iOS 14 Apple Pay: going the distance with Ultra Wideband Touchless and QR (Updated)

It’s that time of year again to look into the WWDC crystal ball and see what changes might be in store for Apple Pay. 2019 was an exciting year with the important Core NFC Read-Write additions for ISO 7816, ISO 15693, FeliCa, and MIFARE tags. Since then we’ve seen iOS apps add support for contactless passports, drivers licenses, retail and manufacturer vicinity NFC tags, transit ticketing, badging, and more. Some expectations ended up on the cutting room floor. The NFC tag Apple Pay feature that Jennifer Bailey showed back in May 2019 has yet to appear. Apple Pay Ventra and Octopus transit services slated for 2019 and iOS 13 failed to launch. Apple Pay Octopus launched June 2, Apple Pay Ventra has yet to appear.

Predicting anything in 2020 is risky business because of COVID. iPhone 12 might be delayed, iOS 14 might be delayed, features brought forward, pushed back…all plans are up in the air. Some developments are clear, but timing is opaque. What follows is based on: (1) NTT Docomo announcement of Ultra Wideband (UWB) ‘Touchless’ Mobile FeliCa additions and JR East developing UWB Touchless transit gates, (2) CarKey and the Car Connectivity Consortium Digital Key 3.0 spec, and (3) Mac 9to5 reports of AliPay coming to iOS 14 Apple Pay.

Going the distance with Ultra Wideband
The NFC standard has been around a long time, long before smartphones, conceived when everything was built around close proximity read write physical IC cards. The standards have served us very well. So why are NTT Docomo and Sony (Mobile FeliCa) and NXP (MIFARE) adding Ultra Wideband + Bluetooth into the mix?

UWB + Bluetooth delivers Touchless: a hands-free keep-smartphone-in-pocket experience for unlocking a car door, walking through a transit gate or paying for takeout while sitting in the drive thru. It’s the same combo that powers Apple AirTags. UWB Touchless delivers distance with accuracy doing away with “you’re holding it wrong” close proximity hit areas necessary when using NFC. With Touchless your iPhone is essentially a big AirTag to the reader,

For Apple Pay Wallet cards it means hands free Express Card door access, Suica Express transit gate access and payments that ‘just work’ by walking up to a scan area or car. As Junya Suzuki pointed out recently, UWB Touchless is passive vs. the active NFC ‘touch to the reader’ gesture, as such it will live on smartphones and not on plastic cards. Those will remain limited to NFC which does not require a battery.

Secure Element evolution and digital key sharing
The addition of UWB Touchless however means that the Secure Element, where transaction keys are kept and applets perform their magic, has to change and evolve. Up until now the Secure Element worked hand in glove with the NFC controller to make sure communications between the reader are secure and encrypted. For this reason an embedded Secure Element (eSE) usually resides on the NFC controller chip.

Apple chose to put a Global Platform certified Apple Pay eSE in their own A/S series chips. The arrangement gives Apple more control and flexibility, such as the ability to update Secure Element applets and implement features like global NFC. The addition of UWB Touchless in FeliCa and MIFARE means both smartphone and readers need new hardware and software. Apple already has UWB in the U1 chip on iPhone 11. Mobile FeliCa software support could be coming with the next generation ‘Super Suica’ release in the spring of 2021 that requires an updated FeliCa OS.

Recent screen images of a CarKey card in Wallet…with Express Mode can we call it Suicar?

The arrival of UWB Touchless signals another change in the Secure Element as shown in middle CarKey screen image: digital key sharing via the cloud where the master key on the smartphone devices ‘blesses’ and revokes shared keys. Mobile FeliCa Digital key sharing with FeliCa cards and devices was demonstrated at the Docomo Open House in January, also outlined in the Car Connectivity Consortium (CCR) Digital Key White Paper. An interesting aspect of the CCR Digital Key architecture is the platform neutrality, any Secure Element provider (FeliCa, MIFARE, etc.) can plug into it. Calypso could join the party but I don’t see EMV moving to add UWB Touchless because it requires a battery. EMV will probably stick with battery free NFC and plastic cards.

Diagram from Car Connectivity Consortium (CCR) Digital Key White Paper

QR Code Payment Cards
There is another possible eSE transition for Apple Pay. If the 9to5 Mac AliPay for Apple Pay iOS 14 rumor is true, it represents a huge change for Apple Pay which has strictly limited payment transactions to NFC. The whole identity of Apple Pay is NFC payment cards vs. Wallet which can hold both cards (NFC) and passes (NFC or QR/Barcodes).

A few weeks ago a reader asked for some thoughts regarding the AliPay on iOS 14 Apple Pay rumor with a link to some screen/mockup images on the LIHKG site. Before getting to that it’s helpful to review some key Apple Pay Wallet features for payment cards:

  • Direct side button Wallet activation with automatic Face/Touch ID authentication and payment at the reader.
  • Device transactions handled by the eSE without a network connection.
  • Ability to set a default main card for Apple Pay use.

The images suggest a scenario for implementing AliPay in iOS 14 Apple Pay:

  • AliPay has a PassKit API method to add a ‘QR Card’ to Wallet.
  • Apple Pay Wallet QR Card set as the main card is directly activated with a button double-click for Face or a Touch ID authentication and dynamic QR Code payment generation in Apple Pay.
  • Direct static QR Code reads activate Apple Pay AliPay payment.

If Apple is adding AliPay to the ranks of top tier Wallet payment cards, they have to provide a way in. The new “PKSecureElementPass” PassKit framework addition in iOS 13.4 could be just that. Instead of PassKit NFC Certificates, the additions suggest a Secure Element Pass/certificate. Secure Element Certificates instead of NFC Certificates, or better yet completely decouple the Secure Element from NFC so that there are 2 kinds of certificates: a Secure Element Pass for Secure Element transactions, and a NFC Certificate ‘lite’ for non-Secure Element NFC use such as VAS passes which pull everything off a JSON server. In the long run Apple needs to provide finer definitions and controls for NFC and UWB access instead of one black box that PassKit NFC Certificates have been up to now.

One possible scenario for PassKit NFC Certificate evolution

The burning question here is: have Apple and AliPay developed Secure Element technology and Java Card applets for encrypted transactions that work without network connections? If so QR Wallet payment ‘cards’ are possible. Direct Apple Pay Wallet QR integration with would open up things for 3rd party (non bank) payment players. QR integration with separate access controls for the Secure Element and NFC/UWB hardware frontend might also help Apple skirt NFC monopoly allegations that got Apple Pay in trouble in Europe.

Dual Mode and flexible front ends
The addition of QR and UWB with NFC for payments opens up a long term possibility suggested by Toyota Wallet. The current app lets the user attach a QR code app payment method and/or a NFC Wallet payment method to an account. It’s intriguing but clunky. Wallet QR Payment support would allow Toyota Wallet to move the entire payment front end to Wallet and let the user choose to add one or both.

It’s the latter that interests me most. Instead of having separate NFC and QR payment ‘cards’ from the same issuer for the same account, I’d much rather have one adaptive Wallet card that smartly uses the appropriate protocol, QR, NFC, UWB for the payment at hand.

Ultimately I don’t believe that payment players need or want to anchor their services to specific technologies like QR or even NFC. AliPay may have needed QR to start their payment business empire, why not offer NFC and UWB if it’s there as a front end choice? It’s all virtual.

Capable, flexible, smart. This is what digital wallets should do, things that plastic can never achieve. Let’s hope Apple Pay Wallet makes it there someday, and that payment and transit providers are up to the mix and match challenge in the Touchless era.


WWDC20 UPDATE

CarKey
Apple announced CarKey, digital car keys and Ultra Wideband Touchless in the WWDC20 Keynote and accompanying press release:

Digital car keys give users a secure way to use iPhone or Apple Watch to unlock and start their car. Digital car keys can be easily shared using Messages, or disabled through iCloud if a device is lost, and are available starting this year through NFC. Apple also unveiled the next generation of digital car keys based on Ultra Wideband technology for spatial awareness delivered through the U1 chip, which will allow users to unlock future car models without removing their iPhone from their pocket or bag, and will become available next year.

Apple Newsroom

More details were revealed the CarKey session:

One thing the CarKey session made clear is that Secure Element ‘radio technologies’ are evolving beyond NFC. Another interesting aspect of CarKey is the device requirement: iPhone XR/XS or later, Apple Watch Series 5 or later.

A12 devices and later makes perfect sense because they all support Express Cards with power reserve. Apple Watch does not support this feature but the Series 5 and later requirement suggests the S series chip is getting very close and likely involves Secure Element digital key sharing. We may see Express Cards with power reserve arrive with Apple Watch Series 6.

App Clips
App Clips finally unleash the power of background NFC tag reading and is the other big Apple Pay development announced at WWDC20. This is what Jennifer Bailey talked about last year just before WWDC19 but it took another year to come together.

App Clips puts NFC tags on equal footing with QR Codes for the first time with the added edge of the ‘when the screen is on’ background tag sheet pop-ups. This will be huge. See the separate post for details.

Apple Pay Code Payments
AliPay QR Code support was not mentioned in the WWDC20 keynote or sessions but there are Apple Pay code payment references in iOS 14 beta 2, code name Aquaman. There is also a iOS 14 PassKit alipay payment network reference and other new PassKit framework additions for code payments. The closer we get to the iOS 14 official release, the more I’m convinced that Apple Pay Code Payments are more of a App Clip thing because App Clips have the potential to deliver a much better user experience than Apple Pay Code Payment can just by itself.