So, about the Internet of Things, as suggested by @tcarlyle, I looked at Everythng. I really liked it, and their basic engine is very interesting. What they are doing in the social area is interesting, as they take a fresh look at advertising (with real interaction). Their offer is definitely worth looking at if you want to do something with objects. And the fact that they are looking in parallel at smart and “dumb” objects makes their initiative even more appealing.

However, I still get the feeling that there is a strong interest in going one step further, really exploring VRM here. For instance, on approach like Onecub, which helps users organize and manage their incoming e-mails from retailers and service providers, sounds really interesting. This kind of engine, connected to Everythng’s “thing” engine, could efficiently link the Internet of People with the Internet of Things, because we certainly don’t want to get unfiltered messages from all the things we know (and their makers/vendors/distributors). By the way, @Onecub, I would love to take a look at your private beta.

In the end, it looks more and more that some experimentation will be possible without necessarily having to go through too much of a backend effort, building on these upcoming technologies. Which brings me to the implementation side, with NFC. I have tried a few applications that perform actions when scanning tags.

The first one I tried was Tagstand’s NFC Tag Launcher. This application seems to work nicely, but it requires to use their own tags (they supposedly ship some free, but only in the US). I did try it anyway, because their application can also perform some actions when connecting to a Bluetooth device or to a Wifi network. That’s actually interesting, as such events can happen when arriving in the car or at home. For me, turning my phone’s loud ringtone on automatically when I get home is useful.

The second one I tried was NFC ReTAG Free. This app does about the same thing as the previous one, but it can do it with any NFC tag, including my old conference badges (and I have enough of these to organize quite a few experiments). This application works fine, and I have been able to associate some behavior to old badges. Sadly, in practice, the app is made less interesting by Android’s design choices when several NFC applications are available. Like in other cases, a chooser is displayed, that allows me to choose in a single click between the various tag-reading applications. However, this chooser does not include an option that allows me to make a permanent choice: a chooser is displayed every time.

If I try to second guess Google’s intentions, I would say that they simply want to avoid applications that would hijack all NFC interactions. However, Google also describes the main value of NFC as the streamlining of the interaction: you read a tag, and you immediately get what you want. In that particular case, this value falls as a collateral damage to another policy.

If we dig a bit deeper, this shows that the preferred model for Android NFC is a closed model, in which an application is associated to a set of tags, issued by the same company. In that case, they will use private NDEF content, which guarantees them that their tags will trigger their applications. Open models, in which a tag can be used freely by several applications (letting a user select a preferred app) is more difficult. I still believe that such applications are very promising for NFC, in particular in publc spaces, but the interaction may not be as fluid, at least to start with.

Now that the Layar app is reading QR-codes, we can see how similar applications may rapidly become the front-end to our smartphones, and NFC tags will be losing some of their competitive advantage if they can’t trigger this app automatically. Let’s hope that this feature will keep evolve in future releases of Android.

Like public tags, there is a strong interest here to have a generic Web platform to handle such thing tags, which would need to follow some basic principles:

• Be thing-centric. The tag must be primarily associated to the thing, whatever it is, and it should be able to provide information about that thing (e.g., link to user manuals, warranty information). On the opposite, the tag should not solely be a direct marketing fixture for the thing’s manufacturer and/or distributor.
• Give power to the thing’s owner and users. The tag is associated to something, this thing is owned by someone, and that person need to have control over the tag. Except from the core thing information mentioned above, the owner should have control on what they want the tag to do. If I want to use the tag conveniently placed on my coffee machine to launch my e-mail every morning, I should be able to do so, as long as I still have a way to access the other information associated to the tag when I want to. And if my daughter wants the same tag to trigger some other default action when she scans it, it’s fine too.

If we combine these two items, we get to an interesting VRM idea: the tag on the thing is the link between the thing’s owner/user and any businesses that may be linked to it, and the user keeps some control:

• The user/owner can contact the businesses if required.
• The businesses associated to the thing can contact the thing’s owner, only as authorized by the owner.
• The owner of a thing can transfer the ownership to another individual, who then becomes the contact for the businesses.

In a world where objects often have a lifecycle involving several individuals, this is a great way for businesses to keep in touch with the actual user of their products, while providing more control to the end users. Like usual, I strongly believe that this interaction strategy is likely to have better returns for businesses than basic “advertising push” strategies. And the service to users is real, even if it is limited to providing access to information related to their things.

Once again, I haven’t found anyone doing something even remotely similar to this among all the NFC companies that are popping up everywhere. If you are doing this or know someone who is doing it, please comment on this; I would love to take a look.

• A mailbox tag. La Poste and Connecthings put tags on mailboxes. So far, they have equipped the mailboxes in the streets of Paris, which are a property of La Poste. But what if they want to extend to private mailboxes? We can think of many applications, but many of them don’t belong to La Poste. Maybe that DHL or UPS would also like to use a mailbox tag?
• Tourist tags. Many cities have deployed NFC tags that allow tourists to get information about the site they are visiting. This is a very nice application, providing content to the public. Of course, we can imagine many uses for such tags beyond that: a trivial one would be to provide alternative information, for a more focused public; we could also imagine a city-wide multiplayer games, reusing these tags.

There are two main reasons that make these tags public goods:

• First, they are in a public space, accessible to many, and it is reasonable to expect that different people will expect different effects when scanning the same tag.
• Second, it doesn’t sound reasonable to use many tags for the same thing/location. The private mailbox example is the best here: having one NFC tag is acceptable, even for people who don’t plan to use it; having one for each delivery company is simply not acceptable.

The next question is: How to get there? Well, there are many possible ways, possibly complementary, and I will outline three:

• Design applications to use the content of a tag as identifier. Many private applications already do that today; the content of the tag simply is an index into their Web site, giving them some flexibility about the content to associate to each tag.
• Define a Web platform that will associate information about tags to user-selected mobile applications. That is the crucial part here. Once we have some kind of global identifier for tags, the next step is to asscoaite each tag to content. In a dream world, this aggregator role should be assumed by some kind of Google-like indexing company. Then, depending on the user’s preferences, scanning a tag would yield different results, as we don’t all want to do the same thing.
• Standardize a significant number of tag content, to make them available to many applications. In some cases, offline content can also be very useful, if it is standardized. For instance, location information can be a nice complement to a tourist tag, together with some canonical name to identify the location (chosen by the entity that installs the tag).

In such a context, the main value of a tag is to contain a small amount of verified, unambiguous information, which can then be used to link to more information (public or private), and/or to link it to applications. Here, considering tags as a public good, allows us to maximize the value that can be associated to them, and to provide more valuable services to users/citizens.

The missing link is here the open Web platform. I am still surprised today that I haven’t been able to find such a platform; if you know one, please let me know.

I have been quite happy to hear a few weeks ago that Gemalto finally decided to consider NFC as more than secure services, by launching their POPWings service. I immediately ordered one of their business cards, excited to get a new NFC service.

So, I got a card with my blogger identity, and I scanned it with my Nexus S. This opened my Popwings page in the browser, showing my information. I was even able to link directly to my blog, open Twitter on my feed, everything was fine for a Web part.

Next step: download the application from the Play store. I just did that, and I have to admit that the feeling was not the same. I expected the application to do more than the simple link, and as far as I know, it doesn’t. OK, it will store locally my POPWings contacts, instead of showing them one by one. But as soon as I open this application, I am stuck in POPWings world. In particular, what hurts most is the inability to add this contact to my phone’s contacts. Let me be clear on this: it took me forever to get a contact database that will synchronize between my different accounts, and I definitely don’t want to change that.

It looks that POPWings is trying to deal with customers the Apple way: first, you buy a product from us, and then you are stuck in our ecosystem. That kinda works for Apple: I just got an iPod that I love as a device, but I hate Apple’s dysfunctional Windows software (disclosure: I am an Amazon fanboy for music, including the cloud player, and the primary reason for getting an iPod is the ultra lightweight form factor).

The problem with Popwings is not in the application, but in the philosophy behind it: it limits me rather than empowering me. I bought a new-generation business card, and what I got is a contactless smart card with my name on it, that doesn’t even work as a standard business card, since my contacts can’t easily put its content in their list of contacts.

UPDATED: Although the application is more open than I initially experienced, it still attempts to create a new and private ecosystem, which doesn’t seem to be the way to go. More on this in the update.

As you may have guessed, I wouldn’t bet on Popwings today, especially With the current application. Nevertheless, the idea remains good, and I would love to see it turn into a wildly successful ventures. Here are some suggestions:

• Market to the end-user. Actually, Popwings got this one right: adoption will come to end-users, and the best way to force ourselves into making useful NFC applications is the need to convince them to buy our product.
• Don’t lock the end-user. This is where Popwings fails. It would be so much better if it allowed me to add a contact to my contact list, or to interface it with other applications: the more, the merrier.
• Encourage new uses. This is where Popwings can become a platform more than a mere application. By encouraging others to develop applications that leverage Popwings business cards or to integrate Popwings cards in their application, these NFC business cards can become a de facto standard, unlocking a huge market.
• Focus on the platform, not the app. A first-year student can write can write the Popwings app, but it takes slghtly more effort to build a platform that correctly manages NFC business cards or other cards for use in Web/mobile applications.

My 2 cents.

The idea is of course to use NFC technology to simplify this, which would allow the use of strong authentication in more situations. The idea is here to have credentials in mobile phone applications, and to use it in a NFC transaction with a PC. Here, the service provider delivers a user credential in the phone, or delegates this to a TSM. Because the credential will be stored in the secure element, it is possible to emulate all kinds of hardware tokens on the mobile phone, with a similar security level.

This is an interesting way to introduce new applications in the NFC secure element, especially ifhy can make our lives easier. Of course, this assumes that there actually is an infrastructure ready for downloading content to it, and business models in place to actually get the credentials in an efficient way to the secure element. So, some way to go here.

Cassis is now trying to offer TaaS (TSM as a service, of course), where the TSM performs the essential processing, and also streamlines it, for instance by leaving the most sensitive data at the bank, and only sending crypto requests to the bank.

In the future, they envision many TSMs in the cloud, where collaboration will be made easier. Of course, there are things to consider to make that happen, including of course some action on regulatory bodies, who maynnot like this move to an uncontrolled cloud.

I have always thought that this kind of activity was difficult today, because cloud is about elasticity, and Hardware Security Modules (typically used by TSMs to store sensitive data) are not all that elastic. Of course, proposing to keep the sensitive data on the bank’s server is one way to address that, but it also shifts some responsibility from the TSM back to its customer, which is a bit strange.

Nevertheless, I get this feeling that a TSM cloud needs to be really secure. This would eiher mean that someone builds a TSM cloud and shares it with others (Gemalto, do you want to be the Amazon of TSMs?), or that someone builds a cloud for secure applications, possibly beyond TSM. I am sure that there are other reasons to use a secure cloud, so this may be the way. Anyway, this is interesting to follow, because leveraging the cloud’s properties will give a competitive edge to any TSM.

Here, the idea is about developing an application that would run on NFC-enabled phone, and that would catch all NFC tag traffic, proposing whatever action the tag was meant to propose, but also proposing alternatives. Here are a few potential uses for it:

• Propose alternative opinions. For instance, let’s imagine that a Google tag on a restaurant window redirects you straight to Zagat. This application may offer you some alternatives, like Michelin or Yelp.
• Do something else with the tag. For instance, a tag installed by a city on a monument to provide tourist information could be used in an interaactive game. When the user scans the tag, something happens (for instance, some additional information is disclosed).

There may be a business model behind such an application, but we must remember that the title of this post include the term “hijack”. Using somebody else’s infrastructure that is left in the open may be acceptable/legal/moral, but if we go too far, I am sure that some countermeasures can be put in place. However, this sounds like an interesting non-commercial project. Here is how I see it:

• Community project. The open community is required in order to create the alternative content. Without content, this mombile application simply is another indirection when using tags, which is not good.
• Linked to other community projects. An obvious link is Wikipedia, which could provide alternative content for all kinds of monuments, public places, etc. But I am sure that there are other projects to draw from. The good thing about this is that it reduces the production of content to linking tags to new URL’s, which can be much faster than writing the content.
• An experiment with tags. What people do with tags today is very boring, and we are expecting more ideas to come. Such a project could be tthe base of a wider experiment based on tags.

I am not good at starting/managing developer communities, and I will soon have little time to do this. I have thought about a few things around this, that I would be happy to share with people interested to work on this, but my meager Web development skills have stopped me from starting a real implementation. This thing just sounds like a very nice group project on Mobile Web, with a mobile client, a Web site and database, a sprinkle of NFC for the hype, and much more later. If you’re interested, please drop me a line, as I would like to keep a (distant) eye on such a project.

But first, let’s see what they have to say about the characteristics of NFC. I kinda like their presentation of things:

• Low friction. The main advantage that they have been advertising. The idea is here that when you scan a NFC tag, the appropriate application is instantly launched, which is a much better user experience than using QR-codes.
• Low range. Some good, and some bad. On the good side, the low range is a security guarantee: in order to start a NFC exchange, an attacker will need to be uncomfortably close to his victim. On the bad side, if you want to do something, NFC will be used to bootstrap, but another wireless connection (Bluetooth, WiFi) will need to be set up.
• Low data rate. Not good, and another reason to switch to another wireless connection after bootstrap.