Privacy and authentication

Mobile communications are driving improved benefits for consumers across many sectors, but these services can pose challenges in terms of preserving privacy.


Our work on privacy and authentication aims to build protection mechanisms into emerging technology in the rail and automotive transport sectors.

DICE (Data to Improve the Customer Experience)

DICE is aimed at developing the technology which will enable rail travellers to enjoy a personalised experience while preserving their privacy.

A key objective of the project is to design Consumer- Oriented Data Provenance (CODP), which will both enable users to track how their data is being used and empower them by providing a contract validation service – giving them reassurance that a contract signed to give access to their data is being honoured.

The project also aims to provide data privacy while data is being aggregated and disseminated between different rail industry partners.

  • Budget: £962,000
  • Funding body: EPSRC
  • Centre lead: Dr Helen Treharne
  • Partners: Royal Holloway University of London, University of Loughborough, University of Southampton
  • Timeframe: 2016-2019.

Distributed multi-factor web authentication

  • Budget: £115,000
  • Funding body: GCHQ PhD
  • Centre lead: Dr Mark Manulis
  • Timeframe: 2018-21.

Improving customer experience while ensuring data privacy for intelligent mobility

The proposed research applies computer science solutions to an end-user-focussed challenge. The challenge is how to achieve an enhanced customer experience during a journey, through detailed knowledge of an individual traveller, whilst protecting the privacy of their data. As well as developing technical solutions to data privacy, this project aims to encourage passengers to provide this data by developing an evaluation framework to enhance their understanding of how it is used and how they can control it, thus maximising trust in the service. Currently, such a framework does not exist and this is an impediment to the opportunities offered by increased sharing of personal data, i.e. transport customers are, in the majority, unwilling to share personal data due to privacy concerns. The research findings will be applicable to a range of journey modes but the focus here will be on rail travel.

The project has been developed closely with the rail industry through partnership with the Association of Train Operating Companies (ATOC) and the Rail Safety and Standards Board (RSSB). In recent years, the availability of data in the rail industry has increased significantly in terms of timetabling, disruption and real-time provision to passengers. Currently there is little in the way of individual customer information but this is increasingly possible through smartphones and other mobile devices and will become more prevalent with the introduction of smart cards and contactless technologies. The industry's Rail Technical Strategy aims to establish rail as customers' preferred form of transport for reliability, ease of use and perceived value. Increased understanding of passengers through information such as their location, their plans, their mobility or luggage limitations, or where they are on the train would enable a more personalised service and an improved experience. The challenge is to assure customers that their data is being protected and used appropriately and that they are fully in control.

The consortium assembled for this project brings together the three academic disciplines required to solve this challenge: computer science, to develop the framework and technical solutions (University of Surrey and Royal Holloway, University of London); human factors, to develop the use cases, evaluate passenger perceptions and ensure usable solutions (Loughborough University) and transport systems to bring understanding of the data streams to be integrated (University of Southampton). To ensure the solutions are co-created with the industry and have a direct pathway to impact, ATOC and RSSB have a key role as stakeholders and on the project's External Advisory board, alongside other sector experts such as EnableID (Internet of Things and personal data), the Transport Systems Catapult (the UK government's innovation centre for intelligent mobility knowledge exchange) and ThalesUK (rail technology).

The objective is to develop a privacy evaluation framework underpinned by statistical analysis, data provenance and mobile technology. This framework will be integrated with emerging data systems being developed by the rail industry and also into a wider (sector-independent) framework being proposed by the Digital Catapult (the UK government's innovation centre for digital technologies). This will enable better communication to passengers as to why their data is needed and how it will be handled in order to increase trust and feelings of control, thus providing a virtuous circle of data provision, leading to enhanced customer experience and hence further data provision. 

Past projects

The OJPA project aimed to ease the daily frustrations of travelling on public transport by developing a virtual assistant based on artificial intelligence (including machine learning, evolutionary computation and decision control).

Unlike current route recommendation apps, the OJPA product learns the individual needs of passengers and seamlessly offers real-time alternative routes, including on-demand taxi services, in the likely event that a delay happens. Customers will be able to make their needs known via a chatbot (on WIFI) – whether they want to find out the speed or price of a journey, or need to find a seat or access a power source on a train.

The end product – an online app – has an AI engine developed at Surrey at its core and is being trialled by Govia Thameslink Railway on the Gatwick Express. In the future, the app may be extended to take into account real-time information on security incidents or natural disasters, while data privacy and GDPR will provide a further interesting challenge.

  • Budget: £230,000
  • Funding body: Innovate UK
  • Centre lead: Dr Sotiris Moschoyiannis
  • Partners: CommuterHive, Snapout, ManagePlaces, Govia Thameslink Railway (GTR)
  • Timeframe: November 2017 – October 2018.

This is a small research grant for purchasing a high-end eye-tracker and conducting some preliminary user studies on some eye-tracking experiments in different cyber security and privacy applications.

Contact us

Find us

Secure Systems Research Group
University of Surrey