IBM eases identity protection

Project Higgins aims to unify personal IDs

IBM, Novell and Parity Communications have teamed up on an open-source initiative aimed at making it easier for users and firms to manage and protect their identity information online.

The end result of Project Higgins, as the initiative is known, is to offer software that will look after an individual’s online identities and passwords.

IBM said that individuals could use the software to limit the type of information that they share. For example, they might grant their bank access to all their information, while limiting access to their cable provider. To do this Project Higgins will break an identity into chunks and let the user control who sees which chunks and when. Enterprises could also use the tools to share specific bits of their identity, such as a telephone number, or to target adverts and promotions automatically with relevant customers.

“Internet fraud, privacy issues, and the need to share information means that consumers must be able to control the way that they share their information online,” said Peter Regent, IBM alliance director at Novell. “Higgins is a standard for consistency [in this area].”

Dan Bailey, IT architect at IBM’s safety and security division, said, “As the internet increases in use so does the value of the business that we do on it. We have lots of accounts and passwords and it’s all got a bit complicated.”

Dan added that the decision to develop an open-source approach to identity is key to a successful solution. “It is an open source on an open architecture – no single vendor can solve the identity management problem alone,” he said.

To further help firms’ identity control strategies, IBM also announced an anti-fraud solution designed to counter internal threats. The IBM Identity Risk and Identification Solution includes ‘session-based behavioural analysis’ to compare access patterns for unusual behaviour.

The firm said that typically internal problems are identified when people with the wrong log-ins attempt to use protected systems, or are blocked through the use of biometric security. IBM said that this approach was ineffectual, and added that by analysing and comparing the users’ behaviour IRIS would be able to identify not just fraud, but also as it happens. Access to databases and applications can be blocked on the fly using this behavioural pattern analysis

As it plans to do with Higgins, IBM has integrated IRIS with Tivoli Identity Manager and Tivoli Access manager, both of which manage username and password information.