IBM software safeguards consumer identity on the Web

January 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, Switzerland, the software—called Identity Mixer—will enable consumers to purchase goods and services on the Internet without disclosing personal information.

IBM will contribute its Identity Mixer software to Eclipse Higgins project, an open source effort dedicated to developing software for "user-centric" identity management. The current trend toward a user-centric approach means that individuals can actively and securely control who has access to their online personal information, such as bank account and credit card numbers, or medical and employment records, rather than having institutions solely manage that information as they do today.

As consumers hand over personal details in exchange for downloading music or subscribing to online newsletters, they leave a data trail behind that reveals pieces of information about the size, frequency and source of their online purchases that can be traced back to the user. IBM's Identity Mixer software eliminates the trail by using artificial identity information, known as pseudonyms, to make online transactions anonymous. For example, the software allows people to purchase books or clothing without revealing their credit card number. It can confirm someone's spending limit without sharing their bank balance, or provide proof of age without disclosing their date of birth.

"Unlike other identity management systems that transmit parts of a user's true identity, systems built using Identity Mixer software will help protect user privacy by sharing only pseudonyms, so real identity information can never be intercepted or exposed," explains Identity Mixer project lead and head designer Jan Camenisch of IBM's Zurich Research Laboratory.

Identity Mixer works by allowing a computer user who has the appropriate software to obtain an anonymous digital credential, or voucher, from a trusted third party, such as a bank, insurance company or government agency. A health insurance company, for example, could provide a credential confirming that a user has certain health insurance benefits. If the user wishes to consult their healthcare provider's online portal for medical information, the Identity Mixer software digitally seals the credential so the user can send it to the healthcare provider and get access to the online service. By using sophisticated cryptographic algorithms, the Identity Mixer software acts as a middleman—so the user’s real identity is never exposed to the health-care provider. The next time the user consults the service, a new encrypted credential would be used.

"When people don't have to disclose their personal information on the Web, the risk of identity theft is dramatically reduced," explains John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. "The ability to anonymize transactions using Identity Mixer has the potential to bolster consumer confidence, opening digital floodgates to new forms of Internet commerce."

IBM plans to incorporate the Identity Mixer technology into its Tivoli software portfolio of federated identity management software. It brings another dimension to IBM's industry-leading technologies that protect the privacy of consumers and businesses. IBM currently offers software, in use by large governments, healthcare organizations and financial institutions, which provides a way to compare data about their passengers, patients or clients to identify relationships, while never exposing people’s sensitive information. The software irreversibly shreds personal artifacts such as names, addresses, phone numbers and social security numbers before the data is shared. The software analyzes the shredded information and alerts the company when a match is found between specific records, identifying only the record file number assigned by the software. It is then up to the organization to decide what amount of detail to share from the identified record. This protects the personal details within other records so they are not needlessly exposed during the comparison process.

Source: IBM Labs

Explore further: Get Started: IRS warns that tax season brings security risks

Related Stories

How identity data is turning toxic for big companies

December 4, 2017

Google might be in trouble for collecting the personal data of its users, but many companies have a growing incentive to rid their hands of the data that users entrust them with. This is because of growing costs of holding ...

Cybercrimes present unique challenges for investigators

November 12, 2017

The federal investigators looking into the breach that exposed personal information maintained by the Equifax credit report company are used to dealing with high-profile hacks and the challenges they present.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.