News.com: IBM donates new privacy tool to open-source Higgins
John Gilmore
gnu at toad.com
Sat Jan 27 18:56:57 EST 2007
http://news.com.com/IBM+donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.html
IBM donates new privacy tool to open-source
By Joris Evers
Staff Writer, CNET News.com
Published: January 25, 2007, 9:00 PM PST
IBM has developed software designed to let people keep personal
information secret when doing business online and donated it to the
Higgins open-source project.
The software, called "Identity Mixer," was developed by IBM
researchers. The idea is that people provide encrypted digital
credentials issued by trusted parties like a bank or government agency
when transacting online, instead of sharing credit card or other
details in plain text, Anthony Nadalin, IBM's chief security architect,
said in an interview.
"Today you traditionally give away all of your information to the man
in the middle and you don't know what they do with it," Nadalin said.
"With Identity Mixer you create a pseudonym that you hand over."
For example, when making a purchase online, buyers would provide an
encrypted credential issued by their credit card company instead of
actual credit card details. The online store can't access the
credential, but passes it on to the credit card issuer, which can
verify it and make sure the retailer gets paid.
"This limits the liability that the storefront has, because they don't
have that credit card information anymore," Nadalin said. "All you hear
about is stores getting hacked."
Similarly, an agency such as the Department of Motor Vehicles could
issue an encrypted credential that could be used for age checks, for
example. A company looking for such a check won't have to know an
individual's date of birth or other driver's license details; the DMV
can simply electronically confirm that a person is of age, according to
IBM.
The encrypted credentials would be for one-time use only. The next
purchase or other transaction will require a new credential. The
process is similar to the one-time-use credit card numbers that
Citigroup card holders can already generate on the bank's Web site.
IBM hopes technology such as its Identity Mixer helps restore trust in
the Web. Several surveys in past years have shown that the seemingly
incessant stream of data breaches and threats such as phishing scams
are eroding consumer confidence in online shopping and activities such
as banking on the Web.
To get Identity Mixer out of the lab and into the real world, IBM is
donating its work to Higgins project, a broad, open-source effort
backed by IBM and Novell that promises to give people more control of
their personal data when doing business online. Higgins also aims to
make the multiple authentication systems on the Net work together,
making it easier for people to manage Internet logins and passwords.
"We expect Higgins to get wide deployment and usage. You'll get the
ability by using Higgins to anonymize data," Nadalin said.
Higgins is still under development. A first version of the projects
work is slated to be done sometime midyear, said Mary Ruddy, a Higgins
project leader. "We were thrilled to get this donation to Higgins, IBM
has done a lot of good work."
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list