With the rise of internet fraud, identity theft and unsolicited spam, people are becoming increasingly wary of handing out personal information online.
Now a security system developed by IBM will allow people to access services or make purchases online without disclosing their identity.
Called Idemix, the software uses a system of anonymous vouchers that simply confirm a piece of information about an individual, such as that he or she is over 18, meaning they do not need to disclose identifying details in return for services.
Advertisement
The system acts as a middleman, enabling users to obtain digital vouchers from a trusted third party, such as a bank or an insurance company. For online purchases, the voucher would contain an encrypted version of the user鈥檚 credit card number, confirmed by the credit card company, but not their name.
This prevents firms building up a history of a user鈥檚 online purchases to target them with unsolicited marketing material, for example, and stops personal details falling into the hands of cybercriminals.
Due to be launched next week at the RSA Conference in San Francisco, Idemix reflects a trend for giving web users control of their online security.
Microsoft recently developed CardSpace (formerly InfoCard), an encryption system which acts like a virtual wallet and identity card, allowing users to choose what card, and hence what personal details, they disclose when making a purchase (快猫短视频, 1 April 2006, p 28). The non-profit Eclipse Foundation is developing a similar, open-source version called Project Higgins, which Idemix will form part of.
Idemix vouchers, in contrast, do not contain any identifying information. The vouchers have two layers of encryption, rather like an envelope inside another envelope, explains Jan Camenisch, one of the system鈥檚 developers at IBM鈥檚 research lab in Zurich, Switzerland. The inner envelope contains a digital signature confirming the user鈥檚 identity to the trusted third party, and is unencrypted by a key held by that party. The outer envelope, which can be accessed by the recipient using a public key, confirms the third party鈥檚 identity and the relevant piece of information.
鈥淧rivacy-enhancing technologies like this are great, but the big question is always whether or not they鈥檒l get adopted,鈥 says Bruce Schneier, computer security expert at BT Counterpane in Mountain View, California. Businesses are not fond of anonymous systems, he says, because they generally want to know about their customers. Customers want privacy, but need something that is easy to use.