U-Prove allows website visitors to reveal only a minimum amount of personal information when conducting electronic transactions, thus reducing the likelihood of privacy violations. The technology, developed by Credentica Chief Executive Stefan Brands in the 1990s, relies on cryptography to stop websites from aggregating personal information about users from various sources.
Microsoft did not disclose what it paid for the U-Prove technology. Brands, with Credentica colleagues Greg Thompson and Christian Paquin, have joined Microsoft's identity and access group.
Microsoft said it intends to integrate U-Prove into Windows Communication Foundation and CardSpace. WCF, based on Microsoft's .net framework, gives programmers tools for developing and managing connected systems.
CardSpace, which is also based on .net, is deployed in sites that support shopping, banking and bill payment applications.
"The U-Prove technology helps to protect privacy by providing phishing-resistant, secure blind tokens that allow users to disclose the right amount of information required in any electronic transaction," Microsoft said in a statement.
Brands said in a blog post that he has rejected numerous buyout offers since he developed U-Prove in the 1990s "primarily out of concern that the technology would end up in the dustbin. There were good reasons to believe this would be a likely outcome: user-centric identity was not on anyone's business agenda, multiparty security was deemed overkill even for military applications, and privacy-by-design was merely an academic pursuit."
He added that he believes the demand for privacy-related technology has grown. He also said that Microsoft is a perfect partner because of its "strong presence" in the identity and access management market and its ability "to influence the client and server side of applications."
Kim Cameron, Microsoft's chief identity architect, said in a blog post that he believes U-Prove will find a home in medical applications, military systems and identity outsourcing.
U-Prove "is the equivalent in the privacy world of RSA in the security space," he said in the blog.
"It does things we wouldn't have otherwise though possible. At one time "public key" was considered an oxymoron -- but the properties of RSA were so compelling they completely changed our thinking about keys."