How Apple Pay uses the Secure Element The
Secure Element hosts a
specially designed applet to manage Apple Pay. It also includes payment applets certified by the payment networks. Credit or debit card data is sent from the payment network or issuing bank encrypted to these payment applets using keys that are known only to the payment network and the payment applets' security domain. This data is stored within these payment applets and protected using the Secure Element’s security features. During a transaction, the terminal communicates directly with the Secure Element through the Near Field Communication (NFC) controller on iPhone 6 and iPhone 6 Plus over a dedicated hardware
How Apple Pay uses the NFC controller As the gateway to the Secure Element, the NFC controller ensures that all contactless payment transactions are conducted using a point-of-sale terminal that is in close proximity with iPhone 6 or iPhone 6 Plus. Only payment requests arriving from an in- field terminal are marked by the NFC controller as contactless transactions.
Once payment is authorized by the card holder using Touch ID or passcode via the Secure Enclave, contactless responses prepared by the payment applets within the Secure Element are exclusively routed by the controller to the NFC field. Consequently, payment authorization details for contactless transactions are contained to the local NFC field and are never exposed to the application processor. In contrast, payment authorization details for payments within apps are routed to the application processor, but only after encryption by the Secure Element to the Apple Pay Server.