Glasgow & West Scotland

Light particles deployed in fight against online crime

Online banking
Image caption Online crime cost the UK retail sector £205m in 2011/2012

Scientists in Scotland have developed a system that uses light particles to safeguard electronic transactions.

At present, online shopping, banking and voting are protected using digital signatures based on mathematical formulae, which can be cracked.

The new approach uses photons to create "quantum digital signatures" which it is claimed "ensures authenticity".

Findings from teams at Strathclyde and Heriot-Watt Universities are published in the journal Nature Communications.

The value of online retail sales in the UK last year was estimated to be between £25bn and £50bn.

'Virus attacks'

The cost of electronic crime for the UK retail sector in the financial year 2011/2012 was estimated to be £205m.

As criminals become more sophisticated in targeting transactions, organisations are being forced to look at new ways to protect themselves and customers from hacking, data theft and fraud.

Physicists at Heriot-Watt University in Edinburgh, and Strathclyde University in Glasgow, say they have used particles of light - photons - to create a new way of verifying electronic transactions.

Professor Gerald Buller, from Heriot-Watt University, said: "Computer virus attacks have shown that signatures or specific codes can be hijacked, potentially causing chaos with systems being crippled, accounts hacked, and industry and consumers losing millions of pounds.

"Our new approach, using quantum mechanics rather than just maths to create signatures for multiple recipients (or customers), could make hacking, fraud and theft near-impossible."

The Heriot-Watt and Strathclyde teams say a quantum-based signature means "a malevolent third party" cannot fake a signed message which is being sent to multiple recipients.

'Authentic signature'

The system works when a sender writes the signature with encoded light particles and sends it to the receiver.

The receiver cannot yet read the signature but can be sure it received an authentic signature.

To confirm a message is authentic and to also read it, the receiver then has to receive both the message (the signature) and additional information required to decipher it.

Once multiple receivers confirm that they have received identical signatures, only then does the sender provide the additional information required to read the signature.

The research teams say this process takes place without customers having to do anything differently to current security methods.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites