MENU

Payment protocol combines security and anonymity

Payment protocol combines security and anonymity

Technology News |
By Christoph Hammerschmidt



Above all, it is the lack of awareness of the problem that astonishes computer scientist Andy Rupp from the KIT’s Cryptography and Security Working Group: “I observed that very few users are aware of the fact that they disclose in detail how and what they consume or what they are doing.” Because to prevent manipulation of their accounts by dishonest users, the customer’s identity is disclosed with each payment transaction and the details of his transaction are communicated to the central database. This repeated identification procedure leads to a “data track” which could be abused by the provider or third parties. 

In order to put an end to this obvious contradiction between privacy and security and to develop a secure alternative, the cryptography expert, together with fellow researchers Gunnar Hartung and Matthias Nagel from the KIT and Max Hoffmann from the Ruhr-Universität Bochum, presented the basics of an “electronic purse” that functions anonymously but at the same time prevents misuse. The “black-box accumulation plus” (BBA+) protocol they developed shifts all necessary account information to the card or smartphone used and uses cryptographic methods to guarantee its confidentiality. At the same time, BBA+ also offers security guarantees for the operator of the bonus or payment system: The protocol guarantees the correct account balance and is mathematically designed in such a way that the identity of a user is revealed as soon as an attempt is made to pay with a manipulated account. 

The new protocol is the further development of an anonymous bonus card system, which was also developed by the same KIT research group. However, with the older protocol it was necessary to ensure an Internet connection when collecting and redeeming points in order to prevent misuse. The new protocol guarantees the privacy and security of customers even in offline mode. This is important for the suitability of a payment system for everyday use – at many payment points, such as subway turnstiles or toll bridges, there is no or only a slow Internet connection. The impressive speed of the new protocol also makes it suitable for everyday use: during initial test runs, the researchers were able to process payments in about one second. 

More information: https://homepage.ruhr-uni-bochum.de/andy.rupp/papers/bbap_ccs17.pdf

If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :    eeNews on Google News

Share:

Linked Articles
10s