IBM punts cryptotastic cloudy ID verification services
Foil identity thieves – put your data on a giant floating target
IBM is marketing cloud-based technology to help consumers better protect their personal data online.
The technology – called Identity Mixer – uses a cryptographic algorithm to encrypt the certified identity attributes of a user, such as their date of birth, nationality, home address and credit card number in a way that allows the user to reveal only selected pieces to third parties.
Identity Mixer can be used within a digital wallet, which contains credentials certified by a trusted third party, such as a government-issued electronic identity card. The issuer of the credentials has no knowledge of how and when they are being used, according to IBM.
The technology would has potential applications in accessing online banking, shopping sites and social networks. Instead of creating a personal profile with a username and password for each service users would be able to use Identity Mixer to prove who they are online.
Users could authenticate to service providers without disclosing their social network profile or any of their personal data. In this way Identity Mixer is arguably superior to either using OAuth, the open standard to authorisation, or conventional website registration. OAuth tokens are used, for example, to connect Twitter accounts to third-party services without obliging users to hand over passwords.
Identity Mixer acts as an "agent knowing all of your secrets, while revealing as little as possible", according to IBM. For example, if you needed to prove that you are at least 21 years old to rent a car, Identity Mixer would say that you are between 25-100 years old. The same approach could be applied for credit card transactions. The result is that consumers would be able to prove who they are without revealing anything useful to potential thieves.
For example, consider a video streaming service offering films that have age restrictions. To stream a 12+ movie, Alice would needs to prove that she is at least 12 years of age and that she lives within the appropriate region. The typical way to do this would require Alice to enter her full date of birth and address, but this reveals more about her than necessary. Identity Mixer can confirm that Alice is at least 12 without disclosing her date of birth and reveal that she lives in the correct region.
This means that even if the video streaming service is hacked or insecure, Alice’s personal data remains safe. The technology encrypts personal data which is shared selectively with third parties. As such it seems like a step forward in privacy – if not something to appeal to everyone. Anyone adverse to the whole concept of even private data been stories in the cloud is unlikely to be won over. The idea that IBM would be better able to protect data than a random online service seem plausible but again not for everyone, especially those who think Big Blue is in bed with The Man, or who are uncomfortable with the whole concept of an electronic identity card.
"Identity Mixer enables users to choose precisely which data to share, and with whom," said Christina Peters, IBM’s chief privacy officer. "Now web service providers can improve their risk profile and enhance trust with customers, and it’s all in the cloud making it easy for developers to program."
Identity Mixer is available to developers as a web service through IBM Bluemix, IBM's platform-as-service (PaaS) cloud. Starting this spring, BlueMix subscribers will be able to experiment with Identity Mixer within their own applications and web services.
"Identity Mixer incorporates more than a decade of research to bring the concept of minimal disclosure of identity-related data to reality, and now it is ready to use for both computers and mobile device transactions," said Dr. Jan Camenisch, cryptographer and co-inventor of Identity Mixer at IBM Research.
Identity Mixer is currently being tested with the German Red Cross and by CSIRO, Australia’s national science agency, among others.
An online demo of the technology is available here.