Apple has applied for a patent (via AppleInsider) related to its new Apple Pay mobile payment system, and within the document, it goes into detail about how the near field communication between the phone and the payment terminal at participating stores works. Essentially, it explains in more technical and specific terms what Apple talked about on stage at its iPhone 6 event in September, but it’s well worth a closer look, especially as it details some of the things Apple didn’t talk about with much specificity, like how Apple Pay works on accessories like the Apple Watch.
The filing discusses the basics, like how Apple’s new smartphone uses an NFC module to communicate to a merchant’s payment terminal. But it discusses in detail the way the tokenized transfer occurs, whereby shoppers only transfer a special, single-use digital token that the POS system will decode using a shared secret, but at no time does a user’s credit card information ever actually leave the secure enclave contained on the user’s device. That applies to the Apple Watch, too, which also has a secure enclave chip to store payment info.
Basically, it’s like your phone and your merchant’s terminal agree upon a secret passphrase, and when that’s successful, they pass the info on to the payment provider (Chase, Bank of America, etc.) which then authorizes the payment. Only you and the payment card provider ever know the credit card number used; the merchant’s terminal only ever knows the passphrase, which is unique and automatically generated for one-time use.
Apple does this so that even if the NFC communication is hacked and intercepted by outside forces, the data they can steal is completely worthless. It’s a measure designed to alleviate the fear that transferring any kind of payment information wirelessly sets a user up for attack, which is likely one of the factors involved in slow adoption of NFC payment methods thus far.
The patent also talks about how a user device generally isn’t using NFC actively, but can detect a payment terminal using passive detection methods, which then prompts the NFC receiver to move from an idle to an active state. That will let it initiate a transaction, which is authorized by use of the fingerprint scanner on the iPhone 6, or a confirmation input on the Apple Watch.
Apple’s patent also details how even devices that don’t have a current active connection to a cellular network (like an Apple Watch used away from an iPhone) will still be able to use Apple Pay, so long as they contain the user’s stored payment information on their secure enclave. That means the enclave will be functionally no different from a physical credit card, at least in terms of requirements to operate, so long as a merchant has a compatible payment terminal. That could be ideal for the forthcoming iPad, which is rumored to offer Touch ID and Apple Pay, and which won’t always have an active connection, especially with Wi-Fi only models.