Identity governance

All social and economic interactions among human beings in modern civilization require the exchange of personal data. In everyday situations, we decide intuitively which data to make available, for instance whether to state our name when shaking hands.

In the online world, each individual has to handle numerous accounts and data sets. These so-called partial identities will increasingly play a key role in future electronic services as well as in public security (such as at border checks). A partial identity may very well convey sensitive personal data, such as patient health data, employee data, or credit card data.

We envision user-controlled identity management systems within which the players concerned act together, mediated by technology, to enforce the rules established by law and by the contracting partners. In these systems, the user has control over his or her personal information and negotiates its disclosure in return for access to a service. The result of such a negotiation is an agreement between the user and the service provider, whereby the provider collects personal data for a stated, legitimate purpose (which may include the transfer of these data to other entities), and — in the case of certain providers — issues certified data to individuals.

All agents act within the strict bounds of the law, under anonymity, pseudonymity, or on the basis of terms explicitly agreed upon by the parties involved. In all cases, technology supports accountability and recourse.

We are working on a suite of cryptographic protocols that allow privacy in identity management to be enhanced. In particular, we strive for:

1. Theoretical results, i.e., cryptographic algorithms and protocols to realize an efficient anonymous credential system. This work is partially funded by PrimeLife.
2. An open-source implementation of cryptographic protocols, some basic applications logic on the server and the client side, a wallet for users to manage (store, show, and obtain) their credentials, and some demo applications. Our prototype has been used by several universities for their own research, such as for anonymous access control, identity management, privacy in health care, and e-government, to name just a few. The idemix protocol was also used and enhanced in the FP6 integrated project PRIME (Privacy and Identity Management for Europe). We have made the Identity Mixer library publicly available within the PRIME project.

We already finished a prototype implementation of the anonymous credential system on a standard Java Card. This smart identity card combines strong authentication and privacy properties, such that users can use their card in privacy-sensitive applications with third parties, while being confident that their personal data is well protected. This project received the 2009 Innovation Award of the German society for computer science (GI).

Our identity mixer is now entering a pilot phase with selected clients in government, banking, and telecommunications. If you are interested in using our prototype for your own research, please contact us.

If you've become curious and want to know more, please visit oue idemix blog.

We are leading the European FP7 research project PrimeLife that envisages bringing sustainable privacy and identity management to the increasingly collaborative character of the Internet, and enabling individuals to control the life-long trail of personal data that they leave behind. The PrimeLife project builds on the success of the FP6 project PRIME in which a working prototype was developed of a privacy-enhancing identity management system.

More particularly, IBM is involved in

1. the development of new cryptographic tools and mechanisms supporting online privacy and identity management;
2. the design and implementation of a suitable policy language allowing both websites and end-users to express their privacy policies and preferences;
3. the analysis, design and prototype implementation of a tool that allows users to assess the trustworthiness of collaboratively created contents such as Wikis and blogs.

We are participating in the Higgins project, where we are working on

1. integrating support for the identity mixer technology into Higgins, i.e., into a Web services environment,
2. establishing privacy policies that allow service providers to express to the user what identity information they require from the user to grant him or her access to a resource as well as how they handle this information, and
3. developing user interfaces that allow users to decide which credentials or certificates to use in order to fulfill a service provider's request.

We have also worked intensively on browser-based federated identity management.