<?xml version="1.0" encoding="UTF-8"?><ns2:project xmlns:ns1="http://gtr.rcuk.ac.uk/gtr/api" xmlns:ns2="http://gtr.rcuk.ac.uk/gtr/api/project" xmlns:ns3="http://gtr.rcuk.ac.uk/gtr/api/fund" xmlns:ns4="http://gtr.rcuk.ac.uk/gtr/api/person" xmlns:ns5="http://gtr.rcuk.ac.uk/gtr/api/project/outcome" xmlns:ns6="http://gtr.rcuk.ac.uk/gtr/api/organisation" ns1:created="2026-06-22T07:57:45Z" ns1:href="http://gtr.ukri.org/gtr/api/projects/1672D3B9-28E4-4B49-9524-4B56CEBC8EDC" ns1:id="1672D3B9-28E4-4B49-9524-4B56CEBC8EDC"><ns1:links><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/persons/2340DD61-6717-4811-851D-F5713EDC3E6A" ns1:rel="PM_PER"/><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/organisations/386FC0BA-2D1A-48D9-A781-95733B8B2450" ns1:rel="LEAD_ORG"/><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/organisations/386FC0BA-2D1A-48D9-A781-95733B8B2450" ns1:rel="PARTICIPANT_ORG"/><ns1:link ns1:end="2015-03-30T23:00:00Z" ns1:href="http://gtr.ukri.org/gtr/api/funds/DB952650-9CB8-4989-8F70-AC5A2793C537" ns1:rel="FUND" ns1:start="2014-02-01T00:00:00Z"/></ns1:links><ns2:identifiers><ns2:identifier ns2:type="RCUK">972187</ns2:identifier></ns2:identifiers><ns2:title>Crystal Key - An Unforgeable Unclonable Personal Verification System</ns2:title><ns2:status>Closed</ns2:status><ns2:grantCategory>Small Business Research Initiative</ns2:grantCategory><ns2:leadFunder>Innovate UK</ns2:leadFunder><ns2:abstractText>Crystal Key -An Unforgeable Unclonable Personal Verification System:

The core of the AlphaFox Systems Ltd project is the further development and launch of a Personal Verification System for mobile phone transactions (‘m-commerce’). It is based on an unclonable (i.e. non-forgeable) and unique physical optical ‘personal identification tag’, called Crystal Key™, that the consumer carries with them locked within a small device on their key-ring, purse, wallet, or similar personal item. The device is the size of a lipstick or key-ring micro-torch and comprises a tag with a randomly-distributed array of ‘crystals’ in it with integrated light source. When verifying personal identity while making an m-commerce transaction, etc., the mobile phone (or tablet) application (‘pictorially’) asks the consumer to hold the Crystal Key™ device up to the phone camera which automatically takes a photograph of the tag within the device and compares the image of the tag’s random 3D crystal array/pattern with that stored on the payment verification database for that consumer. If there is not a match between the two images, then the transaction will be denied. Hence only legitimate transactions can occur.

The Internet and, increasingly, (mobile phone) m-commerce are becoming the driving force behind commerce and retailing, allowing even the smallest and newest of companies to trade internationally. Similarly, an increasing number of consumers carry out transactions on sites that they are not familiar with. This is providing additional opportunities to fraudsters to exploit loopholes in the security and authentication of transactions, identity fraud, etc.: e.g. Is the payment site genuine? Is the payer who they say they are?, etc. It is now essential that transaction systems are able to verify the authenticity of the purchaser and the identity/legitimacy of the vendor.

Modern RFID chips could provide the basis of the tag, but most mobile phones do not contain RFID readers. What is required is a system that exploits a mobile device's current range of sensor technologies, i.e. the camera. AlphaFox uses randomly produced 'photographable' optical features ('tags') that are unique to each user and that cannot be copied. Anyone attempting to copy the 3D features will fail due to the vast number of mathematical variants that are possible (billions). It has already been demonstrated that fingerprint and facial recognition can be spoofed, due to their essentially 2D nature (i.e. photographs can be used to spoof them).

AlphaFox’s Phase 2 project builds on the success of Phase 1, taking it from proof of principle to market launch, and will meet all of the above needs by providing a ‘tag’ locked within a device that is unique to each individual consumer and which can be read using any smart phone, tablet, or webcam camera – and across all mobile platforms. It will be inclusive in that those with a wide range of IT competence including technophobes will be able to use it, as will people of limited dexterity and sightedness, and people from different cultures, since this simple verification step does not involve reading, typing, speaking, remembering, PINs, or use of bank cards. It will empower m-commerce.</ns2:abstractText></ns2:project>