In the first two chapters of this series describing Apple's forthcoming e-wallet functionality, we covered such matters as Apple's iPhone transaction system, the overview of various transactions, the NFC-iPhone tap operation, credit cards, smart/debit cards, check handling and split-billing. In the third part of our series we present you with an overview of Apple's financial patent which focuses on a future iPhone interacting with Automatic Teller Machines or ATMs. Our report walks you through the basics of Apple's Transaction Application interface while exploring some of the more interesting security features it will be offering, such as advanced gestural and voice signature capabilities and a very unique ever-changing numeric pad interface for PINs. There's no doubt that the e-Wallet revolution is on the horizon and with every Apple patent that we are privileged to explore on this subject, we are actually peering through the peep hole of Apple's engineering lab and seeing but a glimpse of the grandeur of Apple's vision of the e-wallet of tomorrow.
Apple's patent is directed towards techniques for providing security for wireless communications, including conducting a financial transaction, using a portable electronic device. The electronic device integrates several functionalities for such communications, including but not limited to, initiating communications, authenticating the portable electronic device and/or the user for a transaction, and completing the transaction. One or more input devices, such as a scanner, camera, keypad, near field communication (NFC) device, network device, or positioning device may be used to acquire information that may be used to authenticate the transaction. For example, a scanner or camera may be used to obtain information that may be fed back through an NFC communication channel to authenticate that the device is located at a particular location. Alternatively, a network device or positioning device may be used to authenticate the location of the device relative to a particular transaction terminal. These embodiments and others will be described in greater detail below.
The NFC Based iPhone for Purchases or ATM Transactions
Apple's patent begins with an overview of the iPhone and its built-in NFC (Near Field Communication) capabilities which were discussed in several earlier chapters. The focus of this report is about specific forms of transactions. We could clearly see the illustration of the iPhone below having a new transactions icon that displays a simple dollar symbol - noted as icon 32. When the Transactions icon is selected, the iPhone will open an application for conducting a financial transaction. The application may facilitate purchases or other financial transactions, such as those related to using an automatic teller machine (ATM).
The portability of the iPhone (= device 10) makes it particularly well suited to performing transactions such as automatic teller machine (ATM) transactions, and purchase transactions. In conducting such transactions, the iPhone may be used to transfer sensitive data including credit/debit card information, bank account information, personal identification numbers (PINs), passwords and other personal information. Additionally, the iPhone may be useful for transferring other sensitive information and documents. As such, providing for the security of the transmissions channel is of paramount importance.
Standard security features of the iPhone may include one or more cryptographic protocols, such as a secure sockets layer (SSL) protocol or a transport layer security (TLS) protocol, for establishing secure communications between the iPhone and another device. The security features may be particularly useful when transmitting payment information, such as credit card information or bank account information.
The security features also may include a secure storage area that may have restricted access. For example, a PIN or other verification data may need to be provided to access the secure storage area. In certain embodiments, preferences may be stored within the secure storage area. Further, security information, such as an authentication key, for communicating with a retail server may be stored within the secure storage area. In certain embodiments, the secure storage area may include a microcontroller embedded within the iPhone. On this front, Apple concludes that they "may provide additional robustness to the security features" that they listed above.
Transaction: The Starting Point
Upon selecting the transaction button on your iPhone, you'll be brought to a transaction home screen as shown below in patent point 100 of FIG. 4. Specifically the transaction home screen may allow you to modify the settings for transactions using the "Settings" button, add payment options for financial transactions using the "Add Payment Options" button or conduct transactions by selecting the "Conduct Transaction" button. Upon selecting the conduct transactions button, the user may be brought to the next screen which is a conduct transaction screen 110. You'll also note that on some screens throughout this patent you'll see a simple "Cancel" button which could be used to bring the user back to the home page when required.
The conduct transaction screen may indicate that the iPhone is attempting to initiate communications for transactions. During this time, the iPhone may be attempting to communicate via wireless communications with another transaction terminal, another portable electronic device or wireless enabled device. For example, the device may be attempting to initiate near field communications, Wi-Fi communications, or broadband communications with a terminal.
Apple's patent FIG. 5A illustrates a transaction terminal 120 that may include a screen 122 that may be configured to communicate information to a user via a GUI that contains text, images and icons. The transaction terminal may also include a box-like structure 124 over a portion of the screen. As shown in FIG. 5B, a user may position their iPhone over the box to obscure the portion of the screen 122 inside the box 124 which may provide additional security for transactions between the iPhone and the terminal. The visual between FIG. 5B and FIG. 6 is showing the iPhone beginning to cover screen 122 and then completing that action in FIG. 6 by completely covering the screen.
The iPhone may be configured to communicate with the transaction terminal using a short range wireless communication protocol, when positioned over the box 124. As such, the terminal may include a near field communication (NFC) device 126 and the iPhone may be configured to initiate NFC communications with the terminal.
To conduct a transaction between the iPhone and the terminal, a user may use buttons located on the transaction terminal (not shown). In some embodiments, the screen 122 may be a touch screen such that the user may communicate with the transaction terminal using the screen. Yet in other embodiments the iPhone may be used exclusively as a user input device for transactions between a terminal and the iPhone.
The authentication process
Once the iPhone has initiated communications for transactions with the transaction terminal, the iPhone's transaction application, as shown in Apple's patent FIG. 7, may be configured to authenticate itself in order to complete a transaction. During the authentication process, the iPhone may be configured to display an authenticating screen 138. The authentication process may include a variety of alternative processes. For example, in accordance with some embodiments, the iPhone may be authenticated by providing a code that it could only read by being placed over the box 134 (shown in FIG 6).
Specifically, the transaction terminal may be configured to display a code on the screen 134 within the box 132 as shown below in FIG. 8, such a QR code, a bar code, a micro QR code, etc. that could only be read and/or obtained by the iPhone. Specifically, the iPhone may be configured to read the code 150 by taking a picture of the code using the iPhone's backside camera or scanner as note in patent FIG. 2 above. The iPhone may then decode the information and provide the decoded information back to the terminal via the wireless communication device. If the iPhone provides the decoded information back to the terminal, the iPhone is authenticated.
In some embodiments, information decoded from the code may be fed back to the terminal only once to authenticate. In some other embodiments, the decoded information may be continuously fed back to the terminal to maintain authentication. For example, the code 150 may be a continuously changing code or may be dynamic code. Specifically, the terminal 130 may be configured to generate and provide new codes periodically or at randomly spaced intervals for continuous authentication of the iPhone. Likewise, the iPhone may be configured to continuously read a code and feed it back to the wireless device during the transaction to authenticate that the iPhone is actually located at the transaction terminal. The box 132, as discussed above, prevents eaves droppers, or others who are trying to obtain sensitive data from reading the screen inside the box. Thus, only the iPhone could read the code 150 and provide the decoded information back to the transaction terminal to authenticate the iPhone as conducting a transaction with the transaction terminal.
In some embodiments, the code may include an encryption code or key. For example, the code may include a public key of a public/private encryption key scheme. The public key may be used to encrypt communications from the iPhone to the transaction terminal. In yet other embodiments, the code may include both an encryption key and an encoded information portion. Furthermore, the encoded information portion may be dynamic. Thus, the iPhone may be configured to decode the code and use the encryption key of the code to encode information, including the dynamic decoded information, to be sent to the terminal.
After the iPhone has been authenticated, it'll list a number of accounts that are stored on the iPhone that may be used for the transaction. Specifically, as illustrated in FIG. 10 above, an accounts screen 190 may be displayed from which may include, for example, a listing 192 of multiple credit cards and bank cards that may be used for the transaction.
Alternative Authentication Schemes via the Positioning Device
Alternative authentication schemes may also be employed. Apple's patent FIG. 9A illustrated below presents a transaction terminal such as an automatic teller machine (ATM) 160 coupled to a server 162 to authenticate the iPhone for transactions. In FIG. 9B we see that the location of the iPhone is being determined based on information from the Positioning Device: A Positioning Device may utilize the global positioning system (GPS) implemented using satellite communications or a regional or site-wide positioning system that uses cell tower positioning technology or Wi-Fi technology, for example. In FIG. 9C, the iPhone is shown to be communicating via the cellular network 168. In FIG. 9D Apple discusses Bluetooth and Wi-Fi communication protocols.
Security Feature: The Unique Ever Changing Numeric Pad
Apple's patent notes that in some embodiments, the order of the numbering may be altered on the number pad. Specifically, as illustrated in FIG. 11 below, the number pad 198 may be randomly organized so that another person cannot tell what numbers are being pressed based on the location of where a user presses the screen 194. Furthermore, as illustrated in FIG. 12, the ordering of the numbers on the number pad may change after the entry of each digit. Specifically, after entry of the first digit, the number pad may scramble the numbers and repeat after each digit is entered.
The number pad may also have a back space button 200, a clear button 202 and an enter button 204, each of which may be scrambled along with the numbers.
Security Feature: A Twist on Signatures
In respect to Apple's patent FIGS. 18A/B/C shown above, we see that various types of gestural signatures may be provided by the user. In Patent FIG. 18A the user is using a corner of their iPhone to write or provide a signature on a surface (326) of a transaction terminal 328. Alternatively in FIG. 18B, the user may simply sign their name in the air by moving the iPhone to spell it out. As illustrated in FIG. 18C a pattern may be provided by a user, for example, by moving the iPhone to the left, to the right, up, down, and with a twist. Therefore, the signature may simply be a pattern set by the user and recognized by the iPhone. Other alternatives may be available in the future. The "Set Gesture Signature" screen is seen below in FIG 19.
Security Features: Gestural & Voice Signatures +
In Apple's patent FIG. 19 illustrated above we could clearly see that the user will be given the option to set-up a voice signature by selecting the set voice signature button 296 from the authentication screen 290. Upon selection of the set voice selection button a user may be prompted by a voice signature screen 340 to press a set button 342 and provide a voice sample. For example, the user may simply hold the set button 342 and state the user's name or, alternatively, make a statement that the user could remember. Thus, the user may use a favorite phrase or a password for the authentication and the iPhone will save it for future authentication.
Other biometric signatures, such as fingerprints, retinal scans, etc., may be set in a similar manner except they may require that the iPhone include a device for detecting a finger print or a device for performing a retinal scan. Other advanced fraud detection features may be implemented by the banks on the server side of the equation.
Apple credits Michael Rosenblatt, Gloria Lin, Sean Mayo and Taido Nakajima as the inventors of patent application 20100082490, originally filed in Q3 2008. Other related patents include 20100078471, 20100078472 and 20100082481. Also see Part One and Part Two of this series and our NFC section for the full overview of Apple patents on this subject.
Notice: Patently Apple presents only a brief summary of patents with associated graphic(s) for journalistic news purposes as each such patent application is revealed by the U.S. Patent & Trade Office. Readers are cautioned that the full text of any patent application should be read in its entirety for further details. For additional information on any patent reviewed here today, simply feed the individual patent number(s) noted in this report into this search engine. About Comments:Patently Apple reserves the right to post, dismiss or edit comments.
On this Long-Weekend Holiday - Our Report is also Being Covered By: Fast Company, iPhoneItalia Italy, MacSurfer, Google Reader, Apple Investor News, Fine Extra, MacLife Greece, Apple-wd Saudi Arabia and others.
Update August 2010: Apple Hires NFC Expert
Update, June 18, 2010: Industry Related News