The Quite Cryptic Cryptonym

By Brian Mullin, Karlsgate CEO & Founder

One of the coolest new features in the Karlsgate Identity Exchange is the built-in de-identification capabilities. Complete identity protection without sacrificing usability is a new and powerful risk management tool. A key aspect of this feature is the use of cryptonyms within your local data storage infrastructure.?

A cryptonym, what the heck is that? What makes it different from a pseudonym or token??

The simple distinction: a cryptonym is a secret alternative identity, which is never shared with anyone else. Whereas the purpose of a pseudonym (or tokenization in general) is to share that alternate name with others instead of the original name.?

A classic example of a pseudonym is an author’s pen name -- not the author’s original name but one that is communicated by publishing it. Once someone knows the true identity of the pseudonym, so can everyone else. This process of mapping back to the original is often called re-identification.?

Karlsgate makes use of cryptonyms by redacting all the original identifying information such as name or email and replacing it with a cryptographic code. That code can later be used as a unique fingerprint for other cryptographic transactions, serving as an anchor to the original identity. That means the stored code is never seen by or transmitted to any other party and thus cannot lead to re-identification.?

These subtleties can be complicated but make a big difference in upholding privacy commitments. When designing this feature, it was important to me to make it super easy to employ the best protection possible with minimum effort. Whenever the best solution is too much bother to use, it feels like a missed opportunity for innovation.?