One of the technologies I am waiting for would allow me to effect transactions without giving over vast quantities of personal data. After all, what companies really need to know are: can I pay, and do I have the necessary qualities (age, residence) I claim to have. They don't need to know a vast range of irrelevant *details* about me.
Such a system exists; it's called U-Prove:
It was put together by respected cryptography researcher Dr Stefan Brands. He created a company to develop and market U-Prove, Credentica, which was bought by Microsoft in March 2008. With U-Prove, identity information can be used securely, and private data can be safely shared to those parties that need it, without leaking more information than is required.
U-Prove allows the creation of secure ID tokens, which are pieces of data that incorporate whatever information I need for a given task—but no more—along with cryptographic protection to ensure that they can't be forged, reused, traced back to me, or linked to other tokens that I have issued.
In a world with U-Prove, many existing identity management problems would go away. If my credit card company and online music service both supported U-Prove, I could create a token that allowed a single limited electronic money transfer from my card to the music company, without disclosing my name, address, or date of birth, and without that token being usable to make further purchases. Similarly, I might want to buy a computer game from an online store, the same situation as before, but this time with a twist: the computer game is rated 18+. So to make the purchase, I have to reveal my age, as well as the money transfer, to the online store. U-Prove lets me do this, but still doesn't require me to reveal my name, address, or any other irrelevant detail.
An hour-long presentation by Dr Brands describes how U-Prove works and how it achieves what it does (with even more detail available in his freely downloadable book). It builds on existing public key cryptography concepts, but adds to them the important ability to hide data. Normal public key cryptography is something of an all-or-nothing affair—to prove that a particular piece of data was encrypted by a particular person, you need to know the data. U-Prove allows that proof to take place without revealing all the data.
This is absolutely brilliant. There's just one problem: you can't use it in practical situations, because it's not widely deployed. And because it's not widely deployed, nobody uses it...
So, how do you break that vicious circle? Easy - you make it freely available to encourage uptake - and that's just what Microsoft has done:
It is for these reasons that Microsoft has released its U-Prove SDK using the open source BSD license. Source code is available in both C# and Java, and the technology is covered by Microsoft's Open Specification Promise. This is a irrevocable promise by Microsoft that the company will not assert any claims against anyone using the technology that relate to any patents covering the technology. By releasing the technology under a permissive license, and by making a legally binding agreement that patents covering the technology will not be used in legal action, the company hopes that there will be no barriers to using the system for both service and identity providers.
It's really great to see Microsoft taking advantage of open source in a *good* way; it's just unfortunate that the accompanying Open Specification Promise has a big loophole that makes it pretty useless for consideration by serious free software projects.
Now, if Microsoft were to place all the relevant patents in the public domain....
Follow me @glynmoody on Twitter or identi.ca.