IBM Almaden Research Center's Sovereign Information Integration Privacy-Minded Security

Double-encrypted data allows for security checks, but without violating privacy rules.

Information sharing is a thorny subject these days. The whole idea of the Internet is to make anything available to anyone in real time. Instant access is the mantra of the modern world. Yet this philosophy collides solidly with privacy rights and the need for security.

Take the case of an airline working with the government on antiterrorist issues. The airline's passenger lists might have to be compared to a Homeland Security terrorism watch list, yet both sides have a vested interest in protecting their databases. The authorities really need to know only that Johnny Dangerous is on Flight 450 and should never find out the names of the other passengers (thereby protecting their privacy and the airline from privacy violation complaints), and the airline should never get to see who else is on the government watch list. Problems like this make security a real challenge today.

"Security vs. privacy is a false choice," says Rakesh Agrawal, IBM fellow at the IBM Almaden Research Center in San Jose. "By making technological advances, we can have both without impeding the flow of information."

IBM's Sovereign Information Integration (SII) technology is an attempt to solve this dilemma. It enables companies to gain value from their data while complying with privacy policies and legislation. Current approaches to information integration -- centralized data warehouses and federations - are based on the assumption that all of the information in each database can be revealed to the other databases. This may not actually be desired, however, in cases such as those involving medical information, national security, law enforcement, intellectual property law, and business networks and partnerships.

"IBM's solution is for each party to encrypt its own data and then send it to the other party to encrypt again," says David Rabb, a consultant at Rabb Associates Inc., a Chappaqua, N.Y.-based company that evaluates database technologies. "If the encryption methods are commutative, meaning you get the same result whichever encryption is applied first, then a name or ID number appearing in both files would have the same double-encrypted value and be recognized as a match."

Thus, double-encrypted data can be compared without violating disclosure rules. Nonmatching values, on the other hand, would be unreadable by either party, because they would be protected by the other party's encryption. Furthermore, this innovative encryption technique also enables information sharing via a Web-based query interface.

The system was developed by Agrawal along with a team consisting of Ramakrishnan Srikant, Alexandre Evfimievski and Dmitri Asonov. It was funded out of the $5 billion that IBM invests in research and development annually. SII is the functional component of IBM's Hippocratic Database, which ties into health care applications to let users indicate who should have access to certain patient data.

Agrawal says his team is now exploring the use of commercially available hardware to speed up the query execution of SII, as well as identifying additional application areas for the technology.

"We are validating technology with our customers and would like to make the technology available through customer partnerships as well as product and service offerings," he says. "We expect that SII will facilitate innovative new methods of business collaboration sensitive to privacy and regulatory issues."

Robb is a Computerworld contributing writer in Los Angeles.

Special Report


Computerworld Horizon Awards

Stories in this report:

Copyright © 2005 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon