“On January 16, 2014, the US Patent & Trademark Office published a patent application from Apple that reveals a secure iWallet system that goes beyond NFC to include new Air Interfaces including a form of Bluetooth, such as iBeacon,” Jack Purcher reports for Patently Apple.
“Apple began to roll out iBeacon for Apple stores in December and so we’re getting closer to Apple’s iWallet application,” Purcher reports. “Apple’s invention generally relates to methods and apparatuses for conducting a wireless commercial transaction that is both user friendly and secure.”
“Increased mobility is provided to users of the portable device making purchases by establishing a second secure link that uses a different protocol, such as WIFI or Bluetooth, that has more desirable characteristics for maintaining the link over time than NFC,” Purcher reports. “It would appear that Apple is referring to iBeacon without naming it as such. In one application, Wikipedia notes that iBeacon ‘could enable payments at the point of sale (POS) where you don’t need to remove your wallet or card to make a payment. It could be a possible Near Field Communication (NFC) competitor.’ So it’s a perfect fit for the application noted in Apple’s invention.”
Much more, includng Apple’s patent application illustrations, in the full article here.
“Passing sensitive credit card information stored on board a device through to a POS or backend server is dangerous as rogue apps may steal the data as it moves through the applications processor. Instead, the invention calls on a “secure element” located on-board a device to generate an alias for customer account information, which is then sent to the server along with a shared secret, or crypto key,” Mikey Campbell reports for AppleInsider. “Mentioned multiple times in the patent language, the “secure element” appears to operate in a similar fashion as the “secure enclave” found in the iPhone 5s’ A7 system-on-a-chip. In its current form, the enclave serves to protect Touch ID fingerprint data from snooping apps, but the system could potentially be used to safeguard payment information as well. As it is, both the patent and the existing secure enclave create aliases for outgoing data.”
Read more in the full article here.
“Passing sensitive credit card information stored on board a device through to a POS or backend server is dangerous as rogue apps may steal the data as it moves through the applications processor.”
This doesn’t sound very likely.
I know this is very recent news. But this EXACT scenario is what has hacked and stolen customer accounts at SEVERAL retail stores, not just Target. We still don’t know the limit of the this security catastrophe, but Target so far estimates over 110 MILLION accounts were stolen.
The malware involved had infected all of Target’s credit card readers, which run on an embedded version of Windows, gawd help them. From what experts can tell at this point, there was no physical access to the devices. The malware was networked into every device. How it got into the network is uncertain, except we know their network is connected to the Internet, that primary vector for malware these days.
Then last week we learned about the NSA physically implanting backdoor hardware into all things computerized for the purpose of surveillance. If the NSA can access these devices, so can my 12 year old nephew. Not kidding.
Syntax error Alert. By ‘can access these devices’ I should have said ‘can wirelessly connect to these devices’.
The only thing stopping the script kiddies from using these backdoors would be encryption. So does the NSA use encryption when they use wireless surveillance? I’m betting they don’t. Recall their lack of encryption of data in drone surveillance, allowing the enemy to watch drone’s cameras alongside the US military. Oops.
You know back in the 1880’s, during the heyday of the outlaw cowboy, most people couldn’t read and write. You’d have people like Jesse James, Robert Ford (the guy who killed Jesse James by shooting him from the back as he was adjusting a picture frame in his house) and Wyatt Earp (sheriff of Tombstone) who were functionally illiterate. So most of the cowboys would sign their bar chits using a thumbprint or an ‘X’ because they couldn’t sign their own names.
Now in 2014, you have fingerprint readers built into the iPhone that remove the need for you to sign a credit card receipt because you can just incorporate iWallet as a payment system and authenticate the purchase by pressing your thumb against the fingerprint reader. We seem to have moved full circle in terms of using our fingerprints to sign for legal documents.
LOL Very true.
When you think about it the idea of using a fingerprint scanner to verify an authorized user is much more secure than current systems especially when mated to a an encrypted single use code. It would almost eliminate the Target situation because the store wouldn’t have the information.
My wallet has cash and a chain through it and my pants. I feel secure about buying at Target but I always go back to Walmart because of the prices.