Payment authorization with Apple Pay
For devices having a Secure Enclave, a payment can be made only after it receives authorization from the Secure Enclave. On iPhone, iPad, or Mac with Touch ID (or paired with a Magic Keyboard with Touch ID), this involves confirming that the user has authenticated with biometric authentication or the device passcode or password. Biometric authentication, if available, is the default method, but the passcode or password can be used at any time and is automatically offered after three unsuccessful attempts to match a fingerprint, or (for iPhone and iPad) two unsuccessful attempts to match a face; after five unsuccessful attempts, the passcode or password is required. A passcode or password is also required when biometric authentication isn’t configured or turned on for Apple Pay. For a payment to be made on Apple Watch, the device must be unlocked with passcode and the side button must be double-clicked.
Using a shared pairing key
The Secure Enclave and Secure Element communicate over a serial interface—using encryption and authentication based on AES, and employing cryptographic anti-replay values to protect against replay attacks. Although the sides aren’t directly connected, they communicate securely using a shared pairing key that’s provisioned during manufacturing. During that process, the Secure Enclave generates the pairing key from its UID key and from the Secure Element’s unique identifier. It then securely transfers the pairing key to a hardware security module (HSM) in the factory. The HSM then injects the pairing key into the Secure Element.
Authorizing a secure transaction
When the user authorizes a transaction, which includes a physical gesture communicated directly to the Secure Enclave, the Secure Enclave then sends signed data about the type of authentication and details about the type of transaction (contactless or within apps) to the Secure Element, tied to an Authorization Random (AR) value. The AR value is generated in the Secure Enclave when a user first provisions a credit card and persists while Apple Pay is enabled, protected by the Secure Enclave encryption and anti-rollback mechanism. It’s securely delivered to the Secure Element by leveraging the pairing key. On receipt of a new AR value, the Secure Element marks any previously added cards as terminated.
Using a payment cryptogram for dynamic security
Payment transactions originating from the payment applets include a payment cryptogram along with a Device Account Number. This cryptogram, a one-time code, is computed using a transaction counter and a key. The transaction counter is incremented for each new transaction. The key is provisioned in the payment applet during personalization and is known by the payment network or the card issuer or both. Depending on the payment scheme, other data may also be used in the calculation, including:
A Terminal Unpredictable Number, for near-field-communication (NFC) transactions
An Apple Pay server anti-replay value, for transactions within apps
User verification results, such as Cardholder Verification Method (CVM) information
These security codes are provided to the payment network and to the card issuer, which allows the issuer to verify each transaction. The length of these security codes may vary based on the type of transaction.