DoCoMo Starts Cell Phone Smart Card Trial

virtualXTC writes "The Japanese phone company NTT DoCoMo and electronics giant Sony will begin a trial of cell phones with embedded smart cards with speed pass-like capabilities that will allow the user to purchase anything from travel passes to movie tickets just by placing their cell phone near an electronic reader. Potentially the smart card 'can serve as an ID card, travel pass, or login for a corporate computer network, all at the same time'. If they'd just attach a money clip to it, I could get rid of my wallet entirely."

Just a few concerns I have

[digitalvengeance]

While I love this idea in principle, I do have a few concerns before I welcome our new overlords.

What about standards? The article compares the smart chip technique to credit cards, but credit cards use a pseudo-standardized magnetic strip methodology. Are retailers to have 10 different receivers sitting at their POS terminals for 10 different cell phone/smart card providers? Along these lines - adopting early could be dangerous as one may invest in hardware that does not conform to the final standard and therefore be useless.

What about security? Until more information about how the protocol works, how security is maintained, and exactly how one can control what information is broadcasted is released, can we really trust this technology with our personal information? And this doesn't even begin to cover eavesdropping. (My tinfoil hat may be disrupting my thinking here)

When I hand my credit card to a clerk, I know exactly what information will be gleaned by the scanner from the magnetic strip. It doesn't change. What happens when I get a firmware upgrade on my phone? Can I trust that I am still secure from unauthorized access or even that my phone/ID/credit card gizmo is still only transmitting information that I approve?

One interesting alternative to this close-contact technology would be an internet-based alternative. In this scenario, my phone would use XML over SSL or some other standardized system to tell my provider to tell the POS that I am there and to relay what other information is necessary. Using this method, software-based upgrades could take care of standardization without any modification to hardware.

Re:Just a few concerns I have

[brunes69]

What about security? Until more information about how the protocol works, how security is maintained, and exactly how one can control what information is broadcasted is released, can we really trust this technology with our personal information? And this doesn't even begin to cover eavesdropping. (My tinfoil hat may be disrupting my thinking here)

From the description, this thing works just like Esso Speedpass dongles, in that, the thing needs to be within around 2 cm ( 1 inch ) for it to trigger and transmit the needed data.

The only way anyone could eavesdrop on or steal your CC number using this system is if he has his hands in your pants. And if some unknown guy has his hands down your pants, you've got much bigger problems than your credit info.

Assuming it's also tied to a PIN you enter on your phone, it's also much more secure than the old swipe, where the waitress/retailer has full access to your card #, expiry date, and name.

Don't our phones do too much already?

[mr_lithic]

I currently use my phone as a multi-mode commuication device. It allows me to use it for email, sms and voice,. It also has fuctions as a PDA, gamepad and camera. It alerts me if my servers go down or the comms room is flooded and it allows a number of people to keep track of where I am all the time.

I am not sure if I want it suddenly to hold all of my cash as well. It holds all of my personal information, dates and phone numbers, and if someone was clever they could find out alot about my servers. So currently, I believe that I have too many eggs in one basket with the functions that it carries out now. To expand those to include purchasing seems to be inviting disaster.

What the hell do I do if I lose it?

Re:Don't our phones do too much already?

[digitalvengeance]

I used to do exactly the same thing with my PDA - but what about synchronizing with a server? If you lose the phone, you report it stolen and get a replacement. The server dispatches your saved items to you via some sort of initialization process, disables your old phone via a unique ID of sorts, and you're back in business.

talking wallet

[Doc+Ruby]

I like the idea of using my mobile phone for authentication, for purchases and other transactions. However, for it to be a fair deal for me, rather than just deliver for the "servers" with which I transact, the client must be a lot more powerful:

• On-phone per-transaction popup "OK"/"Cancel" with hardcopy receipt request
  
• Authentication by biometric (fingerprint) or unwieldy PIN
  
• Symmetric (OTP) local data encryption by biometric/PIN
  
• Client database with cryptosigned transaction receipt
  
• Digicash on server (anonymous send with cryptosigned receipts) with phone as transaction authentication, for backups
  
• Credit card style transaction insurance
  

Those features aren't so far fetched. In fact, why does any of that require "smartcards" in the phone? How about just the crypto features on an authentication vCard + credit card number, and a standard protocol over Bluetooth, IR, SMS, or 3G-HTTP? Scandanavians can buy snacks and pay parking meters with their phones, so why jump through a "smartcard" hoop just to get a talking wallet?

Koreans have this already

[mchang]

Visiting this past summer I saw a similar system in South Korea. The receiver looks like a big black eyeball (think HAL-9000) with a bright blue LED on top. They have these things all over - fast food joints, small markets (think 7-11), and on buses. Just put your phone near it, hit a button, and the charge goes onto your cell phone bill.

Seems like it was getting well adopted. I googled for it, but I can't remember the name exactly.

I wanna use my phone as proof of age

[The_Revelation]

I find it amusing that so many features are being packed into mobile phones when, realistically, they are so easy to steal. Wallets are hard to steal because they are only taken out at the point of sale, but people are always waving their mobiles around and losing them. This to me seems like another case of packing more complexity into the telephone network while making sensitive data more available to thieves. My boss recently lost his phone (stolen) at an XMAS party of only employees and he has had a really hard time getting back his numbers for overseas business contacts. Don't get me wrong, I think this is a good idea on principal, but I think before further telephone application development is made, perhaps more effort should be made in integrating telephone retreival with local police authorities in locating stolen telephones... alternatively, like the kind folks at Miribalis eventually realised, that data be stored on the network rather than on the phones so the impact of having a stolen handset is not so devastating to consumers.