About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Attacking 2FA | Main | One to many »

We don't need no stinking NFC phones

By davebirch posted Apr 20 2007 at 1:04 PM

[Dave Birch] Over on the Digital Money blog, one of the topics we're obsessed with is the collision between mobile phones and contactless technologies in the form of Near Field Communication (NFC).  But in the long run, the use of NFC phones to manage digital identities will probably be more important.  I think this is pretty clear to see given the rolling standardisation of the mobile/NFC space and the shape that is taking.  This isn't just the standardisation of the NFC interface, but also the mobile environment around it such as the SIM, where the addition of NFC support and a high-speed USB connection to the phone will transform the use of handsets.  As I've said before, though, the addition of the the NFC interface together with access to that interface through standard interfaces within the phone is genuinely revolutionary.  It integrates the handset into its local environment, making the mobile phone a link or pivot between the local and the global.  It therefore will have big role to play in the use of digital identity in the future.  The current projections (these change all the time) are that 20%  of mobile handsets worldwide will include Near Field Communication (NFC) technology by 2012, according to New York-based ABI Research and in the digital money world many players are already preparing for that market.  Visa, to pick just one example, believes there is a great opportunity to migrate some of the purchases being made by consumers today to the mobile phone.  A Visa survey showed 67% of American males between the age of 18 and 39 would be interested in buying an NFC-enabled phone, while 57% said they would be willing to pay more for an NFC phone than a regular model.  If the phone is going to become the average person's wallet, then surely it can function as passport, driving licence and home banking log in device as well.

Technorati Tags: , , , , ,

The architecture of the handsets and the SIMs will, if this line of reasoning is correct, therefore form a constraint on digital identity in the mass market and it makes sense to have at least a big picture of that world.  Let's start with the SIM.  The latest version of the SIM standard is known as Release 7.  It is being reviewed by the Third-Generation Partnership Project (3GPP) and has been scheduled for approval soon.  Release 7 incorporates a number of new technologies, not only NFC, and is a significant update to the standard.  Still, it will take a while for handsets that comply with the new standard to get into the mass market so it won't be until mid- to end-2008 that customers will have them, so there's no point operators ordering them right now.

Within the handset, NTT DoCoMo and Sun Microsystems have begun work on the "Star Project" to refresh the mobile Java platform (which first appeared way back in 2001) for today's more advanced handsets and applications.  Java is already running on more than 700 million handsets worldwide (according to Ovum), but not all handsets run the same version.  That's standards for you.  In practice, it's an amazing hassle to develop decent Java applications because, as our guys know only too well, all of the operators and handset manufacturers have customised their Java environments.  This means developers must often customize their Java applications, or "applets," for different handsets, creating extra work.  Meanwhile, one of the most successful "versions" is NTT DoCoMo's "DoJa" but it is only available to DoCoMo and its handful of overseas partners.  There are other operator-specific platforms as well (Vodafone Group's VFX and China Unicom's UniJa) as well the MIDP (Mobile Information Device profile) platform which is sort of standardised but still varies.  In essence, platforms such as DoJa have strict compliance which makes life better, but because there are many of them that makes life worse.  No government is going to mess about with 200 different versions of an e-passport for mobile phones: therefore a common platform along the lines of MIDP but with more compliance (especially around anything that has an impact on security) is very desirable.

Bringing together identity standards and new SIM standards is the first step to delivering real digital identity in the mobile environment.  This meme is now growing after years of hibernation.  Take a look at the announcement by Turkcell, the main mobile operator in Turkey (with 30m subscribers), that it is going to implement PKI in its SIMs.  The PKI solution is based on what we Europeans call "qualified" digital certificates (which basically means they have private keys that are stored in tamper-resistant hardware) from E-Guven, a Turkish CA, created under Turkish Digital Signature Law that is also in accordance with EU’s Digital Signature Directive.  Turkcell’s scheme will allow users to perform secure online transactions through their handset, anytime, anywhere. From their mobile phone, home PC, or from an Internet café, the subscriber accesses, for instance, the banking site and enters their customer ID for login or giving a transaction order. The bank then sends an authentication request that prompts the user to enter the secret code they chose when they activated the mobile signature service, using their GSM phone. The SIM card then checks the secret code, creates the digital signature and sends it back to the bank to enable the corresponding transaction on the banking account.  Note that on the operator’s activation request, the SIM card itself creates the secret keys and they are (presumably) never divulged.  Turkcell is using Helsinki-based Valimo's mobile signature service platform (MSSP) to deliver a mobile digital signature service to Internet banking customers of Akbank, Garanti, Turk Ekonomi, Turkiye Is and Yapi Kredi. Telefonica is launching a similar service for coporate customers.  Why am I highlighting this example?  Well, Valimo’s MSSP is used by the government ID centre in Finland: citizens can use either their government smart ID card or a mobile digital signature to sign in a variety of e-government applications such as tax returns and change-of-address. The client applications is pre-installed on SIMs, just as it ought to be in the UK in the event of anything approaching a modern identity infrastructure ever being assembled.

Now, this use of the technology isn't especially new -- Vodafone has had a similar application dormant in its SIM cards since 2002 -- and I've long thought that it's a rather obvious combination of technologies to deliver into the mass market, once the appropriate standardisation is there.  Overall, however, the market has been developing slowly because of the complexity of co-operation between mobile operators, certificate authorities, SIM vendors, banks, merchants and everyone else.  Perhaps the imminent new, sexy environment of the NFC phone running "New Java" with a Release 7 SIM will be the space to really break the deadlock.

One can easily envisage a near future in which citizens are given a boring old-fashioned dreary plastic ID card by the state but have the option of donwloading same into their phone for a few euros if they want to transact online.  Not a bad vision.  By the way, I've got a spare copy of David Edgerton's super "The Shock of the Old: Technology in Global History Since 1900" on my desk here, so I'll send it to you if you are the first person to reply on this thread.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference We don't need no stinking NFC phones:


Do I win a prize?

We have a winner!

Hi Dave,
We've met before at various Visa things and I find NFC really interesting. If you had to put a date on it - When do you think it will be implemented? And is there a danger that phone companies can launch this without buy in from card issuers?


[Dave Birch] Most of the operators we talk to are expecting to begin selling NFC phones to customers next year (2008). Can they launch without card issuers? Yes.

Thank You !

The comments to this entry are closed.