Microsoft's acquisition of privacy vendor Credentica signals another step in the company’s effort to ensure that users don’t lose control of their personal data.

Credentica develops technology called U-Prove that uses cryptography and multiparty privacy features to facilitate “minimal disclosure” so a user can reveal only the bits of information about themselves they want to while protecting their privacy.

Terms of the acquisition announced Thursday were not disclosed.

But Microsoft’s Identity Architect Kim Cameron could hardly hide his pleasure at landing the U-Prove technology, which he said on his blog is “equivalent in the privacy world of RSA in the security space.”

Cameroni has almost single-handedly rescued Microsoft from its identity gaffe of years ago when it launched Passport, which called for Microsoft to store user’s personal data. Cameron was the driving force behind Microsoft’s new CardSpace technology and claims-based architecture, which flips the Passport concept on its head and makes users gatekeepers of their own personal information.

Cameron told Network World, “customers want authorization without putting their personal information in jeopardy. In many online interactions, there is a need to verify people’s identities. Today we have to give too much personal information, and it increases our risk of online identity theft or misuse of our personal information.”

Cameron said the Credentica acquisition is an important step in developing Microsoft’s Identity Metasystem concept, a framework for connecting identity systems via Web services based protocols and client, server and middleware technologies.
He said the U-Prove technology could be applied in many areas, including anonymous age or membership verification for online communities or social networks.

“If a student is issued a U-Prove token by a school and the student uses the token to apply for access at an age-controlled Web site, the only information the site obtains from the student is the fact that the token has not been tampered with and the student is under or over a certain age. The site does not obtain the exact age, name, address, etc. of the student,” he said.

The technology also could be used to access government services without those individual services being able to link the user data they collect to create a user profile.