Share this project

Done

Share this project

Done
The coolest, easiest way to pay at millions of retailers using your Pebble smartwatch. Leave the phone behind. Just tap and go!
The coolest, easiest way to pay at millions of retailers using your Pebble smartwatch. Leave the phone behind. Just tap and go!
2,777 backers pledged $208,164 to help bring this project to life.

Security Domain Integration Complete

Posted by Fit Pay Inc. (Creator)
11 likes

The project timeline we posted in the last update called out “Security Domain Integration” as the most recent milestone, and we are pleased to report that it has been reached. Ok, great. But what the heck is “Security Domain Integration” and why is it important? Bear with us Backers; we are going to take a dive into the weeds on this one to describe Security Domains and their significance to Pagaré.  

Pagaré’s core payment methodology conceals your personal account information (or PAN) through a process called tokenization. A token is a payment credential that enables retail transactions to occur without sharing your PAN at the point of sale. A security domain is simply the digital silo that safely stores that payment credential, or the tokenized version of your credit card information. Security domains are a mandatory part of the tokenization provisioning process because they ensure that your tokenized payment information is securely stored and enabled to safely complete a purchase.  

Think of the security domain as a safety deposit box for the tokenized version of your credit card information. It’s provided by a Secure Element - Trusted Service Manager (SE-TSM). To ensure that it is secure, an external governing body establishes and oversees the security parameters and protocols used in the process. In order to establish a security domain, our platform must request a discrete domain for your Pagaré from the SE-TSM and then write it to the hardware (the eSE chip, or the embedded secure element) on your smartstrap. 

Here’s more detail on how it works: 

Step 1: Security Domain Request 

Once a new account and wallet is created through the Pagaré mobile app, a request for a new security domain is initiated from the platform to the SE-TSM. 

Step 2: Setup Script Sent 

A setup script tells the platform, the mobile app and the eSE on the smartstrap that the security domain is ready to be created. The script contains APDU (Application Protocol Data UNIT) commands, which instruct the secure element to create the security domain on your Pagaré. APDU commands are defined by ISO/IEC 7816 which is an international standard governed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). All of that means that your information is kept secure. 

Step 3: Security Domain Setup 

Once the setup script is confirmed through a series of receipts, the Pagaré mobile app communicates the proper APDU commands over Bluetooth to the eSE, creating the security domain. 

Step 4: Domain Key 

After another series of receipts (or acknowledgements) confirms the security domain has been established, the security domain keys are sent back to the platform to start the personalization process.  

Completing the Security Domain Integration milestone means that the platform can now successfully request a security domain and create it on the Pagaré eSE chip. It sounds simple, but as you can see it is a complicated process that involves not only Pagaré and our platform, but also integrating with third-party providers and financial data governing bodies to ensure that every part of the transaction is secure. Completing the Security Domain Integration is a big step in establishing the infrastructure needed to make Pagaré work safely and securely. 

The next step is the personalization of the security domain, which is the process of actually loading individual payment credentials (a tokenized version of a credit card) in the security domain on the Pagaré. We are currently in the testing phase of that process and will have results to report soon. We will provide that information and other updates soon.

Cheers! 

The FitPay Team

MaryAnn Boylan, Charles Cooper, and 9 more people like this update.

Comments

Only backers can post comments. Log In
    1. Cherisse Gardner on

      Has anyone gotten anything from this? I put in for one of these watchbands and am completely in the dark about what I can expect from the original campaign or FitBit for my investment. At this point I'll just take a refund, I know FitBit has the money to take care of those of us still burnt.

    2. Hoder Jensen on

      @Dean Hope Yes silly us, that we want some straight answers from a company, who has been delaying and withholding information during large part of the campaign.

      @Fit Pay Inc. Thanks for the response, I hope we find a solution all can be happy with.

    3. Eric Bautista on

      My PT Round is as good as ever and the newer model is not really new, so...Keep at it guys. Can't wait for mine. :-)

    4. Dean Hope on

      It's the same questions over and over again that already have answers, if you're not supporting the development don't comment.

      Can't wait for Pagaré, keep going with the great work.

    5. Fit Pay Inc. Creator on

      @Drew @Hoder - We are currently tracking interest for a separate PT2 campaign, but cannot make any promises. We have decided to dedicate all of our time and efforts to this current campaign, and deliver what we promised before diving into a new project. That being said, your comments and requests are not going unnoticed... we're looking into the feasibility of Pagaré for PT2.

      Cheers,
      The Fit Pay Team

    6. Hoder Jensen on

      Yeah you should really do a upgrade plan. I have no use for a Pagare for PT1, when it launches, so I rather that you keep it and do a upgrade price to a Pagare for PT2.

    7. Drew Martinez on

      Will you offer a possible upgrade to a PT2 for a discount rate? Or possibly for the same price and you can keep my original order. Seems like I will be getting that watch much sooner than your original promised date. I'm not asking or demanding a refund but these delays are killing me and I'm sure the rest of the backers. I plan on giving my younger sister my current Pebble Time Steel as soon as my new PT2 Steel gets here.

    8. Fit Pay Inc. Creator on

      @Michael - We have had few Backers ask for a refund on their pledge because the timeline has changed. We understand that, especially given the announcement of the PT2. We are working really hard to deliver a groundbreaking product to our Backers. We are relying on every pledge to make that happen, and every Backer made their pledge knowing that we were all in this together. Issuing refunds would hurt our ability to deliver for all of our Backers. For that reason, we are unable to honor refund requests. Please stick with us while we complete the development of Pagaré. We appreciate your support and look forward to delivering you a beautiful product.

      Cheers,
      The Fit Pay Team

    9. Mike Lannen on

      Meh. By the time this is actually done, I will likely not even own the same style Pebble. So frustrating. Will you guys be offering a refund at any point as a option for folks because of the severe delays?