Commercialising research has been a key objective for universities for some time. However, planned reductions in third-level funding have served to focus minds on how best to extract value from card and payment technology developed in the academic environment. Paul Golden investigates.

There are two options for commercialising academic research – creating a spin-out company or licensing the technology to a single or multiple customers.

Since the middle of the last decade in particular, the UK government has put substantial funding into commercial resources in the university sector.

Most universities now have at least one member of staff whose primary role is developing spin-outs and working on technology licensing deals.

The most recent data available from the Higher Education Statistics Agency into interaction between higher education and businesses suggests spin-out activity held up remarkably well in the academic year 2008-09, with 191 spin-off companies recorded, compared to 221 in 2007-08 despite the challenging economic climate.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Electronic Payments International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The UK higher education patent portfolio grew, income from the sale of shares in these companies was higher and the number of ventures that had survived three or more years was up 12% from 2007-08.

The commercialisation process earned higher education institutions in the UK in excess of £56m ($91m) during the 2008-09 academic year in income from intellectual property in the form of licensing fees and royalties – an increase of 24% on the previous year.

The challenge over the next few years is to maintain this growth in the face of public sector spending cuts. Back in February 2011, the Higher Education Funding Council for England confirmed university and college funding for research in 2010-11 would be reduced by £27.6m.

On top of this, the amount due to be invested in research during the 2011-12 academic year will be cut by a further £17.4m or just over 1% compared to the current year.

Judging from the responses of the research groups EPI interviewed for this article, current commercialisation thinking is very much in favour of licensing technology rather than creating spin-outs.

Observations made by Keith Mayes, director of Royal Holloway, University of London‘s Smart Card Centre were typical of a number of his peers.

"I feel it is better [for a university] to develop the technology to the point where it can be taken up by a commercial organisation rather than trying to commercialise it through a spin-out company," says Mayes.

In June 2010, Mayes was awarded £50,000 by the PARK commercialisation fund to lead the development of an RFID/smart card attack detector product prototype. The PARK fund provides seed investment into commercial ventures based on college owned IP within seven universities in West and South-West London, known as the WestFocus consortium.

These universities (Brunel, Kingston, Roehampton, Royal Holloway, St George’s University of London, Thames Valley and University of Westminster) initially came together as part of a government-funded knowledge exchange project. After the government funding ceased in 2009 they elected to fund the consortium themselves.

The attack detector prototype demonstrates how RFID cards and similar systems can be protected from attacks by hackers. Royal Holloway’s research and enterprise department assisted with acquiring the funding and patenting the underlying technology.

The Smart Card Centre is a venture between academia and the payments industry, which aims to provide a worldwide centre of excellence for training, research and consultancy in smart cards, tokens, security and applications.

Funders of the centre’s work have included Vodafone and smart card manufacturer Giesecke & Devrient.

Mayes says the funding of the project was down to the realisation that the centre was seen to be carrying out relevant and timely industry supported work coupled with the PARK’s increasing awareness of smart card attacks.

The technology is described as an additional security safeguard that detects issues in real time, which is crucial to operators of access control systems, for example.

"We have showed it to various companies and this process will continue until the middle of this year at least," says Mayes.

"We have had some positive feedback from the companies we have spoken to and they have also raised some interesting issues, such as the need for processes to keep the intelligence up to date.

"This type of feedback gives us areas to act on if we should feel they could improve the commercial potential of the technology."

The university is looking to either license the intellectual property behind the attack detector to a number of companies or sell its IP outright. Deployment could either be as an add-on to an existing system or the incorporation of the technology into an existing product.

The key element, according to Mayes, is finding a company whose strategy fits the technology.

"The University of London owns the IP so it is ultimately up to the university to decide whether it licences or sells it," he says.

"Spinning out a company is not an option that we are exploring. My feeling is that technology should be taken so far and then handed on to commercial companies to develop.

"This is the first research project we have attempted to turn into a commercial product and if it works out favourably we could do more of this."

Across the UK’s capital, a team from the mobile network research (MNR) group at City University London has developed a solution for seamless authentication of mobile users in the mobile web services environment, which is described as being capable of providing greater security to m-commerce applications than currently available systems.

The solution uses smart card authentication, which Dr Raj Muttukrishnan, assistant dean of e-learning at the School of Engineering and Mathematical Sciences, says is more secure and easier to use than username/password systems.

In addition, the technology supports single sign on, which requires user authentication only once while allowing multiple transactions with multiple service providers.

"The overall benefit for service providers is to drive higher volumes of revenue from existing and new customers by offering an efficient, simple and secure service and payment method through the ubiquitous mobile phone," says Muttukrishnan.

"This advanced technology provides the means to improve existing services as well as opening up new markets and differentiating against the competition."

The technology can be applied to any mobile application requiring authentication and payment.

However, the group recognises that as it is required to integrate with other applications, different end-user benefits are derived for different implementations. Given all these considerations, the MNR group decided to target what are considered to be under-exploited vertical markets rather than the huge but complex worldwide mobile payments industry.

"This is a strategy of penetrating a few focused vertical markets and then radiating to wider markets," says Muttukrishnan.

"By doing so, an understanding of end-user applications can be acquired and the value propositions of the technology can be explained. Vertical markets of mobile payments for car parking, road tolls and congestion charges have been chosen as initial commercialisation targets because of early stage adoption of mobile technology, which is proven but under exploited in these areas."

The MNR group believes its secure m-commerce technology is a paradigm shift that offers many benefits in the mobile phone payment sector.

Its objective is to get the technology adopted and exploited by commercial partners, and by doing so the group expects to generate revenue for the university and its partners as well as enhance its reputation as a world class research centre for mobile technology.

According to Muttukrishnan, the question of whether to create a spin-out company to exploit the commercial potential of the technology or to license it to partners is easily answered.

"Firstly, the mobile network research group is a research group within the university without either the manpower or track record of running a spin-out company," he says.

"Secondly, and more importantly, this technology requires commercial partners who have their own end-user applications and would find it attractive to bolt on the secure mobile commerce technology to existing applications.

"The next steps in the commercial process are to find, engage and license the technology to suitable partners in the three target markets outlined above."

There has been a great deal of interest from research groups in security issues relating to financial transactions involving credit and debit cards, particularly technologies that prevent confidential information being acquired fraudulently by third parties.

With increasing use of the internet leading to significant growth in card-not-present fraud, protocols that provide a robust and ultimately secure means of performing financial transactions in a range of circumstances are of great economic importance.

Oxford University’s computing laboratory has developed a series of protocols that include two main components – a means by which either party involved in the transaction can authenticate their identities to the other and a method for achieving secure communications.

This procedure represents a bespoke variant of HCBK or hash commitment before knowledge – a protocol discovered by computing laboratory director and professor of computing science Bill Roscoe in 2005 and designed to bootstrap security in ad hoc networks.

HCBK is described as being capable of achieving exceptional levels of security in a highly efficient manner or cryptographically and via a user-friendly interface.

Some of the key features of the protocol are that it avoids the need to give the merchant the customer’s card number and PIN, it is immune to man-in-the-middle and combinatorial attacks, and does not require public key infrastructure for security.

According to Roscoe, the clever bit is that an attacker cannot get any mileage from employing sophisticated search tactics on the protocol.

"The potential attacker is reduced to a one shot attack and would have to strike lucky by pure random chance," he says.

There are other groups around Europe that have developed broadly similar protocols with similar properties but Oxford University’s computing laboratory team is the only group that has an application at the payment stage.

"One piece of interesting feedback from talking to a potential client was that a lot of people carry out their e-commerce at work and are not allowed to connect their own device in the workplace because it is contrary to the employers’ information policy," says Roscoe.

"We discovered that we could load the payment phone number into a browser and upload it to the merchant who would then contact the buyer. This is an example of a research problem, and a potential commercial obstacle, that we have solved."

The technology is the subject of an international patent application and the next step will be finding a business partner, which is as likely to happen overseas as in the UK, according to Roscoe.

"The European card payment market is very mature and not particularly interested in new solutions, but there could be more interest from Asian markets and the developing world," he says.

"I have often felt that we were perhaps too far ahead of the market in our research and that many payment companies are looking for incremental improvements but I am hoping that our time will come."

Roscoe says the group has spoken to a number of potential partners but none have been particularly closely involved in the project.

He hopes to have licensed the technology to either a bank or mobile operator within the next 12-18 months.

"Card payment companies are often unwilling to do anything radical when it comes to security, especially if they feel their existing solution is working," he says.

"The first customer will probably be a bank as it is unlikely to be a credit card company because of the degree of inertia in that market. A mobile operator is another alternative, particularly one that was interested in getting into the payment market. Either way I would hope that we would have a commercial implementation before the end of 2012."