From Technology Review…

As more services migrate online, and as tactics of identity thieves become more sophisticated, people will need better ways to manage their information, says Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli.

Nagaratnam and other IBM researchers have developed open-source software that they think can help. Called Identity Mixer (Idemix), the digital identity management software lets people make online transactions–from filling out forms to purchasing plane tickets–without disclosing personal information. The software lets a person use artificial identity information, in the form of digital “tokens,” to make online transactions. Using these encrypted tokens, which are issued by trusted sources such as the Department of Motor Vehicles (DMV) or a bank, a person can effectively be anonymous to Web services such as Amazon.com or Expedia, never giving out his or her information.

In a typical online purchase, Idemix could obviate the need for a person to fill out a form or reveal her credit-card number. Instead, she could use a token that vouches for her, verifying that she is who she says she is and that she has the appropriate funds and credit to make a purchase.

In addition, these tokens would provide only the information that is needed. For instance, if you’re renting a car online and need to verify that you’re older than 25, a token from the DMV could verify that you can legitimately rent without divulging your birth date, license number, or address. Otherwise, you reveal more than you need to about yourself, says John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. “It’s like using a passport when you buy a Coke.”

Interesting article on Technology Review

PITTSBURGH (AP) — Carnegie Mellon University researchers are relying on an old adage to develop anti-fraud software for Internet auction sites: It is not what you know, it is who you know.

At sites like eBay, users warn each other if they have a bad experience with a seller by rating their transactions. But the CMU researchers said savvy fraudsters get around that by conducting transactions with friends or even themselves, using alternate user names to give themselves high satisfaction ratings — so unsuspecting customers will still try to buy from them.

The CMU software looks for patterns of users who have repeated dealings with one another, and alerts other users that there is a higher probability of having a fraudulent transaction with them.”

There’s a lot of commonsense solutions out there, like being more careful about how you screen the sellers,” said Duen Horng ”Polo” Chau, the research associate who developed the software with computer science professor Christos Faloutsos and two other students. ”But because I’m an engineering student, I wanted to come up with a systematic approach” to identify those likely to commit fraud.

The researchers analyzed about 1 million transactions involving 66,000 eBay users to develop graphs — known in statistical circles as bipartite cores — that identify users interacting with unusual frequency. They plan to publish a paper on their findings early next year and, perhaps, market their software to eBay or otherwise make it available to people who shop online.Catherine England, an eBay spokeswoman, said the company was not aware of the research and would not comment on it. But England said protecting the company’s more than 200 million users from fraud was a top priority.

More detail here. Christos Faloutsos’s web site is here.