Trying to simplify online transactions and make them safer, Microsoft Corp. Chairman Bill Gates showed off a tool that manages all the usernames and passwords that people and companies use to unlock the doors of the Internet.
Gates, the company’s co-founder and chief software architect, also broadly discussed Microsoft’s efforts to improve security in its upcoming Windows Vista operating system and the tech industry’s initiatives aimed at stopping malicious software, hackers and other dangers. (MSNBC.com is a Microsoft - NBC joint venture.)
“We’ve all got a common challenge here, yet an amazing opportunity to let these digital systems be used in the broadest way,” Gates said Tuesday at the RSA computer security conference.
Gates highlighted a technology dubbed InfoCard that will help computer users corral their identifying information without running the risk of losing it. It also could be used by companies looking to improve ways of granting access to their networks.
A 'wallet' for online identities
InfoCard is the Redmond, Wash.-based company’s latest attempt at identification and authentication services. The first, Passport, was criticized because Microsoft centrally stored and controlled a single identity that was supposed to be used on sites across the Web. Today, Passport remains mainly a tool for accessing Microsoft’s MSN sites.
InfoCard is more of a container that holds identities — and other information — created and managed by the user and businesses on the Web.
In a demonstration, Microsoft program manager Richard Turner logged into a fictional car rental site simply by clicking on an InfoCard icon on the Web page and choosing an identity for that site. He was automatically logged in without entering a username or password.
“InfoCard is about making sure that if you have a series of identities, you can have a container kind of like a wallet that you can use to present it at the right place,” said Michael Nash, corporate vice president of Microsoft’s Security Technology Unit.
InfoCard also runs in a state that isolates it from other programs on the computer, making it less vulnerable to attack by malicious software or hacking. The InfoCard screen, which runs locally on the PC, prevents users from doing anything else on the PC until it’s closed.
Apple Computer Inc. has a password tool called Keychain for its Mac OS X machines, and third-party vendors have developed password-management software for Windows computers. Microsoft’s own Internet Explorer also can store usernames and passwords for Web sites.
InfoCard goes beyond that by allowing more information to be stored securely and enabling the possibility for third parties to verify the identity even further. It also supports technologies such as smart cards that offer even more verification.
By deeply embedding the technology into the Web browser or operating system, “people can get their hands on it,” said Bruce Schneier, chief technical officer of Counterpane Internet Security Inc. “Microsoft is in a unique position to kick-start some of this stuff.”
The technology, which is expected to be available later this year, will support the upcoming Internet Explorer 7 on Windows Vista, Windows XP with Service Pack 2 and the latest version of Windows Server 2003. Vista, the next generation of Microsoft’s desktop operating system, is scheduled to be released this fall.
Microsoft did not identify any companies that will deploy InfoCard, though officials said talks are ongoing.
Gates also showed off several security features expected on IE7, Microsoft’s antispyware software and Vista. He also said Vista will have better support for smart cards, which would help lessen the need for yet another set of passwords.
In one demonstration, a program downloaded in Internet Explorer was limited to only a specific folder and is only given limited rights to run on the computer.