|
List Info
Thread: News.com: IBM donates new privacy tool to open-source Higgins
|
|
| News.com: IBM donates new privacy tool
to open-source Higgins |
|
2007-01-27 17:56:57 |
http://news.com.com/IBM+
donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.
html
IBM donates new privacy tool to open-source
By Joris Evers
Staff Writer, CNET News.com
Published: January 25, 2007, 9:00 PM PST
IBM has developed software designed to let people keep
personal
information secret when doing business online and donated it
to the
Higgins open-source project.
The software, called "Identity Mixer," was
developed by IBM
researchers. The idea is that people provide encrypted
digital
credentials issued by trusted parties like a bank or
government agency
when transacting online, instead of sharing credit card or
other
details in plain text, Anthony Nadalin, IBM's chief security
architect,
said in an interview.
"Today you traditionally give away all of your
information to the man
in the middle and you don't know what they do with it,"
Nadalin said.
"With Identity Mixer you create a pseudonym that you
hand over."
For example, when making a purchase online, buyers would
provide an
encrypted credential issued by their credit card company
instead of
actual credit card details. The online store can't access
the
credential, but passes it on to the credit card issuer,
which can
verify it and make sure the retailer gets paid.
"This limits the liability that the storefront has,
because they don't
have that credit card information anymore," Nadalin
said. "All you hear
about is stores getting hacked."
Similarly, an agency such as the Department of Motor
Vehicles could
issue an encrypted credential that could be used for age
checks, for
example. A company looking for such a check won't have to
know an
individual's date of birth or other driver's license
details; the DMV
can simply electronically confirm that a person is of age,
according to
IBM.
The encrypted credentials would be for one-time use only.
The next
purchase or other transaction will require a new credential.
The
process is similar to the one-time-use credit card numbers
that
Citigroup card holders can already generate on the bank's
Web site.
IBM hopes technology such as its Identity Mixer helps
restore trust in
the Web. Several surveys in past years have shown that the
seemingly
incessant stream of data breaches and threats such as
phishing scams
are eroding consumer confidence in online shopping and
activities such
as banking on the Web.
To get Identity Mixer out of the lab and into the real
world, IBM is
donating its work to Higgins project, a broad, open-source
effort
backed by IBM and Novell that promises to give people more
control of
their personal data when doing business online. Higgins also
aims to
make the multiple authentication systems on the Net work
together,
making it easier for people to manage Internet logins and
passwords.
"We expect Higgins to get wide deployment and usage.
You'll get the
ability by using Higgins to anonymize data," Nadalin
said.
Higgins is still under development. A first version of the
projects
work is slated to be done sometime midyear, said Mary Ruddy,
a Higgins
project leader. "We were thrilled to get this donation
to Higgins, IBM
has done a lot of good work."
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomo metzdowd.com
|
|
| Re: News.com: IBM donates new privacy
tool to open-source Higgins |
 
United States |
2007-01-30 11:14:47 |
John Gilmore wrote:
> http://news.com.com/IBM+
donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.
html
>
> IBM donates new privacy tool to open-source
> By Joris Evers
> Staff Writer, CNET News.com
> Published: January 25, 2007, 9:00 PM PST
...
> For example, when making a purchase online, buyers
would provide an
> encrypted credential issued by their credit card
company instead of
> actual credit card details. The online store can't
access the
> credential, but passes it on to the credit card issuer,
which can
> verify it and make sure the retailer gets paid.
>
> "This limits the liability that the storefront
has, because they don't
> have that credit card information anymore,"
Nadalin said. "All you hear
> about is stores getting hacked."
>
> Similarly, an agency such as the Department of Motor
Vehicles could
> issue an encrypted credential that could be used for
age checks, for
> example. A company looking for such a check won't have
to know an
> individual's date of birth or other driver's license
details; the DMV
> can simply electronically confirm that a person is of
age, according to
> IBM.
this was somewhat the issue with x.509 identity certificates
from the early 90s,
they were being overloaded with personal information ... and
then the proposal
that everybody should then "spray" such digital
certificates frequently all
over the world. in this period, they were also being touted
for use in
electronic driver's licenses, passports, etc.
In the mid-90s, with the realization of the enormous privacy
exposures of
such a paradigm ... there was some parties retrenching to
relying-party-only
certificates ... basically a record pointer ... which was
then used as
reference to the record with the necessary information ...
and only the
absolutely necessary information was then divulged.
http:/
/www.garlic.com/~lynn/subpubkey.html#rpo
however, it was trivially possible to demonstrated that the
actual
digital certificate was redundant and superfluous ... all
that was
necessary was the record pointer, a digital signature ...
and the
responsible agency could verify the digital signature with
public
key on file ... at the same time they processed the request
using
the record pointer.
This was basically the FSTC organizations
http://www.fstc.org/
model for "FAST" (financial authenticated secure
transaction). The transaction
is mapped into existing ISO 8583 message and uses the
existing infrastructure
operations. Rather then divulging age, a FAST (/8583)
transaction ... digital
signed by the individual ... could ask whether the person
meets some age
criteria, address criteria, etc ... getting YES/NO response
... w/o divulging
any additional information (like actual date of birth). This
was modeled
after existing (ISO 8583, debit, credit, etc) financial
transaction which
effectively asks whether the merchant gets paid or not
(simply YES/NO
response).
This is also, effectively the X9.59 financial standard
http://www
.garlic.com/~lynn/x959.html#x959
http:
//www.garlic.com/~lynn/subpubkey.html#x959
The X9A10 financial standard working group, in the mid-90s
was given the
requirement to preserve the integrity of the financial
infrastructure for
all retail payments. The transaction is sent with digital
signature,
the responsible agency validates the digital signature,
examines the
transaction request and then responds YES/NO regarding
whether the
merchant gets paid or not.
The other characteristic of X9.59 was that it included a
business rule that
"X9.59" account numbers couldn't be used in
non-X9.59 transaction. That
made the associated account numbers (record pointers)
unusable w/o the
accompanying digital signature i.e. random people couldn't
generate
random (valid) transactions against the account
number/record number.
This had the effect of eliminating a lot of the existing
skimming/harvesting
exploits
http://www.garlic.com/~lynn/subintegrity.html#harvest
It isn't necessary to have an encrypted credential ... since
if it was
purely "static data" ... and simply presenting
such static data exposes
the infrastructure to various kinds of replay attack. In
that sense,
the static data can be any recognizable information specific
to the
responsible agency handling the transaction. The
"static data" is used
by the responsible party to lookup the actual information
(including,
if necessary the public key) ... and the digital signature
on every
transaction prevents various kinds of replay attacks ...
that might be
possible in an infrastructure relying on only static data.
If the
agency is going to lookup something (rather than have it
carried around
in large encrypted packet ...) then it becomes immaterial
whether the
actual (static data) record locator is encrypted or not.
related post in this thread:
http://www.
garlic.com/~lynn/2007c.html#43 Securing financial
transactions a high priority for 2007
http://www.
garlic.com/~lynn/2007c.html#46 Securing financial
transactions a high priority for 2007
http://www.
garlic.com/~lynn/2007c.html#51 Securing financial
transactions a high priority for 2007
with reference to recent news items somewhat touching on the
same subject:
Latest Breach May Force a New Approach to Data Security
http://www.digitaltransactions.net/newsstory.cfm?new
sid=1226
Analyst: Banks Must Make Credit Card Accounts Useless to
Data Theives
http://www.informationweek.com/showArticle.jhtml;jsessionid=
E34WIOTVAIIHKQSNDLPCKHSCJUNN2JVN?articleID=197000263
this is somewhat related to my periodic references that
existing infrastructure could
bury the planet under miles of (information hiding)
encryption and still not prevent
account number linkage ... somewhat related old post about
security proportional to risk
http://www.
garlic.com/~lynn/2001h.html#61
misc. past posts with reference to FSTC's FAST
http://www.ga
rlic.com/~lynn/99.html#171 checks (was S/390 on
PowerPC?)
http://www.ga
rlic.com/~lynn/99.html#216 Ask about Certification-less
Public Key
http://www.ga
rlic.com/~lynn/99.html#217 AADS/X9.59 demo &
standards at BAI (world-wide retail banking) show
http
://www.garlic.com/~lynn/ansiepay.htm#privacy more on
privacy
http:/
/www.garlic.com/~lynn/aadsm9.htm#cfppki3 CFP: PKI
research workshop
http:/
/www.garlic.com/~lynn/aadsm9.htm#cfppki4 CFP: PKI
research workshop
http://www.
garlic.com/~lynn/aepay10.htm#8 FSTC to Validate WAP
1.2.1 Specification for Mobile Commerce
http://www.
garlic.com/~lynn/aadsm16.htm#5 DOD prepares for
credentialing pilot
http://www
.garlic.com/~lynn/aadsm17.htm#19 PKI International
Consortium
http://www.
garlic.com/~lynn/2005i.html#33 Improving Authentication
on the Internet
http://www.
garlic.com/~lynn/2005l.html#36 More Phishing scams,
still no SSL being used
http://www.
garlic.com/~lynn/2005l.html#37 More Phishing scams,
still no SSL being used
http://www.
garlic.com/~lynn/2005l.html#42 More Phishing scams,
still no SSL being used
http://www.
garlic.com/~lynn/2006f.html#35 X.509 and ssh
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
|
|
| Re: News.com: IBM donates new privacy
tool to open-source Higgins |
United States |
2007-02-05 12:41:28 |
Anne & Lynn Wheeler wrote:
> http://news.com.com/IBM+
donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.
html
from above:
The encrypted credentials would be for one-time use only.
The next purchase or other transaction will require a new
credential. The process is similar to the one-time-use
credit card numbers that Citigroup card holders can already
generate on the bank's Web site.
... snip ...
past post:
http://www
.garlic.com/~lynn/aadsm26.htm#24 News.com: IBM donates
new privacy tool to open-source Higgins
... so if you had to go to the credential issuing website
every time you needed a one-time use credential (one-time
use is countermeasure to replay attacks involve static data
credentials) ... what mechanism are you using to
authenticate yourself to the credential issuing website.
if the mechanism for authentication to the credential
issuing website is of reasonably strong security ... then
why don't you use that mechanism directly in the regular
transaction ... rather than having to have an intermediary
credential involved.
this is somewhat the argument used about digital
certificates being redundant and superfluous in an online
environment ... whatever was used to acquire the (x.509
identity) digital certificate ... especially a
relying-party-only digital certificate
http:/
/www.garlic.com/~lynn/subpubkey.html#rpo
to avoid repeatedly spraying personal information all over
the world ... just use that interaction directly ... and
avoid the superfluous and redundant digital certificate.
this is the certificateless public key infrastructure
operation
h
ttp://www.garlic.com/~lynn/subpubkey.html#certless
in the x9.59 financial standard transaction
http://www
.garlic.com/~lynn/x959.html#x959
http:
//www.garlic.com/~lynn/subpubkey.html#x959
or in the similar FAST transaction (for matters other than
financial transaction authorization) done by FSTC in the
90s
http://www.fstc.org/
one might claim that this new mechanism is another approach
to addressing the enormous privacy exposure represented by
the x.509 identity digital certificates from the early 90s
... but my oft repeated claim is that the while
credentialing and certificate paradigm is left-over from the
offline era. in the online era ... if the relying party
either 1) has their own online information and/or 2) has
online, realtime access to the responsible authoritative
agency or institution ... then credentials and certificates
purely represent relics predating online infrastructures.
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
|
|
[1-3]
|
|