Researchers in the Netherlands have found what they say is a way to make it impossible for criminals to forge passports, ID cards or credit cards.
P.W.H Pinkse and colleagues at the University of Twente developed a method for authenticating documents that solves two of the biggest problems with preventing attackers from forging documents. And they did so by using principles derived from quantum physics. (In a very oversimplified nutshell, quantum physics involves the study of matter and energy so small that the physical laws that govern larger objects do not apply to them.)
Proving your identity at a bank or to a government official usually requires one of two things: either something you have, such as a license or a passport, or something you know, such as a password or code.
The problem with codes is that they can be hacked, as evidenced by the data breaches at banks and retailers, such as Home Depot, Kmart and Target. The problem with passports and IDs, and even many credit cards, is that they can be physically copied by forgers.
Cards, IDs and electronic car keys play a game of "question and answer" in order to prove they are authentic. An ATM or other reader uses light patterns to ask a series of questions the card or key then "answers." If criminals can read and copy the information on a card or key, or if they can intercept these light patterns, they can mimic the authentication process and break into a bank account, for instance.
The model proposed by the researchers, described in the scientific journal Optica on Monday, involves painting a thin white strip of nanoparticles on a new ID card, passport or other document. When the card is issued, a laser fires tiny bundles of light into it, which bounce around like pinballs among the nanoparticles, creating a unique pattern that is all but impossible to copy.
Quantum-Security Authentication, as researchers call it, harnesses a peculiar feature of light that makes it totally different from other methods: In its "quantum" state, light can be in several places at once in a way that is impossible for us to observe. If an ATM or a reading machine were to send a bundle of "quantum" light into the paint, the reflected pattern would appear to have more information than it should, confusing a would-be attacker.
"It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts," said Pinkse, in a report released along with the study. "It's impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls."
The downside to this is that a passport, ID or credit card protected by quantum security could still be stolen and used. That is why Pinkse envisions that the method will likely be used in combination with others, such as biometrics.
The technology needed to implement this new method is already available and relatively cheap. It is also so difficult to hack, it does not need any secret information such as a code or pin, Pinkse said. Information about cards could be stored in a public database, and hackers still would not be able to replicate the process needed to break into them.
"On my iPad, for example, my kids knew my pass code for several weeks before I knew they had figured it out," Pinkse told CNBC. "While this is slightly embarrassing, it does show that 'secret' information cannot be guaranteed."
Correction: An earlier version of this story misidentified the retailers that had experienced a data breach.