Paying public passenger transport tickets with a smartphone becomes increasingly popular. But is it secure? (Photo: Gabi Zachmann/KIT)
No matter whether payment of the public passenger transport ticket is made via a smartphone app or whether a prepaid card is used for the public swimming pool or a bonus card for the supermarket: Many people already open their “electronic purses” every day. However, most of them are not aware of the fact that by doing so, they largely lose privacy. Researchers of Karlsruhe Institute of Technology (KIT) have developed a secure and anonymous system for daily use. It will be presented at the ACM CCS 2017 conference in the USA.
Computer scientist Andy Rupp, member of the “Cryptography and Security” working group of KIT, is always surprised about lacking problem awareness: “I observed that only few users are aware of the fact that by using such bonus or payment systems they disclose in detail how and what they consume or which routes they have taken.” To prevent manipulation of the accounts by dishonest users, customer data and account balances of payment and bonus systems are usually administrated with the help of a central database. In every payment transaction, the customer is identified and the details of her/his transaction are transmitted to the central database. This repeated identification process produces a data trace that might be misused by the provider or third parties.
The new “BBA+“ protocol makes electronic payment secure and confidential. (Photo: Gabi Zachmann/KIT)
The cryptography expert did not want to resign himself to this apparent conflict of privacy and security. Together with Gunnar Hartung and Matthias Nagel of KIT and Max Hoffmann of Ruhr-Universität Bochum, he has now presented the basics of an “electronic purse” that works anonymously, but prevents misuse at the same time. The “black-box accumulation plus” (BBA+) protocol developed by them transfers all necessary account data to the card used or the smartphone and guarantees their confidentiality with the help of cryptographic methods. At the same time, BBA+ offers security guarantees for the operator of the bonus or payment system: The protocol guarantees a correct account balance and is mathematically constructed such that the identity of the user is disclosed as soon as the attempt is made to pay with a manipulated account.
The new protocol is a further development of an anonymous bonus card system that was also designed by the KIT research group. For collecting and redeeming points, however, it required an internet connection to prevent misuse. “Our new protocol guarantees privacy and security for customers during offline operation as well,” Andy Rupp says. “This is needed for ensuring the payment system’s suitability for daily use. Think of a subway turnstile or a toll bridge. There you may have no internet connection at all or it is very slow.” Also its high efficiency makes the protocol suited for everyday use: During first test runs, researchers executed payments within about one second.
Learn more: Secure Payment without Leaving a Trace
The Latest on: Secure payment without a trace
- Live news: UK introduces 25% energy windfall tax after months of indecisionon May 26, 2022 at 4:45 am
The UK chancellor has said the government will provide “significant targeted support” for millions of the most vulnerable people in a package worth £15bn. Rishi Sunak told the House of Commons on ...
- Uaboi: Contactless Payment Will Increase Transaction, Reduce Fraudon May 25, 2022 at 7:54 pm
there will be no trust and without trust, people will not be confident to patronise certain goods and services. Visa takes deliberate and conscious effort to ensure that the payment infrastructure ...
- George Floyd’s death spurred promises to support Black-owned businesses. Two years later, was it all talk?on May 25, 2022 at 1:03 pm
It took the shockwaves from George Floyd’s murder in May 2020 to make that happen — an outcome about which Lampley has deeply mixed feelings. “I would not have gone that fast without him,” she said.
- The Story of an Untold Loveon May 24, 2022 at 6:43 pm
The wealth of mind he gave to us tells the story of how he must have neglected his office in favor of his library. Yet though this preference might have made him a poor man, I cannot think his studies ...
- American Finances From 1789 to 1835on May 24, 2022 at 3:09 pm
How we may best manage and most speedily pay off our great public debt will practically be the vital question in American politics for a long time to come. Every year its importance is, through the ...
- The Digital Payment Boom: How We Can Uphold Safe Online Commerceon May 24, 2022 at 4:00 am
With the boom of the internet and the payments industry continuing to grow, we must all pay attention to emerging trends and regulations to stay safe and competitive.
- Hidden holiday scams that could prove costly ahead of summer getawayon May 23, 2022 at 2:12 am
Fraudsters have been taking advantage of the rush to getaway with a variety of cons designed to fleece holidaymakers out of their cash ...
- Easy Data-Driven Approaches To Bolster Cryptocurrency Securityon May 21, 2022 at 11:10 am
You might think that all you need to protect your cryptocurrency funds is a VPN or a good offline wallet. However, these aren’t enough to secure your cryptocurrency funds. To protect yourself from ...
- The Best Hookup Sites for Casual Sex and Adult Datingon May 19, 2022 at 5:00 pm
On top of that, the 1-hour time limit means that you can advertise yourself for 1 hour and then disappear completely without a trace left over ... and even a LIFETIME SUBSCRIPTION for a one-off ...
- A Beginner’s Guide to Payment Processingon May 18, 2022 at 11:07 am
Payment processing is an integral part of any online business. Learn the basics of payment processing to ensure smooth and secure payment transactions ... transfers and electronic payments between ...
via Google News and Bing News