IBM is rolling out a new technology that aims to address consumers' concerns about their online privacy.
Called Identity Mixer, the technology uses a cryptographic algorithm to encrypt the certified identity attributes of a user and allow the user to reveal only selected pieces to trusted third parties. Identity attributes include a user's age, nationality, address and credit card number.
Identity Mixer can be used within a digital wallet, which contains credentials certified by a trusted third party such as a government-issued electronic identity card. The issuer of the credentials will have no knowledge of how and when they are being used, thus further protecting consumers' privacy, said IBM in a press statement.
Helping web service providers improve their risk profile
According to comScore, the average person spends nearly 25 hours a month accessing various Internet services including banking, shopping and social networks. To use those services, users are usually required to create a personal profile with a username and password. Some services might also require stronger security such as cryptographic certificates. Although such tools offer some form of security, they do not typically provide any level of privacy for users and might even cause users to reveal more personal data than necessary, said IBM.
For instance, a consumer is usually required to disclose his credit card number and expiration date when checking out an online purchase. This means that hackers can easily obtain those personal information if they were to hack the website or web service. To counter this, Identity Mixer will only provide details that are necessary for the transaction. In this case, it will only inform the website/seller that the consumer's credit card is valid and can accept payment, without revealing other details.
"By enabling users to choose precisely which data to share, and with whom, web service providers can improve their risk profile [as they hold onto less personal data] and enhance their trust with customers," said Christina Peters, IBM's chief privacy officer.
Hosted on cloud to make it easy for developers to program
To make it easier for developers to experiment with Identity Mixer within their own applications and web services, IBM is offering the technology as part of a web service in IBM Bluemix. Bluemix is a platform-as-a-service (PaaS) cloud that combines the strength of IBM software, third-party and open technologies. Using simple pull-down menus, developers can choose the types of data that they wish to secure and Bluemix will provide the code, which can then be embedded in their services.
"By hosting it in the cloud, developers can incorporate Identity Mixer into any identity management service, enabling the service to verify if an individual is an authorised user without revealing any other personal information," said Dr Anna Lysyanskaya, a co-inventor of Identity Mixer, who is currently a professor of computer science at Brown University.
Sign up for Computerworld eNewsletters.