On May 7, 2015, the U.S. Patent & Trademark Office published a patent application from Apple that reveals techniques for authenticating financial transactions conducted by electronic devices via wireless communication. In short, Apple's patent provides us with an overview of Apple Pay in its most current state.
Apple's Patent Background
Many modern electronic devices include a networking subsystem that is used to wirelessly communicate with other electronic devices. For example, these electronic devices can include a networking subsystem with a cellular network interface (UMTS, LTE, etc.), a wireless local area network interface (e.g., a wireless network such as described in the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard or Bluetooth from the Bluetooth Special Interests Group of Kirkland, Wash.), and/or another type of wireless interface (such as a near-field-communication interface).
Because of the popularity of these electronic devices and the convenience provided by this wireless-communication capability, there is increasing interest in using electronic devices to conduct financial transactions. For example, a so-called "digital wallet" application executing on a cellular telephone may be used to pay for a purchase at a point-of-sale terminal.
However, security remains a concern in using wireless communication to conduct financial transactions. For example, many financial institutions (such as banks and credit-card providers) require that a user provide some form of authentication (such as a signature or a personal identification number) that confirms the user's identity before a financial transaction can be completed. However, it can be challenging to provide a secure end-to-end system to communicate this authentication information during communication within the electronic devices and between the electronic devices.
In addition, many existing approaches for communicating the authentication information when conducting a financial transaction via wireless communication are cumbersome (such as requiring users to repeat the same operations multiple times), and can consequently degrade the user experience. Therefore, security issues continue to restrict the use of electronic devices to conduct financial transactions, and thus constrain associated commercial activity.
Apple's Overview of Apple Pay
Apple's invention relates to techniques for authenticating financial transactions conducted by electronic devices via wireless communication. In short, Apple's patent provides us with an overview of Apple Pay in its most current state. The emphasis of the patent filing is reflected in its title "Using Bioauthentication in Near-Field-Communication Transactions."
Apple notes that an electronic device will include a secure element with a payment applet that conducts a financial transaction with another electronic device; and a processor with a secure enclave processor that securely communicates with the secure element using one or more encryption keys.
During operation, the processor compares authentication information with stored authentication information using the secure enclave processor, and provides an authentication-complete indicator to the secure element via the secure enclave processor if a match is obtained between the authentication information and the stored authentication information. This authentication-complete indicator enables the payment applet to conduct the financial transaction.
Note that the payment applet may execute in an environment (such as an operating system) of the secure element.
Moreover, the electronic device may include: an antenna; and an interface circuit that communicates with the other electronic device, where the financial transaction is conducted via wireless communication. For example, the electronic device may communicate with the other electronic device via near-field communication, and the financial transaction may be initiated by positioning the electronic device in close proximity to the other electronic device.
Furthermore, the electronic device may include a biometric sensor, and the authentication information may include a biometric identifier acquired by the biometric sensor.
In some embodiments, the authentication information includes one of: a personal identification number associated with the payment applet; and a passcode for unlocking at least some functionality of the electronic device.
Additionally, the secure element may include an authentication applet that sets an authentication-complete flag in an operating system of the secure element based on the authentication-complete indicator. This authentication applet may decrypt an encrypted token received from the secure enclave processor using an encryption key, and the token may include the authentication-complete indicator.
Alternatively or additionally, the secure element may include a second payment applet that conducts a second financial transaction via the interface circuit without enablement based on the authentication-complete indicator.
In some embodiments, the electronic device includes memory that stores a program module that is executed by the processor to perform authentication. In particular, the program module may include instructions for at least some of the aforementioned operations, such as: receiving the authentication information; comparing the authentication information with the stored authentication information using the secure enclave processor; and providing the authentication-complete indicator to the secure element via the secure enclave processor and the interface circuit if a match is obtained between the authentication information and the stored authentication information.
Moreover, prior to the instructions for receiving the authentication information, the program module may include instructions for: providing an activation command to the payment applet via the secure enclave processor and/or the interface circuit, where the payment applet may conduct the financial transaction after receiving the activation command and based on the authentication-complete indicator; receiving an activation response from the payment applet via the interface circuit and/or the secure enclave processor; and requesting the authentication information based on the activation response.
Furthermore, the program module may include instructions for conducting the financial transaction after receiving information indicating that the electronic device is proximate to the other electronic device.
Apple's patent FIG. 2 noted below shows us that electronic devices may include subsystems relating to authentication, processing, memory, security and networking.
The data stored in secure element #230 is illustrated in Apple's patent FIG. 3 noted above. In some embodiments there is one or more payment applets (such as payment applet 236-4). In some embodiments, secure element #230 stores, for at least for one of payment applets #236, a PIN that is associated with this payment applet. For example, as shown in FIG. 3, payment applets 236-1 and 236-2 may store associated PINs.
The Wireless Handshake
The handshaking in the aforementioned authentication technique is illustrated in FIG. 5, which presents a drawing illustrating communication within electronic device 110 (FIG. 1) and between electronic devices 110 and 112 (FIG. 1). Note that the operations illustrated in FIG. 5 may include challenge and response operations, which are not shown for clarity.
During the communication in FIG. 5, in response to an instruction from a user of the electronic device, passbook #248 may provide an activation command associated with a payment applet to an authentication applet #232 in secure element #230. In response, authentication applet #232 may set an activated flag and may provide an activation response associated with the payment applet to passbook #248.
Then, the passbook may provide a request for a biometric identifier (and, more generally, authentication information) to secure enclave processor #220, which may request that biometric sensor #226 performs a fingerprint read. After acquiring the fingerprint of the user, the biometric sensor provides the fingerprint to secure enclave processor.
Next, the secure enclave processor compares the fingerprint to a stored fingerprint of the user. If a match is obtained, the secure enclave processor provides an authentication-complete indicator to the authentication applet which may set an authentication flag and may provide a response indicating that the user is authenticated to the secure enclave processor and, in turn, the passbook.
Subsequently, the electronic device may request credit-card data associated with the now activated and authenticated payment applet via near-field communication with interface circuit #222, which communicates the request to secure element #230. In response, the secure element provides the credit-card data to the interface circuit which communicates the credit-card data via near-field communication to the electronic device.
Apple credits Ahmer Khan as the sole inventor of patent application 20150127550 titled "Using Bioauthentication in Near-Field-Communication Transactions," which was originally filed in Q2 2014. A secondary filing titled "Using Biometric Authentication for NFC-Based Payments" was published today under patent application number 20150127549. More of Apple's patents regarding an electronic wallet can be found in our extensive archive.
Patently Apple presents a detailed summary of patent applications with associated graphics for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for full and accurate details. About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Comments are reviewed daily from 5am to 7pm MST and sporadically over the weekend.