Skip Links

Network World

  • Social Web 
  • Email 
  • Close

IBM to open source information security software

Package developed under the guidance of Project Higgins, which includes IBM, Harvard and Novell.
By Ellen Messmer , Network World , 01/26/2007

The Zurich-based research lab at IBM has come up with a new approach to shield sensitive information, such as credit card number or medical data, in document exchange.

The XML-based software technology, called Identity Mixer, employs a novel method of using X.509-based digital certificates to mask selected sensitive information transmitted in a document but still lets that shielded content be seen by authorized viewers. The goal is to make Identity Mixer available as open source software through the Eclipse Open Source Foundation to encourage widespread deployment, said Anthony Nadalin, IBM distinguished engineer and chief security architect at Tivoli.

Don't Miss!Read the latest WhitePaper - Troubleshooting Remote Site Networks - Best Practices

“The Identity Mixer code is in the intellectual-property review phase and within a few weeks it should be available through Eclipse,” said Nadalin.

The Identity Mixer software was developed to further “user-centric identity management” — a way that computer users can manage and control personal information—under the aegis of Project Higgins, which was initiated a year ago by IBM, Harvard and Novell.

Related Content

For the end user, Identity Mixer would work as a Web browser plug-in, “to control the amount of data flowing to your related party,” said Nadalin. The technical process works through public-key cryptographic mechanisms. The Identity Mixer browser plug-in generates tokens called iCards that represent the data that can be read by a user with the appropriate cryptographic software on the receiving end.

When the Identity Mixer software is made available through the Eclipse Open Source Foundation, it is expected to include a full X.509-based tool kit, including certificate issuance server, validation server and more, that would allow for experimentation with the data-masking technology.

Nadalin said the hope is that the technology will find use in e-commerce, medical records and other purposes where the user wants to restrict data for privacy and security purposes and the organizations managing that data support that goal as well. Making the technology open source furthers the prospect that it would be used widely and across vendor boundaries.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comments (1)
Login
Forgot your account info?

a questionBy Sylwia on December 7, 2007, 9:28 amDear Sir or Madam, My name is Sylwia and I represent hakin9 - IT Security magazine distributed in USA, Australia and UK. Would you be interested in a cooperation...

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.