We are moving towards a system where people use a cell phone as their wallet, or a smart card with screen and some buttons.
A cell phone is used two handed, one hand holding it, one hand pressing the buttons. A dedicated wallet would be used one handed, held by one’s palms and fingers, with a thumb click accepting or rejecting a transaction. The dedicated wallet would be able to talk to any other wallet, or to one’s cell phone, or indeed any cell phone, if touched to it, or nearly touched to it.
The wallet communicates primarily by near field communications, the wireless equivalent of whispering in someone’s ear. Nearfield is a communication method that guarantees that the entities communicating are very close together – with radio you want the greatest possible range, but nearfield is for those situations where for security reasons you want the least possible range. Nearfield is radio with the antenna twisted to pick up the quadrupole field and ignore the dipole field. Ideally, an near field communication chip should only be able to talk to something that is almost touching, and it should be impossible to eavesdrop from more than a foot or so away.
This device should function wallet, as car key, atm card, credit card, computer login device, and employee door opening device. It enables you to login to websites.
To buy groceries, you would touch the device to the cash register, the cash register would show it was asking for a certain sum of money, the device would show it was being asked for that sum and vibrate or beep, you would thumb acceptance, and money would be transferred to the cash register, and a receipt transferred to the wallet.
Money would be represented to the user as if it was a tangible object that could reside in the wallet, in the cell phone, or in an account. One’s cell phone can transfer money between these places, with the transfer taking a short but finite time – money leaves one account before it arrives in another account.
The device would also handle non monetary receipts – you put your coat in storage, you get a receipt that enables you to collect it back again.
Of course if the wallet is thumb controlled, it is as easily stolen as a real wallet, or real keys. A cell phone functioning as a wallet can be made resistant to theft.
A *spoken* passphrase is both something I know, and something I am. Of course someone could unobtrusively record it – but he would need to record it *and* steal the phone. Easy to do one, easy to do the other, not quite so easy to do both.
Further, a spoken passphrase can comply with the principle of Not One Click for Security. You set up the user interface so that speaking the passphrase is used in place of clicking OK.
The way the that the user interface should work, is that the smartphone has speech recognition and NFC. To authorize payment, or login, or whatever, you bring the smartphone close to the NFC device, for example the cash register. When the NFC handshake is complete, the phone makes a beep and displays the proposed transaction, and then you speak the magic passphrase for that transaction.
These documents are licensed under the Creative Commons Attribution-Share Alike 3.0 License