快猫短视频

Your Phone Is You

IT鈥橲 getting hard to be anonymous. To do just about anything in this world
you have to prove who you are. Want to buy something or draw some cash? There鈥檚
a wodge of credit cards to lug around, and a plethora of four-digit PINs to
remember. Even before stepping out of the front door you鈥檝e got to find your
driver鈥檚 licence or rail pass, perhaps even your passport.

In a few years, this plastic and paper baggage could be history. A single
chip hidden in your cellphone will be all you need鈥攁 little treasure that
holds your complete identity. But beware. Lose your phone, and your identity and
your money go with it. The big question is whether people will be willing to
trust so much to a sliver of silicon.

Inside every digital mobile phone is a SIM card. SIM stands for subscriber
information module, and the chip embedded in the SIM card is what makes the
mobile yours. For now, the SIM just identifies you to the phone system, and
maybe holds details of your favourite phone numbers. In future it could identify
you to everyone who needs to know who you are.

To pay for a meal, say, you will use the phone to transfer money鈥攐r the
promise of it鈥攖hrough the phone network to a restaurant鈥檚 computer. There
will be no payment slip to sign because your SIM will do it for you. Likewise,
when you board a plane you won鈥檛 have to wait in line for a boarding pass and
seat number. Next year, the Finnish telecoms company Sonera will be setting up a
WAP site that will let travellers do both before they even reach the airport.
Unless they have luggage, there鈥檒l be no more queueing at check-ins.

Mobile misgivings

The Finnish government is looking at using SIMs in place of a national
identity card鈥攁nd eventually a passport. Under this plan, the SIM will
become a person鈥檚 legal proof of identity. And there鈥檚 no reason why it couldn鈥檛
unlock your health records, social security details and other personal
information. One click and a hospital would know exactly who it鈥檚 dealing
with.

But for these dreams to become reality, there鈥檒l have to be a revolution in
public attitudes. People will have to let go of their apprehensions about
e-commerce and learn to trust their mobiles. 鈥淐ultivating that trust is a very
difficult thing to do and takes a lot of time,鈥 says Ian Pearson, resident
futurologist at British Telecom.

People can lose or mislay their phones: about 9000 a year are left on the
London Underground alone. That鈥檚 nearly as many lost mobiles as lost umbrellas.
And they are a tempting target for thieves, who can easily dispose of them on
the black market. That鈥檚 bad enough when there鈥檚 only a large phone bill at
stake. When your phone becomes the key to your identity, secrets and cash,
you鈥檒l want to make sure it stays safely locked up, even if the gadget itself
falls into the wrong hands.

鈥淗aving something that contains all this information would be extremely
rash,鈥 says Roger Needham, managing director of Microsoft鈥檚 British research
laboratory in Cambridge. 鈥淧eople will simply find it unacceptable.鈥

The solution, according to Needham and other experts, is to store precious
information on secure servers accessible via a WAP connection or the Web. The
SIM would only store a personal identifier鈥攁 long string of digits that
would unlock the servers and give access to the information they hold. To use
the identifier, the phone鈥檚 owner would have to punch in a PIN.

The beauty of this system is that the identifier would act as one half of
what鈥檚 called a public key encryption system. The identifier, kept safe inside
the phone, acts as a key, known to no one else. To read a message locked with
this private key requires a second, public key, which can be freely
distributed.

You might use this set-up to send a request to a bank using its public key to
see the details of your account, which it would decrypt using its private key.
The bank would then send you the requested information encrypted with your
public key, which only your private key could decrypt. Thus both messages would
be secure (see 鈥淔or your eyes only鈥).

An increasing number of countries are passing laws to give private keys the
same legal force as signatures. This has unleashed a flood of encryption
systems, and the problem now is to get governments and companies to agree on a
standard. 鈥淚t needs to be simple, secure and transparent,鈥 says Mika Nieminen,
head of mobile commerce company More Magic Software in Helsinki. 鈥淲e have the
maths to show that it is secure. The only problem now is making it global.鈥

The Finnish government has taken the initiative with a national standard that
companies can use free of charge, says Vesa Vatka of the Finnish Population
Register Centre in Helsinki. At the moment, this system鈥攃alled
FINEID鈥攗ses a smart card and a card reader attached to a computer, but the
plan is to migrate to a SIM, says Vatka.

The private key is protected by a PIN, and the card will shut itself off if
wrong numbers are keyed in three times. To switch it back on, the owner must
take it to a police station with another form of ID. If a card is stolen, the
police will cancel it permanently. Either way, information on the card stays
safe.

Even in its embryonic form, FINEID gives people a secure way to access
sensitive information, says Vatka. 鈥淎nd when you get it in a mobile phone you鈥檙e
not even tied to a terminal,鈥 he says.

Needham believes that identity theft will be inevitable no matter how careful
the safeguards are. 鈥淏ut then it already takes place now,鈥 he says. He reckons
the system is more secure than what we have now, and that this will encourage
businesses to adopt it.

Pearson thinks consumers, too, will learn to trust a chip with their
identity, not least because it will make life so much easier. A private key will
do away with hard-to-remember logins and passwords for websites, as well as all
those credit cards and PINs. 鈥淧eople already give up their privacy quite happily
just to get access to a website,鈥 he says. 鈥淎s long as they get something out of
it.鈥 People don鈥檛 really value their personal information, it鈥檚 the control of
it they care about. Your SIM will give you that control.

YOU want to send a message to George Smiley using public key encryption. To
get his public key, you contact the key holder, an organisation called a trusted
third party. You can then use Smiley鈥檚 public key to encrypt the message,
knowing that only Smiley can open it with his private key
(see top of diagram).

How email public key encryption works

If Smiley wants to reply in secure fashion, he would reverse these
actions鈥攅ncrypting his response with your public key.

But, say Smiley needs to give you signed orders. He would then 鈥渓ock鈥 his
reply with his private key (see bottom of diagram).
When you decrypt the message with his
public key you know that only one person鈥擲miley鈥攃ould have sent it.
Smiley鈥檚 public key only works on messages locked by his private key.FIG-mg22614501.JPG

So between them, the two keys give you privacy and authentication.

For your eyes only

More from 快猫短视频

Explore the latest news, articles and features