Lockstep

Lockstep Technologies - "Safety in numbers"

• Stepwise
• Stepwise CNP
• Recognition
• Technology Notes
• Related papers

Lockstep Technologies' R&D has focussed to date on smart personal authentication devices, Internet anonymity, and Card-Not-Present (CNP) payments fraud. Our goal is to enable radically better security and privacy for an individual's identity assertions and personal information.

We could stop most "identity theft"

Our flagship solution "Stepwise" uses asymmetric cryptography native to most smart devices today to "encapsulate" Digital Identity assertions, allowing individuals to keep their online personae distinct and secure, and in many cases, thereby transact anonymously.

Stepwise creates a strong virtual triangle joining an identity Assertion to an Individual via an authentication Device under their control. The structure of the triangle can be proven and relied upon without revealing all the constituent personal detail.

Stepwise seals (digitally signs) transactions using a capsule (certificate) that explicitly conveys an identity Assertion, but no other personal information about the user. Furthermore, because the process ensures that the Stepwise capsule was issued to a genuine device under the control of the user, the signature proves that the particular user with the given Assertion truly originated the transaction, without revealing their identity. The triangle is preserved but the individual is masked!

Consistent with Lockstep's fresh breakthrough treatment of Digital Identity in terms of relationships, Lockstep Technologies' novel application of digital certificates conveys elemental personal relationships (rather than abstract "identity") and safeguards Assertions against abuse.

Comparing Stepwise with other leading PETs

One of the best known anonymisation PETs is Microsoft's "U-Prove". Based on new "Zero Knowledge" cryptography algorithms, U-Prove promised to enable parties to validate "unanticipated identity assertions". In contrast, Stepwise leverages mature, ubiquitous digital signature standards, entailing no new algorithms. Lockstep's ambition is perhaps less lofty: we are concerned with anticipated assertions. We contend that in the vast majority of economically important use cases, parties know from the context exactly what assertions to expect (merchants expect to see credit card numbers, health services expect to see health IDs, social networks expect to see handles, employers expect to see employee numbers). Our focus is the reliability and integrity of distinct context-specific identity details, while cutting back the disclosure of extraneous personal details.

Online payments security

We have also demonstrated and patented the application of Stepwise principles for protecting financial account details online. Lockstep Technologies was the first in the world to see how to exploit the cryptography embedded in Chip-and-PIN cards in the online and mobile environments, to protect Card Not Present payments. We treat CNP fraud as virtual skimming and carding, and we prevent it in exactly the same manner; please see the blog post "Killing two birds with one chip".

The Stepwise CNP payment security technique can be realised in mobile phones, leveraging SIMs or other Secure Elements, and in Chip-and-PIN cards connected to web browsers wireless or by contact readers.

Recognition

See also awards.

• January 2013: US Patent 8,347,101 System and method for anonymously indexing electronic record systems

• October 2012: US Patent 8,286,865 Authenticating electronic financial transactions.

• March 2010: Stepwise made the finals of the Asian SESAMES awards in Hong Kong

• February 2009: awarded a place in Finextra's Financial Sector Innovation Showcase

• September 2008: we made the Top Five Asian Semi-Finals of the Global Security Challenge.

• August 2008: we were awarded a place in the Australian Technology Showcase

• October 2007: we won a competitive AusIndustry COMET grant.

Demonstration video

Stepwise featured on ABC TV's "New Inventors" program. This clip shows Stepwise in action. No smoke and mirrors!

How it works

Stepwise uses native asymmetric cryptography to encapsulate identity assertions or other personal details (account numbers, identifiers, customer reference numbers etc). When an individual needs to present a particular assertion in an online transaction, such as a Card Not Present payment, they do so using thin client software that seals (digitally signs) the transaction with the pertinent Stepwise capsule. Thus the transaction cannot be tampered with and replayed, the assertion cannot be stolen and replayed, and the receiver is able to verify the capsule instantly using standard cryptographic software modules.

Please refer to technical information, and a set of peer-reviewed conference papers on our research, at the links at the top-left.