An Ultra-High-Definition 3-D TV

 
New electronics enable a jump in performance in a
prototype display made by Samsung

Samsung has shown off a prototype of an ultra-high-definition 3-D television. The 70-inch prototype uses a novel electronic circuitry to control eight million pixels. It's not likely to go into volume production soon, and there isn't any content to display on it, says Paul Semenza, a senior analyst at Display Search. But at last month's Society for Information Display conference in Los Angeles, the display drew crowds and garnered a best-in-show award.

Samsung is the latest TV manufacturer to demonstrate a technology that uses a type of backplane—the array of transistors used to switch the pixels on and off—based on metal oxide semiconductors. These materials offer higher performance than the amorphous silicon widely used today, without increasing costs. In April, manufacturer Sharp announced it will begin manufacturing displays based on metal oxide transistor arrays by the end of the year at its plant in Kameyana, Japan.

It wouldn't have been possible to make the ultra-high-definition display using a conventional backplane, says Sangheon Kenneth Koo, director of LCD marketing at Samsung Semiconductor. That's because making the pixels smaller requires making each of the controlling transistors smaller, too. And the amorphous silicon used in conventional backplanes doesn't conduct electrons fast enough for this kind of miniaturization.

Metal oxide semiconductors conduct electrons very rapidly, and they can be deposited using relatively inexpensive methods. The hurdle has been figuring out which mixtures of metals to use and how exactly to work with them on today's equipment, says Randy Hoffman, a senior engineer at HP. The leading material is now a mixture of indium, gallium, and zinc called IGZO.

Semenza speculates that Sharp might be planning to take advantage of the high pixel densities enabled by metal oxide backplanes to make crisper mobile displays. Based on the size of the equipment at the company's Kameyana production line, he speculates that the company may be aiming to provide a high-resolution tablet display, perhaps for the next generation of Apple's iPad. "The high-water mark for this," says Semenza, "is the retina display" in the latest iPhone, which uses an expensive backplane based on another form of silicon transistor called low-temperature polysilicon. Metal oxide transistor arrays are less expensive to make and provide the necessary performance. Sharp might be able to offer a very good performance alternative to the retina display at a lower price, says Semenza.

Volume manufacturing of metal oxide backplanes could also be a boon for richly colored, energy-efficient organic light-emitting diode displays (OLEDs). These displays have been incorporated into some mobile devices and small high-end televisions, but they tend to be expensive. Part of the problem is that they can't be made with conventional backplanes: the high currents needed for these devices burn out amorphous-silicon transistors. So, OLED makers have been using the expensive polysilicon backplanes. Replacing those with metal oxide backplanes could make OLEDs more competitive.

Other qualities of metal oxides will be attractive in future display technologies, says HP's Hoffman. Every layer in a display tends to absorb some light and decrease overall efficiency and brightness. But metal oxides are transparent, so displays with these backplanes should get more light out and operate more efficiently. Hoffman expects this to be a particular advantage in reflective displays. HP is working on a flexible display that integrates a metal oxide backplane with a full-color reflective display.

Read More

Putting Location-Based Ads to Work

Ads targeted to a person's location are an advertiser's dream.
The reality is more complicated.

The spread of smart phones that track their owners' precise location seems like a wonderful development for advertisers. These devices could enable completely new kinds of digital marketing that make ads more relevant, meaningful, and effective. At the Location Based Marketing Summit, held last week in New York City, experts discussed the promise--and teething problems--facing this new section of the advertising industry.

Search engines already use positioning information from smart phones to deliver search results--and search ads--that are more relevant to a person's location. And location-based games, such as Foursquare and SCVNGR, which let users "check in" or perform other activities at locations to earn points or rewards, could enable new ways of reaching customers. These companies can make deals with local businesses to show users special offers when they are nearby.

According to a March 2010 survey conducted by the Mobile Marketing Association, 10 percent of all cell-phone users access location-based services at least once a week, and about 50 percent of those people have clicked on a location-based ad, or interacted with it in some other way.

Some early results suggest that location-based marketing could be every bit as effective as the industry dreams. A survey conducted in May 2010 by Placecast, a location-based advertising company based in San Francisco, found that 80 percent of consumers who have opted in to use a location-based service were receptive to being contacted by companies with offers based on their location. Placecast's data suggests that one-third of those who use location-based services have entered a store in response to a mobile ad, and 27 percent have been influenced to buy something.

Placecast's CEO Alistair Goodman notes, however, that the type of product being offered and its cost can have a huge impact on how effective a mobile ad is. For example, 33 percent of Placecast's survey respondents expressed interest in getting offers related to fashion and beauty, but 50 percent were interested in restaurant promotions.

Big brands such as Starbucks and Charmin are already exploring location-focused phone apps. Charmin has created an application that locates public bathrooms and lets users rate how clean and well-maintained they are. But experts at the New York event note that it's hard to determine whether many apps actually influence consumers' buying decisions.

Jed Rice, vice president of market development for Boston-based Skyhook Wireless, which provides location information, says it's important to find ways to measure the effects of these and other campaigns. Rice says that location-based services have a lot to offer small local businesses, which can make sure their ads are going to customers who are close enough to actually act on them. However, he says big brands are needed for the industry to take off.

In order to capture big brands' interest beyond throwaway experiments, Rice says, it's important to be able to analyze campaigns effectively. For example, even when a location-based ad campaign isn't likely to cause an impulse buy, services will need to show that the advertising was useful. He estimates it will take at least another year before businesses discover ways to measure the effectiveness of location-based ads.

Goodman noted that small businesses can watch for changes in foot traffic, but large businesses might have more trouble measuring how a campaign is affecting sales. Products such as Coca-Cola or Pringles are already being purchased by many consumers in many locations, and location-based services will need to find ways to demonstrate the value of adding the element of location to the companies' national marketing campaigns.

Andrew Turner, chief technology officer of Arlington, Virginia-based Fortius One, which offers a Web-based location analysis platform, says other types of information might make location-based advertising more effective and measurable. His company's software tracks how fast a person is moving. If she is going at walking speed, this might suggest she's open to receiving suggestions of things to look at in the area. But if she's traveling at driving speed, it's much less likely that an ad targeted to her location will be effective.

Read More

Using Wi-Fi for Navigating the Great Indoors

A phone can locate you indoors to within a few paces by
combining Wi-Fi signals and the jolt of your footsteps.

The arrival of GPS receivers in cell phones led to a boom in location-based apps and services—everything from maps that show you where you are, to new kinds of social networking. But step inside a building and GPS often fails. Now a startup has technology that enables devices to know their position inside a building to within a few steps, and it hopes this could lead to a second wave of indoor location-aware services.

WiFiSLAM, which publically demonstrated its technology for the first time last week, enables a phone to work out its position by combining the "fingerprint" of nearby Wi-Fi networks with information taken from a device's accelerometers and compass. The company was founded by students from Stanford University, with the aid of the university's StartX accelerator program for startups.

Mobile devices already use Wi-Fi networks to refine outdoor GPS fixes by accessing databases maintained by companies including Skyhook and Google, created by driving around "sniffing" for wireless networks. However this technology can today only allow accuracy of 10 meters at best and is primarily aimed at outdoor use.

The technology is typically accurate to within a "couple of steps" of your current location, says Anand Atreya, cofounder of WiFiSLAM: "This accuracy will change how you interact with indoor environments." The technology could aid with navigation inside large and complex buildings such as hospitals or airports, he says, adding that app developers will likely find more imaginative uses, too.

"Think about going to the supermarket," says Atreya. "We can provide information relevant to the product right in front of you." Another possibility is allowing users to find the nearest store clerk, as long as that person is also being tracked.

When a gadget using WiFiSLAM wants to know its location, it analyzes the signal strengths and unique IDs of all the Wi-Fi networks around it. That is matched against a reference data set for the area either accessed over the Internet, or stored on the device. The estimate of location can be sharpened if a gadget moves slightly, because WiFiSLAM's algorithms can gather multiple fingerprints. Compass data and accelerometer signals capturing a person's footsteps are also used to refine the accuracy of subsequent location fixes as a person moves around. 

WiFiSLAM needs similar data to be gathered in advance inside a particular building before it can offer location fixes. A person running another special app must walk around a building a few times, entering every room at least once. Algorithms originally developed for robot navigation process the changing pattern of Wi-Fi fingerprints and footsteps to re-create the path the person covered. That trace is then manually associated with a map of the place so that WiFiSLAM can tell a user in that environment where they are.

Other technology that uses Wi-Fi to for location sensing relied on expensive additional equipment, says Atreya. "I could walk into your building and have Wi-FI location working within an hour," he says, claiming this will allow WiFiSLAM to be rapidly adopted by many places.

Eladio Martin, a researcher at University of California, Berkeley, is part of a team developing another Wi-Fi-based location app that's accurate to 1.5 meters. Like WiFiSLAM's, Martin's team uses Wi-Fi fingerprinting and needs no equipment other than a cell phone, although it is currently just an academic project.

"Public buildings and especially those related to health care are some of the main candidates for the implementation of this technology," he says. Martin is not familiar with WiFiSLAM's implementation, but says that academic work published by members of the company suggests they could reduce the computational load of calculating traces from Wi-Fi fingerprints, which would make the technology more scalable.

WiFiSLAM plans to deploy the technology in a number of hospitals—including Stanford hospital—as well as shopping malls. The technology will initially take the form of stand-alone apps for navigation, for example, an app provided by a particular mall. However, the technology could eventually be built into apps with more general mapping

Read More

Rise of the Point-and-Click Botnet

In 2005, a Russian hacker group known as UpLevel developed Zeus, a point-and-click program for creating and controlling a network of compromised computer systems, also known as a botnet. Five years of development later, the latest version of this software, which can be downloaded for free and requires very little technical skill to operate, is one of the most popular botnet platforms for spammers, fraudsters, and people who deal in stolen personal information.
Last week, the security firm NetWitness, based in Herndon, VA, released a report highlighting the kind of havoc the software can wreak. It documents a Zeus botnet that controlled nearly 75,000 computers in more than 2,400 organizations, including the drug producer Merck, the network equipment maker Juniper Networks, and the Hollywood studio Paramount Pictures. Over four weeks, the software was used to steal more than 68,000 log-in credentials, including thousands of Facebook log-ins and Yahoo e-mail log-ins.
"They had compromised systems inside both companies and government agencies," says Alex Cox, a principal analyst at NetWitness.
A survey conducted by another security firm--Atlanta-based Damballa--found Zeus-controlled programs to be the second most common inside corporate networks in 2009. Damballa tracked more than 200 Zeus-based botnets in enterprise networks. The largest single botnet controlled using the Zeus platform consisted of 600,000 compromised computers.
The Zeus software is less important for its conquests than for its high regard among cybercriminals. "Zeus is incredibly popular with people that want to tinker and start their own small business, if you will," says Gunter Ollman, vice president of research for Damballa.
A group of four or five developers started working on Zeus in 2005. The following year they released the first version of the program, a basic Trojan designed to hide on an infected system and steal information. In 2007, the group came out with a more modular version, which allowed other underground developers to create plug-ins to add to its functionality.
The latest Zeus platform allows users to build custom malicious software to infect target systems, manage a far-flung network of compromised machines, and use the resulting botnet for illegal gain. The construction kit contains a program for building the bot software and Web scripts for creating and hosting a central command-and-control server.
Independent developers have created compatible "exploit packs" capable of infecting victims' systems using vulnerabilities in the operating system or browser. Other developers focus on creating plug-in software to help would-be cybercriminals make money from a Zeus botnet. Some add-ons focus on phishing attacks--delivering the images and Web pages needed to create fraudulent banking sites, for example. Other add-ons give bot operators the tools to create spam campaigns. "There is a whole cottage industry around creating add-ons for Zeus," says Don Jackson, a security researcher with the Counter Threat Unit at SecureWorks, a company based in Atlanta
The availability of the source code for Zeus has attracted many developers, says Jackson. Online miscreants looking to control their own botnet start with Zeus, because it is simple to use, he says, while the add-ons and extensions satisfy more sophisticated users. "It's very easy to use right out of the gate," Jackson says. "But when you add the advanced functionality that costs thousands of dollars, then it becomes a tool for advanced operators."
Even the basic Zeus kits include obfuscation techniques to help escape detection by antivirus software and other security measures. In one experiment, consultant Alex Heid of Information Security Services found that only about half of antivirus software detected a known Zeus payload. After employing some simple techniques for masking the code, the detection rate dropped even further, to 10 percent. "The cybercrime technologies are advancing faster than the security technologies," Heid says.
Once Zeus has compromised a system, it gives the user no sign that it's there, according to Jackson. "What does Zeus look like when it infects your computer? Well, stare at your computer now, and that's what it looks like," Jackson says. "It's designed to do its job and do it successfully and do it silently."
While both Damballa and NetWitness sell technologies and services for detecting compromises on corporate networks, they do not provide software for end users.
"Most enterprises that we work with have a large number of users, so they basically give up on defending their computers," Ollmann says. "You make the best attempt with antivirus and firewalls, but they accept that some percentage of their systems are going to be infected, so they focus on detecting and rebuilding the (compromised) systems rather than defending against all threats."
Cox adds that focusing on the communications between infected systems and a command-and-control server is usually the best way to catch infections. "Understanding what normalcy looks like on your network so you can pinpoint abnormality is what is really important in the current threat environment," he says. "Don't trust only your existing security controls, and get eyes on your network."

Read More

Most Malware Tied to 'Pay-Per-Install' Market

A shadowy industry lets spammers and other
cybercriminals pay their way into your computer.

New research suggests that the majority of personal computers infected with malicious software may have arrived at that state thanks to a bustling underground market that matches criminal gangs who pay for malware installations with enterprising hackers looking to sell access to compromised PCs.
Pay-per-install (PPI) services are advertised on shadowy underground Web forums. Clients submit their malware—a spambot, fake antivirus software, or password-stealing Trojan—to the PPI service, which in turn charges rates from $7 to $180 per thousand successful installations, depending on the requested geographic location of the desired victims.
The PPI services also attract entrepreneurial malware distributors, or "affiliates," hackers who are tasked with figuring out how to install the malware on victims' machines. Typical installation schemes involve uploading tainted programs to public file-sharing networks; hacking legitimate websites in order to automatically download the files onto visitors; and quietly running the programs on PCs they have already compromised. Affiliates are credited only for successful installations, via a unique and static affiliate code stitched into the installer programs and communicated back to the PPI service after each install.
In a new paper researchers from the University of California, Berkeley, and the Madrid Institute for Advanced Studies in Software Development Technologies describe infiltrating four competing PPI services in August 2010, by surreptitiously hijacking multiple affiliate accounts. The team built an automated system to regularly download the installers being pushed by the different PPI services.
The researchers analyzed more than one million installers offered by PPI services. That analysis led to a startling discovery: Of the world's top 20 types of malware, 12 employed PPI services to buy infections.

"Going into this study, I didn't appreciate that PPI is potentially the number one vector for badness out there," said Vern Paxson, associate professor of electrical engineering and computer sciences at UC Berkeley. "We have a sense now that botnets potentially are worth millions [of dollars] per year, because they provide a means for miscreants to outsource the global dissemination of their malware."

The researchers set out to map the geographic distribution of malware being pushed by these services, so they devised an automated way to download installers. They used services such as Amazon's EC2 cloud computing platform, and "Tor," a free service that lets users communicate anonymously by routing their connections through multiple computers around the world, to trick the pay-per-install program into thinking requests were coming from locations around the globe.
The system classified the collected malware by type of network traffic each sample generated when run on a test system. The researchers said they took precautions to prevent affiliate accounts from being credited with the test installations.

The analysis of the PPI services indicates that they most frequently target PCs in Europe and the United States. These regions are wealthier than most others, and offer affiliates the highest per-install rates.
But the researchers surmise that there are factors beyond price that may influence a PPI client's choice of country. For example, a spambot such as Rustock requires little more than a unique Internet address to send spam, whereas fake antivirus software relies on the victim to make a credit card or bank payment, and thus may need to support multiple languages or purchasing methods.
The team also found that PPI programs almost always installed bots that engage infected systems in a variety of "click fraud" schemes, involving fraudulent or automated clicks on ads to falsely generate ad revenue.

One unexpected finding may help explain why PCs infected with one type of malware often quickly become bogged down with multiple infections: Downloaders that are part of one scheme often fetch downloaders from another. In other words, affiliates from one PPI service themselves sometimes act as clients of other services. Consequently, many of the installers pushed by affiliates will overwhelm recipient PCs with many types of malicious software.

"We speculate that some of these multi-PPI-service affiliates are arbitrageurs, trying to take advantage of pricing differentials between the (higher) install rates paid to the affiliates of one service for some geographical region versus the (lower) install rates charged to clients of another PPI service," the researchers wrote.

This dynamic lends an inherent conflict of interest to the PPI market that hurts both clients and affiliates: The more installations an affiliate provides, the larger the payment received. But the more malware is installed, the greater the likelihood that the owner of an infected system will notice a problem and take steps to eradicate the malware.

PPI services have ominous implications for coordinated efforts to shut down botnets. In recent months, security researchers, Internet service providers, and law enforcement agencies have worked together to dismantle some of the world's biggest botnets. In March, for example, Microsoft teamed with security firms to cripple the Rustock botnet, long one of the most active spam botnets on the planet.

The Berkeley researchers argue that even if defenders can clean up a botnet—by hijacking its control servers and even remotely disinfecting PCs—the controller of that botnet can rebuild it by making modest payments to one or more PPI services.
"In today's market, the entire process costs pennies per target host—cheap enough for botmasters to simply rebuild their ranks from scratch in the face of defenders launching extensive, energetic takedown efforts," the researchers wrote.

Read More

A New Kind of Smart-Phone Connection

Several smart-phone manufacturers are developing plans to launch U.S. handsets that can connect to other devices when tapped together, or act as electronic wallets by instantly paying for goods when waved over a reader.

The technology to make this possible--Near Field Communications (NFC)--is a step beyond the contactless radio-frequency identification (RFID) technology used in many transit systems or security access cards for buildings. NFC uses the same high-frequency radio waves as RFID and can make a connection over a distance of up to around 10 meters. It is also compatible with existing RFID systems. But NFC devices can both send and receive data--something that will enable many new applications when coupled with the computational power of a smart phone.

"I think 2011 will be the inflection point for NFC--that's when we should see volume availability of handsets in the U.S.," said Didier Serra, founder of Inside Contactless, which makes chips and software for NFC devices, at the CTIA Enterprise & Applications meeting in San Francisco. Shipping a product with NFC hardware in large volumes takes a company around 18 months, he said and "the work started around nine months ago." he said.

Small-scale trials have already taken place in various U.S. cities in recent years. In late 2007, Sprint handed out Samsung NFC phones in San Francisco that allowed people to use transit and make payments in stores; Visa is now running trials in New York and Los Angeles, among other cities, of a gadget made by DeviceFidelity that slides into a smart phone's memory slot to give it NFC capabilities.

Nokia, the world's largest phone manufacturer, announced in June that all of its smart phones would gain NFC capabilities in 2011; Samsung has been testing handsets for some time, and Apple is widely rumored to be preparing an iPhone with NFC.

Apple could have an advantage over other handset makers, said Avivah Litan, a Gartner analyst specializing in banking and payments technology. She recently coauthored a report on the possible strategy of the Cupertino, California, company's move into contactless payments. "Apple already has a closed system of its own in iTunes that can act as a money transmitter," said Litan. "They don't want to become a bank--the way you get money into your iTunes account may be through your credit or debit card or a bank account--but they would handle the payment." Litan said she expects the firm to unveil an NFC-packing iPhone next year, citing a suite of relevant patents filed by the company and recent hires who have relevant experience.

All future NFC phones should be compatible with existing contactless payment and transport systems introduced by banks and others, for example, those used on transit systems in Boston and Los Angeles, and at 7-11 and Office Depot stores. But that infrastructure isn't pervasive enough to make that the main selling point of contactless handsets, said Serra.

"NFC enables more than just payments," he said. "Think about being able to exchange information by tapping your device against someone else's." He expects manufacturers to initially pitch the technology as a way to connect a phone with another handset and device--for example, making it possible to tap a Bluetooth headset to a phone to have the two instantly pair.

"I think people will see a lot of value in that," said Mohamed Awad of the NFC Forum, an industry body that has created specifications for NFC. "You can just tap a handset on a printer or laptop and it just connects. It's so natural." Although NFC can be used to transfer data at up to 424 kilobits per second--perhaps enough to transfer a document for printing, said Awad--it works best as a "helper" for setting up a higher-bandwidth Bluetooth or Wi-Fi connection.

The NFC Forum is already working on certifying the first wave of NFC devices for the U.S. market, according to Awad. "We've got a batch of products coming through today," he said.

However, as Serra points out, smart-phone manufacturers and carriers are now heavily dependent on third-party developers. "For NFC to be successful, the industry has to be app-centric and allow creative developers to provide ideas and apps that users want," he said. Social networking apps that enable people to exchange information or play games using NFC are one possible example, and this could play an important role in making the technology popular, he said.

However, consumers will also have to feel assured that NFC is safe, said Jean-Louis Carrara of the security firm Gemalto, which makes chips for smart cards and SIM cards. "People will be interested in the security of their phones, their personal information, and their payment data," he said, adding that NFC will likely make smart phones even more attractive to hackers. "Malware is rising on smart phones already," he notes.

Read More

New System Swaps the Cash Register for an iPhone

Square, a new startup based in San Francisco and headed by Twitter cofounder Jack Dorsey, opened its doors amid much hype and fanfare last week. But some experts are already questioning whether the company will be able to sustain itself.

The startup hopes to make it make it big by allowing virtually anyone to accept credit card payments by connecting a simple reader to a mobile device. Dorsey, Square's CEO, envisions the technology being used by small businesses, street vendors, and even individuals who want to sell a couch on Craigslist or collect money from a friend.

However, some experts question whether the device will find a niche in the mobile payments market and say the startup will face a challenge trying to win consumer confidence with such a novel approach. "In retrospect, PayPal's biggest innovation was putting together a system to protect both their users and themselves against fraud," says Charles Kahn, a professor of finance at the University of Illinois at Urbana-Champaign. "Before a system like this has any effect on consumer behavior it will have to convince consumers that their cards are protected."

To take a payment with Square, a user swipes a credit card's magnetic stripe through a small reading device that plugs into a phone's audio jack. The reader is currently compatible with the iPhone, but Square is working on versions for Android and Blackberry phones. Dorsey says the device communicates through the audio jack because it's cheaper to manufacture that way and because it should allow Square's technology to work on a wider variety of mobile devices. After the card is swiped, the user submits his signature using the touchscreen. And if the user chooses to enter an e-mail address, the system will send an electronic receipt.

Only the person who is receiving payment needs to have an account with Square, and the company hasn't yet set a pricing structure. But Dorsey says the pricing will allow for different levels of customer involvement. Someone who wants to use the service once for a yard sale should be able to get started easily and cheaply, while a small business might upgrade to a more full-featured version of Square.

"The credit card stack is quite complicated," Dorsey says. "We tried to find a simplest path to the parties who really need to be involved. We're taking a lot of the upfront cost away from the process."

Dorsey notes that Square uses encrypted protocols to send transaction information, and doesn't store card information on the seller's device. The device is subject to the same regulations as any other payment system.

By creating a Square account, payers can obtain extra features, too, Dorsey says. For example, a user can arrange to receive a text message every time his credit card is charged using Square. Or he can upload a picture that will display to the seller whenever the user's credit card is swiped. "We put a big focus on how to get the payer involved in managing security," Dorsey says.

Still, some experts are skeptical of Square's prospects. Jon Paisner, a senior analyst at Yankee Group who studies mobile transactions, says the need to plug in an extra piece of hardware to use Square might prevent people from adopting it. Paisner also worries that the device won't be sturdy enough in the long-term, and that audio jacks may not stand up to this kind of unintended use.

Paisner thinks there is potential for payments via mobile phones to take off in the United States and United Kingdom, but he thinks near-field wireless communication technology, which would allow users to make payments by tapping a phone against a reader, is more promising.

Mark Beccue, a senior analyst at Abi Research who studies consumer mobile technology, also has reservations. "What puzzles me is, what market we are addressing here?" he says. "I saw a video of using [Square] in a coffee shop and thought, 'Don't they have a cash register?' " Beccue concedes that the product may work for certain niches, such as markets or art fairs, but he doesn't think it has mainstream appeal. He suggests that most small businesses will prefer traditional point-of-sale systems for managing credit cards, and that ATMs are convenient enough that individuals aren't likely to turn to Square to pay each other.

Pilot tests of Square are being conducted in San Francisco, Los Angeles, New York, and St. Louis. Dorsey says the company hopes to open to the public in early 2010.

Read More

Google Wallet: Who'll Buy In?

Google announced an app and a number of partnerships that could help it become a key gatekeeper in mobile electronic payments—a space that many expect to boom over the next few years.

Google Wallet, announced today at an event in New York, is a app that lets users tap their smart-phone in stores to pay for purchases using near-field communication (NFC) technology—but only after they've entered their credit or debit card details. A related product called Google Offers will let users send coupons to their virtual wallets, via a Google search, for instance, or an advertising billboard using NFC.

Ubiquitous and increasingly sophisticated smart phones make mobile payments possible, and many companies are vying to play a role in the development of the underlying technology. Last November, AT&T, Verizon, and T-Mobile announced a similar mobile payments platform called Isis, and recently they revealed plans to partner with Visa and MasterCard.

Several startup companies are also jostling for a place in the market. Among them is Square, which provides technology that lets smart phones take credit-card payments. Apple, meanwhile, is rumored to be working on a NFC payments system for the iPhone that could be tied to users' iTunes accounts.

"Your phone will be your wallet. Just tap, pay, and save," said Stephanie Tilenius, Google's vice president of commerce, at the New York announcement.

Google has partnered with a number of major retailers, as well as Citibank, MasterCard, and the merchant processing service First Data in field tests, beginning today, and plans to release the product this summer in San Francisco and New York. Retail partners include Macy's, Subway, Walgreens, Toys"R"Us, Noah's Bagels, Peet's Coffee & Tea, Foot Locker, The Container Store, and American Eagle Outfitters.

One problem for Google could be a lack of suitable devices. Currently, there is just one Android device with NFC technology built in: the Nexus S, and only those devices running on Sprint's network will be compatible. Sprint plans to release several other NFC-equipped Android phones later this year.

Bill Maurer, professor of anthropology and law at the University of California, Irvine, who studies payments systems, says there may also be cultural and behavior hurdles. "It's really just a very different way of paying, and we have lots of ways of paying that work just

Alistair Newton, a research vice president at Gartner Research who researches mobile payment systems, points out that there is little customer and retailer demand for mobile payment systems, and there have been few success stories so far. Many have tried to implement NFC swipe-as-you-go payments in the past, he notes, particularly in Asia and Europe, with little success.

"This Google application is really going to be a supplementary payment utility for those consumers who chose to use it," he says. He also suspects that many people won't want to try it because "people are inherently quite conservative about money."

Another obstacle will be convincing retailers to buy new point-of-sale terminals to read the NFC phones. While some retailers have already signed on to accept Google Wallet, it may not be enough. "For this thing to really scale and be accepted everywhere, every merchant is going to need a new point-of-sale system that can read NFC, and that's a really big commitment," says Maurer.

But he believe Google may succeed where others have failed if NFC becomes widespread on smart phones, and if the company can encourage developers to create apps that use the technology—an app that lets restaurant customers split a bill, for example.

Newton believes Google Offers could also be vital to the strategy. "The one area where we see the mobile payments working is where you see a convergence between mobile payments and loyalty and coupon [programs]," he says.

"I think there's a strong and robust future for mobile payments, but it isn't going to happen overnight, and it isn't going to be for everyone," he adds.

Read More

Device Tracks How You're Sleeping

If you had asked me this morning how many times I woke up last night, I would have guessed four or five. But according to the Zeo, a new gadget that monitors a person's sleep, it was a disturbing 15 times. I'm also getting considerably less sleep than I thought, averaging about six to seven hours rather than the seven to eight hours I had always estimated.

The Zeo Personal Sleep Coach, developed by a startup headquartered in Newton, MA, is the first at-home device that allows people to track their sleep cycles over time. With a simple headband recording system, the device represents a neat feat of engineering. And it certainly seems to tap into an interest--everyone I told about the Zeo wanted to test it out, a testament to our obsession with sleep, or lack thereof. It's not yet clear that it will truly help users improve their sleep, but it may present a new opportunity in sleep research, allowing scientists to track normal variability in sleep much more cheaply and on a broader scale than before.

In essence, the Zeo is a highly simplified and automated version of the technology used to assess patients in sleep labs. (The company is careful to point out, however, that the Zeo is not a medical device and cannot diagnose sleep disorders.) While sleeping, users wear a sensor-laden headband that measures electrical activity in the brain. That data is wirelessly transmitted to a display unit like an alarm clock that sits next to the bed. In the morning, the display unit gives a summary of the previous night's sleep, including how long a user slept, how many times she woke up, and the amount of time she spent in the various stages of sleep. A small memory card within the display unit stores the data, which can then be transferred to a computer and uploaded to a website that tracks the user's sleep trends and offers advice for improving sleep.

"I see it more like an assessment, such as a blood-pressure monitor or weight scale, to monitor your physiology," says Phyllis Zee, a sleep scientist at Northwestern University in Chicago, who is also a scientific advisor to the company. "Sleep is really the next vital sign."

A growing pile of research emphasizes the crucial importance of sleep, linking it to everything from memory to obesity. A typical night's sleep involves a repetitive cycle of light sleep followed by deep- or slow-wave sleep followed by REM (rapid eye movement) sleep--the time when we dream. These phases keep repeating, with the duration of each cycle shortening as the night progresses. "The duration of these cycles and the number of cycles are indications of sleep quality," says Michael Twery, director of the National Center on Sleep Disorders Research, part of the National Institutes of Health in Bethesda, MD.

While the company won't divulge specific details on its technology, the biggest innovation lies in the Zeo's sensor and the algorithm used to process the information it records. In sleep labs, brain-wave activity is recorded via a number of electrodes attached to the scalp, a technique known as electroencephalography (EEG). Because this approach is highly susceptible to noise, the electrodes are placed in precise spots for optimal recording, and a conducting gel is usually smeared between the electrodes and the skin to improve the signal. Researchers at Zeo have developed a novel technology using dry, silver-coated fabric electrodes that sit on the forehead (typically not considered a great spot for recording EEG activity).

An algorithm that was developed using neural-network analysis processes the messy electrical information recorded by the sensor and automatically determines the wearer's stage of sleep. (In a sleep lab, a technician watches the activity in real time, regularly scoring the patient's stage of sleep.) "The algorithm is designed to mimic what an expert sleep scorer would report," says John Shambroom, Zeo's vice president of research. A comparison of the Zeo to traditional, technician-scored polysomnography--EEG and other measures used in a sleep lab--found that both performed similarly in healthy people, he says.

 

My own pattern of sleep seems to be slightly off-kilter. I get plenty of REM sleep--about 25 percent--but not enough deep sleep--about 10 percent, rather than the average 20 percent. Deep- or slow-wave sleep--the stage of sleep that is most difficult to wake from--has been linked to some types of memory, and a recent study suggests that lack of deep sleep can affect insulin sensitivity, a risk factor for type 2 diabetes.

An evening beer didn't seem to have any effect on my sleep patterns, but a benzodiazepine sleeping pill did. As predicted by previous research, it dropped my slow-wave sleep percentage further, to about 5 percent. "Sleep is much more active and dynamic than people perceive," says Shambroom. "This allows you to understand your personal sensitivity to caffeine and alcohol." (As a highly caffeine-sensitive person, I didn't risk a late afternoon latte, even for the sake of science.)

What exactly this means for me is unclear. I'll probably stay away from that kind of sleeping pill. But the experts I spoke with were hesitant to comment on what my broader sleep patterns meant for my overall health, probably because the purpose of different types of sleep--indeed, the purpose of sleep in general--is still hotly contested. (There are few ways to increase slow-wave sleep specifically; increasing body temperature prior to the sleep cycle is one.) Most of the advice from Zeo centers on well-known recommendations for "sleep hygiene," such as avoiding caffeine, alcohol, and stimulating activities right before going to sleep. (Disclaimer: I used the device only for a few nights, not long enough to test the online coaching program that comes with it. This program sends users e-mails with advice based on their individual sleep data.) "Really, the litmus test is how you feel during the day," says Northwestern's Zee.

As noted earlier, Zeo emphasizes that the device is not intended to be used as a medical device. It cannot, for example, diagnose sleep apnea, the most common sleep disorder, or disturbances such as periodic limb movements and seizures during sleep. But some worry that this warning might not be heeded. "If you have conventional insomnia, the Zeo would be fine," says Jerome Siegel, director of the sleep research lab at the University of California, Los Angeles. "It would confirm you have insomnia and provide a way of quantifying and validating your sleep patterns as you do the conventional things to treat it." But the more general issue, he says, "is that people who have the most severe sleep disorders won't detect [them] with this device and then they may not go to their physician to be diagnosed."

Siegel and others, however, are interested in the Zeo's potential as a research tool. While sleep scientists have investigated numerous aspects of sleep--including the effects of drugs, age, and diseases such as depression--these studies are enormously expensive (a night in a sleep lab costs about $1,000). A relatively cheap home-use device would allow researchers to look at the variability of normal sleep patterns in a much larger number of people. "It's simple to use, practical, and it can be monitored on a daily basis," says Zee. "That has been a limitation in the field--recording sleep day after day."

While a sleep lab generates much more detailed information, the Zeo might provide a way to study normative sleep patterns, such as variation with the season, adds Siegel. "It's extremely interesting," he says. "All sorts of things that would have been prohibitively expensive now become quite practical."

Read More

A Nightshirt to Monitor

What if your pajamas could tell you how well you slept? That's the dream of startup Nyx Devices, which has developed a nightshirt embedded with fabric electronics to monitor the wearer's breathing patterns. A small chip worn in a pocket of the shirt processes that data to determine the phase of sleep, such as REM sleep (when we dream), light sleep, or deep sleep.

"It has no adhesive and doesn't need any special setup to wear," says Matt Bianchi, a sleep neurologist at Massachusetts General Hospital and co-inventor of the shirt with Carson Darling, Pablo Bello, and Thomas Lipoma. "It's very easy—you just slip it on at night," says Bianchi, who has no formal role with Nyx Devices.

When people with sleep disorders spend the night in a sleep lab, they are hooked up to a complex array of sensors that monitor brain activity, muscle activity, eye movement, and heart and breathing rate. Nyx's Somnus shirt dramatically simplifies this by focusing only on respiration. "It turns out that you can tell if someone is awake or asleep and which stage of sleep they are in purely based on breathing pattern," says Bianchi. "That's a much easier signal to analyze than electrical activity from the brain."

During REM sleep, the respiratory pattern is irregular, with differences in the size of breaths and the spacing between them. Breathing during deep sleep follows an ordered pattern, "like a sine wave," says Bianchi. "And the breath-to-breath differences are very small." The lighter stages of non-REM sleep fall somewhere in between. "The motivation behind the shirt is to allow repeated measurements over time in the home," he adds. Users can log their habits, such as coffee or alcohol intake, exercise, or stress, and look for patterns in how those variables affect their quality of sleep.

Analyzing sleep stages based on respiration is still considered experimental. But Bianchi is now testing the device on patients who come to his sleep clinic who are also assessed using standard technology, known as polysomnography. The team will soon begin home tests of the shirts to further validate its use outside of the lab. The company hopes to have a commercial product available by summer of 2012 for less than $100.

The shirt is part of a growing number of devices that people can use to monitor sleep at home. The simplest, including an iPhone app, use accelerometers to measure movement, giving a rough gauge of when people fall asleep and wake up. A more sophisticated consumer device that monitors electrical activity from the brain and muscles, called the Zeo, came on the market two years ago.

VIDEO

While Nyx envisions the shirt as a consumer product, Bianchi wants to use it for his patients. Bianchi's previous research has shown that people with insomnia often underestimate how much they sleep, so he wants to determine whether giving them an objective way to measure sleep will help them reassess their condition and improve quality of sleep. "It will be a game changer for my clinical practice," he says. "There are zero objective tools available to physicians to assess insomnia."

Read More

Salty Solution for Energy Generation

The difference in salinity between freshwater and saltwater holds promise as a large source of renewable energy. Energy is required to desalinate water, and running the process in reverse can generate energy. Now a novel approach based on a conventional battery design that uses nanomaterials could provide a way to harvest that energy economically.  

The new device, developed by researchers at Stanford University, consists of an electrode that attracts positive sodium ions and one that attracts negative chlorine ions. When the electrodes are immersed in saltwater, they draw sodium and chlorine ions from the water, and the movement of the ions creates an electrical current. The electrodes are recharged by draining the saltwater, replacing it with freshwater, and applying a relatively low-voltage electrical current, which draws the ions back out of the electrodes. When the freshwater is drained, the electrodes are ready to attract more ions from the next batch of saltwater. 

"It is the opposite process of water desalination, where you put in energy and try to generate freshwater and more concentrated saltwater," says Yi Cui, a materials science and engineering professor at Stanford University and the study's lead author. "Here you start with freshwater and concentrated saltwater, and then you generate energy."

Cui's group converted to electricity 74 percent of the potential energy that exists between saltwater and freshwater, with no decline in performance over 100 cycles. Placing the electrodes closer together, Cui says, could allow the battery to achieve 85 percent efficiency. 

A power plant using this technology would be based near a river delta where freshwater meets the sea. Drawing 50 cubic meters of river water per second, Cui says, a power plant could produce up to 100 megawatts of power. He calculates that if all of the freshwater from all of the world's coastal rivers were harnessed, his salinity-gradient process could generate 2 terawatts, or approximately 13 percent of the energy currently used around the world.

Such wide-scale use, however, would seriously disturb sensitive aquatic environments. "I think you would only be able to utilize a very small fraction of this or it would be an ecological disaster," says Menachem Elimelech, director of the Environmental Engineering Program at Yale University. Elimelech says it would be necessary to pretreat the water to remove suspended material including living organisms. Such processing would require energy, add costs, and itself seriously disturb the ecosystem if done on a large scale.

Prior efforts to harvest energy from the salinity differential between saltwater and freshwater have focused primarily on a process known as pressure-retarded osmosis. In this approach, freshwater and saltwater are housed in separate chambers, which are divided by an artificial membrane. The higher salinity of the saltwater draws freshwater through the membrane, increasing the pressure on the saltwater side. The pressurized water is then used to drive a turbine and generate electricity.

Norwegian electric company Statkraft is currently testing pressure-retarded osmosis at a pilot plant outside Oslo and also working to develop more efficient and durable membranes. Statkraft officials say their goal is to convert 80 percent of the available chemical energy to electricity. Cui says he doubts that the approach will be able to exceed an efficiency of 40 percent. "Efficiency-wise we are certainly much better," he says.

To achieve high efficiency, Cui's group used manganese-dioxide nanorods for its battery's positive electrode. The material gives the sodium ions roughly 100 times more surface area to interact with than conventional electrode materials do. And the nanostructure allows the ions to quickly attach and detach from the electrode, making the entire battery more efficient.

Cui's team used a silver electrode to bond with the negatively charged chlorine ions. Silver, however, is prohibitively expensive for large-scale deployments, and it's also toxic, capable of causing environmental harm if it dissolves into the water being cycled through the battery. Cui says his group is looking for a substitute, but an alternative may be hard to find.

Read More

Tapping Quantum Effects for Software that Learns

In a bid to enable computers to learn faster, defense company Lockheed Martin has bought a system that uses quantum mechanics to process digital data. It paid $10 million to startup D-Wave Systems for the computer and support using it. D-Wave claims this to be the first ever sale of a quantum computing system.

The new system, called the D-Wave One, is not significantly more capable than a conventional computer. But it could be a step on the road to fuller implementations of quantum computing, which theoreticians have shown could easily solve problems that are impossible for other computers, such as defeating encryption systems by solving mathematical problems at incredible speed.

In a throwback to the days when computers were the size of rooms, the system bought by Lockheed, called the D-Wave One, occupies 100 square feet. Rather than acting as a stand-alone computer, it operates as a specialized helper to a conventional computer running software that learns from past data and makes predictions about future events. The defense company says it intends to use the new purchase to aid identification of bugs in products that are complex combinations of software and hardware. The goal is to reduce cost overruns caused by unforeseen technical problems with such systems, Lockheed spokesperson Thad Madden says. Such challenges were partly behind the recent news that the company's F-35 strike fighter is more than 20 percent over budget.

At the heart of the D-Wave One is a processor made up of 128 qubits—short for quantum bits—which use magnetic fields to represent a single 1 or 0 of digital data at any time and can also exploit quantum mechanics to attain a state of "superposition" that represents both at once. When qubits in superposition states work together, they can work with exponentially more data than the equivalent number of regular bits.

Those qubits take the form of metal loops rich in niobium, a material that becomes a superconductor at very low temperatures and is more commonly used as the magnets inside MRI scanners. The qubits are linked by structures called couplers, also made from superconducting niobium alloy, which can control the extent to which adjacent magnetic fields, representing qubits, affect one another. Performing a calculation involves using magnetic fields to set the states of qubits and couplers, waiting a short time, and then reading out the final values from the qubits.

D-Wave's machine is intended to do one thing better than a conventional computer: finding approximate answers to problems that can only be truly solved by exhaustively trying every possible solution. D-Wave runs a single algorithm, dubbed quantum annealing, which is hard-wired into the machine's physical design, says Geordie Rose, D-Wave's founder and CTO. Data sent to the chip is translated into qubit values and settings for the couplers that connect them. After that, the interlinked qubits go through a series of quantum mechanical changes that result in the solution emerging. "You stuff the problem into the hardware and it acts as a physical proxy for what you're trying to solve," says Rose. "All physical systems want to sink to the lowest energy level, with the most entropy," he explains, "and ours sinks to a state that represents the solution."

"You stuff the problem into the hardware and it acts as a physical proxy for what you're trying to solve," says Rose.

Although exotic, this hardware is intended to be used by software engineers who know nothing of quantum mechanics. A set of straightforward protocols—dubbed APIs for application programming interface—make it easy to push data to the D-Wave system in a standard format.

"You send in your problem and then get back a much more accurate result than you would on a conventional computer," says Rose. He says tests have shown software using the D-Wave system can learn things like how to recognize particular objects in photos up to 9 percent more accurately than a conventional alternative. Rose predicts that the gap will rapidly widen as programmers learn to optimize their code for the way D-Wave's technology behaves.

Google has been experimenting with D-Wave's technology for several years as a way to speed up software that can interpret photos. The company's software engineers use it as a kind of cloud service, accessing a system at D-Wave's Vancouver headquarters over the Internet. In 2009, the company published papers showing that using the quantum system outperformed conventional software running in a Google data center.

Allan Snavelly at San Diego Supercomputer Center has used conventional versions of the algorithms like those that are built into D-Wave's system. He says that the kind of "needle in a haystack" problems they are designed for are important in computer science. "These are problems where you know the right answer when you see it, but finding it among all the exponential space of possibilities is difficult," he says. Being able to experiment with the new system using conventional software tools will be tempting to programmers, says Snavelly. "It's intriguing to consider the possibilities—I would like to get my hands on one."

D-Wave's technology has been dogged by controversy during the 12 years it has been in development, with quantum computing researchers questioning whether the company's technology truly is exploiting quantum effects. A paper published in the science journalNature on May 12 went some way to addressing those concerns, reporting that the behavior of one of the eight-qubit tiles that make up the D-Wave One is better explained by a mathematical model assuming quantum effects at work than by one assuming only classical physics was involved.

However, the experiment did not show the results of running a computation on the hardware, leaving doubt in the minds of many quantum computing experts. Rose says the technology definitely uses quantum effects, but that to programmers only one thing really matters. "Compared to the conventional ways, you get a piece of software that is much

 

Read More

U.S. Aims Missiles at Hackers

The Pentagon will soon release a strategy that formalizes a long-articulated position: the United States reserves the right to launch conventional attacks in response to the cyber kind. But figuring out who is behind such attacks may be difficult, or impossible.

"To say that cyberattacks can be acts of war, and that they can be met by kinetic responses, simply confirms a longstanding Department of Defense consensus," says Stewart Baker, a lawyer who was policy chief at the Department of Homeland Security for part of the Bush administration. "Neither of those statements make a strategy, however."

Baker adds that the threat "is much less effective than we'd like, because we largely lack the ability to identify who is attacking us in cyberspace. Until we solve that problem, we might as well claim that we'll respond to cyberattacks by blowing horns until our attackers' fortifications all fall down and their ships all sink." 

This problem is illustrated by the famous recent cyberattack involving Stuxnet—a computer worm that damaged Iran's nuclear centrifuges last year.

The Stuxnet worm was a highly sophisticated piece of code that specifically attacked Siemens control systems, causing centrifuges to self-destruct. It leveraged four separate and previously unknown holes in Windows software. And it took care not to damage computers themselves, or other systems.

This technical sophistication, extreme specificity, and lack of other discernible payoff are suggestive of a state-sponsored effort. Many published reports suggest involvement by U.S. and Israeli agents. But as Eric Sterner, a fellow at the George C. Marshall Institute,argued last year, a defender could say a competitor to Siemens might have launched the worm, or that intelligence agencies could have let it loose simply to study its propagation.

If something similar were to infect and disable a U.S. nuclear facility or military network, and the United States wanted to strike back, it would be difficult to know whom to strike. However, "we should recognize that perfect attribution is not required," says Charles Barry, a Vietnam-era combat veteran and a senior research fellow at the National Defense University's Institute for National Strategic Studies in Washington, D.C. "We didn't check to see that the Japanese fleet was acting on orders fr

In addition to the unsolved attribution problem, Barry says that military planners face challenges in determining what sort of cyberattack "constitutes an act of war." The Pentagon's new cyberwar strategy is expected to declare, in part, that computer attacks on military networks, or attacks that pose hazards to civilians, such as damage to air-traffic control systems or power grids, could be treated as akin to conventional aggression.

Some of these issues will be taken up next week, when military planners and others gather for the annual NATO cyberwar conference in Tallinn, Estonia. That nation was itself the victim of a famous cyberattack in 2007 that highlighted some of the new challenges. The attack commenced after the Estonian government, ignoring protests by Russia, moved a bronze statue of a Soviet soldier that had been installed to commemorate World War II dead.

Soon after, attackers based mainly in Russia launched denial-of-service campaigns against government, media, and telecom Web targets in Estonia, paralyzing them for weeks. The Russian government denied orchestrating the event, attributing it to "patriotic hackers."

If such an event happens again, and it results in loss of life or damage to military systems, the victim nation will need to decide whether to believe such national claims of innocence—or, if it doesn't believe those claims, whether to punish a state for the sins of its citizens.

Meanwhile, there is no agreement within or outside of NATO on how a cyberconflict should play out—including to what extent allies should step in. A NATO report chaired by Madeleine Albright last fall noted that large-scale attacks on NATO infrastructure could lead to defensive measures by all members.

The United States created a unified Cyber Command in 2010 to both defend national networks and plan its own cyberattacks if needed. Almost exactly one year ago, General Keith Alexander, who heads the Cyber Command and also directs the National Security Agency, called for global rules of engagement for cyberwar. The forthcoming Pentagon report will be a step toward defining those rules, but it may do little to clarify who's playing the game.

om Tokyo before declaring war on Japan

Read More