My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Sunday, March 26, 2006
« The draft Reliable Asynchronous Messagin... | Main | Inside Man goes Bollywood »

Have you ever wanted to pay a friend for lunch or settle a coffee bill? And wanted to do it while you were out and about directly from your Mobile phone? Then check out the new PayPal mobile service.

Security is an important consideration for something like this and they do a good job of making sure that Identity and Authentication remain distinct.  For a good read on this topic, check out Steve Riley’s article on TechNet on this topic.

To reprise some elements of the above article, Identity is that answer to the question “Who are you?” that you present to the system that you wish to access. The interesting thing about Identity is that it is a claim that you make about yourself using something public like a ATM Card, a User ID or in this particular case your cell phone and the corresponding cell phone number. Authentication is the answer to the question “Can you prove you are you?”. Common mechanisms for doing this are passwords, PINs etc. In short, this is a secret known to you and the system (The system either knows it or can verify that the secret is authentic). In this particular case, when you send the request to make a payment from your cell phone, the PayPal IVR system calls you back on your mobile phone number and you have to prove that you are indeed you by putting in a shared secret that only you and PayPal know about. Your possession of the secret verifies that you are you and the payment proceeds. Very nice!

[Now playing: The Mummers' Dance - Book of Secrets]

Tags:: Security
3/26/2006 8:52 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.