IBM researchers have developed software that uses optical character recognition and screen scraping to identify and cover up confidential data.

According to IBM, the driving idea behind the MAGEN (Masking Gateway for Enterprises) system is to prevent data leakage and allow the sharing of data while safeguarding sensitive business data.

MAGEN works at the screen level by ‘catching' the information before it hits the screen, analysing the screen content, and then masking those details that need to be hidden from the person logged in. The major novelty lies in architecting a single system that handles a wide range of scenarios in a centralised and unified manner, IBM stated.

The IBM system treats the screen of information as a picture and uses optical character recognition to identify the pieces that were defined as confidential. It then places a data 'mask' over the details that need to remain hidden - without ever copying, changing, or processing the data, IBM said.

IBM said customers can set masking rules specify parts of screens to be masked and that such rules can be defined per screen structure or per application. Each role can be defined with a specific privacy level depending on the needs of the customer.

MAGEN does not change the software program or the data - it filters the information before it ever reaches the PC screen - and does not force companies to create modified copies of electronic records where information is masked, scrambled, or eliminated, IBM stated.

IBM cites the example of a MAGEN application where a healthcare firm outsources customer service and claims processing functions to a third-party. Although private medical information in the patient records can't be shared with the contractors, customer service representatives need access to patient records. In these kinds of cases, MAGEN can hide private information so that it never appears on the agents' screens, IBM stated. Or, it can partially hide data, such as for the screens of call centre customer service representatives, who only need enough identifying data to access, confirm or update an account.

IBM researchers have been on a security roll of late. Big Blue last week said one of its researchers made it possible for computer systems to perform calculations on encrypted data without decrypting it. IBM said the technology would let computer services, such as Google or others storing the confidential, electronic data of others will be able to fully analyse data on their clients' behalf without expensive interaction with the client and without actually seeing any of the private data.

The idea is a user could search for information using encrypted search words, and get encrypted results they could then decrypt on their own. Other potential applications include enabling filters to identify spam, even in encrypted email, or protecting information contained in electronic medical records. The breakthrough might also one day enable computer users to retrieve information from a search engine with more confidentiality, IBM said.

And last year IBM researchers came up with a small device they called "security on a stick" for use in online banking so customers plugging into any computer can protect transactions and find out if Trojan malware is trying to steal funds.

Created in IBM's Zurich Research Lab, the "security on a stick" is still a prototype and being tested in a few trials in Europe, says Michael Baentsch, a senior researcher there. IBM, which unveiled the device Thursday, officially calls it the "Zone Trusted Information Channel" because the little USB-based device works to set up a secure channel to an online banking site supporting it.