Wednesday, July 07, 2004
FeliCa BohiCa?
When I spoke of NTT DoCoMo's new cell phone with embedded FeliCa technology, I posed a few questions, and mentioned that I might some day get around to answering them. While some are far too technical for such a "brief" environment as this blog, one, at least, deserves attention in the context of other posts here.
I have written before about the establishment of identity and its relationship to trust. What I have not written about (this post constitutes a preview) is the relationship of trust to value. To summarize: the amount of trust required for a set of transactions is directly proportional to the value of the transactions.
So, what is the problem with the "DoCoMo" solution? If it provides no more FeliCa based value than a single transaction, it is no better (possibly worse) than a standalone card. If it provides access to valueless additional transactions, the same logic applies. Only if the FeliCa implementation increases the value of the transactions under consideration can it truly be considered a value add.
Ah, there's the rub.
If the value increases beyond a certain threshold, then a authentication method based on nothing more than "what you have" becomes unable to support the trust required for the transaction set. Another preview: this is the exact point at which fraud becomes profitable.
I don't pretend to know what that "threshold" value is. I have read a bit about the FeliCa security model, and wouldn't personally rate it too high. It is very good for what it claims to do, but like so many other things before it, I believe this might just be stretching it beyond the point it was intended. Here's hoping that the bright folks at NTT are able to take advantage of the technology and cultural synergy in a way that lets it stretch, without breaking.
