When Apple unveiled the Apple Card at WWDC, it promised a new kind of credit card experience that eschewed away all the limitations of a credit card while innovating with next-gen security. But seeing as we still haven't had a chance to use the Apple Card, we could only take its word for it.
Or so that was until CISO Mag deep dived into all the security elements Apple promises from its new card and examined how revolutionary it actually is. Turns out it did something quite unexpected and delivered a credit card experience that does not compromise the user experience or security.
Apple made the process easier by only including two partners, Mastercard and Goldman Sachs. This limits the dependencies and risk.
It starts with initialization process that begins with understanding the end-to-end flow of the card's manufacturing, initialization and registration with a mobile device, this case being Apple's iPhone.
During the manufacturing process, Apple provisions Mastercard's public key on the physical card chip, which is signed by the chip manufacturer's public key and then syncs with Mastercard's tokenization service, enabling Mastercard to validate the authenticity of their public key. Mastercard's tokenization service is responsible for maintaining a registry of all trusted chip manufacturers and its certificates. This registry is held in a trust store, which verifies certificates from a trusted Certificate Authority (CA).
Once the backend is sorted through, then begins the process of communicating with the iPhone and compatible app, which CISO speculates will be the Wallet app. After which the DPAN along with the owners key will be sent to Goldman Sachs for further clearance.
The unique card identifier, or temporary DPAN, will then be combined with a owner's specific key and sent to Goldman Sachs along with their iTunes information such as billing address, full name and phone number over secure encrypted channels. Goldman Sachs would view this information in the clear but Apple asserts that Goldman Sachs will refrain from sharing or selling this data to third parties for marketing or advertising purposes. Using the information submitted from the owner's iOS device, Goldman Sachs then decides whether to approve before allowing the user to add (or bind) the card to the Passbook app.
The next and final step involves applications accessing the Apple Card payment information. This involves interaction between Apple Card Servers with the DPAN information attained in a timebound nonce.
This number, along with other transaction data, is passed over an applet to the SE to generate a payment signature. When the payment signature comes out of the SE, it's sent to Apple Card Servers over encrypted channels. The authenticity of this transaction is verified through this payment signature and the random number provided by Apple Pay Servers. After successful verification of the payment signature, the user's request is initiated.
In the end, CISO Mag found the Apple Card's security implementation to be novel and truly thorough. Apple took multiple steps to ensure the process was secure and uncomplicated. It lauded its choice to do so through hardware security control, not software. All told, the Apple Card is as secure as Apple promises.
We may earn a commission for purchases using our links. Learn more.
Consumers spent $17 billion through the App Store in Q2 of 2020
According to a new report from App Annie, app usage and spending on the App Store has hit on all time high in the second quarter of 2020.
You can now use your GoPro Hero8 as a webcam on your Mac
Sick of dealing with the average-at-best camera in your Mac? No problem, GoPro has now released beta software that lets you use your Hero8 camera instead.
Apple's Back to School promo is now live in Europe, Asia, and more
Following its launch in the United States, the Apple Back to School promotion is now live in Europe, Asia, Mexico, and the Middle East with AirPods on offer.
Protect and spruce up your AirPods Pro with these fantastic cases
How much do you love your AirPods Pro? Make sure to keep the charging case safe with these cool cases!