22 April 2018
visit www.ebaday.com

Oxford scientists develop security protocol for m-payments

11 February 2010  |  9938 views  |  4 Palm pda

Isis Innovation, the University of Oxford's technology transfer company, is looking for commercial partners to help develop a new cryptographic application for securing person-to-person mobile payment transactions.

The technology has been developed by a team of Oxford University scientists led by professor Bill Roscoe, who specialises in cryptographic protocols and the theory of security.

It uses a system in which the payer checks whether a short numeric code (4-8 digits for most applications) generated within their own phone is the same as the one generated by the payee. This number is random and does not have to be kept secret. This ensures that the customer's mobile is connected to the correct store, or to the mobile of the person they wish to pay.

Payment then occurs without the exchange of sensitive details such as credit card numbers or PIN. It is expected that no hardware modifications to the phones will be needed, and the Oxford team have built demonstration systems to show a variety of uses.

Says Roscoe: "The core of our technology is a new security protocol that enables strong cryptographic keys to be created with the least possible work. The key to the protocol is that it prevents anyone from doing any searching to break into the transaction."

He says that banking industry plans to phase out the use of cheques in the UK by 2018 has heightened the need for secure replacement payment systems.

"A key requirement of new payment systems will be the ability to make payments from person to person, such as paying a builder or a friend," says Roscoe. "What we have is technology which enables anyone to easily create a secure connection between two devices: it can work via Bluetooth, WiFi, the internet or across ordinary telephone or SMS connections.

The next steps are for further demonstrators of the technology to be built and for these to be taken through industry testing. Standards will need to be developed for how the protocols are to be used and how to prevent unauthorised use of the payment features on phones, says Isis which welcomes inquiries from commercial partners interested in being involved in further development.

Comments: (4)

Steven Klebe
Steven Klebe - Google - Mountain View | 11 February, 2010, 14:23

The primary flaw that I see in this approach is the statement, "It uses a system in which the payer checks whether a short numeric code (4-8 digits for most applications) generated within their own phone is the same as the one generated by the payee."

The security has to be embedded for mass adoption.  It cannot involve the users, except perhaps for a one-time set up but even that introduces significant friction.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 11 February, 2010, 20:46

Sadly I do agree that anything requiring the users extra awareness and input will ultimately be reliant on the user for its successful operation. However in the case of sensitive communications such as m-payments it is reasonable to assume that the user will exercise a certain amount of caution and effort when making a payment.

The human factor seems to be the inherent point of weakness with almost all security methods, thus we must protect the majority of users from themselves.

My preferred approach to virtual security is through the use of embedded and automated technology that requires little or no human intervention to set-up or use.

I note the statement, "Standards will need to be developed for how the protocols are to be used and how to prevent unauthorised use of the payment features on phones". Isn't this the point of any security method regardless of the protocol in use?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 12 February, 2010, 08:28

My company is interested in becoming a commercial partner. Would appreciate any pointers on who to contact at ISIS Innovation.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
David Abbott
David Abbott - Nourpay - Riyadh | 12 February, 2010, 09:22

I am not going to attempt to debate tech-stuff with ISIS (I am sure its very 'Whizzy'). However I can comment on 'Commercial'...... Commercial, to me, has at least two major meanings, (1) surrounds funding, and (2) focuses on routes to market. ISIS may be looking for (1)  but what they really need is (2).

A business model predicated on paying a mate back £10 or to paying a builder/white van man (dont they always prefer cash in hand?) is going to struggle.... Therefore the trick, for ISIS will be to find the Niches from which they can generate traction and revenues and then emerge into a wider market.  These Niches do exist, generally in the developing world!  So find your route to market first ISIS, tune your product in the Lab, then find funding & delivery partners, you will stand a much better chance of going the distance. Good luck.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sagem to secure Android phone with m-banking friendly fingerprint ID

Sagem to secure Android phone with m-banking friendly fingerprint ID

04 February 2010  |  7749 views  |  0 comments
Gemalto buys mobile authentication firm Valimo

Gemalto buys mobile authentication firm Valimo

03 February 2010  |  7038 views  |  0 comments
Twitter founder Dorsey launches mobile phone credit card reader

Twitter founder Dorsey launches mobile phone credit card reader

02 December 2009  |  20549 views  |  2 comments
NAB ponders voice biometrics for m-banking

NAB ponders voice biometrics for m-banking

26 November 2009  |  16257 views  |  0 comments
Gemalto acquires handheld security firm Trusted Logic

Gemalto acquires handheld security firm Trusted Logic

08 September 2009  |  6702 views  |  0 comments
City University London gets funding to develop m-banking security system

City University London gets funding to develop m-banking security system

10 August 2009  |  5565 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
11 February 2010
Visit http://response.ncr.comVisit http://go.jumio.com/finextraAdvisit www.ebaday.com

Top topics

Most viewed Most shared
Top tier banks pass first transactions on trade finance blockchainTop tier banks pass first transactions on...
11229 views comments | 19 tweets | 26 linkedin
TransferWise becomes first non-bank to open settlement account with BofE RTGSTransferWise becomes first non-bank to ope...
9980 views comments | 18 tweets | 32 linkedin
Revolut launches spare change savings toolRevolut launches spare change savings tool
9871 views comments | 14 tweets | 19 linkedin
Barclays Bank sets up tech venture unitBarclays Bank sets up tech venture unit
9057 views comments | 16 tweets | 22 linkedin
Goldman Sachs acquires PFM startup Clarity MoneyGoldman Sachs acquires PFM startup Clarity...
8468 views comments | 9 tweets | 10 linkedin

Featured job

Basic c. EUR 90K OTE c. EUR 180K plus full bene...
Paris (preferred) or London

Find your next job