Since last week’s Australian Parliamentary Joint Committee on Corporations and Financial Services hearings regarding the so called Apple Pay monopoly and the utterly pointless debate of Android only Host Card Emulation (HCE) aka ‘virtual secure element’ vs. a hardware embedded secure element (eSE), Apple Pay Wallet has been busy rolling out new services: Australian health insurance Wallet card support and digital vaccination certificates, ING Belgium and FNB South Africa additions, and today’s Student ID expansion to more universities in America including the first international addition in Canada. The last item was particularly interesting as Apple issued a press release that included new partners beyond Blackboard: Transact, CBORD, TouchNet, Atrium, HID Global, and Allegion. MIFARE and FeliCa are the 2 big protocols used for ID cards, both fully supported in iPhone and Apple Watch. Hopefully we’ll see more international Student ID card support soon.
Japanese IT reporters have been writing about the recent addition of Xiaomi Redmi Note 10 JE (Japan Edition) to the KDDI au lineup. All the Chinese manufacturers have been bringing new models with Mobile FeliCa Osaifu Keitai support as more or less standard, but like most Android smartphones including Google Pixel, the hardware is the same everywhere but Mobile FeliCa is only activated for Japanese models. Why bother?
The Xiaomi product manager interview in IT Media Mobile casually mentions that only 20% or so of Android Osaifu Keitai device holders actually use the feature. I suspect Osaifu Keitai usage rates vary widely depending on the region, much higher for Tokyo and other metro areas, less in rural areas. It would be really interesting to compare Osaifu Keitai usage rates with Apple Pay. I think Apple Pay Japan usage rates likely leave Osaifu Keitai in the dust. As for the real reason why Chinese smartphones manufacturers are adding Mobile FeliCa support: the digital My Number ID card launching in 2022 requires it. One out of ten people living in Tokyo and other metropolitan areas is a Chinese national…do the math.
The American bred internet cancel culture that started during the Obama years and went ballistic during the Trump years shows no signs of abating because battle lines are constantly redrawn to silence a somebody that somebody else wants silenced. And it has become an entrenched issue thanks to AI driven SNS content. As Tim Pool adroitly points out, and long term surveys confirm, the current American racial crisis didn’t happen until the Reddit and YouTube generation raised on endlessly looping AI driven police brutality videos perceived the virtual world as the real one. That’s the unfolding tragedy as perceived virtual life replaces the unseen real one.
As bad as this is, evil players use virtual life to intimidate, blackmail and destroy reals ones. That’s exactly what happened evidently when eBay’s supervisor of security operations decided to cancel the EcommerceBytes blog and carried out a cyberstalking campaign (including surveillance), against the husband and wife blogging team. Their astonishing story was published by the Boston Globe. It’s reads like script of Michael Clayton (I prefer the Japanese title: The Fixer). eBay conducted an investigation, pushed out the CEO with a golden parachute and issued a statement that, of course, acknowledged the wrong but said ‘it’s okay now because the baddies are gone.’ Until next time. eBay, of course, didn’t offer any compensation.
The Buddha’s face isn’t seen a fourth time
When the 3rd Tokyo State of Emergency (SOE) was announced, I predicted it would’t go well. Sure enough, infections started to rise before the end of SOE 3. Now we are in SOE 4 and infection rates are skyrocketing, well, skyrocketing compared to rates that were low to begin with. So life goes on as usual, the commuter time trains are crowded as usual, people go shopping as usual, there is nothing remotely panic-like despite media hysteria narratives of a ‘medical system breakdown.’
As always, it’s complicated. Very few people are actually dying from COVID (and don’t forget that hospitals get a nice government subsidy when they report a COVID death, other deaths don’t pay). Influenza and pneumonia are much more real long term threats. Lockdowns and vaccination mandates will be impossible to implement as all the government tools to do so were locked away by the GHQ occupation and restructuring of Japan. Any attempt to invoke those kinds of powers requires changing the American created Japanese constitution and nobody wants to do that (fun fact: the English language constitution of Japan is the official one, the Japanese language one a fake).
Given the utter lack of useful long term planning demonstrated by Tokyo Governor Yuriko Koike, the most likely course of action will be: attempting real fines for restaurants, bars, etc. that don’t follow SOE requests. Good luck with that.
The Apple Pay monopoly debate isn’t new and isn’t about being ‘open’, it’s about banks getting what they want from politicians. What I found interesting was the back and forth between Apple and Google regarding the hardware embedded secure element (eSE) vs. the virtual secure element in the cloud Host Card Emulation (HCE), a topic that confuses many ‘experts’.
Google is playing both ends here because they have different flavors of Google Pay for different kinds of Android devices. Google Pixel Google Pay uses eSE while everybody else use HCE Google Pay. One very important thing not mentioned in tech blog coverage is that Samsung Galaxy and the Chinese smartphones (Huawei, OPPO, Xiaomi) all use a custom eSE with their own XX-Pay. In other words, everybody on the Android side outside of low end junk is doing exactly what Apple Pay is doing.
Apple Host Card Emulation (HCE) is a less secure implementation, which was adopted by Android … Apple did not implement HCE because doing so would lead to less security on Apple devices.
Google Our payments apps are immensely secure…we would refute the suggestion our HCE environment is in any way insecure … I would argue the user experience on Google Pay is equal to that of Apple Pay.
GlobalPlatform HCE solutions can be a great option for issuers to get to market cost-effectively for their Android customers. However, they aren’t without their complexities. Rooted in the NFC device OS, HCE apps can be more vulnerable than the ‘Giant Pays’.
So HCE security is up to the payment app, shitty app = shitty security without Apple Pay Secure Intent. The whole HCE debate is nonsense, like FeliCa Dude says it’s eSE or nothing. If the committee thinks that HCE means open and good, they are showing their incompetence.
Apple Pay Wallet has a very simple rule: any card that loads a Java Card applet into the secure element has to reside in Wallet. Any card or developer that wants to loads applets and use the secure element has to have a PassKit Secure Element Certificate Pass. This is covered by NDA but a company called PassKit (not Apple) gives us an idea what Apple’s NFC/Secure Element Pass guidelines are:
Apple care a great deal about the user experience. Before granting NFC certificate access they will ensure that you have the necessary hardware, software and capabilities to develop or deploy an ecosystem that is going to deliver an experience consistent with their guidelines.
Yeah, the end to end user experience, the whole reason behind the success of Apple Pay. Banks don’t want to be told they need to improve their ecosystem for a better user experience, and they don’t want to pay a transaction cut to Apple that they are used to keeping for themselves. What else is new?
The whole ‘Apple Pay is a monopoly’ soap opera is overrated.
PASPY is just the tip of the iceberg. There are many transit IC cards out there with the same problem: fixed infrastructure costs supporting a small region transit IC card and declining ridership. Add the COVID crisis that has decimated public transit use and you have a business crisis. All the small transit cards outside of the Transit IC card standard (the pink box) are in the same boat: they can only be used in their respective regions, they don’t have e-money functions, they don’t have the resources to go mobile.
This is exactly the problem JR East is addressing with their 2 in 1 Suica MaaS soution. JR East hosts the hardware, the local operator issues a ‘localized’ Suica that offers both special local MaaS services (discounts and extras, etc.) and seamlessly plugs into the larger Suica and Transit IC map.
Unfortunately PASPY is in the JR West region which doesn’t have anything similar to the JR East MaaS program. It would be a perfect solution: customers would get a new card that works just like it does now but works everywhere with e-money and ICOCA benefits, Hiroden is freed from the costs of hosting and issuing their own card.
QR is not going to be the salvation that Hiroden hopes it will be. QR isolates Hiroden from the wider transit IC network of Mobile Suica, PASMO, ICOCA. Even if Hiroden gets rid of their card issuing business cost, they still have to host a system to run the QR Code app and manage accounts. The real rub is that instead of anybody buying an IC card out of a machine, Users will have to sign up for the app or buy a QR paper ticket. They also have to worry about where and how their account data is stored. My prediction: it’s going to be a messy money losing transition.
Heraiza down but not out
Poor little Heraiza, one of my favorite Japanese YouTubers, has been copyright claim ‘hacked’ from a fake account pretending to be Dentsu and now has 2 bogus strikes against her YouTube account. As an independent 17 year old high school student with 150,000 followers, she doesn’t have the resources of a YouTuber managment agency like UUUM, who she likes to badmouth (and I won’t put it past UUUM using fake accounts to take her out). Dentsu or whoever the real copyright holder is has confirmed to her that her content does not violate said copyrights.
Express Transit Suica ruins the Apple Pay experience for using anything else. You want Apple Pay to work that way everywhere but it doesn’t. Most of the time we trudge along using Apple Pay Wallet with face mask Face ID authorization, although the Apple Pay experience on Apple Watch is a big improvement as well as being a trusted device for secure intent.
iPhone users in America are finally getting a taste of Express Transit en masse with the rollouts of Apple Pay for SmarTrip, TAP, Ventra and Clipper. Apple recently rebranded Express Transit as Express Mode on their new Wallet webpage (in Japanese it’s called Express Card). The branding change may seem trivial but it has bigger implications because for first time users of new Wallet services in iOS 15, Express Mode goes places that Express Transit cannot: digital keys and digital ID.
These functions are not new of course, Express Transit cards and Student ID cards have been opening transit gates and doors these past few years. But Express Mode is for everyone and personal: your keys and badge to unlock your home door, unlock and start your car and get you into the office. With these refinements and additions it’s safe to say that iOS 15 Wallet finally delivers the digital wallet dream people have been talking about since 2010. Wallet can replace your wallet.
What’s new Last year I covered ‘coming soon’ Ultra Wideband Touchless and Code Payment (codeword Aquaman) Wallet developments. The Code Payments feature is still waiting in the wings. Steve Moser kindly confirmed that Aquaman code references are alive and well in iOS 15 with minor changes but this post will focus on announced features. In the WWDC21 Keynote Apple Pay section Jennifer Bailey announced keys and ID. The Wallet features you get from the ones listed on the iOS 15 preview page depend on the device:
Car keys with Ultra Wideband support (shareable) iPhones and Apple Watches equipped with U1 chip* (iPhone 11 and later, Apple Watch 6)
Car keys without Ultra Wideband support (sharable) Home keys (shareable) iPhone XS • Apple Watch 5 and later*
Office key Hotel key Apple Watch is not listed: “Device requirements may vary by hotel and workplace.”
ID in Wallet iOS 15 devices watchOS 8 devices (the fine print: Not all features are available on all devices)
None of the new features will be available when iOS 15 launches. Expect them with the iOS 15.1 update or later. NFC Car keys launched on iOS 13 and iOS 14 in 2020.
The A12 Bionic • iPhone XS and later requirement for Wallet keys is easy to understand: Express Cards with power reserve. It is vital that people can unlock car and home doors even when their iPhone battery is out of juice. Up to 5 hours of power reserve makes a huge difference, but only for iPhone. *Apple Watch supports Express Mode but not power reserve.
The bigger story is UWB because it is new technology that works with the Secure Element to create a whole new experience. Up to now the Secure Element was exclusively NFC. Not anymore, the Car Connection Consortium (CCC) Digital Key 3.0 specification “maintains support for NFC technology as a mandatory back-up solution.” Digital car key is first and foremost a UWB solution with NFC relegated to the back seat.
UWB connectivity adds hands-free, location-aware keyless access and location-aware features for an improved user-friendly experience…
3.0 addresses security and usability by authenticating the Digital Key between a vehicle and the mobile device over Bluetooth Low Energy and then establishing a secure ranging session with UWB, which allows the vehicle to perform secure and accurate distance measurement to localize the mobile device.
NTT Docomo and Sony demonstrated UWB car keys in action last January running on Android Osaifu Keitai hardware. Sony (FeliCa) and NXP (MIFARE and UWB chipsets) have worked closely to extend both FeliCa and MIFARE into the UWB Touchless era. The CCC Digital Key specification is open to any Secure Element provider. UWB + Bluetooth Low Energy (BLE) is simply another radio communication layer in addition to NFC.
This is significant as it opens up UWB to anything that currently uses the Secure Element and NFC. Apple has not spelled it out but suggest UWB might work with Home keys and there is no reason UWB cannot work with all keys, transit cards and Student ID. The WWDC2021 session video Explore UWB-based car keys is a great introduction and highly recommended viewing if you have any interest in the subject. The session is a bit unusual in that the discussion covers RF hardware and performance design more than software. It feels like the target audience is car manufacturers. There is a lot of detail to get lost in but here are some simple but essential points:
Secure Element improvements: the SE has always used unique keys for mutual authentication, this has been extended with ranging key deviation
Secure communication at a distance: UWB and BLE identifier randomization with secure ranging is an important security feature as UWB Touchless works over much greater distances than NFC reader tapping
Zones: the precise motion and positioning tracking of a paired UWB device with a unique key allows for ‘passive entry’ action zones, walking towards the car unlocks it, walking away locks it, etc. without any other user interaction
RF transceiver and antenna system design: is a deep and difficult art that echos the Suica creation story
JR East (Suica) and Hong Kong MTR (Octopus) have both said they are developing transit gates that incorporate UWB. This makes sense as Mobile FeliCa is now UWB savvy but after watching the WWDC21 session video I can only marvel at the complexity of the big picture because UWB is about mapping and using space and movement to perform an operation.
The engineers face countless problems and challenges to juggle in their quest to build a transit gate that delivers the same FeliCa NFC speed and reliability with UWB…at rush hour. They have to consider radiation patters, system latency and processing power, localization algorithms and much more. If they achieve their stated goal, 2023 could be a banner year for transit.
ID in Wallet Lots of people are excited about the possibility of adding a digital driver’s license to Wallet but as 9to5 Mac’s Chance Miller wrote, we don’t know much about about it at this point. Actually in Japan we do. The Ministry of Internal Affairs and Communications (MIC) released an English PDF: First SummaryToward the Realization of Electronic Certificates for Smartphones with a diagram that explains their digital ID system architecture. MIC remarked back in November 2020 that they are in discussions with Apple to bring the digital My Number ID card architecture to Wallet. The Android version is due to launch in 2023 and will likely employ the Mobile FeliCa Multiple Secure Element domain feature described by FeliCa Dude (FeliCa using NFC-B instead of NFC-F). A similar basic architecture with different protocols and issue process will undoubtedly be used for adding digital drivers licenses.
The Privacy question I’ll be very interested to see how ID launches in America this fall. Which outside partner company or companies are providing the service to participating states and running the backend? I suspect it will be something similar to Student ID with Blackboard running the service for participating universities. The biggest security question in my mind is who besides the TSA will use ID in Wallet, and more importantly, how? Some governments and transit agencies are pushing face recognition as a convenience in addition to security. My preference will always be for having my ID on my own Secure Element rather than somebody’s cloud server, an ID that I authorize with my own secure intent.
Wallet UI and usability improvements Wallet App didn’t get the makeover that some users asked for, but there are are a few small improvements. Up to 16 cards can be added in iOS 15, up from 12 in iOS 14. Archived passes and multiple-pass downloads help make Wallet more useable and remove some housekeeping drudgery.
I finally got two WWDC19 Apple Pay Wallet wishes granted: (1) dynamic Wallet cards and (2) region free transit cards. Apple Card does UI things in Wallet no other card is allowed to do. As far as I know this first changed with Disney’s MagicMobile launch on iPhone, Jennifer Bailey calls them “magical moments when you tap to enter.” There are similar low-key card animations in Home key and ID cards. It’s a very small step but I hope Apple adds more over time than just sprinkling seasoning card animations. Done wisely, dynamic cards could improve Wallet usability that convey important card status and account information.
Region free transit cards means that users no longer have to change the iPhone • Apple Watch region setting to add a transit card. In iOS 15 Wallet you get the full list regardless of the region setting. It’s not perfect but it is less confusing than adding a transit card in iOS 14.
Summary The overall reaction to iOS 15 has been somewhat muted but there are lots of new details. Apple Pay Wallet additions for home keys, office key, hotel key and ID build on technologies that have been on the Apple Pay platform for some time but Apple is leveraging them in new ways.
The unveiling of UWB Touchless is important and cutting edge, that might revolutionize secure transactions. The next step not only for car keys but for transit and other services that up to now have been limited to NFC. And this time, unlike NFC, Apple is leading the way for UWB.
The bottom line is that UWB opens up a lot of possibilities for many current NFC based solutions. Expect UWB Touchless support for Wallet cards in the near future that use Express Mode in new ways, and new UWB based features for a much smarter Wallet.
Zones Zones are is one of the exciting aspects of UWB Touchless, where functions are triggered by the simple act of walking towards or away from the car. It will be interesting to see how this is applied to UWB Touchless transit gates.
Japanese media reaction to Apple’s WWDC21 Keynote was a big ‘meh’. Not surprising as many iOS 15 features won’t be available for Japanese iPhone users who are well acquainted with being a 1st tier market for selling Apple hardware but a 3rd tier market afterthought for Apple services. They also probably read the iOS 15 preview website fine print at the bottom of the page, every other line reads: available on iPhone (XS/XR) with A12 Bionic and later. Bottom line: to run all the iOS 15 bells and whistles you need iPhone XS and later. Here’s the list of iOS 15 featuresthatrequire A12 Bionic and later:
FaceTime: Spatial audio, Portrait mode
Wallet: Car keys, Home keys, Office key, Hotel key and ID in Wallet (listed as iPhone XS and later instead of A12 Bionic for some strange reason, Home key and Office Key ‘coming in a software update to iOS 15’)
Maps: Interactive globe, Detailed new city experience, Immersive walking directions
There appears to be a mistake that lists iPhone XS for UWB car keys. It should read iPhone 11 and later for UWB Car keys with remote keyless entry controls.
The A12 Bionic and later requirement for Wallet keys is easy to understand: Express Cards with power reserve. It is vital that people can unlock car and home doors even when their iPhone battery is out of juice. Up to 5 hours of power reserve makes a huge difference and it even works with UWB car keys, a surprising new development I hope to examine in the next post. Note the plural name difference: Home keys can be shared like Car keys. Hotel key and Office key are only for one.
The new Wallet car keys feature is rumored to be coming from Toyota, Honda and Nissan but nothing has been announced even though NTT Docomo demonstrated UWB car keys in action last January. Likewise there are no local 3rd party announcements regarding home keys and office key but the FeliCa and MIFARE support that comes standard in iPhone 8 and later makes it easy to implement local digital key services for Wallet. The Japanese My Number ID digital card is due to launch on Android Osaifu Keitai smartphones in 2022. The Ministry of Internal Affairs and Communications who oversee the project have said they are in discussions with Apple to bring My Number ID card to Wallet.
For Japanese iPhone users however there are many features that just won’t matter because they won’t be available. The gap between services announced for USA/Europe/China is wide and can take years to make it to Japan. For iOS 15 a comparison looks like this:
Live Type for Japanese will be sorely missed, Weather maps is a tossup, Apple Maps JP is the usual mess. However even Japanese locations get the completely new cartography design unveiled in iOS 15 beta 1, the first real makeover since the 2012 launch. Only A12 Bionic and later devices get the full range of redesigned cartography but even on older devices iOS 15 new city maps do a nice job of minimizing the previous mess of orange, blue, red, brown Point of Interest clutter. Unfortunately the new cartography also has some major weirdness:
The new iOS 15 map cartography touched off an interesting Twitter thread:
A: Maps are supposed to be a reflection of reality. I’m sure they wouldn’t show a curve in a road that is straight in real life, so why put curves on square buildings? How can someone at Apple look at this and think “These curves sure do make usability better!”
B: As a counterpoint for discussion, where does “reflection of reality” fit with tube/metro/underground rail maps (eg. London, Tokyo)? I think ‘realistic’ and ‘accuracy’ are two different things for maps. As for thinking the style choices are useful and aid comprehension, well🤔
C: With iOS 15 emphasizing 3D/AR viewfinder navigation for pedestrians, I’m definitely expecting my square buildings to stay square and round buildings to stay round. Otherwise the feature will be useless for me!
B: Ok, now this is a use case that demonstrates the problem in the design choice🙇♂️👍
I plan to cover iOS 15 Apple Pay and Apple Maps in detail after WWDC21 wraps this week.
On Apple Watch, the device must be unlocked, and the user must double-click the side button. The double-click is detected and passed directly to the Secure Element or Secure Enclave, where available, without going through the Application Processor.
Apple doesn’t spell it out but this is confirmation that a GlobalPlatform licensed Embedded Secure Element is simply part of every Apple Silicon package, and for all Secure Intent purposes indistinguishable from the Secure Enclave. If push comes to shove over governments trying to force Apple to ‘open up’ the NFC chip, the counter argument will be that the NFC chip is open for Core NFC purposes but the Secure Element cannot be open because it’s part of the Secure Enclave on proprietary Apple Silicon.
Given that Apple added the Secure Intent section to Apple Platform Security very recently, expect to hear more at WWDC21 in connection with secure payments and UWB.