Nowadays there is a constant development of transactions between organization and customer where customers are obliged to identify themselves and where personal data are collected. This can be the subject of considerable abuse.

For example, a customer who opens his purse or wallet, will find, somewhere in there, several forms of identification cards. Some of these were probably issued by some forms of authority such as government, employer or perhaps school.

It is likely that he also carries other"identification cards"from retailers in his area. These cards are often described as"loyalty cards"and he carries them because his retailer provides him with additional savings or points towards other benefits if he presents it every time he makes a purchase.

Some of the more successful loyalty card programs involve more than one retailer. For example, the card would be accepted, and earn benefits for him, at; his grocer, his favorite gasoline station, his favorite airline and perhaps a few of the specialty retailers that he frequents. For a consumer, this provides ample opportunity to amass greater savings or points towards the benefits the card offers.

However, loyalty card programs have really only one purpose-to collect and correlate information about customers; their spending habits, their brand preferences, their reaction to promotions, etc.

This provides valuable marketing information for the retailers involved and, to a great extent; it helps them tailor their products and services to serve customers better.

Unfortunately, while the collection and analysis of such personal data by an organization (private or public) can be of great public benefit, it can also present some drawbacks in particular when links are made across organizations.

Privacy-aware consumers shy away from these programs-and for good reason. Armed with his personal details, any of the involved retailers could establish a match of a customer identity to credit agencies, public records, and more. Some of these retailers will also gain additional revenue by selling or renting customer personal details to other private organizations. Before too long, such a customer will find a tremendous amount of unsolicited offers in his mailbox and unsolicited salespeople calling he at suppertime. If he is an internet-enabled consumer, it won't be too long before his web browsing habits are also being collected against his profile and the content of spam and browser pop-up ads will start to reflect someone else's idea of who he really is.

Presented with these concerns, it is no wonder many people would object to any form of identification cards. Without the proper care, a ubiquitous identity card could compound the problem of widespread collection and correlation of the consumers personal details.

On the other side it is also beneficial for the public that each organization identifies their customers such for example for loyalty programs. There is therefore a need that every organization had at least one unique piece of data for every consumer that preferably never changes-a Unique Key.

Consumers'names don't work because they are not unique. Also, consumers rarely use their full legal name, which compounds the problem. Consumers'addresses are also not unique and can change every so often but left uncorrected. Consumers'dates of birth are also not unique and it becomes difficult to justify to the consumers why they should share this information. Other potential identifiers are even more difficult to justify.

In many countries, Social Security Numbers seem to be a logical choice, but this is increasingly difficult to justify to the consumer and there is a great deal of activity in the state and federal governments to restrict undue collection, distribution, display and sale of this information.

However if all organization used the same unique key, such a unique common identifiers about an individual would facilitate the sharing and correlation of an individual's personal details or profile across many organizations. While the organizations involved clearly have the need to have an identifier for its members, customers, or what have he, the number does not have to be the same identifier that these same individuals have with the other organizations.

The present invention solves the above problems by providing a system or a method, which allows every customer to use specific identification key with each organization to confidently prove his identity to this organization (public or private), said identification key being only valid for one organization.

Accordingly to the invention, each individual have an uncommon unique identifier for each organization, which minimized the potential abuses of the individuals privacy.

Following an embodiment of the invention, this uncommon unique identifier is obtain by generating the same unique identifier each time the individual interacts with a given organization. It allows the organization to keep its records properly but not to correlate them against another organizations'records.

The system and method following the invention generate unique identifiers that are indeed, unique and unchanging, but are different for each organization. This is an important distinction because this leaves the organization no common identifier to correlate against another organizations records. Without a common identifier, the inappropriate correlation of personal information across organizations would be seriously interrupted.

In order to facilitate this capability, the system and method use an Identifier Generation Application (IGA) which could be for example embedded into an identification card. The cardholder has the choice of which service bureau facilitates this for the cardholder. The cardholder should choose a service bureau that they truly trust,

whether this is their local or federal government or some other organization.

The cardholder will work with the service bureau to securely install the application on their card and then create a single, secure unique value called an Identity Generation Key (IGK). The application will permanently hide this IGK on the card, but the service bureau should keep a backup in case the cardholder should ever lose his or her card.

When the cardholder is faced with the need to establish a unique identifier with an organization, the cardholder will insert his or her card into a card-terminal. The organization will request an identifier by providing an Organization Identifier via the card-terminal to the cardholder's IGA. If the cardholder accepts the request, the IGA will mathematically generate a value using the organization's identifier and the IGK and return this to the organization. This same value will be computed and returned when presented with the same organization and cardholder. If either the organization or the cardholder changes, the returned value is different.

This functionality will allow the organization to be guaranteed a unique identifier for each of their constituents, but not to correlate records with other organizations. The application facilitates the cardholder to interact with a practically unlimited number of organizations without having to worry about the amount of space on the card. Also, if the card were ever lost, the cardholder can recover all of these unique organization identifiers by recovering their IGK from their service bureau.

The invention will be further understood in connection with a detailed description of a practical example. Such an example is not limitative of the invention which should have other forms of implementation such as a piece of software working on a personal computer for accessing various organizations through the Internet.

Following the embodiment further described, each customers is provided with an identification card which allows him to access various organization (either public or private).

Such an identification card is equipped with an embedded cryptographic processor-a smart card. The cryptographic smart chip was built from the ground up to securely hold information. It also provides a sufficient amount of computer processing and memory for the proposed innovations.

The identification card stores, among other things, public-and private keys. The cardholder will find these keys very useful in electronic transactions where he must prove his or her identity or electronically sign documents.

The card should be protected by the cardholder's personal identification number (PIN). This will allow a positive and culturally accepted means of approving operations on the card.

Some of the algorithms used to facilitate the functionality are already known. In particular, the application would use a cryptographic hash function at least in part.

The identification card following the invention is provided with an Identifier Generation Application (IGA), which would be installed onto the card by a trusted agent. It would then be initialized with a randomly generated Identity Generation Key (IGK). This IGK would also be escrowed with the trusted agent.

To use the IGA, the cardholder presents his or her card to an organization via a card terminal. The IGA would receive from the organization their Organization Unique Identifier (OUI). An optional, but recommended step, would be that this OUI would be verified with the issuing authority by the card terminal and then a descriptive text would appear before the cardholder.

The cardholder would inspect this text on the display and decide whether he or she wishes to proceed. If he or she does, they would key in their card-PIN approving the use of the IGA.

The IGA would then compute an uncommon unique identifier (UUI) which is will always be the same for this organization, but will also be different for every other organization that the cardholder presents his or her card to.

In its simplest form, the application could simply apply a hashing function with two inputs: the individual's Identity Generation Key (IGK) and the Organization's Unique Identifier (OUI) as such: UUI = f (IGK, OUI)

At its heart, the function would utilize a cryptographic hash but other factors should be considered to further cryptographically protect the IGK.

The advantages of this application are: - Allows a unique identifier for the organization to index their records of an individual ; - Does not allow the organization to correlate records with other organizations; - Since these identifiers are computed, not stored, it can serve an individual that interacts with a very large number of organizations without leaving concern for storage space, etc.

The IGK would be escrowed by a trusted agent. If the individual's card should ever be lost or stolen, the individual can obtain a replacement with the escrow agent.

Should an authority with sufficient legal means also need a copy of the IGK, it can be facilitated with the cooperation with the escrow agent.

One such alternative means is to simply randomly create identifiers and then store them on the individual's card. This has obvious space limitations though.