Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Think about the last time you bought a DVD, booked a flight, rented a car, or signed up for a service or newsletter on the Internet. At some point, you had to fill out a form that asked for a lot of personal information. While it’s a hassle unto itself, filling out forms can lead to a bigger problem: each time you give out your information, you provide an opportunity for your information to be picked off by identity thieves.

As more services migrate online, and as tactics of identity thieves become more sophisticated, people will need better ways to manage their information, says Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli.

Nagaratnam and other IBM researchers have developed open-source software that they think can help. Called Identity Mixer (Idemix), the digital identity management software lets people make online transactions–from filling out forms to purchasing plane tickets–without disclosing personal information. The software lets a person use artificial identity information, in the form of digital “tokens,” to make online transactions. Using these encrypted tokens, which are issued by trusted sources such as the Department of Motor Vehicles (DMV) or a bank, a person can effectively be anonymous to Web services such as or Expedia, never giving out his or her information.

In a typical online purchase, Idemix could obviate the need for a person to fill out a form or reveal her credit-card number. Instead, she could use a token that vouches for her, verifying that she is who she says she is and that she has the appropriate funds and credit to make a purchase.

In addition, these tokens would provide only the information that is needed. For instance, if you’re renting a car online and need to verify that you’re older than 25, a token from the DMV could verify that you can legitimately rent without divulging your birth date, license number, or address. Otherwise, you reveal more than you need to about yourself, says John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. “It’s like using a passport when you buy a Coke.”

To explain digital identity management, Clippinger draws from a real-world example: we have wallets that hold identifying cards such as a license or credit cards, he says, but we don’t have an analogy in cyberspace. “It’s hard to make people appreciate things like privacy and [online] identification,” he says, “but I think these things are going to become much more critical.”

6 comments. Share your thoughts »

Credit: IBM's Zurich Research Laboratory

Tagged: Business, security, software, IBM, open source

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me