Sorry! We have moved! The new URL is:

You will be redirected to the new address in five seconds.

If you see this message for more than 5 seconds, please click on the link above!

Social Icons

twitterfacebookgoogle pluslinkedinrss feedemail

Wednesday, April 21, 2010

Verifying Your Identity Online

 Microsoft On The Issues

Indeed, online identity management is a topic that is receiving considerable focus and discussion in privacy circles these days.

In the context of citizen and consumer protection, the promise of online identity management is essentially the same as the promise of identity management in the physical or “real” world.
In the physical world, when you need to prove your identity to access a particular good or service, you typically pull out the appropriate ID from your wallet. Depending on the context, this might be a driver’s license, student ID, ATM card, employee ID or any other of the physical identity documents that people carry. The card is scrutinized and the recipient makes a trust decision whether or not to allow access to the requested good or service.

Today, we don’t have a similarly robust or interoperable identity verification system online. Instead, we rely on a patchwork of user names, passwords and other easily compromised pass-phrases to “prove” who we are online. Unfortunately, compromised usernames and passwords can typically be entered online by anyone, from anywhere on the Web, and don’t have anywhere near the fidelity of physical identity documents.

For online transactions that require a high level of information assurance and protection, we need a more secure and verifiable model -- one where the level of trust and assurance much more closely resembles identity in the physical world.

Technology can help us develop a system of electronic identities that extends to the Web the type of trusted identity verification enabled by ordinary plastic ID cards. As we move down this path we’ll encounter a variety of challenges. One of the most critical ones will be building these new systems in such a way that they support data protection and privacy principles.

At Microsoft, we’re investing in technologies to address these challenges. We recently released a cryptographic-based technology called U-Prove under the Open Specification Promise. The U-Prove technology can enable people to prove their identity by disclosing only the minimum amount of information necessary to complete a transaction, and does so in such a way that one use of an ID is not linkable to any other use of that ID. In the physical world, this would be similar to showing someone your university ID to get a student discount -- but without disclosing any piece of information but the fact that you were a verified student. All other information on your student ID-- school name, graduation year, student ID number and other similar fields-- need not be disclosed.


Post a Comment



Blog Archive

Total Pageviews