable device is kept in the same location within centimetres of the POS terminal.
Holding or setting the device near the POS terminal becomes inconvenient for users, so NFC is less desirable for longer transactions such as those that involve transferring more data than used by the payment information or use more time than used in the NFC connection establishment process.
The establishment of the NFC link, which occurs quickly, is referred to herein as an initial “bump” because the devices may touch each other momentarily when the NFC connection is being established.
The system could also be used to make online purchases, Apple adds, as well as in an offline retail environment, in cooperation with a partner merchant acquirer or card network.