What does open Apple NFC really mean?

The German law to force Apple to open it’s “NFC chip” is a confusing one. Why does an EU country with one of the lowest cashless usage rates single out one company’s NFC product in a last minute rider to an anti-money laundering bill? That’s not banking policy, it is politics. Details are few but let’s take a look at what it could mean because when it comes to NFC technology, details are everything.

Background stuff
The so called Apple ‘NFC chip’ is not a chip at all but a hardware/software sandwich. The Apple Pay ecosystem as described in iOS Security 12.3 is composed of: Secure Element, NFC Controller, Wallet, Secure Enclave and Apple Pay Servers. On one end is the NFC chip controller front end that handles NFC A-B-F communication but does not process transactions, on the other end there is the Secure Enclave that oversees things by authorizing transactions. The fun stuff happens in the Secure Element middle where the EMV/FeliCa/MIFARE/PBOC transaction technologies perform their magic with Java Card applets.

The A/S Series Secure Enclave and Secure Element are the black box areas of Apple Pay. The iOS Security 12.3 documentation suggests the Secure Element is a separate chip, but Apple’s custom implementation of the FeliCa Secure Element, and the apparent ability of Apple to update Secure Element applets to support new services like MIFARE in iOS 12 suggests something else, but it is anybody’s guess. Apple would like to keep it that way.

So what does ‘open NFC’ really mean?
It’s helpful to look at the issue from the 3 NFC modes: Card Emulation, Read/Write, Peer to Peer.

Peer to Peer
Apple has never used NFC Peer to Peer and I don’t think this is a consideration in the ‘open NFC’ debate.

Read/Write
This was a limitation up until iOS 12, but everything changed when iOS 13 Core NFC gained Read/Write support for NDEF, FeliCa, MIFARE, ISO 7816 and ISO 15693. Developers can do all the NFC Read/Write operations they want to in their apps, I don’t think this is a consideration in the ‘open NFC’ debate.

Card Emulation
Apple limits NFC Card Emulation to Apple Pay Wallet with NDA PASSKit NFC Certificates. This is what the ‘open NFC’ debate is all about. I imagine that German banks and other players want to bypass the PASSKit NFC Certificate controlled Apple Pay ecosystem. Instead, they want open access to the parts they want, like Secure Element, NFC Controller, Secure Enclave, and ignore the parts they don’t want like Wallet and Apple Pay Servers. They want the right to pick and choose.

The success of Apple Pay has been founded on the ease of use and high level of integration from a massive investment in the A/S Series Secure Enclave and other in-house implementations such as global FeliCa, etc. Outside players forcing Apple to open up the Apple Pay ecosystem represent not only a security risk to Apple but also a reduced return on investment. One commentator on MacRumors said it’s like Apple took the time and expense to build a first class restaurant and outsiders are demanding the right to use Apple’s kitchen to cook their own food to serve their own customers in Apple’s restaurant. It’s a fair analogy.

The NDA PASSKit NFC Certificate gate entrance rubs bank players the wrong way as they are used to giving terms, not accepting them. The Swiss TWINT banking and payment app for example is a QR Code based Wallet replacement that wanted the ability to switch NFC off, and got it.

My own WWDC19 Apple Pay Wish List did include a wish for easier NFC Card Emulation, but nothing appeared. It’s certainly in Apple’s best interest to make it as easy as possible for 3rd party developers to add reward cards, passes, ID cards, transit cards, etc. to Wallet. However given that the EU is hardly what I call a level playing field, the fact that bank players and politics go hand in hand in every nation, and the fact we don’t know the technical details of what the German law is asking Apple to do, all we can do is guess. In general, I think Europe will be a long rough ride for Apple Pay. At least until EU bank players get deals they are happy with.

Advertisements

Hands Free Suica

After iOS 13.2 hit the final beta I migrated my Suica from iPhone to Apple Watch to give watchOS 6 Apple Pay Suica a proper shake down. Even after only a few days I can already say that Apple Pay Suica performance on watchOS 6 is far better than any version of watchOS 5. Not only does it feel more responsive, Suica Express Transit seems more sensitive further away from the gate reader hit area, crazy as that sounds.

Going back to Apple Pay Suica on Apple Watch also brings back a great feature I missed on iPhone: hands free Suica. Incredible as it sounds, Apple Watch is still the only wearable device for Suica, the only choice for hands free Suica. Once you get used to hands free Suica Express Transit with Suica Auto Recharge, it spoils you for any other kind of cashless payment. Hands free shopping and transit is a breeze that makes everything else feel like a huge step backwards.

Apple should be marketing the hell out of it in Japan but don’t. What a waste of a huge and exclusive marketing opportunity. When Apple Pay Octopus finally, finally, finally launches, I expect Hong Kong Apple Watch users will really appreciate hands free Octopus.

JR Central Online EX Ticketing Extends to Kyushu Shinkansen in 2022

JR Central/JR West/JR Kyushu issued a joint PR release that JR Central’s EX Shinkansen eTicket system, encompassing both EXPress Reservation and smartEX services, will be adding JR Kyushu Hakata~Kagomashima Shinkansen ticketing in spring 2022.

2022? If it’s going to take that long why bother announcing it now? I am sure that part of the reason for the long lead time is the next generation Suica card architecture (Super Suica) and FeliCa OS update coming in spring of 2021. All nine of the Suica sister transit IC cards under the Transit IC interoperability umbrella will need to switch over to the new transit card format to maintain compatibility: Suica, Toica, ICOCA, SUGOCA, Kitaca, PASMO, namaca, Hayaken, nimoca.

Right now Mobile Suica is the only transit card on mobile, and mobile offers service extras like downloadable Shinkansen eTickets. The next generation Super Suica format will likely extend mobile capability and mobile service extras to all nine cards. At the very least JR Central will have to retool the EX system for the new card architecture while maintaining compatibility with the current card architecture. It makes sense to upgrade the current EX system areas first and add Kyushu Shinkansen ticketing last.

Meanwhile, JR East is due to rollout a new eTicketing system in spring 2020.

File:ICCard Connection en.svg
Japan Transit IC Map, outside white area cards are due to join Super Suica in 2021

No global NFC evolution for Pixel 4?

iFixit posted a teardown of the Pixel 4 and we have a new NFC chip: STMicroelectronics ST54J NFC controller. This replaces the NXP PN81 used in Pixel 3 but still has a embedded secure element (eSE) that supports all the global NFC technologies: NFC A-B-F/EMV/FeliCa/MIFARE.

NFC Forum device certification requires NFC A-B-F hardware support, but Google went the cheap route again with the extra step of not installing FeliCa transaction keys in non-JP Pixel 4 models. This means only Pixel JP models are global NFC devices, users with non JP models cannot add and use the Japanese Suica transit card or Hong Kong Octopus. iPhone and Apple Watch have global NFC as a standard feature on all worldwide models since iPhone 8/X and Apple Watch Series 3.

Pixel 3 was step towards global NFC with the Japanese models. The Pixel 3 Global NFC Evolution post examined the possibility of Google creating their own ‘in house’ embedded secure element (eSE) for all NFC transactions technologies implemented on their own Secure Enclave Pixel platform. I was wrong and made some bad assumptions:

  • Apple was already doing global NFC transactions on the A/S Series Secure Enclave, so Google would try to do the same with their Titan chip.
  • The Pixel Phone hardware page states: if you purchased your Pixel 4, 3a or 3 phone in Japan, a FeliCa chip is located in the same area as the NFC. The wording suggests a separate FeliCa chip for JP Pixel models but this is not the case.

FeliCa Dude was very considerate of my Pixel global NFC fantasy even though it made no sense at all cost-wise or software-wise having an extra NFC FeliCa chip and multiple eSE just for JP models. He extensively tested a Pixel 3 JP model, a single global NFC NXP PN81B chip was the only answer.

The iFixit teardown confirms that Pixel 4 simply repeats last year’s Pixel 3 strategy of having global NFC hardware but only buying FeliCa transaction keys for JP models. It’s a weird strategy because the whole point of the NXP PN81 and ST54J chips is to provide customers with a convenient off the shelf global NFC package with all the hardware (NFC A-B-F) and software (EMV/FeliCa/MIFARE) ready to go.

The Pixel 4 looks like a great device but the NFC story angle remains a disappointment. As I have said before, the Android equivalent of global NFC iPhone and Apple Watch has yet to appear.

UPDATE
FeliCa Dude posted a deep dive into the Pixel 4 ST54J NFC chip and comes up with some fascinating analysis. He points out there were three model classes for Pixel 3:

  • Devices with eSIM functionality and without Mobile FeliCa
  • Devices without eSIM functionality and without Mobile FeliCa: the carrier-neutered model with a locked bootloader.
  • Devices without eSIM functionality and with Mobile FeliCa (the G013B/G013D models)

Pixel 4 delivers eSIM and FeliCa together to the Japanese market for the first time and this appears to be a reason behind Google choosing the ST54J that has eSIM + global NFC eSE on a single die. FeliCa Dude does not have a Pixel 4 yet so there is more analysis to do, but the important point is this:

if the Japanese SKUs of the Pixel 4 are indeed based on the ST54J, then there should be no technical reason why such <Mobile FeliCa> functionality can’t be delivered OTA <over the air update> to the ROW <rest of world> SKUs should Google desire to provide that service

The Pixel 4, the ST54J and Mobile FeliCa

It would be nice indeed if Google left the door open for adding Mobile FeliCa later to all non JP Pixel 4 models with a software update, especially for markets like Hong Kong that can use it. Whether Google will actually do that is another matter entirely.

Suica and Octopus Compared

Hong Kong’s Octopus is coming to Apple Pay soon, it shares the same FeliCa technology base with Suica but there are some interesting differences.

Branding
The mobile version of Suica is Mobile Suica across 3 different payment platforms: Osaifu Keitai, Apple Pay and Google Pay. The current mobile version of Octopus is called Smart Octopus in Samsung Pay but it’s not clear yet if the Smart Octopus branding will stay with Samsung Pay or be set free.

Deposits
Mobile Suica does not have deposits. Plastic Suica cards have a ¥500 deposit but is automatically returned to the stored value (SV) balance when transferred to Apple Pay or Google Pay. Octopus has a HK$50 deposit on both plastic and mobile versions. An interesting difference is that the Octopus deposit will be used temporarily if the SV balance is insufficient to pay transit fare at the exit gate.

Stored Value Balance Limits
Suica has a SV balance limit of ¥20,000. Octopus Cards Limited (OCL) just raised the Octopus SV balance limit for cards issued after October 1, 2019 from HK$1,000 to HK$3,000. In JPY this is roughly double the current Suica limit, about ¥40,000 which puts it inline with other Japanese e-money card balance limits like WAON. Suica balance limits will likely be doubled when the next generation ‘Super Suica’ card architecture arrives in April 2021.

Number of Cards
Smart Octopus is limited to a single card per Samsung Pay user account. Mobile Suica/Apple Pay Suica can have the multiple Suica cards up to the device Wallet limit.

Recharge Fees
One of the many innovations that Apple Pay Suica brought was elimination of the annual Mobile Suica ¥1,050 ‘membership fee’, Google Pay got the same deal and Mobile Suica membership fees are disappearing altogether next year. Mobile Suica does not charge any upfront fee for recharges, but Smart Octopus does: 2.5% a pop for the luxury of recharging in Samsung Pay with Visa and Mastercard card brands although Union Pay cards are apparently free.

The differences in this last section are interesting. JR East charges nothing for recharging Mobile Suica, while OCL does for Smart Octopus. Mobile Suica has been around far longer and JR East has many more online services, such as EkiNet, to offset cloud expenses. Smart Octopus only started in December 2017 and the footprint of Samsung Pay devices compared with everything else is probably small and doesn’t drive enough transaction volume to offset Smart Octopus cloud startup costs. Apple Pay will growth the transaction size of Smart Octopus considerably, hopefully enough for OCL to reduce or eliminate the Add Value Service Fee at some point.

I look forward to digging through service details when Octopus finally launches on Apple Pay.