The Zurich-based research lab at IBM has come up with a new approach to shield sensitive information, such as credit card number or medical data, in document exchange.
The XML-based software technology, called Identity Mixer, employs a novel method of using X.509-based digital certificates to mask selected sensitive information transmitted in a document but still lets that shielded content be seen by authorized viewers. The goal is to make Identity Mixer available as open source software through the Eclipse Open Source Foundation to encourage widespread deployment, said Anthony Nadalin, IBM distinguished engineer and chief security architect at Tivoli.
"The Identity Mixer code is in the intellectual-property review phase and within a few weeks it should be available through Eclipse," said Nadalin.
The Identity Mixer software was developed to further "user-centric identity management" - a way that computer users can manage and control personal information - under the aegis of Project Higgins, which was initiated a year ago by IBM, Harvard and Novell.
For the end user, Identity Mixer would work as a Web browser plug-in, "to control the amount of data flowing to your related party," said Nadalin. The technical process works through public-key cryptographic mechanisms. The Identity Mixer browser plug-in generates tokens called iCards that represent the data that can be read by a user with the appropriate cryptographic software on the receiving end.
When the Identity Mixer software is made available through the Eclipse Open Source Foundation, it is expected to include a full X.509-based tool kit, including certificate issuance server, validation server and more, that would allow for experimentation with the data-masking technology.
Nadalin said the hope is that the technology will find use in e-commerce, medical records and other purposes where the user wants to restrict data for privacy and security purposes and the organizations managing that data support that goal as well. Making the technology open source furthers the prospect that it would be used widely and across vendor boundaries.