1. Our mobile phones will soon do the job of all of those rectangular pieces of plastic that crowd our wallets, whether Charlie Cards or AmEx cards.
2. Securing our phones, and protecting the wireless transactions they engage in, will require a high grade of authentication — a way for you to prove that it's really you using your Blackberry to buy that diamond engagement ring at Tiffany.
Mobile phone makers are racing to add so-called NFC (near-field communication) chips to their handsets, which would enable phones to communicate directly with cash registers. Credit card issuers like Visa are keenly interested in mobile payments, and several wireless carriers got together last November to form ISIS, a joint venture focused on developing "mobile wallet" technology. Earlier this year, PayPal acquired Fig Card, a small Boston company that had been developing its own mobile payment solution linking phones with cash registers.
I had lunch last week with Weiss to talk about his approach to the opportunity. Weiss was the founder and long-time CEO of Security Dynamics, the company that developed the SecurID token that millions of employees use to access their company's computer networks. Security Dynamics acquired RSA Security, adopted that name, and eventually was gobbled up by EMC. (Weiss was chairman and CTO of Security Dynamics when the company went public in 1994, but he left in 1996, a decade before the EMC acquisition and well before SecurID's recent security problems.)
"Identification is at the core of most of what we do today," Weiss says, "whether we're buying something at a store or traveling through an airport." He says the authentication system designed by his company, Universal Secure Registry, will offer a higher level of security on a mobile phone than you get today from a traditional credit card or passport.
First, Weiss says that none of your sensitive information — like a credit card account number or social security number — should be stored on your phone or transmitted via Bluetooth, WiFi, or any other wireless protocol over the ether. All of that, in the USR system, remains on a secure server inside a data center.
Instead, your phone would have three ways to identify that you are you. The first is a pin code that you would punch in. The second is a randomly-generated number that would appear only on your phone (similar to the way SecurID tokens work). The third is your voiceprint: the way you sound when speaking a number or phrase into the phone. Once you've successfully cleared those three hurdles, the phone would communicate with the distant server, saying, essentially, "This phone's owner is using her phone." Then, the server would communicate with the cash register to approve the transaction; it would also display a photo of the phone's owner on the register's screen, to offer one last layer of security.
Once you'd "signed in" to use your phone, you could set it to allow you to make purchases for any period of time: an hour, three hours, twelve hours. If your phone was stolen, with a single phone call you could render it unusable for payments.
You might also use your mobile phone's authentication system to grant you access to computer. "If you're sitting near it with your phone in your pocket, you'd get access, and if you walked away, the computer would become inaccessible to others," Weiss says.
It sounds swell. Weiss has been working on the idea since 2000, and has three already-issued U.S. patents, with others pending. But he's not planning to start a company to actually build the system, and even the demo he shows on his iPhone is a series of still images, not a functioning prototype. Instead, his approach is to try to license the system design to credit card issuers, mobile phone makers, the ISIS joint venture, and others interested in deploying mobile payment technology.
"I think it'd be foolish to try to compete against the giants," he says. "What I want to do is license it to them for a relatively menial amount." I asked why he wouldn't hire a team to at least build a proof-of-concept and roll it out with a few retailers. "I've been there, done that," Weiss says, referring to building his own company. "I think the curve will be faster by licensing it."
We'll see how that goes. Weiss says he hasn't managed to arouse much interest by writing to tech giants like Apple and Google. But USR plans to issue a press release today announcing that its electronic wallet technology is now available for licensing. The release calls it "the only mobile transaction technology that does not transmit sensitive information from or store exploitable information in the mobile device."
Subscribe via e-mail
More from Scott
about the blogger
About Scott Kirsner Scott Kirsner was part of the team that launched Boston.com in 1995, and has been writing a column for the Globe since 2000. His work has also appeared in Wired, Fast Company, The New York Times, BusinessWeek, Newsweek, and Variety. Scott is also the author of the books "Fans, Friends & Followers" and "Inventing the Movies," was the editor of "The Convergence Guide: Life Sciences in New England," and was a contributor to "The Good City: Writers Explore 21st Century Boston." Scott also helps organize several local events on entrepreneurship, including the Nantucket Conference and Future Forward. Here's some background on how Scott decides what to cover, and how to pitch him a story idea.
May 22: MIT Sloan CIO Symposium
Chief information officers from Guess, Haemonetics, Intel and other companies talk discuss "architecting the enterprise of the future."
June 3: MITX Innovation Awards
Economist & blogger Jodi Beggs hosts at the Westin Copley.
June 25: TEDxBoston
The oldest and biggest of the locally-organized TED events is back, at the Seaport World Trade Center. Tickets are free, but tough to get. Also streams on the web and airs on WBUR.