InfoCards: Microsoft Takes on the World of Online Security and ID-theft

Last year someone applied for a credit card in my name. Luckily, I found out because I paid my bill on the telephone and the Customer Service Representative told me that my other card has been activated.

WHAT other card did I have? “You are all set now!” Yes, all set to lose the credit score I accrued by skimping, making payments on time. Of course, I closed the account.

If you do not want to be one of the 2.5 million Americans who have had to cope with identity theft, you will want to know more about Info-Cards. (True, not every victim’s information is acquired via the Internet. But a majority of the information is accessed by hackers.)

One way of getting information from web-users is by “phishing.”

Another method, prevalent in countries like Brazil, is the use of a key-logger. A small file is sent via e-mail to the recipient’s ID and the key-logger installs it self on the recipient’s machine.

This is when the user must understand that the Internet is a work in progress. User-friendliness is a young concept. User-protection is an infant. In the year of 2005 the number of phishing expeditions undertaken by hackers doubled compared to those in the year before.

Microsoft is taking on this problem by introducing Info-Cards. It is an identity management system aimed to increase security on the Internet.

==Distribution==

Microsoft is introducing a new operating system, Vista, this year. It is introducing InfoCards along with this new operating system. Also, Internet Explorer 7 is slated for release in the summer of 2006. At present it is being tested by beta testers. Microsoft wants to ensure that InfoCards is compatible with older versions like XP.

==How Do InfoCards Work ? ==

Cell phones and computers, among other personal devices will carry InfoCards.
or files. These files will give encrypted sites the necessary authenticated information.

Each company that is used by the customer will have its own set of information about the user. This authenticated information will be in an encrypted form. Should a website request this information, then the user will decide whether to release this information.

This year, this system will deliver the two features important to Internet users. It will provide a ‘stamp’ that makes it hard to falsify an identity. It will ensure the verification of the user’s own identity.

The most attractive concept Microsoft is selling with the InfoCards is that of complete user control. Besides, Microsoft conveys that it will no longer be a guessing-game for the user.

The very fact that this is a protocol for information exchange should reassure those skeptical of this venture. It is not a product, it’s a protocol. Using this protocol just about any company will be able to provide its users certified security. As mentioned above, Microsoft did come up with the Passport system a few years ago. This system was not received well because the users found the system dubious.

But this time, Microsoft has eliminated the Central Administrator who decides how the user’s data are to be protected. This new system puts the user in complete control. It arms the companies with a platform where they can compete with each other for the user’s attention. The more security a company offers, the more users it gains.

==Similar Endeavors ==

Is this the first time that this software giant is releasing a security system? InfoCards is, in fact, Microsoft’s second attempt at such a security system. In 1999, the public was introduced to Microsoft’s Passport, as mentioned before. It did not live up to its image, although it did indicate how big the identity-theft epidemic was. About twenty five million users downloaded it.

==Competition==

IBM and Novel are jointly involved in an open source project, Higgins.

While there are many similarities between Microsoft’s InfoCards and Project Higgins, the latter breaks up the data into individual units. Instead of transferring a huge data-set of private information en masse, it will determine which exact piece of information has to be divulges to a certain company.

No invader will ever be able to get the entire amount of data in one fell swoop. This makes the cost of hacking, phishing , key-logging too expensive and too risky. In effect, Project Higgins plans to arm the user with a system that minimizes information loss.

A crude analogy:
If one were to walk through an area where purse and wallet snatchers abound, then it would be best to distribute cash. This would minimize loss.

Not only does this system protect the user, but it also ensures that the user can update information quickly.

==Identity meta systems==

What is the Identity Metasystem?

It is a system of systems or a protocol that makes it possible to communicate with different digital security systems. So the user can subscribe to any technology and still can be assured of security. This identity metasystem approach is geared up to be compatible with present and future digital security technologies. By not building a security system, but building a metasystem, Microsoft is trying to ensure interoperability.

It is based on the philosophy similar to IP, which ensured interoperability and today it is a straightforward system. IP leverages the strengths of the systems used by different users and providers. The Identity metasystem is armed with a similar technology.

It will reflect the strengths of the technology being used by the consumer. It aims to be an intermediary.

Microsoft’s aim to solve the problem of identity theft and identity falsification lead it to work with a wide range of industry experts . This culminated in the company’s proposing a set of laws, called the “Laws of Identity”.

These laws are as follows:
User Control and Consent
Minimal Disclosure for a Constrained Use
Justifiable Parties
Directed Identity
Pluralism of Operators and Technologies
Human Integration
Consistent Experience Across Contexts

==Effectiveness==

All new software and new endeavors take some getting used to. There will be some teething troubles. Therefore, do not expect this new security system to replace passwords overnight. In fact, it will take three to four years to eliminate passwords and Ids completely.

Once that happens, Microsoft foresees an added layer of identity and a better security system for its users.
As long as the user is willing to have realistic expectations, this system might prove to be the answer to

Leave a Reply

Your email address will not be published. Required fields are marked *


7 − five =