苹果apple pay原理_Apple Pay的工作原理

闻人花蜂

2023-12-01

苹果apple pay原理

by Dumindu Buddhika

通过杜敏都·佛陀卡(Dumindu Buddhika)

Apple Pay的工作原理 (How Apple Pay Works Under the Hood)

Do you use Apple Pay? Have you ever wondered how an Apple Pay transaction goes through? In this post, you will learn how Apple Pay works end to end.

您使用Apple Pay吗？您是否想过Apple Pay交易如何进行？在本文中，您将了解Apple Pay端到端的工作方式。

Mobile payments have become very popular due to the convenience and the security they offer. No more plastic cards to carry around, and you do not have to worry about losing them (what a relief!).

移动支付由于其提供的便利性和安全性而变得非常流行。不再需要携带任何塑料卡，您不必担心丢失它们(这是一种缓解！)。

In this article, I am going to discuss how Apple Pay works in general and how it works when it is used at a physical POS terminal, specifically. I’ll briefly discuss the security benefits as well.

在本文中，我将专门讨论Apple Pay的总体工作原理以及在物理POS终端上使用Apple Pay时的工作原理。我还将简要讨论安全性好处。

Before diving in, let’s get familiar with some basic terminology.

在开始之前，让我们熟悉一些基本术语。

安全元素 (Secure Element)

A secure element (SE) is something that is mentioned when talking about Apple Pay, so we need to understand what it is.

在谈论Apple Pay时会提到安全元素(SE)，因此我们需要了解它的含义。

According to Global Platform:

根据全球平台：

A Secure Element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.

安全元件(SE)是一种防篡改平台(通常是单芯片安全微控制器)，能够根据一组安全性规则提出的规则和安全要求安全地托管应用程序及其机密和加密数据(例如，密钥管理)。公认的权威机构。

Apple Pay uses SE to store secret information associated with tokenized cards (we will talk about this later).

Apple Pay使用SE来存储与令牌化卡关联的机密信息(我们将在后面讨论)。

In the iPhones after iPhone 6, and in Apple Watch, an SE is embedded into the device’s near-field communication (NFC) chip. This is used at payment terminals to perform transactions over NFC. SE emulates a payment card during an Apple Pay transaction.

在iPhone 6之后的iPhone和Apple Watch中，SE被嵌入到该设备的近场通信(NFC)芯片中。这在支付终端上用于通过NFC进行交易。 SE在Apple Pay交易期间模拟付款卡。

代币化 (Tokenization)

Tokenization as a process is being adopted more and more in the payments industry. Here we’ll try to understand the basics of Tokenization.

令牌化作为一种过程在支付行业中越来越多地被采用。在这里，我们将尝试了解令牌化的基础知识。

The following is a concise description from Wikipedia on Tokenization technology:

以下是Wikipedia关于标记化技术的简要描述：

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system. The mapping from original data to a token uses methods which render tokens infeasible to reverse in the absence of the tokenization system

令牌化在应用于数据安全性时，是用非敏感的等价物(称为令牌)替换敏感数据元素的过程，该令牌没有外部或可利用的含义或价值。令牌是通过令牌化系统映射回敏感数据的引用(即标识符)。从原始数据到令牌的映射使用的方法会在没有令牌化系统的情况下使令牌无法反转

In the context of credit cards and Apple Pay, tokenization is used to replace the Primary Account Number (PAN, or the credit card number) with a token. A token looks like a normal credit card number, but it’s not the original PAN. Tokenization stops the original card number from being used during transactions.

在信用卡和Apple Pay的上下文中，令牌化用于用令牌代替主帐号(PAN或信用卡号)。令牌看起来像普通的信用卡号，但不是原始的PAN。令牌化会阻止交易期间使用原始卡号。

Tokens have no meaning by themselves and are worthless to criminals if a token is stolen. There is no algorithm to derive the Primary Account Number if you have a token. This makes it impossible for criminals to reverse engineer the Primary Account Number from a token.

令牌本身没有任何意义，如果令牌被盗，则对犯罪分子毫无价值。如果您有令牌，则没有算法可以得出主帐号。这使得犯罪分子无法通过令牌对主帐号进行反向工程。

Click here for the Wikipedia article on tokenization if you want to learn more.

如果您想了解更多信息，请单击此处获取有关标记化的Wikipedia文章。

The following diagram describes the transaction flow of Apple Pay. We will discuss these step by step in the coming sections.

下图描述了Apple Pay的交易流程。我们将在接下来的部分中逐步讨论这些内容。

将卡添加到Apple Pay (Adding a Card to Apple Pay)

A card can be added to Apple Pay by either scanning the card or by submitting the card information. Then this information is submitted to Apple servers.

可以通过扫描卡或提交卡信息将卡添加到Apple Pay。然后，此信息将提交到Apple服务器。

Apple sends the received card information to the relevant card network (Visa, MasterCard, AmericanExpress, Discover, and so on). Then the card network validates the card information with the issuing bank.

Apple将收到的卡信息发送到相关的卡网络(Visa，MasterCard，AmericanExpress，Discover等)。然后，卡网络通过发卡行验证卡信息。

After the validation, the card network acting as a TSP (Token Service Provider) creates a token (which is called a DAN or a Device Account Number in the context of Apple Pay) and a token key. This DAN is generated using tokenization and is not the actual card number.

验证之后，充当TSP (令牌服务提供者)的卡网络将创建一个令牌(在Apple Pay的上下文中称为DAN或设备帐号)和一个令牌密钥。此DAN是使用令牌化生成的，不是实际的卡号。

Afterward, this information is sent back to Apple servers. After the device receives this information from Apple servers, it is saved in the device’s secure element (SE).

之后，此信息将发送回Apple服务器。设备从Apple服务器接收到此信息后，将其保存在设备的安全元素(SE)中。

使用Apple Pay发起交易 (Initiating a Transaction Using Apple Pay)

When you use your Apple device at a POS terminal to make a payment, the device communicates with the terminal to initiate a transaction. Apple Pay uses EMVCO’s contactless specification to communicate with the terminal. If the terminal does not support EMV contactless, Apple Pay falls back to use contactless MSD (magnetic stripe data) mode.

当您在POS终端上使用Apple设备付款时，该设备将与终端进行通信以发起交易。 Apple Pay使用EMVCO的非接触式规范与终端进行通信。如果终端不支持EMV非接触式，Apple Pay将退回到使用非接触式MSD(磁条数据)模式。

EMV非接触模式 (EMV Contactless mode)

When EMV contactless mode is used, the Apple device communicates with the terminal according to the EMV contactless specification. The secure element on the device generates a dynamic cryptogram for each transaction using the token, token key, amount, and other information related to the transaction. This dynamic cryptogram is then sent to the payment processor along with the token (DAN), transaction amount, and other required information to process the transaction.

使用EMV非接触式模式时，Apple设备将根据EMV非接触式规范与终端进行通信。设备上的安全元素使用令牌，令牌密钥，金额和与交易相关的其他信息为每个交易生成动态密码 。然后，此动态密码与令牌(DAN)，交易金额和其他所需信息一起发送到付款处理器，以处理交易。

非接触式MSD模式 (Contactless MSD mode)

Contactless MSD exists to support terminals which are still not able to process using EMV contactless mode. Most of the terminals are still operating using contactless MSD mode. Let’s take a deeper look at how a transaction goes through using contactless MSD mode.

存在非接触式MSD，以支持仍无法使用EMV非接触式模式进行处理的终端。大多数终端仍在使用非接触式MSD模式下运行。让我们更深入地研究使用非接触式MSD模式进行的事务处理。

MSD, or Magnetic Stripe Data, is how older cards store card details. Data is stored as tracks in magnetic stripe cards. Magnetic stripe cards can have up to 3 tracks, and each track (track1, track2, track3) has a different format. Please click here for additional information on track data.

MSD或磁条数据是旧卡存储卡详细信息的方式。数据作为磁道存储在磁条卡中。磁条卡最多可包含3条磁道，并且每个磁道(track1，track2，track3)具有不同的格式。请单击此处以获取有关跟踪数据的其他信息。

In Apple Pay contactless MSD mode, the track2 data format is used to transfer the card data to the payment processor which then communicates with the card network.

在Apple Pay非接触式MSD模式下，track2数据格式用于将卡数据传输到支付处理器，然后与卡网络进行通信。

Let’s take a look at some example track data sent from a terminal to the processor for an Apple Pay transaction.

让我们看一些从终端发送到处理器进行Apple Pay交易的跟踪数据的示例。

370295292756481=220672716078290600047

370295292756481 = 220672716078290600047

Above is an example of track data received from a terminal which was captured at a payment gateway.

上面是在支付网关处捕获的从终端接收的跟踪数据的示例。

Let’s understand this data segment by segment,

让我们逐段了解此数据，

Highlighted in yellow - This is the Device Account Number or the DAN (The example DAN here is from an AmericanExpress card. You can validate the bank identification number (BIN), or initial 6 digits in the credit card number, here).
以黄色突出显示-这是设备帐号或DAN(此处的示例DAN来自AmericanExpress卡。您可以验证银行识别号(BIN)，或信用卡号中的前6位数字，此处 )。
Highlighted in blue - This is the credit card expiry year and month(yy/mm)
以蓝色突出显示-这是信用卡的到期年份和月份(年/月)
Highlighted in pink - This is the service code. Click here to understand more about this.
以粉红色突出显示-这是服务代码。单击此处了解更多信息。
Highlighted in purple - This part of data is discretionary to the card network. In case of Apple Pay, this is used as a dynamic card verification value (CVV).
以紫色突出显示-这部分数据取决于卡网络。如果使用Apple Pay， 则将其用作动态卡验证值(CVV)。

We learned that in the EMV mode a dynamic cryptogram is generated. Here the dynamic CVV plays the role of the cryptogram. This is generated using the token key and other transaction-related data (similar to the generation of a dynamic cryptogram).

我们了解到，在EMV模式下会生成一个动态密码 。在这里， 动态CVV扮演密码的角色。这是使用令牌密钥和其他与交易相关的数据生成的(类似于动态密码的生成)。

The track data shown above is sent to the acquirer along with the transaction amount. The acquirer forwards this information to the relevant card network (Visa, MasterCard, and so on ) based on the BIN.

上面显示的跟踪数据与交易金额一起发送到收单方。收单方基于BIN将此信息转发到相关的卡网络(Visa，MasterCard等)。

Apple Pay交易完成 (Completion of an Apple Pay Transaction)

When the card network receives the transaction request, it identifies whether it’s an actual card number or a tokenized card number. If it is tokenized (which is the case for Apple Pay transactions), the card network validates the cryptogram (or dynamic CVV) using their copy of the token key (the card network is acting as a TSP here).

当卡网络接收到交易请求时，它将识别出它是实际的卡号还是令牌化的卡号。如果是令牌化的(Apple Pay交易就是这种情况)，则卡网络会使用其令牌密钥的副本来验证密码(或动态CVV)(卡网络在此充当TSP )。

After some other additional validations, the card network de-tokenizes the DAN and obtains the original PAN (primary account number).

在进行其他一些其他验证之后，卡网络对DAN进行去标记，并获得原始PAN(主帐号)。

This transaction request is sent to the issuer (the bank or the financial institution who issued the credit card) along with the original PAN. The issuer authorizes the transaction and sends back the response which eventually reaches the POS terminal.

该交易请求与原始PAN一起发送到发行者 (发行信用卡的银行或金融机构)。发行者授权交易并发回响应，最终到达POS终端。

Yay! Transaction complete!

好极了！交易完成！

重播交易请求 (Replaying Transaction Requests)

One of the biggest problems with the traditional card transactions is the ability to replay past transaction requests (replay attack). If you resend the same transaction request, another transaction would be done with the same data.

传统卡交易的最大问题之一是重播过去的交易请求( 重播攻击 )的能力。如果您重新发送相同的交易请求，则将使用相同的数据完成另一笔交易。

With Apple Pay, this does not happen (also when using EMV cards directly on the terminal as well). Every transaction request can only be used once. The dynamic cryptogram (dynamic CVV in MSD mode) ensures this. For each transaction, a new cryptogram is generated which can only be used once (and is only valid for a certain time period).

对于Apple Pay，这不会发生(同样在直接在终端上使用EMV卡时也是如此)。每个交易请求只能使用一次。动态密码(MSD模式下的动态CVV)确保了这一点。对于每笔交易，都会生成一个新的密码，该密码只能使用一次(并且仅在特定时间段内有效)。

结论 (Conclusion)

In this article, we have gone through an overview of the Apple Pay transaction flow. I will discuss Google Pay in a coming article.

在本文中，我们对Apple Pay交易流程进行了概述。我将在接下来的文章中讨论Google Pay。

参考文献 (References)

你走之前！ (Before you go!)

If you have enjoyed this article, claps are welcome!

如果您喜欢这篇文章，欢迎拍手！

翻译自: https://www.freecodecamp.org/news/how-apple-pay-works-under-the-hood-8c3978238324/