IBM software safeguards consumer identity on the Web

IBM will contribute its Identity Mixer software to Eclipse Higgins project, an open source effort dedicated to developing software for "user-centric" identity management. The current trend toward a user-centric approach means that individuals can actively and securely control who has access to their online personal information, such as bank account and credit card numbers, or medical and employment records, rather than having institutions solely manage that information as they do today.

As consumers hand over personal details in exchange for downloading music or subscribing to online newsletters, they leave a data trail behind that reveals pieces of information about the size, frequency and source of their online purchases that can be traced back to the user. IBM's Identity Mixer software eliminates the trail by using artificial identity information, known as pseudonyms, to make online transactions anonymous. For example, the software allows people to purchase books or clothing without revealing their credit card number. It can confirm someone's spending limit without sharing their bank balance, or provide proof of age without disclosing their date of birth.

"Unlike other identity management systems that transmit parts of a user's true identity, systems built using Identity Mixer software will help protect user privacy by sharing only pseudonyms, so real identity information can never be intercepted or exposed," explains Identity Mixer project lead and head designer Jan Camenisch of IBM's Zurich Research Laboratory.

Identity Mixer works by allowing a computer user who has the appropriate software to obtain an anonymous digital credential, or voucher, from a trusted third party, such as a bank, insurance company or government agency. A health insurance company, for example, could provide a credential confirming that a user has certain health insurance benefits. If the user wishes to consult their healthcare provider's online portal for medical information, the Identity Mixer software digitally seals the credential so the user can send it to the healthcare provider and get access to the online service. By using sophisticated cryptographic algorithms, the Identity Mixer software acts as a middleman—so the user’s real identity is never exposed to the health-care provider. The next time the user consults the service, a new encrypted credential would be used.

"When people don't have to disclose their personal information on the Web, the risk of identity theft is dramatically reduced," explains John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. "The ability to anonymize transactions using Identity Mixer has the potential to bolster consumer confidence, opening digital floodgates to new forms of Internet commerce."

IBM plans to incorporate the Identity Mixer technology into its Tivoli software portfolio of federated identity management software. It brings another dimension to IBM's industry-leading technologies that protect the privacy of consumers and businesses. IBM currently offers software, in use by large governments, healthcare organizations and financial institutions, which provides a way to compare data about their passengers, patients or clients to identify relationships, while never exposing people’s sensitive information. The software irreversibly shreds personal artifacts such as names, addresses, phone numbers and social security numbers before the data is shared. The software analyzes the shredded information and alerts the company when a match is found between specific records, identifying only the record file number assigned by the software. It is then up to the organization to decide what amount of detail to share from the identified record. This protects the personal details within other records so they are not needlessly exposed during the comparison process.

Source: IBM Labs

Google ventures into virtual reality with 'Lively'
(AP) -- In the latest expansion beyond its main mission of organizing the world's information, Internet search leader Google Inc. hopes to orchestrate more virtual socializing on the Web.
Citibank ATM breach reveals PIN security problems
(AP) -- Hackers broke into Citibank's network of ATMs inside 7-Eleven stores this year and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.
Huachuca Biometrics Device Separates Friends from Foes
A new mobile device is enabling US soldiers in Iraq to determine if individuals on the streets are civilians or insurgents, no matter what kind of clothing they wear or names they give.
Princeton researchers envision a more secure Internet
Like human society itself, the world's computerized infrastructure is wondrously complex, both spectacularly fertile and deeply flawed.
Fraudsters beware: Iowa State engineer is developing cyber technology to find you
Yong Guan had scribbled 12 arrows across his office whiteboard, each black line going from one little box he had drawn to another little box. He had written five long formulas up there, too. And that was bad news for cyber criminals.
Resolutions should include your computing life, too
Changing computer habits rarely makes the list of top New Year's Resolutions, but there are three digital resolutions you should make to have a happier 2008, says Gerry McCartney, vice president for information technology and CIO of Purdue University.
New system makes any digital camera take multibillion-pixel shots
Researchers at Carnegie Mellon University, in collaboration with scientists at NASA’s Ames Research Center, have built a low-cost robotic device that enables any digital camera to produce breathtaking gigapixel (billions of pixels) panoramas, called GigaPans.
Palm Vein Biometric PC Mouse Goes on Sale
Fujitsu today announced that it has developed a PC Login Kit for use with the PalmSecure palm vein biometric authentication device and begun sales of a mouse model and a standard model for corporate users.

IBM software safeguards consumer identity on the Web

Related stories:

News discussion: