News

Report: Major Privacy Technology Coming in Longhorn

Microsoft is working on a technology for Windows Longhorn called "Info-cards" that is designed to return control of personal data, such as credit cards and Social Security numbers, to users, according to a report published this week.

If the technology works and consumers, merchants and other partners adopt it, Info-cards could reduce the need for big merchant-side databases of personal information that are the juiciest targets for hackers, such as in the recent ChoicePoint data breach. Elements of the technology could also deter "phishing" attacks, in which users are lured to bogus bank or other Web sites to enter their personal financial information.

As laid out in an article in the Wall Street Journal on Monday, Info-cards would store personal information locally on a personal computer in an encrypted file. Computer users could then selectively disclose information about themselves to businesses or others online.

Only trusted Web sites would be able to decode the encrypted messages, and the sites would not need to store, and therefore secure, the information in a database. As a side benefit, the encrypted communication between users and back-end merchant software could reduce the need for insecure username/password combinations.

According to the Journal, Info-cards would use standard protocols that will be open to any Web site and could run on Unix or Linux as well as Windows. The details of such protocols are key to understanding how open they would actually be, but Microsoft executives did not provide extensive product plans for the article.

It is not the first time Microsoft has tried to address the problems of user security at disparate online sites. Microsoft Passport was the company's answer to the problem of multiple user passwords and the key to the company's now abandoned "Hailstorm" Web services initiative. Privacy concerns helped derail that effort, which could have put a massive, Microsoft-managed database at the center of transactions involving credit card numbers, health records and other highly sensitive information.

Passport was designed to let consumers use a single password to access most Web sites. It was not widely adopted by consumers, and partners and privacy advocates objected to the centralized data repository. The Federal Trade Commission also cited Microsoft for misrepresenting the security of the Passport system.

Differences with the Info-cards approach include no creation of a central information repository, and, in fact, the potential elimination of many smaller user information databases kept by Web site merchants, such as Amazon.com.

Microsoft is expected to put out a first beta version of Longhorn by the end of June, with the final version of the OS shipping next year. It is not clear how much, if any, of the Info-card technology might be available in the beta version.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.