Report: Major Privacy Technology Coming in Longhorn

Microsoft is working on a technology for Windows Longhorn called "Info-cards" that is designed to return control of personal data, such as credit cards and Social Security numbers, to users, according to a report published this week.

If the technology works and consumers, merchants and other partners adopt it, Info-cards could reduce the need for big merchant-side databases of personal information that are the juiciest targets for hackers, such as in the recent ChoicePoint data breach. Elements of the technology could also deter "phishing" attacks, in which users are lured to bogus bank or other Web sites to enter their personal financial information.

As laid out in an article in the Wall Street Journal on Monday, Info-cards would store personal information locally on a personal computer in an encrypted file. Computer users could then selectively disclose information about themselves to businesses or others online.

Only trusted Web sites would be able to decode the encrypted messages, and the sites would not need to store, and therefore secure, the information in a database. As a side benefit, the encrypted communication between users and back-end merchant software could reduce the need for insecure username/password combinations.

According to the Journal, Info-cards would use standard protocols that will be open to any Web site and could run on Unix or Linux as well as Windows. The details of such protocols are key to understanding how open they would actually be, but Microsoft executives did not provide extensive product plans for the article.

It is not the first time Microsoft has tried to address the problems of user security at disparate online sites. Microsoft Passport was the company's answer to the problem of multiple user passwords and the key to the company's now abandoned "Hailstorm" Web services initiative. Privacy concerns helped derail that effort, which could have put a massive, Microsoft-managed database at the center of transactions involving credit card numbers, health records and other highly sensitive information.

Passport was designed to let consumers use a single password to access most Web sites. It was not widely adopted by consumers, and partners and privacy advocates objected to the centralized data repository. The Federal Trade Commission also cited Microsoft for misrepresenting the security of the Passport system.

Differences with the Info-cards approach include no creation of a central information repository, and, in fact, the potential elimination of many smaller user information databases kept by Web site merchants, such as

Microsoft is expected to put out a first beta version of Longhorn by the end of June, with the final version of the OS shipping next year. It is not clear how much, if any, of the Info-card technology might be available in the beta version.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.