IBM donates new privacy tool to open-source

Software designed to let people keep personal information secret when transacting online is going to open-source identity project.

By Joris Evers
Staff Writer, CNET News.com

Published: January 25, 2007, 9:00 PM PST

 

IBM has developed software designed to let people keep personal information secret when doing business online and donated it to the Higgins open-source project.

The software, called "Identity Mixer," was developed by IBM researchers. The idea is that people provide encrypted digital credentials issued by trusted parties like a bank or government agency when transacting online, instead of sharing credit card or other details in plain text, Anthony Nadalin, IBM's chief security architect, said in an interview.

"Today you traditionally give away all of your information to the man in the middle and you don't know what they do with it," Nadalin said. "With Identity Mixer you create a pseudonym that you hand over."

For example, when making a purchase online, buyers would provide an encrypted credential issued by their credit card company instead of actual credit card details. The online store can't access the credential, but passes it on to the credit card issuer, which can verify it and make sure the retailer gets paid.

"This limits the liability that the storefront has, because they don't have that credit card information anymore," Nadalin said. "All you hear about is stores getting hacked."

Similarly, an agency such as the Department of Motor Vehicles could issue an encrypted credential that could be used for age checks, for example. A company looking for such a check won't have to know an individual's date of birth or other driver's license details; the DMV can simply electronically confirm that a person is of age, according to IBM.

The encrypted credentials would be for one-time use only. The next purchase or other transaction will require a new credential. The process is similar to the one-time-use credit card numbers that Citigroup card holders can already generate on the bank's Web site.

IBM hopes technology such as its Identity Mixer helps restore trust in the Web. Several surveys in past years have shown that the seemingly incessant stream of data breaches and threats such as phishing scams are eroding consumer confidence in online shopping and activities such as banking on the Web.

To get Identity Mixer out of the lab and into the real world, IBM is donating its work to Higgins project, a broad, open-source effort backed by IBM and Novell that promises to give people more control of their personal data when doing business online. Higgins also aims to make the multiple authentication systems on the Net work together, making it easier for people to manage Internet logins and passwords.

"We expect Higgins to get wide deployment and usage. You'll get the ability by using Higgins to anonymize data," Nadalin said.

Higgins is still under development. A first version of the projects work is slated to be done sometime midyear, said Mary Ruddy, a Higgins project leader. "We were thrilled to get this donation to Higgins, IBM has done a lot of good work."