Matchbox - overview
Research has been working on a highly secure system called Matchbox. Essentially, it allows parties to share private/confidential information by employing the IBM 4758, which is a FIPS 140-1 level-4 certified hardware security module (HSM). This level-4 certification is the highest attainable for an HSM. Matchbox not only provides a high level of security and authentication, it is also provides for architectural flexibility.
Our first implementation is in the form of a demo for the Travel and Transportation (T&T) industry or employee checking, where an agency (e.g., the FBI) provides an encrypted watchlist, and a screener (e.g., American Airlines) submits a person's identity (can be name, ssn, date of birth, and/or fingerprint, etc.). The Matchbox server checks to see if the person is in the watchlist, and if so, notifies one or more law enforcement parties with information that that particular law enforcement is eligible to see. All data in the system is encrypted. The only place that information is decrypted is within the secure confines of the 4758, which will erase all security-related data items if it is tampered with.
While we have created this government/T&T demo first, the architecture is sufficiently generic to allow for the sharing or aggregating of confidential (encrypted) data for any number of parties; e.g., Matchbox could be used by Heath Care or Financial industries to collect encrypted confidential data and create reports. Individual banks of a consortium might send in their data on employee theft or bad loans, and the members of the consortium could receive composite reports with no individual bank's identity or data being revealed. In Heath Care, medical records on people could be aggregated, yet no individual or health institution would be identified. We believe that there are probably similar applications involving the sharing of toxicology data.
Today, some consortia hire an outside company to do this type of aggregation and composite reporting, but the data is 'in the clear' at the server that performs the aggregation and creates the reports. Someone could obtain secrets about individuals or a given company. This compromises security and privacy. With Matchbox, the security and privacy are built in and enforced by the architecture, the software, and the 4758.
Research and IGS have created this very flexible, secure architecture.
We are in the process of filing patents on it. Here is a web site with
more information concerning the 4758: http://www-3.ibm.com/security/cryptocards/
Kenneth Goldman, Enriquillo Valdez: Matchbox: Secure Data Sharing. IEEE Internet Computing, 8(6) 2004, pp 18-24.