Enabling secure m_commerce via novel ICmetric authentication
Lead Participant:
METRARC LIMITED
Abstract
The fundamental challenge in allowing m_commerce systems to develop and become established is one of ensuring trust and security within the m_commerce transaction process. The technical challenges associated with communication have been addressed but significant problems remain in establishing the identity both of a smartphone engaged in an m_commerce transaction and establishing the provenance of the service with which it is interacting. Without addressing both these issues to a satisfactory degree, widespread adoption of m_commerce will be hindered.
This project will investigate the feasibility of employing novel secure systems techniques for deriving encryption keys from the operating characteristics of smartphones and associated web services, with which they wish to interact in order to significantly enhance the trust and provenance associated with the interaction and address the issues highlighted above. As the adoption of digital technologies expands, it becomes vital to allow use of such services efficiently from diverse locations. However, it is imperative to ensuring their integrity and authenticity. Metrarc have developed a highly novel technology for deriving encryption keys directly from the operating characteristics of digital systems, a technology termed ICmetrics. The use of ICmetric authentication is now increasingly being seen as a means of regulating access to sensitive services and providing a suitable means of establishing trust with devices based at remote locations. This proposal aims to build upon the highly significant results displayed by Metrarc's existing technology and adapt it for operation for m_commerce transactions in order to determine their authenticity and increase user trust in their provenance. The proposed system will:-
• Assign unique digital signatures to both smartphones and remote based web services services based on unique features derived from their operating characteristics.
• Such features may equally serve to produce encryption keys for secure communications with the significant advantage that their (private) keys never require any storage.
• Increase confidence that sensitive remote services have not been produced fraudulently and that the smartphone initiating the transaction has not been cloned or otherwise tampered with.
• Not explicitly store any information regarding the operating characteristics of the phone or service, which removes the significant Achilles’ heel of existing systems, in that compromised access to template data regarding the operating characteristics of a service or smartphone will potentially compromise all transactions relating to their operation.
This project will investigate the feasibility of employing novel secure systems techniques for deriving encryption keys from the operating characteristics of smartphones and associated web services, with which they wish to interact in order to significantly enhance the trust and provenance associated with the interaction and address the issues highlighted above. As the adoption of digital technologies expands, it becomes vital to allow use of such services efficiently from diverse locations. However, it is imperative to ensuring their integrity and authenticity. Metrarc have developed a highly novel technology for deriving encryption keys directly from the operating characteristics of digital systems, a technology termed ICmetrics. The use of ICmetric authentication is now increasingly being seen as a means of regulating access to sensitive services and providing a suitable means of establishing trust with devices based at remote locations. This proposal aims to build upon the highly significant results displayed by Metrarc's existing technology and adapt it for operation for m_commerce transactions in order to determine their authenticity and increase user trust in their provenance. The proposed system will:-
• Assign unique digital signatures to both smartphones and remote based web services services based on unique features derived from their operating characteristics.
• Such features may equally serve to produce encryption keys for secure communications with the significant advantage that their (private) keys never require any storage.
• Increase confidence that sensitive remote services have not been produced fraudulently and that the smartphone initiating the transaction has not been cloned or otherwise tampered with.
• Not explicitly store any information regarding the operating characteristics of the phone or service, which removes the significant Achilles’ heel of existing systems, in that compromised access to template data regarding the operating characteristics of a service or smartphone will potentially compromise all transactions relating to their operation.
Lead Participant | Project Cost | Grant Offer |
|---|---|---|
| METRARC LIMITED | £49,352 | £ 49,352 |
Participant |
||
| VERIFIABLE CREDENTIALS LIMITED | ||
| INNOVATE UK |
People |
ORCID iD |
| Gareth Howells (Project Manager) |