Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Conveying the pedigree of identifiers using digital certificates

A short one page paper on how to "notarise" personal data in smartcards or similar personal chip devices.
There are ways of issuing personal data to a chip that prevent those data from being copied and claimed by anyone else.

Summary

The root cause of much identity theft and fraud today is the unfortunate fact that customer reference numbers and personal identifiers are so easy to copy. Simple numerical data like bank account numbers can be stolen from many different sources, and replayed in bogus transactions. In some cases, identifiers like credit card numbers or health IDs can be simply made up, without merchants being readily able to tell the difference.

Our personal data nowadays is leaking more or less constantly, through breached databases, websites, online forms, call centres and so on, to such an extent that customer reference numbers on their own are no longer trustworthy. Privacy then suffers badly when customers need to assert their identity by supplementing their numbers with personal details, like name and address, birth dates, mother’s maiden name and other pseudo secrets.

To restore trust in personal identifiers, we need to know their pedigree. We need to know when a number is presented that it is genuine, that it originated from a trusted authority, it’s been stored safely in the meanwhile, and it has been presented with the owner’s consent.

One way to do so is to encapsulate and notarise personal data in a unique digital certificate issued to a chip device like a smartcard.

More details in the document attached below.