IBM software safeguards consumer identity on the Web

Jan 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, Switzerland, the software—called Identity Mixer—will enable consumers to purchase goods and services on the Internet without disclosing personal information.

IBM will contribute its Identity Mixer software to Eclipse Higgins project, an open source effort dedicated to developing software for "user-centric" identity management. The current trend toward a user-centric approach means that individuals can actively and securely control who has access to their online personal information, such as bank account and credit card numbers, or medical and employment records, rather than having institutions solely manage that information as they do today.

As consumers hand over personal details in exchange for downloading music or subscribing to online newsletters, they leave a data trail behind that reveals pieces of information about the size, frequency and source of their online purchases that can be traced back to the user. IBM's Identity Mixer software eliminates the trail by using artificial identity information, known as pseudonyms, to make online transactions anonymous. For example, the software allows people to purchase books or clothing without revealing their credit card number. It can confirm someone's spending limit without sharing their bank balance, or provide proof of age without disclosing their date of birth.

"Unlike other identity management systems that transmit parts of a user's true identity, systems built using Identity Mixer software will help protect user privacy by sharing only pseudonyms, so real identity information can never be intercepted or exposed," explains Identity Mixer project lead and head designer Jan Camenisch of IBM's Zurich Research Laboratory.

Identity Mixer works by allowing a computer user who has the appropriate software to obtain an anonymous digital credential, or voucher, from a trusted third party, such as a bank, insurance company or government agency. A health insurance company, for example, could provide a credential confirming that a user has certain health insurance benefits. If the user wishes to consult their healthcare provider's online portal for medical information, the Identity Mixer software digitally seals the credential so the user can send it to the healthcare provider and get access to the online service. By using sophisticated cryptographic algorithms, the Identity Mixer software acts as a middleman—so the user’s real identity is never exposed to the health-care provider. The next time the user consults the service, a new encrypted credential would be used.

"When people don't have to disclose their personal information on the Web, the risk of identity theft is dramatically reduced," explains John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. "The ability to anonymize transactions using Identity Mixer has the potential to bolster consumer confidence, opening digital floodgates to new forms of Internet commerce."

IBM plans to incorporate the Identity Mixer technology into its Tivoli software portfolio of federated identity management software. It brings another dimension to IBM's industry-leading technologies that protect the privacy of consumers and businesses. IBM currently offers software, in use by large governments, healthcare organizations and financial institutions, which provides a way to compare data about their passengers, patients or clients to identify relationships, while never exposing people’s sensitive information. The software irreversibly shreds personal artifacts such as names, addresses, phone numbers and social security numbers before the data is shared. The software analyzes the shredded information and alerts the company when a match is found between specific records, identifying only the record file number assigned by the software. It is then up to the organization to decide what amount of detail to share from the identified record. This protects the personal details within other records so they are not needlessly exposed during the comparison process.

Source: IBM Labs

Explore further: Google DeepMind acquisition researchers working on a Neural Turing Machine

add to favorites email to friend print save as pdf

Related Stories

Apple sees iCloud attacks; China hack reported

Oct 21, 2014

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

Hackers leap from dark basements to world stage

Oct 10, 2014

Hackers are shaking off their reputations as nerdy, loner basement dwellers and rebranding themselves on the world stage as members of Internet age tribes with offbeat codes of conduct and capricious goals.

JPMorgan breach heightens data security doubts

Oct 03, 2014

New details on a cyberattack against JPMorgan Chase & Co.'s computer servers this summer add to increasing doubts over the security of consumer data kept by lenders, retailers and others.

SHORE facial analysis spots emotions on Google Glass

Aug 28, 2014

One of the key concerns about facial recognition software has been over privacy. The very idea of having tracking mechanisms as part of an Internet-connected wearable would be likely to upset many privacy ...

Recommended for you

Saving lots of computing capacity with a new algorithm

Oct 29, 2014

The control of modern infrastructure such as intelligent power grids needs lots of computing capacity. Scientists of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg have ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.