Made in IBM Labs: IBM Software to Safeguard Consumer Identity on the Web With "Identity Mixer"

Enables Secure Internet Purchases Without Disclosing Personal Information, Protects Against Identity Theft

Select a topic or year

ARMONK, NY & ZURICH, SWITZERLAND - 26 Jan 2007: IBM (NYSE: IBM) today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, Switzerland, the software -- called Identity Mixer -- will enable consumers to purchase goods and services on the Internet without disclosing personal information.

As consumers hand over personal details in exchange for downloading music or subscribing to online newsletters, they leave a data trail behind that reveals pieces of information about the size, frequency and source of their online purchases that can be traced back to the user. IBM's Identity Mixer software eliminates the trail by using artificial identity information, known as pseudonyms, to make online transactions anonymous. For example, the software allows people to purchase books or clothing without revealing their credit card number. It can confirm someone's spending limit without sharing their bank balance, or provide proof of age without disclosing their date of birth.

Unlike other identity management systems that transmit parts of a user's true identity, systems built using Identity Mixer software will help protect user privacy by sharing only pseudonyms, so real identity information can never be intercepted or exposed.

Identity Mixer works by allowing a computer user that has the software to get an anonymous digital credential, or voucher, from a trusted third party, like a bank or government agency such as the Department of Motor Vehicles. A bank would provide a credential containing a credit card number and expiration date, and when an online purchase is made, the Identity Mixer software digitally seals the information by transforming the credential so the user can send it to the online merchant. By using sophisticated cryptographic algorithms, the Identity Mixer software acts as the middleman confirming bank authorization for the purchase -- so the real credit card numbers are never revealed to the merchant. The next time a purchase is made, a new encrypted credential would be used.

"When people don't have to disclose their personal information on the Web, the risk of identity theft is dramatically reduced," explains John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. "The ability to anonymize transactions using Identity Mixer has the potential to bolster consumer confidence, opening digital floodgates to new forms of Internet commerce."

Identity Mixer brings another dimension to IBM's industry-leading technologies that protect the privacy of consumers and businesses. IBM currently offers software, in use by large governments, healthcare organizations and financial institutions, which provides a way to compare data about their passengers, patients or clients to identify relationships, while never exposing people's sensitive information. The software irreversibly shreds personal artifacts such as names, addresses, phone numbers and social security numbers before the data is shared. The software analyzes the shredded information and alerts the company when a match is found between specific records, identifying only the record file number assigned by the software. It is then up to the organization to decide what amount of detail to share from the identified record. This protects the personal details within other records so they're not needlessly exposed during the comparison process.

Building Privacy into Eclipse Higgins Open Source Security Project

IBM will contribute its Identity Mixer software to Eclipse Higgins project, an open source effort dedicated to developing software for "user-centric" identity management. The current trend toward a user-centric approach means that individuals can actively and securely control who has access to their online personal information, such as bank account and credit card numbers, or medical and employment records, rather than having institutions solely manage that information as they do today.

"The ever-growing incidents of data loss, exposure, and theft on the Internet concern me," said Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada. "It's clear that the best way to protect sensitive information is never to reveal it at all. The ability of privacy-enhancing technology to mask sensitive personal information during online transactions makes real the privacy principle of data minimization, and will bring much needed privacy to the Web. I applaud IBM's leadership and openness in this area."

The Identity Mixer software will provide the required added layer of privacy to the Project Higgins framework for true user centric identity management. IBM plans to incorporate the Identity Mixer technology into its Tivoli software portfolio of federated identity management software.

Project Higgins was announced in February 2006 by the Berkman Center for Internet and Society at Harvard Law School, IBM, Novell and Parity Communications. It was the first user-centric identity management effort to follow the open source software model, whereby hundreds of thousands of developers contribute and continually drive improvements through collaborative innovation. The open source Higgins effort will support computers running any operating system, as well as any identity management system.

The Eclipse foundation is one of the industry's most influential open source communities and includes major technology vendors, start-ups, universities, research institutions and individuals.

Made in IBM Labs

IBM is dedicated to driving the development of promising new technologies. The Zurich Research Lab is part of IBM's globally integrated approach to innovation -- a network of 63 major software development and research labs worldwide that develop, test and support a wide range of emerging and established technologies that span software and services. IBM believes that these technologies have the potential to transform the way people live and work. But they are not created in a vacuum by IBM alone. They are increasingly the result of collaborative innovation among IBM's R&D engagements and its customers, business partners, universities and other parties. It is IBM's goal to bring its renowned R&D resources closer to its customers worldwide.

Identity Mixer is one of a host of emerging technologies being publicly unveiled as part of the Made in IBM Labs initiative at an upcoming event at IBM's Silicon Valley Lab.

For more information, please visit

Related XML feeds
Topics XML feeds
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source