t

Computer Science Department HCBK Group
Computer Science Department HCBK Group
Contacts
If you are interested in this new technology, please contact
Brendan Spillane
Isis Innovation Limited
Ewert House
Ewert Place
SummerTown
Oxford
OX2 7SG
Tel:+44(0)1865614423
Fax:+44(0)1865280831
Frequently Asked Questions

  1. Is it safe to run the protocol on an insecure connection/network?

    Yes, it is. The messages of the protocol can be made public to everyone, for example, you could send them by broadcasting, by posting on the internet, etc. It does not increase the chance of success for the hacker to break the security by knowing all the messages of the protocol. This is the key to how we create security so easily.

  2. Are the applications required to be installed on smart phones or high end mobile phones only?

    The applications we have presented are built in Java, and the computation cost of them has been carefully examined and designed. One of the applications is implemented on an 8-bit cheap processor with only 2 Kb of memory and 64 Kb of code space. We are confident that our technology can be implemented on most types of mobile phones with or without Java support.

  3. How can your applications work together with the existing banking system?

    Our technology supports multiple payment models. One of the most interesting of these is to extend the functionality of mobile banking (running internet banking on a phone). In this, the secure channel our technology develops is used to upload payment details (name, amount, bank details etc) from the payee's system to the payer's phone. The payment can then proceed through the banking system using existing methods.

    In addition, the demos you have seen only demonstrate some features of our technology, they do not define how the underlying technology operates, nor are they intended to represent how the final implementations would function or appear. We can prove the flexibility of our technology against any specific requirements.

  4. Are the mobile payment demos EMV (Euro Card, Master Card, and Visa Card) enabled?

    We haven't incorporate those functions into our implementations, but it is clear that EMV could be implemented by providing necessary interfaces on mobile phones, either by applying a card reader, the integrated SIM card or hardwired information within the application.

  5. Your demonstration doesn't show how money is actually transferred. Is the money stored on the phone, come from a credit card, a bank?

    It could be any of these; our technology is highly flexible which could be swiftly adapted against concrete requirements.

  6. Does the application need to use any information that has been stored on the mobile phone?

    No. To bootstrap security, there is no need to store any information or any key on the device. Although there are some keys as part of the cryptography used in the protocol, they are generated on the fly and one time only. However, based on different concrete scenarios (e.g. the use of mobile banking), it could be necessary to use some sort of stored keys or information in order to provide more services in addition to security.

  7. What kind of connection is used to communicate data in the applications?

    We do not rely on any particular technology of communication, therefore, any kind of connection can be used in our applications, for example, Bluetooth, WIFI, GSM, CDMA, GPRS, 3G, etc.

  8. What's the difference between Near Field Communication (NFC) enabled mobile payment system and HCBK enabled mobile payment system?

    HCBK enabled mobile payment system does not rely on any specific kind of technology as it can bootstrap security out from nothing. It can swiftly incorporate new technology like NFC either as the normal connection or one authentication factor. HCBK enabled mobile payment system can be installed on any kind of mobile phones while NFC enabled mobile payment system can only be installed on mobile phones with NFC: a small fragment of the existing market.

  9. What is the value you have seen in the videos that the user has to input on his device?

    It is called digest value, which is calculated by taking all the information that has been communicated in the protocol. It is used to verify the authenticity of the data that has been communicated in the protocol. For more details, please refer to the academic papers we have published.

  10. Is the digest value needed to be made secret or to be encrypted?

    No. The digest value can be made public to everyone, as long as the participants are assured that this value comes from the correct person, for example: by reading it out (recognize the voice), by displaying it directly (seeing is believing), etc.

  11. Where does the security actually come from?

    Please refer to the academic papers listed elsewhere on this website.

  12. I have some requirements for practical implementations; can you provide advice on how to use your technology?

    We can provide further details and, if necessary, consultancy. Such discussions would normally be subject to Non-disclosure agreements. Please contact Brendan Spillane, Isis Innovation Limited, Ewert House, Ewert Place, Summer Town, Oxford, OX2 7SG, Tel:+44(0)1865614423, Fax:+44(0)1865280831.

About This Website
Please note that much of the technology discussed and demonstrated on this site is the subject of international patent applications. Please contact ISIS innovation for details.