Info-cards

Redmond Mag reports Microsoft is working on a technology for Windows Longhorn called "Info-cards" that is designed to return control of personal data, such as credit cards and Social Security numbers, to users, according to a report published this week.

If the technology works and consumers, merchants and other partners adopt it, Info-cards could reduce the need for big merchant-side databases of personal information that are the juiciest targets for hackers, such as in the recent ChoicePoint data breach. Elements of the technology could also deter "phishing" attacks, in which users are lured to bogus bank or other Web sites to enter their personal financial information.

As laid out in an article in the Wall Street Journal on Monday, Info-cards would store personal information locally on a personal computer in an encrypted file. Computer users could then selectively disclose information about themselves to businesses or others online.

Only trusted Web sites would be able to decode the encrypted messages, and the sites would not need to store, and therefore secure, the information in a database. As a side benefit, the encrypted communication between users and back-end merchant software could reduce the need for insecure username/password combinations.

According to the Journal, Info-cards would use standard protocols that will be open to any Web site and could run on Unix or Linux as well as Windows. The details of such protocols are key to understanding how open they would actually be, but Microsoft executives did not provide extensive product plans for the article.

SanDiego.com reported The technology proposed by Microsoft is reminiscent of two software tools detailed by the Redmond, Washington-based company in 2001 called Passport and Hailstorm.

Hailstorm was quietly shelved after privacy advocates said it put too much sensitive information into the hands of a single company and partners expressed similar reservations.

Passport, used to provide a single log-in for multiple Web sites and store basic personal information, did not gain the wide audience that Microsoft hoped for. Online marketplace eBay Inc., an early Passport adopter, stopped using the service for its users in January.