Microsoft specs out InfoCard security credentials

Microsoft specs out InfoCard security credentials

The forthcoming release of Microsoft's Internet Explorer Web browser will support the company's much-touted federated identity system InfoCard as part of the WinFX programming model.

The InfoCard platform is designed to address user security issues while transacting online and overcome the confidentiality concerns which doomed Microsoft's Passport, the software company's previous foray into the digital ID space.

Unlike Passport, which positioned Microsoft as a central storehouse for all online user IDs, InfoCard is being pitched as a way for users to retain responsibility for the management and control of their digital credentials.

Under the proposals, InfoCard will hold payment authorisation and details in the same way that a wallet holds credit cards. Web merchants would correspond with banks via the Infocard application on the user PC to authorise payment. In this way, the user would not have to input or store credit card and financial details on multiple insecure Internet databases.

The potential of the technology for simplifying the online user experience was highlighted by Microsoft chief Bill Gates at a keynote address delivered to the RSA security conference in San Jose. In particular, he emphasised the need for stakeholders in the computing ecosystem to work together to provide a wide range of digital identities for people, organisations, devices and code.

To this end, InfoCard supports a range of personal security credentials that can be called upon in different situations as appropriate, whether logging into a Web site or completing a high-value transaction.

Microsoft is not alone in attempting to crack this market. Symantec earlier this month announced plans to introduce a subscription-based hosted security service in September that will protect against spyware, phishing, spam and viruses. In addition, it will provide secure storage for personal information, including credit card data, for e-commerce.

Other major security initiatives unveiled at the San Jose jamboree included a push by RSA Security to extend its SecurID two-factor authentication software to mobile phones, SIMs, PDAs, secure mobile Flash memory cards, USB thumb drives and software modules.

The vendor has announced a host of partner agreements with third party device manufacturers aimed at embedding SecurID algorithms into their equipment.

RSA CEO Art Coviello says user will get the benefit of stronger security while taking advantage of the devices they already have, adding: "Consumer-facing account providers and enterprises will have a flexible mechanism to arm their customers with stronger authentication without having to procure and deliver standalone tokens."

In the server market, Sun previewed the extension of high-grade Elliptic Curve Cryptography to its Java System Web Server 7.0 platform. The vendor says the security upgrade will dramatically reduce the time it takes to complete secure online transactions.

Comments: (0)