Secure Intent and the Secure Element

Undistracted John Gruber on Secure Intent on Apple Devices. A interesting dive into spoof proof secure intent: “a physical link—from a physical button to the Secure Enclave…used to confirm user intent during Apple Pay transactions,” and how it plays out on Apple devices with Face ID and Touch ID. He makes a good case for multi-sensor biometric authentication. What interests me most however is the secure intent mention in Apple Pay component security Secure Enclave section:

On Apple Watch, the device must be unlocked, and the user must double-click the side button. The double-click is detected and passed directly to the Secure Element or Secure Enclave, where available, without going through the Application Processor.

Apple doesn’t spell it out but this is confirmation that a GlobalPlatform licensed Embedded Secure Element is simply part of every Apple Silicon package, and for all Secure Intent purposes indistinguishable from the Secure Enclave. If push comes to shove over governments trying to force Apple to ‘open up’ the NFC chip, the counter argument will be that the NFC chip is open for Core NFC purposes but the Secure Element cannot be open because it’s part of the Secure Enclave on proprietary Apple Silicon.

Given that Apple added the Secure Intent section to Apple Platform Security very recently, expect to hear more at WWDC21 in connection with secure payments and UWB.

Fun with Android NFC settings…not

XIANYOU’s blog post outlining adventures getting Xiaomi Redmi Note 8 NFC to work correctly, is an excellent reminder that Apple Pay does a great service by hiding NFC setting nonsense from iPhone customers. I mean really, is it the user’s job to figure out the ‘secure element position’? Bottoms up. The essential thing is that Google Pay doesn’t play out of the box:

As it turns out, this was because the default NFC processing behavior configuration on the phone was not one that Google Pay supported on my Redmi Note 8 Pro (or at this moment, possibly any non-Pixel 3+ phones).

This is exactly the situation I predicted back when Android Pay became Google Pay. Google doesn’t want to support non-Pixel embedded secure element devices: eSE for Google, HCE for everybody else. It’s going to get real interesting when Google starts shipping Pixel with custom Google silicon, rumored for Pixel 6, along with those Mobile FeliCa multiple secure element domain functions.