The AP reports on efforts to tighten access to Social Security numbers, saying they have evolved into "dangerous master keys for fraud."
One solution could be a "federated identity" system that relies on the mathematical principles of cryptography to ensure information can be transferred only among prearranged parties.
For several years, technologists with the Liberty Alliance, an industry consortium, have been developing a way for people to log in to one network and be automatically authenticated at another.
The idea is to avoid sharing a single password among multiple parties with which you transact business — the model followed when your bank and insurance carrier both ask for your Social Security number. Instead, one site sends another an encrypted numeric token that represents the user’s identity — but only for that single Web session or transaction. The token is useless to anyone else or at another time.
The alliance’s brain trust is now exploring ways its system can be applied more broadly in online systems where most identity thefts happen.