If a new software tool goes mainstream, Web surfers could gain
control over who has access to their bank account and credit card
numbers when making a transaction online.
 | | | | | Identity management started from
an enterprise point of view, but we're realising that the next big
wave is user-centricity.
Michael Waidner,
manager of emerging technologiesIBM Zurich
Lab |
| | | | | |
| |
|
New software developed by a team of IBM researchers eliminates
the need to reveal personal information to an online merchant by
using algorithms to confirm a bank authorisation for purchases.
Called Identity Mixer, the software eliminates the data trail left
when making an online purchase by using artificial identity
information or pseudonyms.
IBM said the Identity Mixer works by allowing a computer user
that has the software to get an anonymous digital credential, or
voucher, from a trusted third party. A bank would provide a
credential containing a credit card number and expiration date, and
when an online purchase is made, the Identity Mixer software
digitally seals the information by transforming the credential so
the user can send it to the online merchant.
"Identity management started from an enterprise point of view,
but we're realising that the next big wave is user-centricity,"
said Michael Waidner, manager of emerging technologies at the IBM
Zurich Labs, where the software was developed.
IBM researchers started developing the tool in 2001, Waidner
said. Waidner said the next step to make Identity Mixer viable is
to convince big enterprises such as financial institutions to use
the systems that accept the credentials. IBM plans to do its part
by incorporating the Identity Mixer technology into its Tivoli
identity management software suite, he said.
Big Blue is also contributing the software to the Eclipse open
source project, called Project Higgins.
While the software is a step in the right direction for
consumers it is far from being ready for primetime, said Andrew
Jaquith a senior analyst at the Boston-based Yankee Group. Before
consumer adoption could take place, enterprises must build systems
that accept Identity Mixer credentials and developers must create
easy to use tools that embed the Identity Mixer technology.
"If you are requiring enterprises to adopt something like this
then your putting a substantial barrier to acceptance in place,"
Jaquith said.
The new tool is the first user-centric online payment method
produced by a large vendor, but Microsoft has deployed a similar
technology in its new Vista operating system and other vendors have
been talking about similar security tools for consumers, he
said.
"The problem is that customers really are only concerned about
their privacy when they're exposed and the rest of the time they
don't think about it so much," Jaquith said. "The fact that IBM is
turning it over to Eclipse is an indication that it doesn't see
this as being commercialisable."
The Eclipse Higgins project was announced in February 2006 by
the Berkman Center for Internet and Society at Harvard Law School.
IBM, Novell and Parity Communications are taking an active role in
the project.
The project's goal is to develop software for consumers to
actively control who has access to their online personal
information, such as bank account and credit card numbers, or
medical and employment records, rather than having institutions
solely manage that information as they do today.
Remaining anonymous to communicate on the Web is not difficult,
according to Jacquith. For example, Tor, an open source
peer-to-peer network of routers lets users keep their IP addresses
private as they connect to Web servers. Web proxies can also be
used to keep Web surfing anonymous, he said.