In-depth

Microsoft offers personal digital ID cards

Amid growing concerns and real-world problems with identity management and theft, Microsoft is one again trying to tackle the complex issue of ID cards and digital ID management with Vista and CardSpace.

Identity and the internet are not words that sit well together to many people. The internet has changed the way people interact with systems for work and leisure.

People are increasingly able to log into their office computers from anywhere in the world. At the same time, they are taking advantage of online shopping to order cheaper goods and using online banking to avoid charges and the problems of getting to banks.

Advertisement - Article continues below

The problem with all of this is identity. How do you prove who you are? How does your office server know to trust you? How can you be sure that the site you are connecting to is legitimate? Identity theft via the internet is a global business and affects both individuals and businesses.

Every month brings reports of new phishing sites that are trying to get hold of your details. This is causing chaos for users and businesses and has resulted in something of a crisis of confidence in the security of the internet. Changing passwords regularly is no guarantee of safety as keyboard logging software will harvest the password right from your machine. What has been missing is a solution that is immune from the bad guys but at the same time is simple and easy to use.

Advertisement
Advertisement - Article continues below

The role of InfoCard

Microsoft has been active in InfoCard from the start and recently revamped and renamed its InfoCard product to Microsoft CardSpace. It will introduce CardSpace with Windows Vista and provide versions for Windows XP and Windows Server 2003.

Advertisement - Article continues below

One of the things underpinning InfoCard is something called the Laws of Identity. These are:

Like all "laws" there is a lot of detail hidden by these headings. In a nutshell what this means is that:

The problem with most computer solutions is that they end up being pretty complicated. The designers of InfoCard have designed a solution that is pretty simple to make sense of. There are two ways of using the service - with a self issued card or one provided by a third party such as your employer, bank or similar. You then go through a simple process to identify yourself.

Self-issued cards

Cards issued to you

Most of this is done behind the scene with the user having to simply connect to the RP, choose a card and then provide their authentication if this is an issued card. All of the communication is done over secure internet connections. You don't type anything other than your authentication code if required leaving little or nothing for the hacker to steal. What could be simpler?

Advertisement - Article continues below

This is where the whole InfoCard project shows its strength. The fact that you can create your own InfoCards rather than go through third parties allows you to create as many digital identities as you want. People are used to having different personas or identities when they access various internet systems and InfoCard does not change that approach.

InfoCard has another key advantage. When the RP sends back what information is needs, you get to see what data it is requesting and you can, if you wish, simply create an InfoCard for that particular service.

InfoCard and its role in IT policy

So what is Microsoft adding to InfoCard under its CardSpace banner?

Whenever the user is working with an InfoCard they will find themselves put into a separate desktop and using a very restricted account. You will not be able to move between your normal desktop and the CardSpace environment. This will make it exceptionally hard for hackers to try and screen grab or harvest passwords using keystroke logging software.

Advertisement - Article continues below

What you will have to do is upgrade to Internet Explorer 7, which automatically recognises InfoCard requests and this might just be a sticking point for many on Windows XP.

Alongside this is the need for developers to understand how to write systems that will accept InfoCards. Microsoft is currently pushing out a lot of information on its MSDN web site about how to do this. Ultimately, this might be the limiting factor in the adoption of InfoCard and CardSpace services. Developers don't like messing with authentication mechanisms and corporate IT departments get very nervous about the thought of weakening security.

For once, those concerns need to be overridden and pilot projects started. This really does have the ability to improve security and Microsoft is already talking to a number of online retailers about adding InfoCard support to their web sites.

Advertisement
Advertisement

Recommended

Visit/security/hacking/355227/65-country-coronavirus-team-protects-the-technological-infrastructure-of
hacking

Cyber security experts form COVID-19 taskforce to combat ransomware attacks

3 Apr 2020
Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/business-strategy/flexible-working/355186/why-were-lucky-covid-19-has-come-now
flexible working

Why we’re lucky COVID-19 has come now

3 Apr 2020