The Stack Archive

IBM privacy tool lets users access apps without personal data

Mon 23 Nov 2015

IBM Identity Mixer

IBM has announced the release of its Identity Mixer tool which has been designed to help protect consumer data shared with mobile and web apps.

The service, which runs across its Bluemix cloud platform, uses advanced algorithms to reduce the incidence of personal identity theft facilitated by the app market. IBM hopes the tool will enable developers to build software that can authenticate a user’s identity without the need for personally identifiable data.

According to a report, the following is true of the new project: “Thanks to a set of algorithms based on cryptography work done at IBM Research, the tool allows developers to build apps that can authenticate users’ identities using what’s known as a ‘zero-knowledge proof’ that collects no personal data.”

Employing the Identity Mixer, an app can instead verify the authenticity of a user’s claims of being above a certain age and having a subscription. It therefore takes a way the responsibility of security from third-party developers. Companies too will not have to worry about protecting user data as no personally identifiable data is exchanged.

The tool, built by researchers based in Zurich, Switzerland, authenticates the users by asking for a public key. Every user has a single secret key which corresponds to several public keys or identities. The user receives a new public key for each transaction, leaving no privacy ‘breadcrumbs.’

Users would have identity and subscription details stored in a personal Credential Wallet. To access an app or service, they can use the digital record to prove that they’re entitled to view the content without having to give away any details. Privacy is therefore preserved.

“One of the key principles for protecting privacy is the concept of data minimisation,” explained director of policy and advocacy at the Privacy Rights Clearinghouse, Paul Stephens. “Anything that can be done to reduce the amount of data that’s collected as part of the authentication process is definitely a very good thing.”

Details are yet to be provided by IBM to confirm exact dates for public release.


IBM news privacy research security
Send us a correction about this article Send us a news tip