Microsoft buys privacy vendor Credentica

Microsoft has bought privacy vendor Credentica, in another effort to ensure users of its products don't lose control of their personal data.


Microsoft has bought privacy vendor Credentica, in another effort to ensure users of its products don't lose control of their personal data.

Credentica develops technology called U-Prove that uses cryptography and multi-party privacy features to facilitate "minimal disclosure" so a user can reveal only the bits of information about themselves they want to.

Microsoft's Identity Architect Kim Cameron said on his blog that the U-Prove technology is the "equivalent in the privacy world of RSA in the security space".

Cameron has almost single-handedly rescued Microsoft from its identity gaffe of years ago when it launched Passport, which called for Microsoft to store user's personal data. Cameron was the driving force behind Microsoft's new CardSpace technology and claims-based architecture, which flips the Passport concept on its head and makes users gatekeepers of their own personal information.

"In many online interactions, there is a need to verify people's identities," Cameron said. "Today we have to give too much personal information, and it increases our risk of online identity theft or misuse of our personal information."

Cameron said the Credentica acquisition is an important step in developing Microsoft's Identity Metasystem concept, a framework for connecting identity systems via web services based protocols and client, server and middleware technologies.

He said the U-Prove technology could be applied in many areas, including anonymous age or membership verification for online communities or social networks.

"If a student is issued a U-Prove token by a school and the student uses the token to apply for access at an age-controlled website, the only information the site obtains from the student is the fact that the token has not been tampered with and the student is under or over a certain age," he said. The site does not obtain the exact age, name, address and so of the student.

The technology also could be used to access government services without those individual services being able to link the user data they collect to create a user profile.

Cameron also said U-Prove could support outsourced identity services."The main point is that this will just become part of the base identity infrastructure we offer. Good privacy practices will become one of the norms of e-commerce," he said.

Microsoft plans to incorporate U-Prove into both Windows Communication Foundation (WCF) and CardSpace, the user-centric identity software in Vista and XP. It said all its servers and partner products that incorporate the WCF framework would provide support for U-Prove.

"The U-Prove technology looks like a good candidate as an authentication mechanism for CardSpace-managed cards (i.e., those cards issued by an identity provider)," Mark Diodati, an analyst with the Burton Group, wrote on his blog.

"Recommended For You"

Microsoft's cloud identity platform on track Microsoft warning over 'untrustworthy' elements of internet