IBM Explores Data Masking for Better Security

IBM today announced Magen — short for “Masking Gateway for Enterprise” — a proof-of-concept technology that scrambles sensitive data on PC screens without altering the underlying information.

The product was developed in IBM’s (NYSE: IBM) Haifa research lab in Israel and required new concepts in handling images.

“It is a very complex notion: How to handle a display? The richness of displays, even static displays, is overwhelming,” Haim Nelken, the lab’s manager of integration technologies, told

“It is hard to … describe a display, or to identify within a display primitives like tables and then work them. Our key innovation involves the identification of primitives,” he added.

The news comes just a few weeks after another potential privacy breakthrough from Stanford University-based researcher Craig Gentry, who described a method for manipulating data without, apparently, decrypting it.

As IBM releases new privacy products, reports say that distributed enterprises and modern supply chains carry new risks.
But IBM has been working on privacy
for years.

Companies want to mitigate those risks, but not jeopardize the performance of business-critical applications.

That’s where advancements like Magen come in. The word “magen” means “shield” in Hebrew and has special significance in Judaism — the Star of David that appears on the Israeli flag is the Magen David, or shield of David.

Because the Magen software manipulates a PC’s screen, rather then the underlying data, it is faster and more flexible than traditional data masking technologies, IBM said.

Nelken added that Magen is also protocol-agnostic. The main software runs on a server, and the client is a thin Java applet that invokes Magen on a PC, he said.

Despite the achievement, it’s unclear whether today’s announcement will find its way into a technology. However, according to Nelken, there are numerous potential uses. Any distributed enterprise relies on contractors or outsourcing could employ it.

“The database with your credit card number could be in the U.S., but the display could be rendered in India,” he said. “You could put Magen in the U.S. — or anywhere.”

The Magen software builds on earlier work by IBM, Nelken added. “We already have a comprehensive library of de-identification routines. This library is used in various IBM products.”

IBM has worked on enabling customization of these routines in other products. “The administrator who configures the system can choose to replace data with asterisks or red squares. We have a function that can take a credit card number and make another credit card number that is valid or it can make something that looks like a valid number but is not in fact valid,” he said. “If you try to use that invalid number on Amazon, it will you that it’s a wrong credit card number.”

To date, most development has involved text-based screens, but the software could potentially handle rich media. “Most of the proof of concepts are with text-based screens,” Nelken said. “We did very few engagements with customers who had rich media. It can be done but it’s less mature technology.”

News Around the Web