Tag: Express Card

iOS 14 Apple Pay: going the distance with UWB Touchless and QR Code Payments

It’s that time of year again to look into the WWDC crystal ball and see what changes might be in store for Apple Pay. 2019 was an exciting year with the important Core NFC Read-Write additions for ISO 7816, ISO 15693, FeliCa, and MIFARE tags. Since then we’ve seen iOS apps add support for contactless passports, drivers licenses, retail and manufacturer vicinity NFC tags, transit ticketing, badging, and more. Some expectations ended up on the cutting room floor. The NFC tag Apple Pay feature that Jennifer Bailey showed back in May 2019 has yet to appear. Apple Pay Ventra and Octopus transit services slated for 2019 and iOS 13 failed to launch. Apple Pay Octopus launched June 2, Apple Pay Ventra has yet to appear.

Predicting anything in 2020 is risky business because of COVID. iPhone 12 might be delayed, iOS 14 might be delayed, features brought forward, pushed back…all plans are up in the air. Some developments are clear, but timing is opaque. What follows is based on: (1) NTT Docomo announcement of Ultra Wideband (UWB) ‘Touchless’ Mobile FeliCa additions and JR East developing UWB Touchless transit gates, (2) CarKey and the Car Connectivity Consortium Digital Key 3.0 spec, and (3) Mac 9to5 reports of AliPay coming to iOS 14 Apple Pay.

Going the distance with Ultra Wideband
The NFC standard has been around a long time, long before smartphones, conceived when everything was built around close proximity read write physical IC cards. The standards have served us very well. So why are NTT Docomo and Sony (Mobile FeliCa) and NXP (MIFARE) adding Ultra Wideband + Bluetooth into the mix?

UWB + Bluetooth delivers Touchless: a hands-free keep-smartphone-in-pocket experience for unlocking a car door, walking through a transit gate or paying for takeout while sitting in the drive thru. It’s the same combo that powers Apple AirTags. UWB Touchless delivers distance with accuracy doing away with “you’re holding it wrong” close proximity hit areas necessary when using NFC. With Touchless your iPhone is essentially a big AirTag to the reader,

For Apple Pay Wallet cards it means hands free Express Card door access, Suica Express transit gate access and payments that ‘just work’ by walking up to a scan area or car. As Junya Suzuki pointed out recently, UWB Touchless is passive vs. the active NFC ‘touch to the reader’ gesture, as such it will live on smartphones and not on plastic cards. Those will remain limited to NFC which does not require a battery.

Secure Element evolution and digital key sharing
The addition of UWB Touchless however means that the Secure Element, where transaction keys are kept and applets perform their magic, has to change and evolve. Up until now the Secure Element worked hand in glove with the NFC controller to make sure communications between the reader are secure and encrypted. For this reason an embedded Secure Element (eSE) usually resides on the NFC controller chip.

Apple chose to put a Global Platform certified Apple Pay eSE in their own A/S series chips. The arrangement gives Apple more control and flexibility, such as the ability to update Secure Element applets and implement features like global NFC. The addition of UWB Touchless in FeliCa and MIFARE means both smartphone and readers need new hardware and software. Apple already has UWB in the U1 chip on iPhone 11. Mobile FeliCa software support could be coming with the next generation ‘Super Suica’ release in the spring of 2021 that requires an updated FeliCa OS.

Recent screen images of a CarKey card in Wallet…with Express Mode can we call it Suicar?

The arrival of UWB Touchless signals another change in the Secure Element as shown in middle CarKey screen image: digital key sharing via the cloud where the master key on the smartphone devices ‘blesses’ and revokes shared keys. Mobile FeliCa Digital key sharing with FeliCa cards and devices was demonstrated at the Docomo Open House in January, also outlined in the Car Connectivity Consortium (CCR) Digital Key White Paper. An interesting aspect of the CCR Digital Key architecture is the platform neutrality, any Secure Element provider (FeliCa, MIFARE, etc.) can plug into it. Calypso could join the party but I don’t see EMV moving to add UWB Touchless because it requires a battery. EMV will probably stick with battery free NFC and plastic cards.

Diagram from Car Connectivity Consortium (CCR) Digital Key White Paper

QR Code Payment Cards
There is another possible eSE transition for Apple Pay. If the 9to5 Mac AliPay for Apple Pay iOS 14 rumor is true, it represents a huge change for Apple Pay which has strictly limited payment transactions to NFC. The whole identity of Apple Pay is NFC payment cards vs. Wallet which can hold both cards (NFC) and passes (NFC or QR/Barcodes).

A few weeks ago a reader asked for some thoughts regarding the AliPay on iOS 14 Apple Pay rumor with a link to some screen images on the LIHKG site. Before getting to that it’s helpful to review some key Apple Pay Wallet features for payment cards:

  • Direct side button Wallet activation with automatic Face/Touch ID authentication and payment at the reader.
  • Device transactions handled by the eSE without a network connection.
  • Ability to set a default main card for Apple Pay use.
Full set of images on LIHKG

The images suggest a scenario for implementing AliPay in iOS 14 Apple Pay:

  • AliPay has a PassKit API method to add a ‘QR Card’ to Wallet.
  • Apple Pay Wallet QR Card set as the main card is directly activated with a button double-click for Face or a Touch ID authentication and dynamic QR Code payment generation in Apple Pay.
  • Direct static QR Code reads activate Apple Pay AliPay payment.

If Apple is adding AliPay to the ranks of top tier Wallet payment cards, they have to provide a way in. The new “PKSecureElementPass” PassKit framework addition in iOS 13.4 could be just that. Instead of PassKit NFC Certificates, the additions suggest a Secure Element Pass/certificate. Secure Element Certificates instead of NFC Certificates, or better yet completely decouple the Secure Element from NFC so that there are 2 kinds of certificates: a Secure Element Pass for Secure Element transactions, and a NFC Certificate ‘lite’ for non-Secure Element NFC use such as VAS passes which pull everything off a JSON server. In the long run Apple needs to provide finer definitions and controls for NFC and UWB access instead of one black box that PassKit NFC Certificates have been up to now.

One possible scenario for PassKit NFC Certificate evolution

The burning question here is: have Apple and AliPay developed Secure Element technology and Java Card applets for encrypted transactions that work without network connections? If so QR Wallet payment ‘cards’ are possible. Direct Apple Pay Wallet QR integration with would open up things for 3rd party (non bank) payment players. QR integration with separate access controls for the Secure Element and NFC/UWB hardware frontend might also help Apple skirt NFC monopoly allegations that got Apple Pay in trouble in Europe.

Dual Mode and flexible front ends
The addition of QR and UWB with NFC for payments opens up a long term possibility suggested by Toyota Wallet. The current app lets the user attach a QR code app payment method and/or a NFC Wallet payment method to an account. It’s intriguing but clunky. Wallet QR Payment support would allow Toyota Wallet to move the entire payment front end to Wallet and let the user choose to add one or both.

It’s the latter that interests me most. Instead of having separate NFC and QR payment ‘cards’ from the same issuer for the same account, I’d much rather have one adaptive Wallet card that smartly uses the appropriate protocol, QR, NFC, UWB for the payment at hand.

Ultimately I don’t believe that payment players need or want to anchor their services to specific technologies like QR or even NFC. AliPay may have needed QR to start their payment business empire, why not offer NFC and UWB if it’s there as a front end choice? It’s all virtual.

Capable, flexible, smart. This is what digital wallets should do, things that plastic can never achieve. Let’s hope Apple Pay Wallet makes it there someday, and that payment and transit providers are up to the mix and match challenge in the Touchless era.

WWDC20 UPDATE

CarKey
Apple announced CarKey, digital car keys and Ultra Wideband Touchless in the WWDC20 Keynote and accompanying press release:

Digital car keys give users a secure way to use iPhone or Apple Watch to unlock and start their car. Digital car keys can be easily shared using Messages, or disabled through iCloud if a device is lost, and are available starting this year through NFC. Apple also unveiled the next generation of digital car keys based on Ultra Wideband technology for spatial awareness delivered through the U1 chip, which will allow users to unlock future car models without removing their iPhone from their pocket or bag, and will become available next year.

Apple Newsroom

More details were revealed the CarKey session:

One thing the CarKey session made clear is that Secure Element ‘radio technologies’ are evolving beyond NFC. Another interesting aspect of CarKey is the device requirement: iPhone XR/XS or later, Apple Watch Series 5 or later.

A12 devices and later makes perfect sense because they all support Express Cards with power reserve. Apple Watch does not support this feature but the Series 5 and later requirement suggests the S series chip is getting very close and likely involves Secure Element digital key sharing. We may see Express Cards with power reserve arrive with Apple Watch Series 6.

App Clips
App Clips finally unleash the power of background NFC tag reading and is the other big Apple Pay development announced at WWDC20. This is what Jennifer Bailey talked about last year just before WWDC19 but it took another year to come together.

App Clips puts NFC tags on equal footing with QR Codes for the first time with the added edge of the ‘when the screen is on’ background tag sheet pop-ups. This will be huge. See the separate post for details.

Apple Pay Code Payments
AliPay QR Code support was not mentioned in the WWDC20 keynote or sessions but there are Apple Pay code payment references in iOS 14 beta 2, code name Aquaman. There is also a iOS 14 PassKit alipay payment network reference and other new PassKit framework additions for code payments. The closer we get to the iOS 14 official release, the more I’m convinced that Apple Pay Code Payments are more of a App Clip thing because App Clips have the potential to deliver a much better user experience than Apple Pay Code Payment can just by itself.

The end of just “Apple Pay”: iOS 13 and multiple Express Cards

Express Transit Card for transit cards and Express Mode for Student ID cards in iOS 12 are kind of a mess. They are the same option for the same thing with different names in different places. Express Mode for Student ID is on the card itself, while Express Transit is in Wallet settings.

  • Multiple Express Transit Cards in iOS 12.3
  • Transit Card vs. Payment Card

Express vs Card Clash

Prepaid cards, stored value (SV), present a problem for Wallet. SV cards in Wallet want to be exactly like they are in plastic, tap and be done without any authentication. But what happens when Wallet has multiple SV cards, each one wanting to be an Express Transit or Express Mode card? The fine print on Use Express Transit with Apple Pay illustrates the messy dilemma and limitations of iOS 12 Wallet: you can set one payment card and one transit card per transit network, except for China which doesn’t allow EMV Express Transit at all.

The fine print on Apple Support

In this scenario an Apple Pay user can set both a HOP card and a payment (credit/debit) card to use on Portland TRiMet. What happens at the transit gate if the iPhone user also has a Student ID card in Wallet with Express Mode turned on? Apple Pay HOP and Student ID card are both MIFARE cards, the payment card is EMV. If TriMet has their backend system act together and are using the latest NFC chip sets from NXP, the gate reader will call up the HOP card and ignore the others. Everything ‘just works’, the user is on their way.

If the transit fare system is not configured correctly, or uses outdated technology, the same Apple Pay user ends up with ‘card clash’ at the transit gate. Instead of automatically selecting the HOP card, the gate says, ‘give me a NFC card’ and Apple Pay goes into default mode that completely ignores Express Transit: the user has to unlock the device then manually select and authenticate a card with Face ID/Touch ID.

Multiple Express Cards in iOS 13 Wallet

There are major Japanese eMoney prepaid cards on Android Osaifu Keitai and its candy wrapper cousin Google Pay that are missing on Apple Pay: WAON, Rakuten Edy and nananco. One ‘missing on Apple Pay’ reason is that iOS 12 Apple Pay Wallet lacks a smart way to deal with multiple Express Transit and Express eMoney Cards. Wallet can hold multiple Suica cards but only one of them can be Express Transit. It’s the same deal for every eMoney card.

This started to change in iOS 12.3 with the addition of Express Transit with Payment Cards. The massive rebuilt of iOS 12.3 Wallet means that iOS 12.3 is basically iOS 13 Wallet already, and the heavy work continues with the temporary removal of Payment Card Express Transit in iOS 12.4 Public Beta.

iOS 13 Wallet will complete the journey, hopefully delivering a vastly improved and unified Wallet UI that elegantly solves the multiple Express Transit/Express Card issue, and eliminates card clash. At a transit gate the user should only have to tap, at checkout the user should only have to select a payment logo on a screen or tell the sales clerk Suica, Mastercard, etc., and pay.

The end of paying with just “Apple Pay”?

More payment options in iOS 13 Apple Pay Wallet will present users with a problem: more choices. Telling the sales clerk “Apple Pay” does’t work anymore except in regions where bank cards remain the only Apple Pay option. In Japan, Apple Pay users already say Suica, iD, QUICPay or NFC Pay. Hong Kong Apple Pay users will have the option to use Octopus or bank cards, and so on.

As Apple Pay matures with more payment options and services, it starts to resemble our real overstuffed wallets. 30 years of using a Mac has not organized my work life one bit. In the long run, I doubt Apple Pay will organize my wallet life any better, but it’s a hell of a lot more fun to use.

Full coverage on the WWDC19 iOS 13 Apple Pay Wish List

EMV Express Transit Missing in iOS 12.4 Beta 1

Developers who installed iOS 12.4 beta 1 after todays’s release are reporting that the EMV Express Transit feature that just went live in iOS 12.3, is missing from iOS 12.4 b1. These kinds of things can happen in early beta test cycles, my guess is this is why iOS 12.4 public beta has not been released.

What this really means is that the heavy construction and under the hood changes in Wallet and Apple Pay that started in iOS 12.2 and iOS 12.3, are still ongoing. It’s one more indication of many new Apple Pay things we’ll hear all about at WWDC19.

It is going to be a fun but hairy ride until Apple Card arrives. Be safe and stay away from iOS 12.4 beta and leave it for professional developers. Stick with iOS 12.3 and enjoy the great Apple Pay Express Transit performance.

iOS 12.3 beta Apple Pay Suica Performance

Despite the wobbly state of Apple Pay Suica card UI design in iOS 12.2 and iOS 12.3, real world Express Transit performance continues to improve. NFC performance is a very subjective thing due of all the constantly changing conditions that come into play: device software and antenna design, NFC chip firmware, reader antenna design and firmware, etc. There are also the different ways that Suica calculates transit fare, stored fare (SF) vs. commute plans. No doubt weather conditions come into play too; I swear that Suica response times are slower on torrentially rainy hot days.

Nevertheless, iOS 12.3 beta (16F5148a) Apple Pay Suica Express Transit performance might be the best Apple Pay Suica ever, and extends the solid performance gains and bug fixes of iOS 12.2. I have only tested iOS 12.3 Commuter Suica but, the UI feels equally snappy on JR gates and PASMO gates now, grumpy old UT1-Neo readers are suddenly happy, the iPhone XS/XR dead Suica UI problem appears to be fixed.

We won’t know for sure until the final release, but I hope the iOS 12.3 performance improvements mean that Apple NFC engineers are hard at work going over Express Transit performance with a fine-tooth comb in advance of the Apple Pay Express Transit HOP and Ventra rollouts this summer. It also means that iOS 12.3 is the last major iOS 12 update. If the beta performance gains are delivered in the final release, iOS 12.3 will be a good curtain call for iOS 12.

UPDATE
iOS 12.3 is out and recommended for Apple Pay Suica users

A12 Bionic Bulletproof Apple Pay Suica

Anybody reading this blog is undoubtably confused by the endless discussion of Apple Pay Suica errors and problems. Here is some explanation to help you understand them and how A12 Bionic in iPhone XS/XR solves them.

Apple Pay Suica problems are not problems with FeliCa technology. The problems are caused by the way Apple implements FeliCa technology on their hardware. Instead of a dedicated FeliCa chip from Sony (i.e. an independent hardware embedded secure element) Apple uses a custom embedded Secure Element with per device unique keys licensed from FeliCa Networks. While Apple’s custom implementation of FeliCa on the iPhone 7 through iPhone X is clever and cost-effective there are downsides:

  • iOS has to babysit secure element transaction and be running for Apple Pay Suica to work. Japanese Android devices with dedicated FeliCa chips can still use Suica when the battery runs down and the OS is off.
  • Different iOS versions affect Apple Pay Suica performance.

Apple Pay Suica Express Transit Mode Problems
Because iOS has to babysit secure element transaction, some iOS versions had better NFC performance than others:

  • The iOS 10.1 Apple Pay Suica debut release worked pretty well but occasionally tripped up at transit gates, slamming them shut and forcing a re-read. By iOS 10.3 Apple Pay Suica performance was great.
  • The Apple Pay Cash iOS 11.2 release made life miserable for all Apple Pay Suica users. Apple fixed it with the iOS 11.2.5 update.

And so on, bugs get fixed but major new iOS versions can introduce new bugs that affect NFC performance.

Express Card Power Reserve Mode
Express Card power reserve mode on iPhone XS and iPhone XR lasts up to 5 hours. You can use it for transit, recharge and purchase.

The A12 Bionic Difference
The great news is that A12 Bionic does away with this iOS Suica version by version, “iOS loves me, iOS loves me not” game. iPhone XR/XS have supercharged NFC thanks to the new A12 Bionic architecture and Secure Enclave that powers Express Cards with power reserve. Here is what we know so far:

The superior performance of Apple Pay Suica on iPhone XR/XS indicates that the A12 Secure Enclave and Secure Element layer load FeliCa keys and code and uses them not only in power reserve mode but also for regular mode completely removing all the iOS overhead and interaction for Suica transactions. This is how smartphones with a real FeliCa chip work, and now Apple has brought this power reserve functionality to Apple Silicon without a FeliCa chip. It’s a neat solution that makes iPhone XS Apple Pay Suica ‘bulletproof’ to any given iOS version.

It just works, even when the battery runs down.