The MDAV Project

The problem we solved

For many years the Homeland Security community has sought to deploy mobile technologies to First Responders, and to digitize their many and varied credentials, such as paramedic qualifications, emergency worker licences, security clearances, law enforcement entitlements and so on.

Lockstep Technologies’ “Stepwise” solution in essence takes any externally established credential and encapsulates it in an X.509 digital certificate managed within a private root PKI. The solution leverages mature widely supported public key tools and white label managed services. We presented the solution to a DHS identity incubatory and were subsequently selected in a competitive process to work through successive stages of concept development, architecture, proof of concept and user acceptance testing.

The solution team operated in a consortium assembled by Kantara and the Rutgers University CCICADA (Command, Control and Interoperability Center for Advanced Data Analysis) with Lockstep providing design authority, project leadership, and intellectual property. We appeared at successive DHS Cyber Technology showcases in Washington D.C. and featured in the DHS Cyber Security Division Technology Guide 2018 (PDF).

Lessons learned

  • MDAV is a practical demonstration of modern decentralised PKI built from standard X.509 standards and managed CA services.  The private root PKI is hierarchical in that all certificates and issuing CAs chain together to a root CA (a hardware root of trust) but not dictatorial: every issuer within the MDAV family is autonomous over its own issuance policy (refer to the template master MDAV Certificate Policy).  Firefighting bodies issue MDAV certificates to firefighters; paramedic bodies issue MDAV certificates to paramedics. Each certificate means nothing more and nothing less than the fact that the holder has met the credentialing requirements of the issuer.

Coverage

Steve did a long interview with CCICADA consultant Christopher Biddle where he set out a practical vision for digitising established real world attributes into secure easy to use mobile wallets: in other words, Verifiable Credentials.

“What we need to do is get better at proving specific things that matter about people in specific contexts. We need ways of presenting specific attributes such that the data cannot be stolen and replayed. That’s what we do here at Lockstep Technologies. Our “Stepwise” innovation equips individuals with wallets of verified discrete attributes which they can present one by one during transactions or, in many cases, have the software do the presenting for them automatically. 

“We are focusing on embedded digital certificates all the way down to atomic attributes, so transacting parties can select just the things that matter in each context.

“If we don’t get a whole lot smarter with authentication on the Internet of Things, separating all the different facts we need to know about devices and their users, then we may end up with ‘informatic grey goo’. I hope we can help stop that.”