After such a long wait, we finally have an update regarding the VivoKey Apex product.
Customized P71 sample chips received
Originally we were going to base what was then called the UKI (“you” “key”) on the NXP P40 SmartMX chip. This was in 2016. I installed a prototype into my arm and hopped on a plane to CeBIT in Germany. Then a bug was discovered in the P40 that would brick the chip in an unrecoverable state if the field coupling was too weak to support a garbage collection routine’s data writing processes. We were advised to wait for the release of the P60 SmartMX2 chip, so we waited… 2 years.
By March 2018, the P60 SmartMX2 chip became available to us. It was faster and had more memory capacity. By this time the Dangerous Things product UKI had become the Dangerous Things product called VivoKey. Ultimately we ended up starting VivoKey as a separate company and the product itself became the VivoKey Flex One. We launched a beta program for the Flex One, and many participated. Immediately though, the beta program bore sour fruit… a similar bug was discovered in the P60 which would brick the chip unrecoverably if the field coupling was weak and underpowered the chip during applet management (deployment or removal). This is not the exact same bug, but a very similar bug. We were enraged and ultimately devastated. There was nothing to do but issue a recall. At the same time we could not let an entire company like VivoKey sit fallow, so we started work on the VivoKey Spark product and the backend platform for identity validation. Again, we were told by NXP to wait for the P71 SmartMX3 for these problems to be solved.
At this point we considered other chips, but honestly the SmartMX chip line is one of the only contactless smart card chips in the world that will do a couple very critical things; 1) offer the ability to completely segregate an applet or collection of applets into separate security domains so they can’t mess with each other, and 2) perform public private key pair generation on the chip itself. The first feature is critical for partnership with Fidesmo, and the second feature is critical for creating public keys which nobody has the private key for except the chip itself. Most other chips require you to generate the key pairs externally and push the keys into the chip. This creates a whole bundle of security problems we would really rather avoid all together… so we settled on being patient and waiting for NXP to release the P71 SmartMX3.
After a very long wait, the P71 was released… but this hurdle was only half the battle. Like the P60, the P71 was split into two chip types… SECID and EMV. This meant that payment applets could be loaded on the EMV version but it would not support many crypto functions required for secure ID like RSA, ECC, etc. and many applets that require those types of functions would not work… and the SECID version would not support payment applets. So, VivoKey and Fidesmo both needed a version of the chip that did both. So, Fidesmo worked for many many months to create a custom ROM mask for the P71 that solved this problem. After many tests and adjustments and additional months of waiting, we finally have a custom “Fidesmo” version of the P71 with both capabilities baked in.
We received a very small number of sample chips last week, and I was finally able to make a handful and provision with Fidesmo as VivoKey devices for testing.
The test sample was immediately recognized as a VivoKey Apex Flex.
We are now working on a battery of tests with the few samples we have.
Payment features WILL NOT WORK
The one feature everyone has been waiting for is contactless payment. The Apex line will technically be capable of performing contactless payment on both MasterCard and Visa networks. The payment applications for both MasterCard and Visa, which must be loaded onto the chip in a secure facility (NXP factory), will be present on the Apex chips. The security keys required to perform contactless tokenized payment and in-the-field token updates will also be loaded. This means the chip can be tokenized to any card account tied to a supporting bank in the field. This means if the card account in question expires, the Apex can be re-tokenized to a new card account and continue making contactless payments.
Apex will not be allowed to be tokenized to any card accounts or make contactless payments upon release. MasterCard and Visa have still not authorized any implantable devices on their networks and we’ve been instructed they have no plans to do so now or for the foreseeable future. This means that while technically the Apex has all the required applications and keys to make contactless payment, those features will not be usable upon release. You will not be able to use the Apex to make contactless payments at this time, and possibly never.
We do have some plans to move forward with both MasterCard and Visa which are in the works, but we cannot in any way guarantee anything what so ever with regard to making contactless payment with the Apex line now or ever.
If you are interested in a contactless payment implant, your best bet is to get one of the existing conversions or “traditional” payment instruments which do have an expiration date that is typically between 2 to 4 years, and will need to be removed and / or replaced, but you will have a working payment implant and it should work well for you while we all wait for the miracle of a legitimate tokenzied payment implant to become reality.
Release plan for Apex Flex & Apex Max
At this time, we only have a very small handful of P71 sample chips to perform testing with. There is no ETA for obtaining more MOB packaged chips to make Apex Flex with, just as there is no ETA for obtaining bare die P71 chips for making Apex Max 3mm glass implants with either. What we do know is that MOB packaged chips for Flex should technically become available well before the die chips for Apex Max become available.
Once we do have sufficient MOB packaged chips for making Apex Flex with, our immediate obligation is to our Flex One beta customers. If we have an order on file for you for a Flex One beta product, you can expect an email from us soon to confirm your understanding that you will be getting an Apex Flex replacement for your Flex One beta unit. There may be some small cost involved a shipping fee or something like that, but for all intents and purposes your Apex Flex will be a free replacement for the Flex One beta unit. Also, you will not have to return your Flex One beta unit.
Again we have no ETAs for any of this, but we suspect we can obtain sufficient MOB packaged customized P71 chips and begin shipping Apex Flex in early 2021.