Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Use Your PDA As A Secure 'Wallet' 15

aphor writes "The The Infrared Data Association has drafted a standard for IrDA "Point and Pay" devices. Its called Infrared Financial Messaging (IrFM) Point & Pay, and its supposed to turn your handheld computer or cell phone into a digital wallet that can handle credit card, debit, check [and maybe even secure anonymous digital cash ala CyberCash?] transactions. I think this is significant, because instead of trusting a closed device like a smart card or magstripe on a credit card (we all know the problems with those), you receive a challenge from the vendor on your IR port, and you control how your device responds to it. Palm OS and Linux are specifically mentioned in their documentation as platforms for IrFM Point-and-Pay. BTW: I can't see anything that would prevent turning your Palm device into a handheld cash register. The specs for their protocol can be downloaded for free."
This discussion has been archived. No new comments can be posted.

Use Your PDA As A Secure 'Wallet'

Comments Filter:
  • NYC and MetroCards (Score:5, Interesting)

    by sporty ( 27564 ) on Wednesday May 07, 2003 @02:00PM (#5903709) Homepage
    I see a significant relation between this and metro cards. They are a piece of plastic, thinner than a credit card, but has a magnetic strip.

    I have what's called a "weekly" metrocard. Unlimited trips for the entire week. The way to stop people from swiping others through, is by limiting the amount of time before you can use it in that spot. You can go to other spots w/o a problem serially. Just not the same one before 20 minutes are up.

    The problem is, when this thing misreads/miswrites. It would give an error, to see the clerk and won't let me through. The clerk will usually find something like, "You just used this 4 minutes ago." It's up to the discression of the clerk to either let you through, computer error, or to wait 20 minutes.

    What happens when this happens with these little devices? Neat in theory, but there's something that humans do better than any machines. Communicate and understand, in full duplex, a transaction.
    • by aphor ( 99965 )

      there's something that humans do better than any machines. Communicate and understand, in full duplex, a transaction

      That's what IrFM does. The cash-register/POS terminal, IrDA connection, and your handheld device all mediate the same conversation you're talking about.

      You get some stuff to the checkout at the store. They stuff gets scanned. The message on the screen flashes "Credit/Debit/Cash," and your Palm Pilot flashes the vendor name at the top of a list of the stuff that was scanned, tax, and totals

  • my pda could be more than a portable bookshelf/organizer/address book?! wow! it sounds like it could be ever better if some phone makers *ahem*ericsson*ahem* would pick this up as an addition to their already feature laden phones. bluetooth would also be neat, but oh, the security implications....and if they could incorportate my GnuPG key....dooood! something seriously useful!!! ah shit! I'm vibrating....time to leave work! =D
  • NTT DoCoMo did something like this using their cell phones a while back... I don't know if it was IR based, though, but a number of people adopted the ability to use a cell phone to pay at convenience stores, etc.

    My issue would be with IR signal jacking. Ever changed the channel on your tv by aiming the remote away from it and into a mirror? What's to stop someone from using an IR sniffer device, to pick up random reflected transmissions?
  • Would PayPal sue? (Score:3, Insightful)

    by cant_get_a_good_nick ( 172131 ) on Wednesday May 07, 2003 @03:38PM (#5904836)
    PayPal originated with this concept, kind of a money among friends thing. Say, you were with your friends, no cash, so you "beamed" them some cash. They figured what the problem was, everybody needed $200 Pal devices for this to work. Soon they got the idea of the PayPal service we all know and love/loathe. Just wondering if PayPal has any rights to this concept.
  • by km790816 ( 78280 ) <[moc.liamekaens] [ta] [20xg3qhqw]> on Wednesday May 07, 2003 @04:26PM (#5905289)
    before homeless guys are asking "Can you beam me any change?"

    So much for my 'I only have plastic' excuse.
  • sorry, but smart cards are MORE secure than this, much more.
    There always is a challenge & response, plus the device itself cannot be tampered with : there is no possibility to use a probe to get internal content.
    • by aphor ( 99965 ) on Thursday May 08, 2003 @09:03AM (#5909749) Journal

      Smart cards are more OBSCURED than this. If someone steals your palm-pilot, they would still have to guess your password before they could use it. Steal a smart card, and then keep on stealing! If you think tampering is an issue, then you don't know about zero-knowledge proofs, public-key crypto, haven't actually understood the IrFM protocol, and thus you aren't qualified to make the inference you draw between tamper-resistance and security. The devil is in the details.

  • ...it's simply NOT going to catch on. The whole industry is driven by standardisation - either everyone gets a PDA (not going to happen) or they will still use cards - it's that simple!
    • Re:Lets be honest (Score:1, Insightful)

      by Anonymous Coward
      everybody gets a PDA: not going to happen
      a LOT of people get a mobile phone with irDA and Java: is ALREADY happening

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...