“On January 16, 2014, the US Patent & Trademark Office published a patent application from Apple that reveals a secure iWallet system that goes beyond NFC to include new Air Interfaces including a form of Bluetooth, such as iBeacon,” Jack Purcher reports for Patently Apple.
“Apple began to roll out iBeacon for Apple stores in December and so we’re getting closer to Apple’s iWallet application,” Purcher reports. “Apple’s invention generally relates to methods and apparatuses for conducting a wireless commercial transaction that is both user friendly and secure.”
“Increased mobility is provided to users of the portable device making purchases by establishing a second secure link that uses a different protocol, such as WIFI or Bluetooth, that has more desirable characteristics for maintaining the link over time than NFC,” Purcher reports. “It would appear that Apple is referring to iBeacon without naming it as such. In one application, Wikipedia notes that iBeacon ‘could enable payments at the point of sale (POS) where you don’t need to remove your wallet or card to make a payment. It could be a possible Near Field Communication (NFC) competitor.’ So it’s a perfect fit for the application noted in Apple’s invention.”
Much more, includng Apple’s patent application illustrations, in the full article here.
“Passing sensitive credit card information stored on board a device through to a POS or backend server is dangerous as rogue apps may steal the data as it moves through the applications processor. Instead, the invention calls on a “secure element” located on-board a device to generate an alias for customer account information, which is then sent to the server along with a shared secret, or crypto key,” Mikey Campbell reports for AppleInsider. “Mentioned multiple times in the patent language, the “secure element” appears to operate in a similar fashion as the “secure enclave” found in the iPhone 5s’ A7 system-on-a-chip. In its current form, the enclave serves to protect Touch ID fingerprint data from snooping apps, but the system could potentially be used to safeguard payment information as well. As it is, both the patent and the existing secure enclave create aliases for outgoing data.”
Read more in the full article here.