New quantum device could make contactless payment transactions more secure
A prototype gadget that sends secret keys to encrypt information passed from a mobile device to a payment terminal, could help to answer public concerns around the security of contactless and wireless transactions, a new Oxford University collaboration has found.
In partnership with Nokia and Bay Photonics, Oxford University researchers from the Department of Physics, have devised an innovative system for transmitting quantum keys that can detect hackers evesdropping and ensure data security.
Despite being a leader in the digital world, and mobile payments available on everything from petrol, to parking and café transactions, UK consumers have been slower than expected in using smartphone apps to pay for purchases. Citing safety concerns and fear of theft as the main reason for their insecurity.
While many technologies use encryption to make connections more secure, none have been able to detect eavesdropping. Quantum technology uses millions of single particles of light to send encryption keys. The protocol can detect unusual activities such as eavesdropping, and then shuts down the communication to prevent further hacking.
The prototype system uses movable mirrors and ultrafast LEDs to send a secret pin-code at a rate of more than 30 kilobytes per second, over a distance of 0.5 metres. Made up from a series of overlapping lights, the system contains six pairs of resonant-cavity LEDs, each filtered to a different polarisation and position. Circularly polarised LEDs provide the main key, while the other pairs are used to measure the security of the channel and to correct any errors in the process.
'Contactless and internet payments have become an integral part of our daily lives, but there are still legitimate security concerns around these transactions. With further testing, our research could build consumer trust and make these purchasing options more secure.'
Dr Iris Choi, Technology Associate at Oxford University's Department of Physics
To prevent potential hackers from cracking the code and knowing which light sends which signal, the team created an innovative steering system. The quantum key is long enough to stop hackers from unravelling the key pattern at random. The only way to ensure this protection on a device with such a high data transmission rate is to make sure that the signals go exactly where they are meant to go. However even when someone holds their hand completely still, they still have natural motion in their hand. To counter this, the research team measured exactly how big this movement is, before optimising the design elements of the device’s laser beam-steering system, including the bandwidth and field of view.
The team originally tested their analysis on a handheld prototype, made from a range of off the shelf materials, but Dr Iris Choi, Technology Associate at Oxford University and the paper’s co-author, is confident that the system could be miniaturised, and turned into a practical component for a mobile phone, such as Nokia, who were a partner in the research.
'Contactless and internet payments have become an integral part of our daily lives, but there are still legitimate security concerns around these transactions. With further testing, our research could build consumer trust and make these purchasing options more secure.'
The quantum key distribution system is considered secure because even if someone hacks the code, and attempts to pass it on, the very act of measuring the quantum signal, alters it, and makes it unusable. If used in a mobile device for example, the gadget could allow secure links to near-field communications mobile payment systems and indoor Wi-Fi networks. It could also significantly improve the security of cashpoint withdrawals, and prevent cashpoint skimming attacks, which cost banks billions each year.
Speaking on the unique nature of a quantum system, Choi said: 'When a hacker attempts to tap into the channel it will change the content of the key. We’re not saying this technology can prevent eavesdropping or hacking, but if people do, we know they are there.'