With eye on Apple Pay, Apple joins secure chip technology non-profit GlobalPlatform

Posted:
in General Discussion edited September 2014
Ahead of the iPhone 6 debut, Apple's first device to incorporate NFC and Apple Pay, the company has become a full paying member of GlobalPlatform, an association looking to standardize infrastructure relating to secure applications and smart chip technology.



According to its website, GlobalPlatform is a non-profit group that "identifies, develops and publishes specifications that promote the secure and interoperable deployment and management of multiple applications on secure chip technology." The association draws on a cadre of high-powered tech sector members to create secure standards that can be easily deployed across new and existing hardware and software platforms.

GlobalPlatform's specifications address three major security areas: SE, or secure elements like the secure enclave found in Apple's A7 and A8 SoCs; TEE, or trusted execution environments built into a main processor's architecture; and Messaging, which handles communication between backend systems and a device's SE, TEE or other secure assets.

Of interest to Apple are specifications relating to secure payments, which will roll out in the iPhone 6 and iPhone 6 Plus as Apple Pay. Unveiled last week by CEO Tim Cook, Apple Pay stores sensitive credit card or other payment information in a secure onboard element, then uses NFC technology to communicate tokenized data wirelessly to point-of-sale terminals. Touch ID fingerprint recognition rounds out the security feature list.

As a full member of GlobalPlatform, Apple is paying a fee of $30,000 per year, which allows the company to actively participate in shaping specifications for various initiatives like secure element deployment and tie-ins with vendors' backend systems.

This could be a boon for Apple as multiple payments industry players count themselves among GlobalPlatform's full member list are credit card networks Visa, MasterCard and American Express, all of which were announced as partners for Apple's new Apple Pay mobile payments system. Qualcomm, Broadcom and NXP are also members, the latter of which is rumored to be supplying Apple with the iPhone 6 NFC hardware.

Along with competing hardware manufacturers like Samsung, wireless telecoms AT&T, Verizon, NTT, Rogers, Orange and China Mobile are full GlobalPlatform members.

Apple Pay will debut with the iPhone 6 and 6 Plus this Friday, with support from major card issuing banks and availability at over 220,000 store locations at launch.

Comments

  • Reply 1 of 11

    I forgot how bad websites could look.

  • Reply 2 of 11
    So many people on the tech sites saying that it will be proprietary to Apple, thus at once mitigating it and soothing themselves about the lack of competition, this will address that issue, but not in their favor.
  • Reply 3 of 11
    Apple said Apple Pay wouldn't be available until October in the US.
  • Reply 4 of 11
    droidftwdroidftw Posts: 1,009member
    Quote:
    Originally Posted by tookieman2013 View Post



    So many people on the tech sites saying that it will be proprietary to Apple, thus at once mitigating it and soothing themselves about the lack of competition, this will address that issue, but not in their favor.

     

    You think ApplePay will be available on Android, Windows Phone, and BlackBerry too?  Seriously?  I can't be reading that right.

  • Reply 5 of 11
    Quote:
    Originally Posted by AdonisSMU View Post

    Apple said Apple Pay wouldn't be available until October in the US.

     

    I was referring to the terminals themselves
  • Reply 6 of 11
    Quote:

    Originally Posted by DroidFTW View Post

     

     

    You think ApplePay will be available on Android, Windows Phone, and BlackBerry too?  Seriously?  I can't be reading that right.


    I was referring to the terminals themselves

  • Reply 7 of 11
    slurpyslurpy Posts: 5,115member
    droidftw wrote: »
    You think ApplePay will be available on Android, Windows Phone, and BlackBerry too?  Seriously?  I can't be reading that right.

    Yeah, all Apple needs to do is somehow install Touch ID, as well as a secure enclave chip inside all other devices, and boom! Apple Pay for everyone.
  • Reply 8 of 11

    There are two different things here and lots of folks are not noticing it.

     

    One part is the standardization effort by those involved with GlobalPlatform. An example is the "tokenization" organized by EuroCard/MasterCard/Visa ("EMV") that Apple uses in Apple Pay. Other companies will be using this too. Maybe even Samsung :)

     

    The second part is the TouchID and Secure Element, which are Apple-proprietary. Samsung has its own version but everyone who has reviewed it says that it's terrible. And they can make some kind of security-store but who knows how safe it would be.

     

    So - one part of Apple Pay is general and available, while the specific implementation is Apple-specific.

  • Reply 9 of 11
    Quote:
    Originally Posted by plovell View Post

     

    There are two different things here and lots of folks are not noticing it.

     

    One part is the standardization effort by those involved with GlobalPlatform. An example is the "tokenization" organized by EuroCard/MasterCard/Visa ("EMV") that Apple uses in Apple Pay. Other companies will be using this too. Maybe even Samsung :)

     

    The second part is the TouchID and Secure Element, which are Apple-proprietary. Samsung has its own version but everyone who has reviewed it says that it's terrible. And they can make some kind of security-store but who knows how safe it would be.

     

    So - one part of Apple Pay is general and available, while the specific implementation is Apple-specific.


     

    http://www.nfcworld.com/2014/09/10/331454/visa-launches-token-service-support-apple-pay/

     

    That seems to be correct, the Apple Pay portion that is proprietary to Apple is the secure way in which they generate the token in an iPhone. Once the token is hand off at the NFC terminal, the rest is a standard process that anyone can use. 

     

    By being first to use the VISA Token Service, Apple has set the bar high for other entrants. Others that want to use it might now have to come up with a way of generating the token that is as, or more, secure than the way Apple Pay does it. This might mean it might be quite awhile before Apple Pay has any competition. If Google (with Android) had gotten there first, they would be completing with Apple Pay right now, even though their method of generating the token might be less secure than Apple Pay. But that method was accepted because they were the first and only at the time. Now, with Apple Pay already in the picture, that method might not good enough to enter.

  • Reply 10 of 11
    Here are the reasons not to trust Google Wallet or SoftCard formerly known as ISIS Wallet. One, the platforms these apps runs on are inherently insecure. The iPhone uses hardware based encryption that is activated the moment the user adds a pass code to their device. Android devices rely on software based encryption and is not consistent about how that encryption is applied. The same is true of Windows Phone and can not even be applied by the user. Also, both Android and Windows Phone allow and use SD cards and allow side loading of apps via the same. This further compromises the security of the device. Add to this that Google and MSFT allow OEM to make the hardware and they do not enforce a strong minimum hardware standard, and you have a recipe for disaster.

    There is also another issue to consider as well and that is the business model for Google Wallet and SoftCard. They make their money off of captured user data. Something Apple has already committed to not doing.

    I would think twice, no thrice, before ever using Google Wallet or SoftCard. Apparently I am not alone either as there was never a large scale push by anyone to adopt either Google Wallet or SoftCard.

    I have said it before and I will say it again. Apple was not the first to NFC based payments. But I would argue that their implementation now sets the gold standard by which the others will be judged and as of right now found severely lacking.
  • Reply 11 of 11
    rorwessels wrote: »
    ^ post

    Wow, excellent post. I'd say I agree if I knew the facts here, but trust you on face value on this topic.

    With Apple being the manufacturer of both, HW & SW, I think it makes sense that they offer the best one can create as they aren't dependent on 3rd parties. MS really ought to have done the same, since they're kinda the manufacturer as well for both HW & SW.

    Google I believe make two phones themselves, and with Android coming out of their gates I'd presume the same ought to be available: HW encryption. Don't know if that is available on their phones, but all other 'Android phones' then come from a combo of SW from one company and the HW from another. Creating HW encryption the way Apple does becomes an unachievable thing.
    There is also another issue to consider as well and that is the business model for Google Wallet and SoftCard. They make their money off of captured user data.

    That's simply pathetic, and typical of Google.
Sign In or Register to comment.