Apple Pay Research on NFC and the security threat
Hello! Dennis Ho Asher Kam
In the recent year, as the number of user in using Apple Pay to make transaction is increasing and more widely acceptance by Hong Kong
Introduction Architecture of Apple Pay Background of Near Field Communication (NFC) Background of Apple Pay Security threat of the NFC mobile payment Potential security Issue on using (RFID) Others main security problem Apple Pay solution on these threats How Apple Inc tackle the potential risk
1a. Architecture Of Apple Pay Background of Near field communication (NFC)
Background Of NFC Based on radio-frequency identification(RFID) Wireless connection within 10cm distance More communication modes are added in. The most updated protocol now currently used is ISO/IEC 21481:2012
Steps On Using NFC Placing the user’s phone at the payment terminal Hold the phone from the distance not exceeding 10 cm and wait for the transaction to complete Transaction will be complete after certain approval time by the device
1b. Architecture Of Apple Pay Background of Apple Pay
Background Of Apple Pay A type of mobile wallets Perform on IOS perform. The main purpose of the above are to replace the traditional credit card with mobile phone so that user can use mobile phone NFC function to pay without showing a real credit card.
Five Main Components To Conduct The Apple Pay System Secure element NFC controller Wallet Secure enclave Apple pay servers
Card Enrolment Part
Card Enrolment Part
Payment Authorization Part
Payment Authorization Part
Potential risk of using NFC 2a. Security Threats Potential risk of using NFC
Security Issue On Using (RFID) Eavesdropping Signal can be collected with antenna or some equipment. Data Corruption A misleading signal is sent to the mobile device and the receiver. Data Modification Destory the original signal and send a new modified signal to the mobile device and the receiver.
Others Main Security Problem Lost or stolen mobile device NFC system cannot detect any device is a lost or stolen device. Interference of servers and cloud service During the transmission of cardholder data from the mobile device to the server terminal, compromise of data might be conducted. DDos attack
3. How Apple Does On Facing The Above Threats A complex solution will be listed and explained
Solution On The Threats The isolation design of secure element Find my iPhone setting Insensitive information Record in Apple Server
Thanks! Any questions? Q&A