Category Archives: Security

Security

NFC Payments Hitting Silicon Valley

Leave a comment

Near field communication (NFC) technology for payments is hitting the silicon valley area, according to Near Field Communications World. They point out that Apple has spent recent months rushing through patents to try and lock down the profits for payment options on the iPhone.

[In April 2010] we reported on Apple’s first four mobile payments related patents. The first two relate to peer-to-peer (P2P) payments and show an iPhone menu that would enable the user to choose from a variety of payments options at the time of purchase. Here, there is an indication that iTunes could evolve into a mobile currency, with mention of the service as one of the payments options along with bank transfer, credit and debit card options. The second pair of patent applications, meanwhile, cover the use of a ‘portable device’ — such as an iPhone — as a mobile point of purchase or POS terminal, able to capture information about an item for sale, determine its purchase price and process payments.

Much more interesting than this trend, however, is a new company with a strategy to sell NFC stickers (RFID tags). They are said to be winning attention from local cities, PayPal, Google, Facebook and even Apple.

Bling Nation’s mobile payments pilot in Palo Alto has now expanded to include distribution of mobile contactless stickers to staff at Facebook’s headquarters and to the Stanford University campus. The City of Palo Alto has also backed the trial, enabling local residents to use their Bling Tags to pay utility bills, long-term parking bills and parking fines with plans to include city libraries, community centers and various museums in the coming months

The tags are adhesive-backed microchips about the diameter of a soda bottle cap. They do not store any information about the consumer, just a unique identifier. Consumers get a tag by registering with an “issuer” such as a local bank or credit union.

Last August Bling Nation tied their NFC tags to PayPal accounts. They will likely do the same with anyone who wants to join the new payment processing system.

Each time a purchase is made by touching the chip to a reader a text message is sent to the mobile device for confirmation.

The tag is marketed as something that should be stuck to the back of a mobile device, but that removes text confirmation from being a separate factor. At least it still gives less exposure with more security possibilities even compared with payment cards that use chip and PIN.

The Bling Nation site gives the following explanation:

Bling Nation builds multiple levels of security into the Bling system. First, we eliminate the need to store personal information on your BlingTag or on a business’ point-of-sale terminal, in order to help protect your identity. Second, we use dynamic key encryption to transmit any transaction data through the BlingTag and Blinger point-of-sale device. Thus, transactions at Bling businesses are encrypted, preventing easy hacking and helping to ensure secure communication between the business and any Blingag issuer, such as PayPal. In addition, each transaction is assigned a different identification number. Transaction data is stored securely and the BlingLink network complies with Payment Card Industry (PCI) standards and other payment privacy and security regulations. Our system is also audited regularly to help ensure the maximum level of security.

People sometimes ask when payment cards will get encrypted communication and chip and PIN in America. The problem has always been said to be related to the cost of rolling-out new point-of-sale devices. Perhaps the time-line will speed up if a competing system is setup. On the other hand, BlingTag have a similar issue — they need new point-of-sale devices to be installed. That also might speed up if Apple engineers are thinking what I am thinking.

There is actually no reason (yet) to put the tag on your phone. It is something of a marketing gimmick to either parody cell phones that actually do payment or condition consumers into thinking about the phone as a payment device.

In other words, cell phone manufacturers are not yet building NFC chips into their devices. The immediate workaround is to stick one on the outside and pretend like it is in the inside. Another possibility is that the NFC chip could use BlueTooth to talk directly to the phone but that does not appear to be the case with Bling Nation.

The company says the real reason they suggest this is because of the text confirmation and “you usually have your phone with you and it can go anywhere”. I take my wallet everywhere more than my phone, but maybe that is just me.

You can of course disable the text message confirmations. Even if you leave the messages enabled, you might find it most convenient to stick the chip to a payment card already in your wallet.

Thus, instead of pretending your phone makes payments this could be the first step for Americans who want to pretend that they have a chip and PIN payment card. Oh, actually, I guess MasterCard also released a NFC sticker program in 2009. Make that the second step.

So far I have just covered the basics of the service. I also have avoided asking why a payment company would name themselves with a word like “bling” that hints at shallow and vapid behavior.

Later I will post analysis of the deeper security issues like fraud and abuse of these tags. For example, you are allowed to have more than one tag, but each one has to be linked to its own unique phone number.

Energy, Security

The future of IT is efficiency

Leave a comment

Hey, that rhymes.

IBM has exciting news on the BBC. They predict future supercomputers will focus on maximum efficiency..

The BBC also wants you to know they ‘will fit in a sugar cube’ but, even though I drink tea, here is the quote that really grabbed my attention:

“In the past, the Top 500 list (of fastest supercomputers worldwide) was the important one; computers were listed according to their performance.

“In the future, the ‘Green 500’ will be the important list, where computers are listed according to their efficiency.”

The need for efficiency is clear. The lower cost of output has brought into focus the cost of input. Can the same or better output be generated with same or less input?

The challenge is related to problems of thermal dissipation — removing heat while using higher processor density. IBM is talking about ways to use miniaturized water channels to flow around the shrinking processors because a volume of water can remove far more heat than air.

A country concerned about national security would see the huge importance of this innovation path, especially for inefficient industries like transportation. Progress comes from smaller, more powerful engines that run more efficiently (less input needed for same output) and that generate less waste. More with less is success.

History, Poetry, Security

The Second Coming

Leave a comment

by William Butler Yeats (1865-1939)

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity.

Surely some revelation is at hand;
Surely the Second Coming is at hand.
The Second Coming! Hardly are those words out
When a vast image out of Spiritus Mundi
Troubles my sight: a waste of desert sand;
A shape with lion body and the head of a man,
A gaze blank and pitiless as the sun,
Is moving its slow thighs, while all about it
Wind shadows of the indignant desert birds.
The darkness drops again but now I know
That twenty centuries of stony sleep
Were vexed to nightmare by a rocking cradle,
And what rough beast, its hour come round at last,
Slouches towards Bethlehem to be born?

Interesting that this was written soon after the first World War had ended. I am tempted to research and see if I can find evidence of bias towards those who show a lack of conviction — ones who look before leaping.

The most famous line here “The best lack all conviction, while the worst are full of passionate intensity” is cited in a personal appeal by Jimmy Wales, Wikipedia’s founder, on the Dunning-Kruger effect.

The unskilled therefore suffer from illusory superiority, rating their own ability as above average, much higher than it actually is, while the highly skilled underrate their abilities, suffering from illusory inferiority. This leads to the situation in which less competent people rate their own ability higher than more competent people.

No conclusion is provided by Wales other than what the research shows on its own. He brings up various types and forms of bias but leaves out the role of historical events such as World War I.

Food, Security

Irish Pubs Fail Drunk Audit

Leave a comment

A “trading standards” operation in Ireland used ‘Pretend’ drunks to catch out Conwy and Denbighshire pubs serving alcohol illegally.

Roly Schwarz, community safety enforcement manager for both authority areas, said they used three professional witnesses to act out the drunken display as all the tradings standards officers are so well known in the area.

Sounds like a case of “everyone act normal, the auditors are here.”

He said: “On one of the occasions we actually dressed one of them as Frank Gallagher, the very dishevelled main character in the series Shameless and had him trying to buy a drink in character with change and smelling of drink and he was still served.

“We also had them knocking over furniture, falling over, telling staff they had been drinking all day and walking in and out of places.

“We were very surprised by the findings as we went along and decided to up the anti, with them acting more and more drunk and always making sure they told anyone who listened they had been drinking all day.”

I can only imagine what “up the anti” looked like on Facebook the next day.

About 45% (11 of 25) failed to stop serving. The trading standards officer suggests to the BBC that stopping the practice of selling to drunks will help reduce other crimes.