Thanks. Maybe you can explain why they're using a second signaling channel to do this rather than negotiating over the primary network channel? Is this purely a security-through-proximity technique?
Is this a passive backscatter RFID, or a full blown second RF channel?
I'll admit I haven't actually looked at the patent yet, but I'm hoping to coax you into sharing more of your insights...
Apple didn't talk much about the exact implementation of their RFID system. They didn't even mention which frequency they'd be using (LF, HF, UHF (EPC Gen2?)). Its most definitely would be a passive system though.
Basically, the RFID tag is being used to store basic network information. I'm assuming SSID. If they are smart, they may also store a public key.
Then, the RFID portion is done, and the devices will connect using wireless to communicate the rest of their settings. This is why I said it would be good of Apple to have included a public key in the RFID tag. this would enable the devices to talk relatively securely even over an unencrypted channel to exchange WPA keys. Then, the full wireless security framework would be set up.
The biggest problem I see in the proposed solution by Apple is that an attacker in close proximity could get the connecting device to look at the attacker's RFID instead of the intended device. This would basically make the user's device connect automatically to the attacker's device. Oops! However, this would require an attacker in relative close proximity, and if they are further away than the user's connecting device, then they would need a higher gain output to try to trick the device. Its just one of the security implications Apple would need to work to prevent from happening in the field.