Microsoft said to have new security plans.

Not open for further replies.


Yellow Belt
March 28, 2005
Microsoft Said to Have New Security Plans
By Jim Wagner

Microsoft's (Quote, Chart) next operating system, code-named Longhorn, will feature a new personal data repository, according to a news report Monday.

The service, called Info-cards, would reside on the user's PC and aggregate personal information like names, credit card numbers and mailing addresses, and will allow people to use them when they shop or conduct business online, Microsoft executives said in a Wall Street Journal report.

Users will be able to create unique cards for certain types of transactions, such as one for shopping online and another for filling out an online application. They all use an encrypted format to foil information theft and technology like digital certificates (define) to curb phishing (define) attacks.

According to Microsoft officials in the report, some of them named and others anonymous, the technology will be built using open technology protocols to allow the Info-card service to run in a non-Windows environment, like Linux, as well as interoperate with federated identity management software like those created through the Liberty Alliance.

Microsoft officials were not available for comment at press time. A beta version of Longhorn is expected in June, with a final release sometime in 2006.

The news comes at a time when the concerns over personal information security are on the minds of consumers.

Data broker ChoicePoint admitted earlier this year that the credit reports, addresses and Social Security numbers of as many as 145,000 people might have been compromised in an ID theft criminal ring.

Another data broker, LexisNexis, reported earlier this month a similar database breach at one of its subsidiaries, Seisint.

And in February, Bank of America reported it lost one of the data tapes used to store personal information, affecting 1.2 million federal employees.

The Redmond, Wash., company has dabbled in personal information repositories for some time, notably through Passport. Similar to the Info-card concept, Passport was designed to be a federated identity management solution to its users, allowing single sign-on authentication through merchant sites worldwide.

The technology in time drew 14 million users to its service, but privacy groups and analysts soon came out against the service, which stores the personal information on Microsoft servers rather than within the user's computer.

Numerous vulnerabilities were discovered over the years, which ate away at the credibility of the system, prompting research firm Gartner to state in 2003 that Passport couldn't be trusted for use at financial institutions and businesses.

Privacy advocates like the Electronic Privacy Information Center and the Center for Media Education filed a complaint against Microsoft's service to the Federal Trade Commission in 2001.

The groups claimed Windows XP encouraged people to sign up for the Passport service, which they stated in the filing was an unfair and deceptive practice.

Microsoft cut a deal with the FTC the following year, agreeing to 20 years of independent, third-party audits of its Passport technology to assuage privacy and security concerns. In December 2004, online auctioneer giant eBay (Quote, Chart) announced it was dropping Passport.
Not open for further replies.