Lockstep has published a number of peer reviewed papers that describe in more detail how its privacy enhancing technologies could be applied to fields such as electronic health records and Internet voting.
|Lockstep eR09 Poster Nov09 (0 3 A4)|
A great deal of research in healthcare and the social sciences requires that study subjects remain anonymous (or pseudonymous). Tensions arise between privacy, authenticity and integrity: without compromising confidentiality, there must be assurances that reported data truly corresponds to real subjects, and that data has not been corrupted either accidentally of deliberately. Lockstep Technologies R&D has led to an anonymous records system called “Stepwise” which can be applied to ensure anonymity or pseudonymity of research subjects. Stepwise securely encapsulates identifiers within anonymous digital certificates issued to a subject’s smartcard or similar device. Stepwise ensures that when any identifier is presented online, we can be confident that it is legitimate and that was used with consent. The solution can be deployed using a wide range of authentication devices including smartcards and USB keys.
|Lockstep e voting solution PREPRINT (2 5)|
[From the academic stream of AusCERT 2008]. We propose a robust new security model based on public key technology and smartcards. Highly tamper resistant digital signatures and public key certificates protect both the ballots and individual voters’ electoral enrolment. The solution can be deployed on a variety of modern smartcards with built in cryptographic processors, the likes of which are wide-spread in Asia, Europe and the US. Each ballot cast would be unique and anonymous, unable to be replayed, nor modified. Each voter could only vote once. The security model, based on mature public key infrastructure standards, is simple. It is therefore inexpensive to implement yet straightforward to independently validate and certify.
|Lockstep Smartcards as Infrastructure (5th Homeland Security Summit) 2006|
The smartcard debate in Australia is beset by misconceptions and tunnel vision. Smartcards are best known as the ideal solution to plastic card fraud, but they also offer unique remedies to the scourges of phishing, pharming, web fraud and spam. The potential benefits of smartcards in safeguarding privacy and security are so strong that they should be viewed as part of the National Information Infrastructure.
|AusCERT2005 Novel PKC for Anon Id (1 2 1)|
[From the academic stream of AusCERT 2005]. Default thinking about Electronic Health Records (EHRs) and Unique Health Identifiers (UHIDs) has settled on a national numbering scheme, despite the fact that patient privacy can be seriously jeopardised if identifiers ever become linked to individuals’ names. This paper presents a new way to fundamentally anonymise UHIDs through a novel use of public key certificates and smartcards. The design presented here secretes each UHID within an anonymous digital certificate, and links one or more certificates to a smartcard. If an EHR entry is digitally signed via such a certificate, then that entry is directly linked to the UHID, but cannot be linked to the individual’s name without having access to the smartcard and the private key it contains.