IBM Looks to Button Up Cloud Security
The perception that the cloud may be inherently insecure is prompting next-generation platform developers to attempt to bake security and privacy features into their offerings as more devices are connected and more personal information ends up stored in the cloud.
With that at least partially in mind, IBM Research rolled out a cloud-based technology it claims could help service providers secure customers' personal data. IBM's Identity Mixer technology is based on a cryptographic algorithm billed as preventing unwanted sharing of personal data like birth dates, home address and credit card numbers.
IBM said this week it would make the crypto tool available as a web service on its new Bluemix platform-as-a-service for building, managing and running applications. IBM signed up Apple as its enterprise mobility partner for Bluemix last summer.
The crypto algorithm works by encrypting users' credentials, including age, nationality, home address and, perhaps most important of all, credit card numbers. IBM added that Identity Mixer could be used within a digital wallet containing certified credential issued by a trusted third party.
IBM researchers noted that the "issuer of the credentials has no knowledge of how and when credentials are being used." IBM did not respond to a request to elaborate on this point.
In a demonstration, a user is asked for proof of age to view an online movie. The user's ID contains other personal data that could also be revealed. In this example, IBM said its crypto algorithm stored in a digital wallet would reveal only in the user's age without releasing other personal data contained on government-issued IDs. Further, rather than sharing a user's date of birth, the authenticator would simply inform the movie streaming service that the user is old enough to watch the online movie—"useless information if falls into the wrong hands," IBM explained.
With less access to personal data, IBM researchers also noted that the crypto method saves cloud operators the additional cost of securing data they didn’t need in the first place.
Identity Mixer was initially available for download on smart cards. As its Bluemix service ramps up, IBM now plans to make the crypto technology available to developers as a web service.
The technology incorporates more than a decade of research aimed bringing the "concept of minimal disclosure of identity-related data to reality, and now it is ready to use for both computers and mobile device transactions” in the cloud, Jan Camenisch, cryptographer and co-inventor of Identity Mixer at IBM Research, said in a statement.
IBM said its Identity Mixer technology will be available as "experimental service" on its Bluemix app platform in Spring 2015.
Meanwhile, IBM said it is demonstrating the cloud version of Identity Mixer in pilot projects with European and Australian academic and industry partners.