Now Pay combined with Watch raises a question

Discussion in 'Apple Watch' started by iFanaddic, Sep 9, 2014.

  1. iFanaddic macrumors 6502a

    iFanaddic

    Joined:
    Sep 24, 2008
    Location:
    Montréal, Canada
    #1
    I thought  Pay was safe due to its close integration with touchID. Now if you can pay with using only the  Watch it kind of defeats the whole security purpose? I'm sure Apple won't make you get the iphone out, unlock with touchID, only to put it back in your pocket and pay with your watch. It makes no sense...?

    Could the crown be a touchID as well? What's the deal here?
     
  2. iososx macrumors 6502a

    iososx

    Joined:
    Aug 23, 2014
    Location:
    USA
  3. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #3
    It's optional. You don't have to set up your watch to use the payment method.
     
  4. Thud71 macrumors newbie

    Joined:
    Sep 9, 2014
    #4
    I read somewhere today that you will pair the watch with your phone, just like you would any Bluetooth device; and as long as the watch remains in contact with your skin it remains authenticated for use with Apple Pay. As soon as it breaks contact you would have to pair it again.
     
  5. CausticPuppy macrumors 65816

    Joined:
    May 1, 2012
    #5
    With iPhone 6: Pull your iPhone out of your pocket, hold it up to the scanner, then hit the TouchID button on your phone to confirm.

    With iPhone 5S+watch: Pull your iPhone out of your pocket, hold your watch up to the scanner, then hit the TouchID button on your phone to confirm.

    If you keep your phone in your left pocket and wear your watch on your left hand, it's nearly the same thing as using an iPhone 6.
     
  6. iFanaddic thread starter macrumors 6502a

    iFanaddic

    Joined:
    Sep 24, 2008
    Location:
    Montréal, Canada
    #6


    that would make a lot of sense, ID'd once and good to go.

    Any source?

    ----------

    Doubt it.

    Apple said you could pay with the watch, but a combination of watch & phone. Thats just not what apple does, maybe for the 5s since it doesnt have NFC but 6 users will not have to take their phones out.
     
  7. douglasf13 macrumors 65816

    Joined:
    Jul 2, 2010
    #7
    I hope that's true. I was wondering how that would work.
     
  8. Jacksonc macrumors 6502

    Jacksonc

    Joined:
    Dec 1, 2013
    Location:
    Jony's house
    #8
    It's possible that it uses sensors to know who is wearing it. Of course you could steal money by grabbing someone's arm and holding it up to the sensor. Here's an unreleased apple watch ad. "Reinventing pick pocketing early 2015" just kidding
     
  9. ilovemyibook macrumors 6502

    Joined:
    Mar 19, 2006
    #9
    My guess is that you need to have your iPhone 6 on your person. What's the chance of your phone AND watch being lost/stolen?
     
  10. ctdonath macrumors 65816

    ctdonath

    Joined:
    Mar 11, 2009
    #10
    Just for perspective: a thief just needs the 23 numbers & name off your credit card, easily done with a camera, to violate your CC security.
     
  11. TLewis macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #11
  12. gooberwilson macrumors regular

    gooberwilson

    Joined:
    Jul 21, 2012
    Location:
    Canada
    #12
    Rene Ritchie answered this question in a tweet today.

    "Passcode to authorize when you put it on, valid until it breaks skin contact."

    Makes perfect sense.
     
  13. phr0ze macrumors 6502a

    Joined:
    Jun 14, 2012
    Location:
    Columbia, MD
    #13
    It already monitors your pulse. That same sensor is used to know if the watch is removed.
     
  14. GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #14
    Depends upon the mugging rate in your city.
     
  15. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #15
    Your heartbeat has a signature beat to it, which authenticates you as the user (along with your phone being located very close by via BT). In other words, if someone else took your watch and wore it, they would not be able to pay for things.

    I guarantee this patent plays a role: http://www.patentlyapple.com/patent...nt-leap-in-biometrics-with-heart-sensors.html

    [​IMG]
     
  16. Dan70 macrumors regular

    Joined:
    Aug 4, 2014
    Location:
    England
    #16
    I see what you did there.
     
  17. iososx macrumors 6502a

    iososx

    Joined:
    Aug 23, 2014
    Location:
    USA
    #17
    Good humor prevails #
     
  18. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    First university coding class = 46 years ago
    #18
    Correct. The downside is that will use a bit more battery to constantly check to see if it's been removed. Depends on how often it does so.

    Not on the Apple Watch, unless it has external electrodes we don't know about.

    You see, LED blood pulse monitors on extremities, such as current smartwatches such as Apple's have, are not useful for authentication.

    What that patent is about, is reading the heart's ELECTRICAL signals. Those have been proven to be unique enough to use for authentication.

    Totally different things. Pulses don't follow heartbeats exactly, or even necessarily closely.
     
  19. Supermallet macrumors 65816

    Supermallet

    Joined:
    Sep 19, 2014
    #19
    Here's my question: Part of what makes Apple Pay so attractive to security minded people is that your payment information is all kept on the secure element of the phone. Does the watch also have a secure element, or is it just pulling data from your phone's secure element and passing it along to the NFC reader?
     
  20. betabeta macrumors 6502a

    Joined:
    Jun 28, 2013
    #20
    Good question, I hope it does have it's own secure element, but I think it will just get it from the phone. My success rate of Bluetooth with airdrop is touchy at best, makes me wonder how upsetting it will be when it fails to pair when I want to buy something. If after a few seconds it fails to pair and you have to pull out your phone, that will certainly be a super fail.

    The one thing I like is all your information safe, not just :apple:Pay, so as soon as it's off your wrist you would need to use your phones touch ID or passcode to have the watch work again.

    So a person takes your watch has nothing, it's locked.
     
  21. Supermallet macrumors 65816

    Supermallet

    Joined:
    Sep 19, 2014
    #21
    You shouldn't have pairing problems at the register unless you're turning off either the watch or the phone and then pairing them again when you get to the register. Otherwise you just pair when you put the watch on and leave it paired throughout the day.

    The thing that has me wondering about the secure element is that I recall reading somewhere that the watch can do Apple Pay without being connected to a phone. If that's the case, it better have a secure element otherwise I'm not interested in using it.
     
  22. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    First university coding class = 46 years ago
    #22
    Why not? :)

    We use credit cards every day with little or no security (at least, in the US).

    The watch is already more secure than that, because it requires a PIN to authorize it each time we put it on. That's logically the same as requiring a PIN each time it's used. If someone steals it off our wrist, it's de-activated for payment.

    --

    That said..

    The watch could either act as a dumb communications intermediary, or handle the NFC transaction locally.

    If it just passes info back and forth from the phone, then it needs no Secure Element.

    However, the watch very likely handles things locally, simply because entire tap transactions have time limits as low as 150ms, and we wouldn't want things to get screwed up waiting to talk to the mother phone. So it would have a copy of our info... or more likely, a time-limited copy.

    If it does handle it all locally, then it'll need a Secure Element not so much for the info itself, which should be pretty safe from sandboxed third party apps (unless someone figures out a way to jailbreak the watch), but more so that it can run its own local copy of each of the card scheme specific payment apps.

    Which brings up again the whole topic of who provisions the MC/ Visa/ Amex/ etc apps in the SEs. Normally this is done via a link of backend providers and trusted service managers like First Data. Doesn't the watch have WiFi? Maybe it can access updates on its own?
     
  23. jrswizzle, Oct 7, 2014
    Last edited: Oct 7, 2014

    jrswizzle macrumors 603

    jrswizzle

    Joined:
    Aug 23, 2012
    Location:
    McKinney, TX
    #23
    EDIT: I didn't read the thread.....question has already been answered :)
     
  24. phr0ze macrumors 6502a

    Joined:
    Jun 14, 2012
    Location:
    Columbia, MD
    #24
    Knowing Apple, the amount of power needed for detecting removal will not be the same for reading the pulse. Similar to how the new iphone 6 has two motion sensors for lower power motion tracking.
     
  25. Mad Mac Maniac macrumors 601

    Mad Mac Maniac

    Joined:
    Oct 4, 2007
    Location:
    A little bit of here and a little bit of there.
    #25
    I think that's a great option/fallback. But I think it would be even better to authenticate the watch whenever you use Touch ID on a bluetooth paired iPhone (5S or 6). Then as long as the iPhone remains paired and the watch maintains skin contact, then apple pay should work automatically. I don't necesarily want to type a pin into my watch every day, but I'll be using touch ID all the time. It would make the authentication process completely invisible
     

Share This Page