Computer Hardware Reviews at Computer Power User Magazine. Your source for overclocking software guides, building your own computer, pc cooling and computer modding.
Home | Forums | Article Search | Subscribe & Shop | Contact Us | Log Out


X-Ray Vision Email This
Print This
View My Personal Library
Hard Hat Area
January 2008 • Vol.8 Issue 1
Page(s) 50-51 in print issue
Add To My Personal Library

X-Ray Vision
Idemix: Keeping Your Personal Information To Yourself
Imagine that the next time you stop at the gas station to fill your tank and buy a candy bar, the clerk asks you to fill out a form with a lot of personal information, such as credit card information, mailing address, and a driver’s license number. As you attempt to hand the clerk a $50 bill, you probably would think the clerk was crazy, and you’d refuse to share the information.

Yet, when making a purchase on the Internet, you often enter a large amount of information into an online form, some of which is pertinent to the transaction . . . and some information that isn’t pertinent.

To be fair, most Web site forms give you the option of not submitting certain nonessential information. But, if given the option of only sharing the minimum amount of information required to complete the transaction, most people would select that option. Even better would be the ability to be completely anonymous when performing Web transactions.

IBM’s researchers might have the solution. The IBM product, called Identity Mixer (Idemix for short), would make use of digital information “tokens” to share only the required information with a Web site during a transaction. The tokens would simply verify your identity and submit only the minimum amount of information for the transaction.

“Identity Mixer works like an electronic version of a conventional wallet that holds your driver’s license, credit cards, identity cards, health club membership cards, etc.,” says Anthony Nadalin, IBM’s Distinguished Engineer and chief security architect for Tivoli software.


Idemix In Action

Idemix will work in a variety of situations. For example:

When making an online purchase, a clearing house must verify the credit card number and perform the actual transaction. Rather than giving both the merchant and the clearing house the customer’s credit card number, Idemix would ensure only the clearing house has the number; the merchant would simply receive verification.

If you want to rent a vehicle online, you wouldn’t need to give the company your actual driver’s license number to prove your age. Instead, the digital token would simply verify that you are old enough to meet the company’s criteria with age; the token would not provide your actual driver’s license number or birth date.

If you change your mailing address, you could use Idemix to make the change once. Every entity that needs your new mailing address would then receive information about the change.

When receiving a product from an online retailer, many retailers use a third-party shipping service. With Idemix, you wouldn’t have to share your mailing address with the online retailer, only with the third-party shipper.

If you use the same password at a few different Web sites, you could change that password just once using Idemix and choose to have the password shared with the appropriate Web sites.


Higgins Project

Idemix has evolved out of the Higgins Project, on which IBM, Novell, the Berkman Center for Internet & Society at Harvard Law School, and Parity Communications collaborated, beginning early in 2006. The Higgins Project's focus is to create an open-source software package that would allow people to authenticate their identities when they're online without the need to share a lot of extra information. Those involved in the Higgins Project want to give Internet users more control over their information.

“In the past year, we’ve seen a growing interest in Identity Mixer as privacy becomes a major concern across the globe,” Nadalin says. “In particular, with the government, financial, and telecommunications sectors, we are seeing a lot of interest and potential for this technology.”

Nadalin says Web merchants, who usually collect a variety of information on their customers, haven’t yet registered any worries about Idemix.

“So far, no one has balked at the idea, but, as usual, they all insist that this must become easy to use for the consumer,” he says.

Work continues on the Higgins Project and on Idemix. Nadalin says pilot versions of Idemix could appear in the next couple of years, with final versions possible in the next two to four years. Until then, users will be on their own when it comes to guarding their information. As always, common sense should rule your decisions: If you don’t feel comfortable sharing certain personal information with a certain Web site, trust your instincts and keep that information to yourself.

by Kyle Schurman

Microsoft CardSpace


CardSpace from Microsoft is built into Vista, and it provides technology similar to Idemix, allowing users to protect as much of their personal data as possible.

One difference: Rather than storing the digital tokens yourself (as occurs with Idemix), CardSpace must digitally contact the entity that holds the piece of identity information you need. It then will pass that information on to complete your transaction. Idemix is also an open-source piece of software; Microsoft owns and controls CardSpace.

For more information about CardSpace, visit www.microsoft.com/net/cardspace.aspx on the Web.

Putting Idemix To Use


With Identity Mixer, the user stores his personal information on his own laptop, mobile phone, or other device. An electronic card, also called a token, contains each piece of data, whether it’s a birth date, credit card number, or mailing address. An issuing authority, also called an identity provider, would verify the data in the token.

“Identity Mixer uses the electronic cards as a proof to the site that the user indeed has the authorization to access,” IBM’s Nadalin says. “Identity Mixer allows the user to perform this without revealing any other information about herself.”

Here’s an example of how Idemix could work. Let’s say a user wants to access some premium information on a newspaper Web site. The user already has an account at the site, but the user wants to use the site anonymously. On the flip side, the newspaper needs to make sure that (at the least) the user is verified as a paying customer, otherwise anyone could access the site’s premium content.

1. After the user (red key) registers with the newspaper site and pays for premium service, the newspaper provides an Idemix token (gray icon).

2. The newspaper’s Idemix token is stored by the user along with her other personal information tokens (light green icon). As part of Idemix technology, the user’s Idemix software (blue key) transforms the user’s tokens into any one-time, generic tokens that are neededin this case, a generic token for the newspaper’s Web site (light green icon with red ribbon) that contains only the information needed to verify that the user has access to premium content. Only those who have properly obtained a token from the newspaper could use Idemix to create a one-time token for the newspaper’s site. In cryptography terms, you can think of the specific token as the “one secret key,” or the private key, and the one-time token as the public key. There is only one private key, and there are multiple public keys.

“Note that the user can generate as many one-time tokens as she wishes from her original Identity Mixer credentials, and that all these tokens are indistinguishable from each other, if they are generated by the same or different users,” Nadalin says.

3. The new generic token still carries the information that verifies this user as having access to premium content, but because the token is generic, it doesn’t identify the user specifically. As you can see from this graphic, you can think of Idemix as providing a barrier between the user and the newspaper’s site, showing the Web site only the one-time, generic token. To the newspaper’s Web site, this user looks the same as every other user who has premium site access.

4. With the generic token verified, the site provides the premium content to the user.

“The user would benefit from Identity Mixer in this case since she can make her queries anonymously,” Nadalin says. “The service provider benefits from Identity Mixer as it will be able to provide a better serviceor, in some very sensitive areas, such as health care, able to provide a service it otherwise couldn't. Also, the less personal information a service provider obtains, the easier it is for the service provider to protect that information, such as from malicious access by third parties.”

Source: IBM

Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant articles from within our editorial database.

Enter A Subject (key words or a phrase):
ALL Words (‘digital’ AND ‘photography’)
ANY Words (‘digital’ OR ‘photography’)
Exact Match ('digital photography'- all words MUST appear together)


Home      Copyright & Legal Information      Privacy Policy      Site Map      Contact Us
Copyright © 2010 Sandhills Publishing Company U.S.A. All rights reserved.