Cool stuff looming on the Digital Security horizon. IBM is about to open source a piece of Information Security software that could play a big role in reducing financial and identity theft scams online. For the short attention span crew, this means that transmission of your Financial, Health, and other related records online may become much safer in the very near future.
The software, called Identity Mixer, has the potential to allow users to anonymously complete secure transactions without the need to reveal any personal information. Without getting into the nitty-gritty details, one potential scenario could work like this:
1. User downloads a browser plug-in from their bank which creates a secure token (called an ICard) on the user's machine. This ICard contains limited encrypted information pertaining to a user's identification.
2. User goes to online merchant to buy clothes. At check-out, user sees that the merchant supports their bank's secure transaction system. User opts to complete the transaction with this method.
3. Merchant's system checks user's ICard to see if there are sufficient funds to complete the transaction. No identifiable information is transmitted, simply a "Yes" or "No" to the amount of funds required.
4. Merchant completes transaction directly with the bank, where the user has securely stored their preferred billing/shipping information. Funds are withdrawn, and the sale is completed.
Note that during this process the user has never entered any personal information. Not too shabby.
I could also see this technology working nicely on a Desktop Application. Thinking ahead, a user could install a checkout system on their desktop and merchants could supply inventory and pricing information directly to the users so that all transactions happen directly between the customer and their bank. All that changes hands between the bank and merchant is money and whatever personal contact info the users has allowed the merchant to receive.
Like most new technology standards, there is the uphill battle of getting companies to willingly adopt them. By itself, Identify Mixer is not all that useful as it is simply the code that provides the link between users and their personal information, be it bank/credit card balances, medical records, social security number, etc... What it needs in order to become successful is for some engineers to leverage Identity Mixer's code into their own software and promote the software to financial institutions and online merchants as a new online commerce standard (take note, this is how small software start-ups can become very wealthy).
As an aside, Microsoft also moving ahead to push their own security solutions, but there are speculations that MS may just adopt IBM's standards as part of their framework. Otherwise users may find themselves in another Betamax vs. VHS war for security standards.
Recent Comments