Paying public passenger transport tickets with a smartphone becomes increasingly popular. But is it secure? (Photo: Gabi Zachmann/KIT)
No matter whether payment of the public passenger transport ticket is made via a smartphone app or whether a prepaid card is used for the public swimming pool or a bonus card for the supermarket: Many people already open their “electronic purses” every day. However, most of them are not aware of the fact that by doing so, they largely lose privacy. Researchers of Karlsruhe Institute of Technology (KIT) have developed a secure and anonymous system for daily use. It will be presented at the ACM CCS 2017 conference in the USA.
Computer scientist Andy Rupp, member of the “Cryptography and Security” working group of KIT, is always surprised about lacking problem awareness: “I observed that only few users are aware of the fact that by using such bonus or payment systems they disclose in detail how and what they consume or which routes they have taken.” To prevent manipulation of the accounts by dishonest users, customer data and account balances of payment and bonus systems are usually administrated with the help of a central database. In every payment transaction, the customer is identified and the details of her/his transaction are transmitted to the central database. This repeated identification process produces a data trace that might be misused by the provider or third parties.
The new “BBA+“ protocol makes electronic payment secure and confidential. (Photo: Gabi Zachmann/KIT)
The cryptography expert did not want to resign himself to this apparent conflict of privacy and security. Together with Gunnar Hartung and Matthias Nagel of KIT and Max Hoffmann of Ruhr-Universität Bochum, he has now presented the basics of an “electronic purse” that works anonymously, but prevents misuse at the same time. The “black-box accumulation plus” (BBA+) protocol developed by them transfers all necessary account data to the card used or the smartphone and guarantees their confidentiality with the help of cryptographic methods. At the same time, BBA+ offers security guarantees for the operator of the bonus or payment system: The protocol guarantees a correct account balance and is mathematically constructed such that the identity of the user is disclosed as soon as the attempt is made to pay with a manipulated account.
The new protocol is a further development of an anonymous bonus card system that was also designed by the KIT research group. For collecting and redeeming points, however, it required an internet connection to prevent misuse. “Our new protocol guarantees privacy and security for customers during offline operation as well,” Andy Rupp says. “This is needed for ensuring the payment system’s suitability for daily use. Think of a subway turnstile or a toll bridge. There you may have no internet connection at all or it is very slow.” Also its high efficiency makes the protocol suited for everyday use: During first test runs, researchers executed payments within about one second.
Learn more: Secure Payment without Leaving a Trace
The Latest on: Secure payment without a trace
[google_news title=”” keyword=”secure payment without a trace” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
- Here’s a Clear Roadmap for Knowledge and Skills to Becoming a Blockchain Experton September 28, 2023 at 6:03 pm
Blockchain technology, a groundbreaking innovation, has transcended its origins as the foundation of cryptocurrencies to become a transformative force across various industries. Its significance lies ...
- The top money transfer apps for sending money between friends, family and small businesseson September 26, 2023 at 9:33 am
By signing up for a money transfer app, you are, in essence, making it possible for anyone to send you a digital payment without viewing any of your secure account information, just your user ID ...
- What Is a Money Order?on September 24, 2023 at 4:51 pm
Like a personal check, it can be deposited or cashed for the face value, minus any fees, and then used just like any other form of payment. Unlike a personal ... Since money orders are easy to track ...
- These dumb people are proof that the customer isn't always righton September 18, 2023 at 3:25 pm
He paid by credit card, and I explained to him how to sign the touchscreen for the payment to go through ... and you have to tell the guest that it is at three o'clock without a trace of sarcasm or ...
- Why that call from the Sheriff’s Department might just be a phone scamon September 17, 2023 at 12:19 pm
Kurt "CyberGuy" Knutsson explains how to keep yourself safe from scammers that are cold calling victims and posing as deputies to trick people into paying money.
- What Is A Contactless Credit Card?on September 15, 2023 at 4:17 pm
Is the technology secure ... able to fraudulently obtain your payment information, it would be difficult if not impossible to complete a contactless payment without the card or your other info.
- Eight years ago, Crystal Rogers vanished without a trace. Now an arrest has been made in her caseon September 9, 2023 at 11:50 am
Crystal Rogers’ boyfriend was named a suspect in the case in 2015 Brooks Houck in a booking photo dated 3 November 2022, when he was arrested for non-payment of court costs, fees or fines.
- What is a balloon mortgage? (2023)on January 28, 2022 at 8:48 am
For some buyers, balloon mortgages can help them secure a home loan at a lower ... ahead and decide how you will repay the balloon payment without derailing your finances. A blanket mortgage ...
via Google News and Bing News
