Light could soon build a brick wall between credit cards and hackers, as a fraud-proof authentication technique can keep credit cards and the identities associated with them secure. The technique — quantum-secure authentication (QSA), developed by a team from the University of Twente — has experimentally been shown to confirm the identity of any person or object, including debit and credit cards, even if essential information has been stolen. Using light, the researchers created a secure question-and-answer authentication exchange that cannot be copied. The quantum properties of photons allow them to be in multiple locations simultaneously to convey these authentication processes, such as those used to authorize credit card transactions. Light is used to establish a secure authentication exchange that cannot be copied. Courtesy of University of Twente. “Single photons of light have very special properties that seem to defy normal behavior,” said professor Dr. Pepijn W.H. Pinkse. “When properly harnessed, they can encode information in such a way that prevents attackers from determining what the information is.” The new technique works by transmitting a small, specific number of photons onto a specially prepared surface on a credit card and then observing the pattern they create. “The key is authenticated by illuminating it with a light pulse containing fewer photons than spatial degrees of freedom and verifying the spatial shape of the reflected light,” the researchers wrote in the study. Attempts by a hacker to observe the authentication exchange would collapse the quantum nature of the light and destroy the information being transmitted. Real-world application of the method would involve equipping credit cards with a paper-thin section of white paint that contains millions of nanoparticles. Using a laser, individual photons would be projected into the paint, where they would bounce around the nanoparticles until they escaped back to the surface, creating the pattern used to authenticate the card. “It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts,” Pinkse said. “It’s impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls. If you tried to observe them falling, it would disrupt the entire system.” Unlike conventional security methods, “QSA does not depend on secrecy of stored data, does not depend on unproven mathematical assumptions, and is straightforward to implement with current technology,” according to the study. In addition to credit and debit cards, it could also be used to protect government buildings, banks, identification cards or vehicles. The work was funded by the Foundation for Fundamental Research on Matter, the STW Technology Foundation, the European Union and the Netherlands Organization for Scientific Research. The research was published in Optica (doi: 10.1364/optica.1.000421). For more information, visit www.utwente.nl.