NFC & SE Platform security
The NFC & SE Platform is a secure solution developed by Apple that enables authorized developers to provide capabilities from within their iOS app. On devices with iOS 18.1 or later, developers can store credentials in the Secure Element. These credentials support payments, access, transit, loyalty programs, and tickets. Developers must protect user privacy and data, including card details. The platform provides security features from iPhone hardware, software, and Apple servers. Developers can use the Secure Element, biometric sensors, Secure Enclave, and Apple servers to protect credentials during the following phases of use:
Note: Developers must be granted an entitlement to use the NFC & SE Platform. This helps ensure that only authorized developers that are committed to upholding privacy and security standards can use the NFC & SE Platform.
NFC & SE Platform component security
The NFC & SE Platform provides access to hardware and software features that enable developers to provide secure transactions for iPhone users.
Secure Element
The Secure Element is an industry-standard integrated circuit that runs the Java Card platform. Certified by both EMVCo and Common Criteria, it supports standard Java Card applets, including those approved for the NFC & SE Platform. It also has a special applet for managing NFC & SE Platform applets’ authorization and activation. Credential data can be encrypted and sent to these applets using unique keys. This data is stored in the applets and secured by the Secure Element’s security features. During transactions, the terminal communicates directly with the Secure Element through the near-field-communication (NFC) controller.
NFC controller
The NFC controller handles NFC protocols and routes communication between the Application Processor and the Secure Element, and between the Secure Element and the point-of-sale terminal. The NFC controller helps ensure that contactless transactions are conducted using a terminal that’s in close proximity to the device. Only requests arriving from an in-field terminal are marked by the NFC controller as contactless transactions.
After a transaction is authorized to proceed by the user using Face ID, Touch ID, or the phone’s passcode, contactless responses prepared by the NFC & SE Platform applet within the Secure Element are exclusively routed by the NFC controller to the NFC field. Consequently, contactless transaction details are contained to the local NFC field and aren’t exposed to the Application Processor.
Secure Enclave
The Secure Enclave manages the user authentication and secure intent processes on the device, allowing authorized transactions to proceed. Communication between the Secure Enclave and the Secure Element takes place over a serial interface, with the Secure Element connected to the NFC controller, which in turn is connected to the Application Processor. Though not directly connected, the Secure Enclave and Secure Element can communicate securely using a shared secret generated at runtime, which can be used to provide confidentiality and integrity over the communication link as needed.
Apple servers
Apple servers host NFC & SE Platform partners’ approved applet packages. They also manage the setup and creation of security domains and applets in the Secure Element, including those used by the NFC & SE Platform.
Applets and configurations
To use the NFC & SE Platform, developers must have an approved applet bundle and product configuration to support their credentials. Before being delivered to Apple for secure installation on the Secure Element, all applets must go through a security review by an accredited third-party security evaluation laboratory. After delivery to Apple, the applet bundle and associated product configuration are reviewed and must be approved before they can be used with the NFC & SE Platform. After approval, the applet package is signed and hosted on Apple servers.
Developers are also independently responsible for obtaining any other necessary certifications or qualifications for their applets based on their use case and operating plans, such as those required by law, regulation, or payment network operators.
Credential provisioning
The NFC & SE Platform developer is responsible for protecting the security of the process for a user to provision new credentials. This may include steps like authentication of the user in their iOS app, protection and validation of sensitive data entered by the user, communication with servers, granting approval for adding a credential, initiation of credential provisioning, and handling of personalization data. The developer is also responsible for ensuring their solution meets any applicable regulations and industry standards related to the security of provisioning and use of credentials.
Upon request from the iOS app to create a new credential, the NFC & SE Platform sends the request to Apple servers. If the applet associated with the requested product configuration hasn’t yet been downloaded to the Secure Element, an Apple server initiates the download of the signed package into the Secure Element. Next, a new applet instance is installed within an isolated Security Domain in the Secure Element to be used for storage of the new credential. After installation, the developer’s chosen Trusted Service Manager (TSM) can confidentially personalize the applet instance with any necessary credential data, such as keys and account numbers.
Secure storage and access
The Secure Element’s hardware and software security functionality are available to protect NFC & SE Platform credentials both at rest and during use. Developers ensure that their Secure Element applets are implemented in a secure manner, follow the security guidelines, and fully utilize the available security features provided by the platform in order to adequately protect credential data.
The NFC & SE Platform restricts access to product configurations and applet instances to their associated iOS apps. As a result, no unauthorized apps can interact with them to modify or use them. Only associated iOS apps are allowed to:
Request applet instance creation
Personalize, update and send commands to applet instances
Initiate transactions
Request applet instance deletion
Transaction authorization
Apps must get user authorization for all transactions; the NFC & SE Platform provides a way for app developers to ensure this happens. Users authorize transactions with biometrics or a passcode, combined with a physical gesture to the Secure Enclave. After approval, the Secure Enclave sends authentication data to the Secure Element. The Secure Element then verifies this and notifies the applet to activate the NFC interface. The NFC & SE Platform developer must implement their iOS app and Secure Element applet according to the specifications provided by Apple in order to securely utilize the transaction authorization mechanism and conduct transactions.
To initiate a transaction, the iOS app must be in the foreground and the iPhone must be unlocked. When an iOS app is set as the default contactless app in Settings, the app is automatically launched when the user double-clicks the side button (for Face ID devices) or the Home button (for Touch ID) and after user authentication (if the iPhone is locked).
Additionally, the developer’s NFC & SE Platform iOS app is responsible for clearly informing the user of the credential to be used for the transaction and displaying any relevant transaction details.
Lifecycle management
Using the NFC & SE Platform APIs, developers can update credential data or delete credentials and then send the appropriate commands to their applet from their iOS app. They can also add features to suspend or unlink their credentials, but this functionality is independent of the NFC & SE Platform.
All Secure Element credentials are securely erased when:
The user signs out of iCloud
Removes their device passcode
Erases their device using Erase All Content and Settings or remotely with Find My
Requests deletion of their Apple Account from the Apple Data and Privacy page
Users also have the ability to remove specific credentials from their iPhone by deleting the associated iOS app.