Microsoft touts its new InfoCard

Published 9:00 pm Tuesday, February 14, 2006

SAN JOSE, Calif. – Trying to simplify online transactions and make them safer, Microsoft Corp. Chairman Bill Gates on Tuesday showed off a tool that manages all the user names and passwords that people and companies use to unlock the doors of the Internet.

Gates also broadly discussed Microsoft’s efforts to improve security in its upcoming Windows Vista operating system and the tech industry’s initiatives aimed at stopping malicious software, hackers and other dangers.

“We’ve all got a common challenge here, yet an amazing opportunity to let these digital systems be used in the broadest way,” Gates said at the RSA computer security conference.

Gates highlighted the company’s InfoCard technology, which will help computer users corral their identifying information without running the risk of losing it. It also could be used by companies looking to improve on ways of granting access to their networks.

InfoCard is Microsoft’s latest attempt at identification and authentication services. The first, Passport, was criticized because Microsoft created, centrally stored and controlled a single identity for use across the Web.

By contrast, InfoCard is more of a container that holds identities created by the user and by businesses on the Web.

In a demonstration, a user logged into an e-commerce site simply by clicking on an InfoCard button on the Web page and choosing among the various identities – or cards – presented for that user. Once an identity card is selected, the user is logged in.

In another example using the same site, the user called up another identity – one created by the site owner – to receive a discount on the purchase.

“InfoCard is about making sure that if you have a series of identities, you can have a container kind of like a wallet that you can use to present it at the right place,” said Michael Nash, corporate vice president of Microsoft’s Security Technology Unit.

By making passwords easier to manage, users could be less likely to repeatedly use the same ones, a practice that exposes them to problems should one site get hacked.

Apple Computer Inc. has a password tool called Keychain for its Mac OS X machines, and third-party vendors have developed password management software for Windows computers.

InfoCard goes beyond that by letting sites store information also, and enabling the possibility for trusted third parties to verify the identity of the user even further.

By deeply embedding the technology into the Web browser or operating system, “people can get their hands on it,” said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. “Microsoft is in a unique position to kick-start some of this stuff.”

InfoCard also runs in a state that isolates it from other programs on the computer, making it less vulnerable to attack by malicious software or hacking.

The technology, which is expected later this year, will support the upcoming Internet Explorer 7 on Windows Vista, Windows XP with Service Pack 2 and the latest version of Windows Server 2003. Vista, the next generation of Microsoft’s desktop operating system, is scheduled for release this fall.