Using a Smartphone to Replace Passwords

Yesterday (7/14/2014), the WSJ posted an article “The Password Is Finally Dying, Here’s Mine”. Mr. Christopher Mims revealed his twitter account’s password to his readers to make the point of “password is dying”. He wrote “Google is working on an as yet unnamed protocol that allows you to connect to your online accounts on any device by authenticating yourself with your smartphone.” He explained that using the device-based authentication was more secure than using a password.

Using a Smartphone for digital authentication is also a mechanism that is built into mobile wallet; for example ISIS Wallet uses Near Field Communication (NFC) SIM-based solution and Google wallet uses NFC Hosted Card Emulation (HCE) solution. So whatever Google is working on probably is also an NFC based solution.

In June, AT&T introduced NFC Connect that enables customers to use digital credentials on their mobile device. The system is being piloted at Tulane University in New Orleans and Quinnipiac University in Connecticut. Students use Samsung Galaxy S III, an Android smartphone and an NFC SIM to access buildings, meal purchases, laundry, copying and printing. This system requires a Trusted System Manager (TSM) to provision a user’s digital credential into SIM Secure Element (SE) over the air when one signed up the service.

It is likely that Google’s digital credential solution is not a SIM-based solution based on its development of Google Wallet. The cost for users could be lower since a provisioning TSM is not required. That’s my speculation.

In another note, in the AWS Summit NY last week (7/10/2014), Amazon announced Amazon Cognito, one of the new Amazon Mobile Services, as a fully managed user identity and data synchronization service. The goal of the service is to help users securely manage and synchronize app data across their mobile devices. It looks like the Mobile market is Amazon’s next move.

It will be interesting to watch the development of digital authentication with smart devices. What is your thought on this topic?

iPhone6, NFC and ISIS

On June 23, 2014; Barron posted an article about iPhone 6 after an Asia trip. It mentioned “Following supply-chain conversations, we are increasingly confident that the iPhone 6 will support near field communications (NFC) radios supplied by NXP. This is consistent with our prior view of NFC in the iPhone 6 given the deployment of mobile NFC-enabled VeriFone terminals in Apple stores, the China UnionPay agreement, Apple payment patents and NXP’s mobile-payment licensing agreement. Additionally, we believe Apple will deploy an NFC radio without the secure element in the iPhone 6. While some investors may be disappointed by an NFC-only solution, we view this as a positive and incremental revenue opportunity for NXP. We anticipate an iPhone 6 NFC win to represent a significant catalyst for NXP.”

If NFC is integrated into iPhone6, it will be disruptive to the mobile payment ecosystem. Currently, Google Wallet and ISIS Wallet are leading the mobile payment market in the United State. Google uses Host Card Emulation (HCE) and ISIS uses SIM-based Secure Element (SE) for authentication.

Google has tried SIM-based SE approach for Google Wallet. That approach didn’t work since telecoms blocked the Google Wallet app. That’s why Google Wallet adopts the HCE approach that doesn’t have a dependency on telecoms.

ISIS Wallet was released in 2014. It’s a product sponsored by AT&T, Verizon and T-Mobile. ISIS runs on NFC-enabled Android phones and iPhones when an external NFC case is attached. ISIS Wallet uses SIM-based SE for authentication to provide ultimate security. ISIS wallet has encountered adoption problems since it was released. Two main reasons were 1. Consumers were not familiar with the NFC technology and didn’t know they were carrying an NFC-enabled phones; 2. IPhone doesn’t have NFC capability and iPhone users had to buy and carry an external case in order to use ISIS Wallet.

If iPhone 6 is NFC-enabled, it will help promoting NFC applications including mobile payment. iPhone might not use SIM-based SE for its mobile wallet solution to eliminate the dependency on Telecoms. And it does not stop telecoms from offering the ISIS solution with it. The reason is that ISIS Wallet is an app that requires ISIS enabled SIM to operate and telecoms own the SIM cards.  The ultimate choice might be up to the consumers and the mobile payment market will start emerging.

I can’t wait to see an NFC-enabled iPhone and the mobile payment market evolution. The Money Event will be hosted in CTIA on September 9 to 11 in Las Vegas. That’s a good place to be if you are interested in mobile payments.