News.com: IBM donates new privacy tool to open-source Higgins

John Gilmore gnu at toad.com
Sat Jan 27 18:56:57 EST 2007 

http://news.com.com/IBM+donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.html

IBM donates new privacy tool to open-source
  By  Joris Evers
  Staff Writer, CNET News.com
  Published: January 25, 2007, 9:00 PM PST

IBM has developed software designed to let people keep personal  
information secret when doing business online and donated it to the  
Higgins open-source project.

  The software, called "Identity Mixer," was developed by IBM  
researchers. The idea is that people provide encrypted digital  
credentials issued by trusted parties like a bank or government agency  
when transacting online, instead of sharing credit card or other  
details in plain text, Anthony Nadalin, IBM's chief security architect,  
said in an interview.

  "Today you traditionally give away all of your information to the man  
in the middle and you don't know what they do with it," Nadalin said.  
"With Identity Mixer you create a pseudonym that you hand over."

  For example, when making a purchase online, buyers would provide an  
encrypted credential issued by their credit card company instead of  
actual credit card details. The online store can't access the  
credential, but passes it on to the credit card issuer, which can  
verify it and make sure the retailer gets paid.

  "This limits the liability that the storefront has, because they don't  
have that credit card information anymore," Nadalin said. "All you hear  
about is stores getting hacked."

  Similarly, an agency such as the Department of Motor Vehicles could  
issue an encrypted credential that could be used for age checks, for  
example. A company looking for such a check won't have to know an  
individual's date of birth or other driver's license details; the DMV  
can simply electronically confirm that a person is of age, according to  
IBM.

  The encrypted credentials would be for one-time use only. The next  
purchase or other transaction will require a new credential. The  
process is similar to the one-time-use credit card numbers that  
Citigroup card holders can already generate on the bank's Web site.

  IBM hopes technology such as its Identity Mixer helps restore trust in  
the Web. Several surveys in past years have shown that the seemingly  
incessant stream of data breaches and threats such as phishing scams  
are eroding consumer confidence in online shopping and activities such  
as banking on the Web.

  To get Identity Mixer out of the lab and into the real world, IBM is  
donating its work to Higgins project, a broad, open-source effort  
backed by IBM and Novell that promises to give people more control of  
their personal data when doing business online. Higgins also aims to  
make the multiple authentication systems on the Net work together,  
making it easier for people to manage Internet logins and passwords.

  "We expect Higgins to get wide deployment and usage. You'll get the  
ability by using Higgins to anonymize data," Nadalin said.

  Higgins is still under development. A first version of the projects  
work is slated to be done sometime midyear, said Mary Ruddy, a Higgins  
project leader. "We were thrilled to get this donation to Higgins, IBM  
has done a lot of good work."

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list