1. Our mobile phones will soon do the job of all of those rectangular pieces of plastic that crowd our wallets, whether Charlie Cards or AmEx cards.
2. Securing our phones, and protecting the wireless transactions they engage in, will require a high grade of authentication — a way for you to prove that it's really you using your Blackberry to buy that diamond engagement ring at Tiffany.
Mobile phone makers are racing to add so-called NFC (near-field communication) chips to their handsets, which would enable phones to communicate directly with cash registers. Credit card issuers like Visa are keenly interested in mobile payments, and several wireless carriers got together last November to form ISIS, a joint venture focused on developing "mobile wallet" technology. Earlier this year, PayPal acquired Fig Card, a small Boston company that had been developing its own mobile payment solution linking phones with cash registers.
I had lunch last week with Weiss to talk about his approach to the opportunity. Weiss was the founder and long-time CEO of Security Dynamics, the company that developed the SecurID token that millions of employees use to access their company's computer networks. Security Dynamics acquired RSA Security, adopted that name, and eventually was gobbled up by EMC. (Weiss was chairman and CTO of Security Dynamics when the company went public in 1994, but he left in 1996, a decade before the EMC acquisition and well before SecurID's recent security problems.)
"Identification is at the core of most of what we do today," Weiss says, "whether we're buying something at a store or traveling through an airport." He says the authentication system designed by his company, Universal Secure Registry, will offer a higher level of security on a mobile phone than you get today from a traditional credit card or passport.
First, Weiss says that none of your sensitive information — like a credit card account number or social security number — should be stored on your phone or transmitted via Bluetooth, WiFi, or any other wireless protocol over the ether. All of that, in the USR system, remains on a secure server inside a data center.
Instead, your phone would have three ways to identify that you are you. The first is a pin code that you would punch in. The second is a randomly-generated number that would appear only on your phone (similar to the way SecurID tokens work). The third is your voiceprint: the way you sound when speaking a number or phrase into the phone. Once you've successfully cleared those three hurdles, the phone would communicate with the distant server, saying, essentially, "This phone's owner is using her phone." Then, the server would communicate with the cash register to approve the transaction; it would also display a photo of the phone's owner on the register's screen, to offer one last layer of security.
Once you'd "signed in" to use your phone, you could set it to allow you to make purchases for any period of time: an hour, three hours, twelve hours. If your phone was stolen, with a single phone call you could render it unusable for payments.
You might also use your mobile phone's authentication system to grant you access to computer. "If you're sitting near it with your phone in your pocket, you'd get access, and if you walked away, the computer would become inaccessible to others," Weiss says.
It sounds swell. Weiss has been working on the idea since 2000, and has three already-issued U.S. patents, with others pending. But he's not planning to start a company to actually build the system, and even the demo he shows on his iPhone is a series of still images, not a functioning prototype. Instead, his approach is to try to license the system design to credit card issuers, mobile phone makers, the ISIS joint venture, and others interested in deploying mobile payment technology.
"I think it'd be foolish to try to compete against the giants," he says. "What I want to do is license it to them for a relatively menial amount." I asked why he wouldn't hire a team to at least build a proof-of-concept and roll it out with a few retailers. "I've been there, done that," Weiss says, referring to building his own company. "I think the curve will be faster by licensing it."
We'll see how that goes. Weiss says he hasn't managed to arouse much interest by writing to tech giants like Apple and Google. But USR plans to issue a press release today announcing that its electronic wallet technology is now available for licensing. The release calls it "the only mobile transaction technology that does not transmit sensitive information from or store exploitable information in the mobile device."
About Scott Kirsner
Scott Kirsner was part of the team that launched Boston.com in 1995, and has been writing a column for the Globe since 2000. His work has also appeared in Wired, Fast Company, The New York Times, BusinessWeek, Newsweek, and Variety. Scott is also the author of the books "Fans, Friends & Followers" and "Inventing the Movies," was the editor of "The Convergence Guide: Life Sciences in New England," and was a contributor to "The Good City: Writers Explore 21st Century Boston." Scott also helps organize several local events on entrepreneurship, including the Nantucket Conference and Future Forward. Here's some background on how Scott decides what to cover, and how to pitch him a story idea.
Subscribe via e-mail
More from Scott
March 3: Web Innovators Group
Demos, drinks, and schmoozing at the Royal Sonesta in Cambridge.
March 7-8: MassDigi Game Challenge
Competition for aspiring game developers... plus panels and keynotes related to the business of play.
April 3-4: Mass Biotech Annual Meeting
Issues facing the region's life sciences community.