<<返回上一页

Virtual voucher masks online users' identity

发布时间:2019-03-01 10:17:02来源:未知点击:

By Duncan Graham-Rowe With the rise of internet fraud, identity theft and unsolicited spam, people are becoming increasingly wary of handing out personal information online. Now a security system developed by IBM will allow people to access services or make purchases online without disclosing their identity. Called Idemix, the software uses a system of anonymous vouchers that simply confirm a piece of information about an individual, such as that he or she is over 18, meaning they do not need to disclose identifying details in return for services. The system acts as a middleman, enabling users to obtain digital vouchers from a trusted third party, such as a bank or an insurance company. For online purchases, the voucher would contain an encrypted version of the user’s credit card number, confirmed by the credit card company, but not their name. This prevents firms building up a history of a user’s online purchases to target them with unsolicited marketing material, for example, and stops personal details falling into the hands of cybercriminals. Due to be launched next week at the RSA Conference in San Francisco, Idemix reflects a trend for giving web users control of their online security. Microsoft recently developed CardSpace (formerly InfoCard), an encryption system which acts like a virtual wallet and identity card, allowing users to choose what card, and hence what personal details, they disclose when making a purchase (New Scientist, 1 April 2006, p 28). The non-profit Eclipse Foundation is developing a similar, open-source version called Project Higgins, which Idemix will form part of. Idemix vouchers, in contrast, do not contain any identifying information. The vouchers have two layers of encryption, rather like an envelope inside another envelope, explains Jan Camenisch, one of the system’s developers at IBM’s research lab in Zurich, Switzerland. The inner envelope contains a digital signature confirming the user’s identity to the trusted third party, and is unencrypted by a key held by that party. The outer envelope, which can be accessed by the recipient using a public key, confirms the third party’s identity and the relevant piece of information. “Privacy-enhancing technologies like this are great, but the big question is always whether or not they’ll get adopted,” says Bruce Schneier, computer security expert at BT Counterpane in Mountain View, California. Businesses are not fond of anonymous systems, he says, because they generally want to know about their customers. Customers want privacy,