IVR et al. in the 21st century

CID spoofing has been available for decades to anyone with a serious PBX. And for at least a couple of decades for anyone willing to spring for an ISDN line (much more common in Europe and Japan than in the U.S., BTW). So what we have now is more a matter of quantity than quality.

If you have an SS7 node (obviously most of us don't), you can actually see the "real" ID of the other party, which can't be spoofed, since it's needed for billing.

Certainly doing that sort of thing would be easy enough - consider all the services that allow you to "Text 'kitten' to 12345!" and they'll send you a picture of a kitten while billing you via your provider.

OTOH, very few people do it; the UI is just too hard. Just write a smart phone app, or have a mobile compatible version of your web site.

That being said, texts *are* used for many things - my favorite cab company, when I call them when I get back to ORD, knows my number, and their IVR system asks if I'm me, then if I'm at home, ORD, or elsewhere, which terminal I'm at, then they assign a cab, tell me the assigned cab number, and then text me that information. Someone spoofing my CID should certainly order themselves a cab (presumably annoying everyone when they don't actual use it).

My pharmacy sends me an alert when my prescription has been filled, that sort of thing.

A problem with that sort of spoofing, is that you're not going to get the return/verification texts (IOW, if you spoof your CID as

123-456-7890, *that's* where the confirmatory text is going to go). Now if you actually had a spoofed SIM card, that would actually be your phone, as far as the network is concerned, but then you wouldn't have to be spoofing the CID.

Some password reset functions now use your cell phone (they send you a text, to a pre-registered cell phone number when you ask for a password reset). Again, a spoofed SIM card lets you fake that. Again, not terribly secure against someone determined, but none of the stuff we're talking about here is.

That sort of authentication has never been anywhere near 100% solid, but for that to be an effective way for a thief to validate a stolen credit card, they'd have to know not only the phone number to spoof, but also whatever else is being used for authentication (last four digits of the SSN, commonly). And if you're calling from an unknown phone, you just talk to a person anyway, who asks you a few semi-personal questions ("you used your card to pay at a restaurant on Thursday, what was the name?"), and but mostly verifies that you sound sincere.

Nor are land lines particularly immune to that sort of thing. Tapping a phone onto a POTS line is trivial* (your target's NID is conveniently located on the back or side of your house, and if you don't mind unplugging the house phones while you make a call on your neighbor's landline, you don't even need a cable with alligator clips). If you have any semi-modern multi-handset cordless phone, adding another handset to the system is trivial if you know the brand, and can get a quiet 45 seconds with the base station and the new handset you bought.

*which of course is even more illegal than some of the other things we're discussing. Which doesn't change the fact that it's trivial.

None of these schemes have ever been particularly secure. The app/web site version is more secure, and is going to be much more common, given how much user friendlier it is.

No where. A fair bit will be displaced by apps and web access, which will be both more secure and more functional.

Good authentication is hard, and its mistake to think that any of the existing techniques are actually that, they're just modest sized roadblocks designed to make it difficult for the insufficiently motivated. No more than a good deadbolt on your front door will keep out a determined burglar.

The authentication system used by banks in Norway works that way.

(I have no idea how many other countries use something similar, but I know Norway is about a couple of decades ahead of the UK in many aspects of banking.)

When I am doing something that requires authentication or verification for banking (such as using a credit card on a Norwegian web shop, or logging into my bank's website), I can do it via an app on my mobile. The webpage (on the PC, tablet, or mobile) asks for my telephone number and my date of birth. (These are not particularly secret, but the bank knows which mobile numbers are valid for my account, and the date of birth provides a partial identity, making it easy to use but very difficult to use another telephone.) The app on the telephone pops up with a random code word from the bank server - the same code word appears on the webpage. In the app, you confirm that the words are the same, then enter your PIN number. This goes back to the bank, and everything is confirmed.

This gives two-factor identification (you need your phone, and you need your PIN).

I am not sure what transport is actually used for the communication here, but I believe it is SMS (with the contents of the message encrypted). Data traffic could be used too, but it's a lot harder to spoof the telephone number for receiving the SMS than IP addresses.

Yes. Yet credit card issuers rely *solely* on this as the means of "proving" you are the rightful owner of a (recently delivered) card! Intercepting a delivered card and having knowledge of the intended recipient's home phone means you can authorize said card, sign it (so any future signatures verify against the way *you* choose to sign the victim's name) and start using it.

If you happen to "get it wrong", the CC issuer just scolds you and tells you to call from your home phone (so, you use one of the web search agents to see what *other* phone numbers the victim owns...)

So, the recipient is reliably *told* the "ID" of the caller? (again, read my disclaimer about my NOT using a cell phone) I.e., each time you text someone/something, you are VOLUNTARILY giving out your phone number (presumably the same number that they could use to *telephone* you)?

Then you need to have written an app and it needs to be compatible with the phones on which it is expected to run. Presumably a text message can be sent from any phone regardless of an "app".

(e.g., I receive emails forwarded from "phone numbers")

Exactly. Just like spoofing an email address. Sure, you can

*try* to subscribe me to a mailing list. But, when the "verification" email is sent to my *real* email address (to which the mailing list subscription will "eventually" be delivered), *I* will see it and opt NOT to confirm it.

What if the real owner of the phone is on-line ?

Of course! But, anyone willing to put their physical being in a position where it can be *noticed* is taking much more of a risk than necessary -- find some other victim!

Our cordless phones have to be installed in the base station to be "registered".

Until you consider other apps coexisting on that same phone (does each operate in a jail? can each see the "data" that the owner has stored on/in the phone? etc.)

E.g., it's like installing a custom certificate for a particular HTTPS site... anything upstream of the encryption is fair game for exploitation.

[Had a buddy who taught courses (to elderly, etc.) re: "using computers and the internet". He would laugh when I commented that I didn't trust online ordering/banking/etc. His thought: "you'll NEVER break 40 bit (at that time) encryption!" He'd never considered the possibility of something capturing keystrokes *outside* the encrypted tunnel! "Ooops!"]

But damn near every firm still offers and relies on (old fashioned) IVR to eliminate customer service folks. Even if its just to navigate their incoming voice-mail system.

I'm not commenting on "good" authentication. Rather, what The Public seems willing to tolerate (i.e., what they will put up with to convince themselves that they are "secure").

I know a guy works for a datacenter at a very large multinational bank. He carries an electronic "token" with him at all times. Essentially, a pseudo-random number generator that is clocked once a minute and synchronized with another *in* the server. I.e., he loses it and *he* can't access the server (there are no "static" passwords, one-time "skey"s, etc.).

Most of the public wouldn't put up with this sort of thing.

What I want is an "inexpensive" way whereby folks can "do things", "make requests" remotely -- via a variety of communication media (phone/IVR, email, insecure WWW browsers, text messages, etc.) without fear that someone else can impersonate them.

The resources being controlled aren't particularly valuable (i.e., not "bank accounts"). But, abuses could be very inconvenient. E.g., turning down the heat in your home; scheduling an appointment with your auto mechanic to have a tuneup; etc.

A cheap Android telephone is a handy device. As long as you don't tell anyone your number, you'll get no annoying telephone calls...

Yes, that's right. As far as I know, it is not possible to hide the sending number of a text message sent directly from one telephone to another.

It is possible to connect directly to a telephone company's servers and send SMS messages that way (that's what things like email-to-SMS gateways or web-based SMS services do). Such servers can pick whatever they like as the sender's telephone number. But obviously you can't get an appropriate connection into the telephone company's server without a contract agreement - and anyone using the connection to spoof sender numbers would quickly find their contract cancelled.

It /is/ possible to spoof sender numbers, copy/fake SIM cards, etc. But it is hard to do. As long as it is significantly cheaper and easier to steal /real/ telephones with /real/ SIM cards, or rob or cheat people in other ways, then the security of SMS identification is good enough.

That's true - but writing apps is not /that/ hard (apparently - I haven't done so myself), and nothing here is going to depend on exact models or Android/iOS versions.

Mine usually ask me something else as well - last four digits of SSN, that sort of thing.

OTOH, they used to just send you the cards, and all you had to do was sign the back.

That's a good question. I assume your provider would notice (they have to know where you phone is so that can get to it when a call comes in). Fortunately spoofing a SIM card without access to the original appears pretty hard (they are encrypted, but duplicating the whole card is possible, even though there is supposed to be a hard serial number on the card that figures into the encryption).

That's a common technique. But you can still buy extra handsets for many base stations, then all you need is 45 seconds with the base station to get it to connect the new handset.

They're not generally supposed to. There have, of course, been bugs and exploits.

But will you give your credit card to a waiter after dinner, and let them walk off with it for five minutes? Which is more than enough time to order themselves an 80 inch TV.

I'll rephrase - IVR systems are going nowhere, as in staying right where they are. Their usage will diminish as other options grow.

Which is darn little.

At several points I actually carried more than one... These almost always require a static password as well (IOW you need both the current code off the token, *and* the password to authenticate).

Most tokens don't help against MITM attacks.

Several smart phone apps (aka "soft tokens") to do the equivalent are available. I've always been curious exactly how they defended themselves against hacking.

A secure web site (HTTPS and a password) is good enough for banking. It's not 100% secure, since almost no customers would be willing to put with the inconvenience needed for any near that. But for controlling the thermostat, that should be good enough too. And if their device has been hacked, and a keystroke logger has been installed, the fact that someone was able to muck with their thermostat will be ignored in the ****-storm resulting from the mucking about with their banking account.

If you wanted to allow an IVR or text message based system, you're going the have to live with some degree of CID spoofing. Additional authentication (a password, of some sort), can be added to either, although it's pretty clumsy with SMS. The confirmation message to a registered phone would work, but has the problems you mentioned. I'd personally avoid SMS (except for alerts and such - it's great for that), and just do a website or app for phones. I have no real problem with IVR if it has a password.

Again, at the end of the day, almost nothing your users are willing to do will stand up against a sufficiently determined attacker. And that applies to offline threats as well. Fortunately sufficiently determined attackers rarely target most of us. Which, of course, is

*not* an argument that you shouldn't make that as hard as possible.

Even people and organizations that are actually serious about security, and have considerable resources to spend on it, and are able to impose fairly draconian requirements on their users, still have breaches. The names Manning and Snowden should ring a bell.

Real security is never absolute. The key concept is managing the risk to an acceptable level.

I *own* several smartphones. I just don't "have service" on any of them! :> E.g., I keep one in the car:

- camera where/as needed

- spreadsheet to track fuel economy at each fill-up

- WiFi to browse web, check email from public hot spots I just can't make calls (and, more importantly, can't *receive* them! Sheesh! You see all these Pavlovian Dogs jump each time their phone beeps, burps, tweets or farts at them... :< )

So, like FAX was *supposed* to be?

In other words, if a person were to (pre)register their phone with you, the appearance of that phone number on an incoming text message would tell you (at the very least) that the caller was in possession of that person's phone (and, presumably, *was* that person -- given how possessive/obsessive folks are about their phones!)

Said another way, if your auto mechanic got a text from you saying, "Hey, Joe, while you've got the car, can you do a complete tune-up?" he could *reasonably* (i.e., in the eyes of the law) be expected to assume that text *did* come from you and (in small claims court) prevail at getting you to reimburse him for that service -- even if you *claim* not to have sent it (phone was spoofed, stolen, etc.).

OTOH, if he got a text saying, "You know what, Joe? The car is getting a bit long in the tooth. I think I'm just going to buy a new one. Why don't you put mine on the lot, take what I owe you out of the sale price -- plus something for your time -- and send me the balance" and actually *sold* the vehicle, a judge might be *less* likely to let him fall back on that "I got this here text" defense -- "Given the nature of the transaction, you should have verified it!"

(Of course, IANAL and am just posing hypotheticals)

So, conceivably, you could *want* to duplicate a SIM card if you wanted two people to share a service (on the assumption that they don't BOTH use it at the same time)

But that means *writing* the app and making sure the clients *have* the app (as well as maintaining it). Doesn't it also impact their service contract? E.g., don't you pay for voice + text + data? I.e., you can have just voice, voice + text or all of the above? (or, does text count as "data"?)

Can't you also send texts from "non" smartphones?

Hi Robert,

[much elided]

Yup. Security is an illusion.

Garage door openers have "85 gazillion codes". Ours, apparently, picks one at random (?).

Neighbor was wondering why their garage door was "closing itself". Apparently ours had stumbled onto *their* code (or, something in the protocol allowed ours to lock onto theirs at some point when we *thought* we were "negotiating a code with our remotes")

I would have sworn it was *impossible* -- had I not watched their door close when I pressed *my* remote!

Actually, I give credit card to waitress when seated and have her "run it" before we order. Saves the (mock) "fighting" over who will pay when the bill finally arrives :-(

OTOH, I've been carrying some cards since the mid 70's (same CC#) and can't recall any problems. (well, once I disputed an airline ticket charge -- "I haven't been *near* an airport in more than a year" -- only to discover that it was a legitimate charge for a CC that I had canceled cuz I left it at the teller's window in a distant town... took a year for the airline charges on that card to catch up with my *new* card! :> )

But, I use cash for a lot of stuff! (I used to pay my tuition with cash... for folks used to seeing students come in and "sign some papers" it was very unnerving! :> )

SWMBO, OTOH, uses plastic everywhere! Cripes, she'll charge $3 worth of produce! So, no surprise when she received an unsolicited *replacement* card in the mail: "Your account has been compromised..."

Ah, OK. But my point was intended wrt "IVR" as a generic sort of "RJE" mechanism -- attendantless interaction with "systems"

But technologies *try* to accommodate this "laziness" (for want of a better word). E.g., short range RFID to scan cards instead of having to swipe them.

Of course, hacker technology *also* advances to exploit those concessions!

[I've a buddy who keeps his passport in a metal sleeve]

Yes. But, to be successful, (e.g., in a network access protocol) a lot of infrastructure would have to be compromised. E.g., DNS to redirect incoming connections to the interloper instead of the legitimate site.

I think you have to keep the "human" in a critical portion of the authentication loop. The "challenges" have to be things that the human is "only" capable of resolving, correctly.

E.g., I suspect we will soon see largescale "biometric" hacks as folks fall for biometrics as the new security panacea. I picked up a couple of "encrypted portable disk drives" the other day. Integral fingerprint scanner to "unlock" the drive. BFD. When I get a chance, I'll try photocopying my fingerprints to see how that works...

But doesn't prevent me from throwing a transparent window over the entire screen and capturing keystrokes, "for free"...

I am trying to address two current applications -- different domains.

The first is home automation. I probably don't care (too much) if you try to mute the living room TV by stealing a certificate, guessing a password, etc. To be a nuisance, you would have to do so *continuously* (cuz you'd never know when the TV was *on*!). And, that would be apparent in logs -- or to an intelligent agent watching for that sort of access abuse.

I might care a little more if you could tell the HVAC to raise the temperature to "occupied" status even though I wasn't home. That costs money, not just a nuisance.

OTOH, I'd be pretty concerned if you were able to unlock my front door -- or, open the garage door (even if the doorway into the house remains locked). Esp if you knew when the house was unattended!

The other application involves allowing for remote requests for service from "clients". If someone spoofs a request for a visit with a counselor, this might be annoying. Or, if they

*cancel* a scheduled visit with said counselor (and, in reality, the principal actually shows up!).

They might be a bit more concerned if their monthly stipend check is rerouted for "pickup at the office" instead of "please mail to my home address".

And, even more concerned if request from "important persons" are spoofed ("Timmy failed his classes and is not entitled to benefits this month")

Agreed. I had an aunt who had a closet full of furs. This was common knowledge. House was alarmed, etc.

When she was burglarized, thieves backed a Jeep up to the side door and pulled the entire door frame out of the wall!

A friend I worked with had a large gun collection. They just took the entire gun safe! :>

Yes. What I am trying to do is understand where *today's* technology places those risks. In the days of landlines and IVR, a "password" (4 digits) was sufficient for reasonable security -- unlikely that anyone would *guess* yours AND know that you had an account at , etc.

I'm not sure I would rely on the "authentication" SMS provides to honor a request to: "Transfer all my worldly possessions to exiled Prince Mewanna Nogimba so he can reclaim his rightful throne..." without *several* additional layers of verification!

OTOH, It would quickly become tedious to have to verify and acknowledge each and every "little" request. I want to find the appropriate level of "inconvenience vs. security" tradeoff for each activity -- by understanding how each technology can be exploited nefariously.

So you use them just like Android pads? Fair enough - whatever suits the balance between big enough screen to show everything you need, and small enough for the portability you need.

It's amazing how lots of people have become slaves to their phones.

AFAIK, FAX has never required you to reveal your number. A fax machine dials another fax machine as an analogue modem - it can hide its caller number just as easily as with "old fashioned" telephones.

(Useless trivia - did you know that the fax machine was invented before the telephone?)

Yes - almost. (Again, I can't vouch for it being /impossible/ to forge or spoof numbers without access to the telecoms company systems, but it is certainly much harder than for "old-fashioned" telephones.)

(As always, my writing here is from my understanding and experience - if anyone can correct it, great. And you'll want to double-check before relying too much on my information.)

I say "almost", because telecoms companies can send messages "from" a given telephone number without using the telephone in question. For example, I can go to my provider's website, log in (with password, obviously) and send SMS's "from" my telephone. I find it very convenient when the messages are longer - it's easier to type on a real keyboard.

That would depend on how reasonable the text was. If the text asked for a tune-up, I would expect it to stand up in court. If the text asked to sell the car and transfer the profits into a given bank account, I think it would be harder!

It is fair to assume that the sender was either the real person, or had the real person's telephone, or access to the real person's credentials (login name and password) on their provider's systems.

IANAL either - but see above.

Note that telecoms companies will normally have a good log of all SMS messages sent - including where they came from (telephone, website, etc.), where they are going, the times, and (unlike for voice calls) the message itself. So in a case like this, SMS logs could reveal quite a lot of additional information - as well as proving that the text was actually sent.

If you /want/ to share a single service, telecoms companies can provide multiple SIM cards (at least, the Norwegian ones can). Different services can be enabled for different cards. A typical arrangement is to have a data-only SIM card in a pad or laptop adaptor and a full-service SIM card in a telephone - both are connected to the same account. You can also have two full-service SIM cards in two telephones (such as a "smart" phone and a "dumb" phone - so you can still use the "dumb" phone after the battery is dead on the "smart" one). Of course, the providers charge through the nose for such luxuries - but it is certainly possible.

Real /duplicate/ SIM cards (which are never made legally) would have identical SIM card numbers, and would conflict on the network - you can only have one in use at a time.

Yes, but it's not difficult to put an app in Google Play (Apple is fussier, especially if you want to charge for the app, and I have heard nothing but bad things about MS's store. But Windows phones are just a rounding error anyway).

Yes, you can have all sorts of different combinations. You can also have mobile data traffic switched off on the phone while allowing voice and SMS. (SMS text does not count as data.) I don't see you mean by "impacting their service contract", except that your app would require either SMS or data in order to communicate. This should not come as a surprise to users, however - and no "normal" telephone contract would be without SMS capabilities at least.

Of course, different contracts will have different amounts of text and data included in monthly fees, or available at different prices.

Yes. But you can't run apps, in the modern sense - though many "dumb" phones had some sort of app support. You certainly wouldn't bother supporting them now unless you were /really/ bored.

mvh.,

David

Dunno what an Android pad can/can't do. Most of mine are very small, "slide (mechanical) keyboards" with a *tiny* stylus (telescopic). I.e., reading mail is tedious, at best. Web sites even more so!

OTOH, if I've been waiting for an email, I can see that it has arrived and skim through it if it has -- leaving the "reply" to wait until I am in a better environment.

Camera, of course, is handy if in an accident. But, also, if we see something "interesting" (SWMBO is a painter so often looking for "subject matter" -- e.g., water fountains that have frozen solid).

Fuel mileage spreadsheet is the only realistic way to ever track that sort of thing. No way in hell I'm going to discipline myself to type it into a computer "when I get the chance". Also, lets me see *then* if the car is underperforming (e.g., I can tell start of cooling season because fuel economy drops by ~2MPG -- first time I saw this I spent a fair bit of time trying to figure out what was *wrong* with the vehicle :< )

I can understand some folks *needing* to be "in constant contact". However, annoying when you're chatting with someone and they get "interrupted" every few minutes -- only to discover they just got an update on a ball game score, or an alert that there is a traffic accident on the other side of town. Are any of these things *worthy* of the distraction they present? Can you *not* wait until you are in a better situation to interact with the faceless entity on the other end -- like, perhaps, AFTER you stop driving the car/train?

I think (US) it is supposed to. However, the *operator* is supposed to specify the phone number associated with the line (the machine itself has no way of knowing).

But, the phone company is still the "responsible agency" sitting in the middle, there. It's not like *I* can force them to provide bogus information (e.g., I could tell my FAX machine to print someone else's phone number on the incoming FAX that the party to whom I'm sending receives -- TPC can't prevent me from doing so.)

Exactly. That was the purpose of my deliberate example. It's not "unreasonable" for Joe to assume that the text was from "you" and to perform the requested tasks without further verification (if you had telephoned him with the request, would he have to quiz you on your mother's maiden name, the contents of the glove box in the vehicle he was servicing at that time and the clothing you wore when you dropped the vehicle off?)

OTOH, if you told him to sell the vehicle, he'd probably want you to "put that in writing" (with a legal endorsement)

Yes. If you were litigating after-the-fact. Again, my concern is "how much faith can I *blindly* place in such a message". E.g., I'd probably NOT require verification if you were asking for the heat to be turned up or down in the house (while you were away) -- as long as it LOOKED like a reasonable request!

OTOH, if you asked me to turn the heat *off* and it was below freezing outside, I'd probably want you to confirm that to be your actual intention -- "Sorry to bother you, but do you

*REALLY* want me to turn the heat off?"

That was my point. I.e., the provider doesn't know that the card is in a different phone. Or, that the call being made

*now* wasn't accomplished with the same PHYSICAL SIM card.

It's just one more thing to maintain. If user can do all of this with other *existing* mechanisms, why bother? It is not intended to be something you *normally* use so some amount of inconvenience is acceptable (if you use it infrequently, will you remember how the app works? is it compatible with the latest "server" version, etc.)

That was my point. You need that service *in* your contract.

SWMBO has never used the text capabilities on her phone -- even for incoming messages (she just deletes them).

Actually, I plan on relying on IVR as the "works everywhere" solution. The question is how much beyond that to support (such that everything remains "downward compatible" with the IVR interface in terms of capabilities).

Thx,

--don

You can do pretty much anything with a pad that you can do with a telephone, except make telephone calls (and SMS). Some pads have a GSM modem if you want to add a SIM card - but I think most people prefer to connect them by Bluetooth to their telephones when they want mobile data (since they already have an account for their telephones). Of course, you can just stick to Wifi rather than mobile data.

With a decent screen, a pad is fine for email and websites. You can also get pads with keyboards, or use a bluetooth keyboard. I much prefer a real computer, but a pad is more portable while being a lot more usable than a little telephone. Most of the time, however, my pad lies about in the sitting room for youtube (my youngest kid is a big fan of playmobile videos), games, and some web browsing.

A phone without a SIM card (or a SIM card but no valid account) can also be used to call in emergencies - a pad can't do that.

The other thing that bugs me is people talking into bluetooth earplug/microphones. Sure, there are some occasions when these are essential - you /need/ to be able to talk to someone on the phone while using both hands on something else. But most of the time, people using these just look incredibly stupid.

Yes.

I'd agree with that.

Maybe - but now you are asking a control system to figure out what is "reasonable". That's often not an easy job - but maybe you can say any target temperature outside the range 6 to 26 degrees is "unreasonable", and needs extra verification.

True. But I have no idea how widespread such "duplicate" SIM cards actually are. I think it is usually easier for criminals to steal whole phones, complete with valid SIM cards. By the time the original owner has contacted their telephone company to cancel the card, the thief has already sold the telephone. If there are easy ways for criminals to make money without duplicating SIM cards, then they won't bother.

If you are making a remote heating control system, it is a small matter to make an app that is so easy that the user has no problem using it once per year. But controlling it by sending an SMS "set temperature

19" to a given phone number /would/ be hard to use.

Yes, but the phone can still handle them. And an app can send them.

So, it's just a bigger "video interface" (?) instead of the itsy screen on a phone...

YEs, I neglected to mention that. >> It's amazing how lots of people have become slaves to their phones.

No, they think they look *cool*! :> (Um, hello... damn near

*everyone* and *anyone* can have this, what makes you think you're "special"?)

OTOH, I am using them to control the *house* simply because they're more available than a custom built solution would be!

Yes. But, that's part of the goal of the system as a whole -- to learn typical patterns (to anticipate typical needs). E.g., if the HVAC is rarely set outside the ~65F-78F range and NEVER "off" (except for service), then a command to set it to 90 or 50 would be suspicious -- either a "typo" (in which case, the user should be given a chance to rethink his command) or a deliberate "attack".

Think about how credit card companies deal with your purchases. If you're "always" making $100 purchases, then they don't raise red flags when you make a $200 purchase. OTOH, if you suddenly make a $10,000 purchase, the card issuer may want some extra verification that you are who the salesperson *thinks* you are!

Dunno. I am just trying to understand the role that the card plays wrt the phone and The System.

E.g., in the days of dongle-enabled software, the dongle was *the* credential. Nothing about the machine to which it was attached played a role in the authorization process.

When node-locked software exploited the MAC of the host, the "add in" NIC (predating NIC's on motherboards) played that role.

Now, I suspect it is a combination of many things (e.g., you can't just move a license by reshuffling hardware components).

Agreed.

A "valid SIM card" cares not for the phone in which it is installed? I.e., there is no opportunity for a "second layer" of authentication? Possessing the SIM card *is* possessing the credential?

Considerably more involved than HVAC control. I'm automating the entire house so the "command vocabulary" is large, by necessity. And, as users will typically be using it daily, there is little to be gained by making yet another "pretty" interface.

(i.e., if you can't remember how to command the garage door open, a smart phone is the least of your worries!)

No doubt. Though I don't think she has a "keyboard" on her phone (it is only used in emergencies: "Don, I've got a flat tire. Come get me.")

Becoming a "phone company" is not actually all that hard. You need an SS7 switch and an appropriate peer connection to another phone company. The major limitation is that if you're a bad actor, the other telcos will refuse to peer with you. There are literally thousands of such organizations. It's a bit out of range for an individual, but not a modest sized company.

Do a web site. Keep the screen size requirements down to what'll work on a phone sized screen, don't require any overly complicated mouse or keyboard actions, don't go overboard on HTML5 or the like, and you end up running on everything from web-enabled sub-smartphones* to PCs. If you want to be more sophisticated, you can customize your web pages based on the device (you get a fair bit of information). You might have a small medium and large versions of your web size, for use on phones, tablets and PCs (although most sites that make a distinction just go with just "mobile" and "non-mobile", and it's not uncommon to see table users switch to the "non-mobile" site).

SMS** and email notifications (only) would be a good fit too ("the temperature in the house is under the lower limit!"), and are also easy to implement.

If you wanted to support something more sophisticated, you can always add apps for particular platforms you're interested in supporting (right now most folks do iOS and Android, with some also supporting Windows) - there's, of course, nothing preventing you from doing a desktop app too.

*Even many feature phones now support web access of varying degrees of sophistication, although their browsers are sometimes somewhat limited, unlike the browsers on "real" smartphones, which are pretty much as sophisticated as anything you'll find on your desktop. **There are any number of providers of inexpensive SMS support - all of them include a variety of interfaces, and all of them support some form of email-to-SMS conversion for simple outbound SMS.

We've lost a useful sanity detector. It used to be that people walking down the street shouting excitedly into the air were reliably crazy. Now some of them are just making phone calls.

While there are usually a few additional features (and sometimes a few less - many tables can't be used as phones), and some tweaks to the UI, the tables usually run the same OS as their smaller phone cousins. So iPads run iOS just like iPhones, same for Android and Windows. There is a wide spectrum of devices sizes as well (2.5 inch phones to

21 inch tables), include fairly recent a considerable growth in 5-7 inch tables ("phablets") usable for the occasional phone call.

That's pretty much it - the SIM card *is* the credential as far as the provider is concerned. The US is slightly odd in that we have a considerable collection of phone without removable SIM cards. In Europe, for example, you're basically buying the SIM card from the provider, and a phone to put it in from someone else (or from some entity that sells you both in the same transaction) While they're not unheard of, US style phones locked-to/financed-by long-term contracts are fairly rare, although non-SIM based phones are pretty much disallowed.

Pretty much yes. There have been several physical sizes of SIM card, and several content standards (with a fair bit of parallelism between the two), but for the most part, if you can get the SIM card into the SIM card socket on the phone, you're good to go.

You mean a physical keyboard, right? Only on feature phones do you have to do the multiple-tap thing on the 0-9 keypad to "type". Basically all others do a pop-up touchscreen "keyboard".

So, you don't want to *carry* them around *as* a phone... ?

So, the SIM card is effectively "protected FLASH"? Or, is it still a card that is "soldered in place"?

From what I've seen, there are three different classes of "phones" wrt "alphanumeric entry":

- some have regular touchtone keypad and you use key combinations to select which letter on each keycap you desire (I think this is what SWMBO has -- though I have never actually examined her phone)

- some have a physical keyboard with gobs of keys (I have some -- like Blackberry -- where the keys are prominent, others where the keyboard hides inside the phone until needed)

- some rely on a "soft keyboard" (onscreen)

I'm not sure if the Palm phones (e.g., Treo) also allowed graffiti for text entry?

The appeal of the "app" approach would be tapping on icons to achieve your goal instead of typing out text... (assuming you can effectively represent your tasks set with iconography)

[attrs elided]

I had planned on a WWW interface but, there, expected to be able to elicit text from users ("reason for visit", etc.) on the assumption that they were seated at a *real* computer.

I'll have to rethink this.

Yes. I was thinking the "phone" interface would be effectively different than the "text(ing)" interface and the "Web" interface, etc. All just different levels of detail on the same core command set.

But I have to track which "users" have which capabilities, right? I.e., you use a web browser doesn't imply you can receive texts. (OTOH, you *send* a text implies you can receive them! You place a request via IVR and you can obviously receive a confirmation request over that same channel...)

The whole point is for me to avoid apps that aren't running on the server side.

E.g., IVR is entirely server side oriented -- the user can be using a land line, cell phone, marine radiophone, etc. and still interact with it. "Something" connects him to me and the rest is code in *my* server.

Similarly with a web interface -- I push HTML at you and you click links or fill in fields. (i.e., the "app"/browser that you are using is a ubiquitous one that isn't tied to *me*)

I don't regard the two as mutually exclusive...

*I* find them a somewhat awkward size, but apparently some people don't. But the phone function is really not that big a deal - every tablet has audio out, and a microphone. If you want to do a phone you need a second speaker for the "earpiece" and the mic to be positioned somewhere close to the mouth (and both of those are somewhat soft requirements - if, for example, the speaker is near the top of the phone anyway, reusing it for your "earpiece" speaker is possible)). If you want to do calls on the traditional network, you need a device with that support (IOW, not a WiFi only device). All(?) the big tablets are available both ways. As a practical matter a 10 inch tablet is mostly impossible to hold to your ear, so they don't get the extra audio stuff, the rest is just software. Some of the bigger tablets can do phone calls in "speakerphone" mode (again, that's mainly a software and network issue). But you can drop Skype on most of these devices, if you want.

The phablets are perhaps best thought of as small tablets that can still make an occasional phone call.

There have been a variety of implementations. Hardwired into the phone used to be pretty popular IOW, nothing really identifiable as a SIM card, but presumably there was a serial number/whatever ROM in there someplace). Various SIM-like schemes have been used with a removable module with the relevant data on it (that facilitates giving the user a new phone when something breaks - so long as the module is not damaged, just move it to a new phone of the same model, and send the customer on their way). Plus there have been plenty of "real" SIM card based phones in that role. In some cases a dab of epoxy was used to make the SIM card permanent. In others the phone firmware placed non-SIM requirements on the "SIM" card (for example accepting a card specifying only a particular provider, for example).

You SIM card can store some of your personal information as well, although most smartphones have a lot of additional stuff that you'd probably want to migrate.

That would most likely make it a feature phone.

Tapping on icons on a web page is just as possible. But almost anything capable of running apps or displaying a web page is going to have more than the touchtone keypad. Usually tapping the enterable field pops up the keyboard if you've got a soft keyboard.

Never implied that it was...