Generation of authorisation key using Elliptic Curve algorithm
Keys stored in secure enclave of mobile device and locked with Touch ID or device PIN
Touch ID or device PIN for unlocking access to the secure enclave
Signing evidence embedded inside the digitally signed authorisation response
AES 256-bit encryption over TLS/SSL