Oxford scientists develop security protocol for m-payments
11 February 2010 | 9857 views | 4
Isis Innovation, the University of Oxford's technology transfer company, is looking for commercial partners to help develop a new cryptographic application for securing person-to-person mobile payment transactions.
The technology has been developed by a team of Oxford University scientists led by professor Bill Roscoe, who specialises in cryptographic protocols and the theory of security.
It uses a system in which the payer checks whether a short numeric code (4-8 digits for most applications) generated within their own phone is the same as the one generated by the payee. This number is random and does not have to be kept secret. This ensures that the customer's mobile is connected to the correct store, or to the mobile of the person they wish to pay.
Payment then occurs without the exchange of sensitive details such as credit card numbers or PIN. It is expected that no hardware modifications to the phones will be needed, and the Oxford team have built demonstration systems to show a variety of uses.
Says Roscoe: "The core of our technology is a new security protocol that enables strong cryptographic keys to be created with the least possible work. The key to the protocol is that it prevents anyone from doing any searching to break into the transaction."
He says that banking industry plans to phase out the use of cheques in the UK by 2018 has heightened the need for secure replacement payment systems.
"A key requirement of new payment systems will be the ability to make payments from person to person, such as paying a builder or a friend," says Roscoe. "What we have is technology which enables anyone to easily create a secure connection between two devices: it can work via Bluetooth, WiFi, the internet or across ordinary telephone or SMS connections.
The next steps are for further demonstrators of the technology to be built and for these to be taken through industry testing. Standards will need to be developed for how the protocols are to be used and how to prevent unauthorised use of the payment features on phones, says Isis which welcomes inquiries from commercial partners interested in being involved in further development.