The MDAV Project

The problem we solved

For many years the Homeland Security community has sought to deploy mobile technologies to First Responders, including digitized credentials, such as paramedic qualifications, emergency worker licences, security clearances, law enforcement entitlements and so on.

But digitizing credentials onto mobile devices requires more than simply representing the image of a licence or certificate, for these are easily copy-pasted.  

Lockstep’s patented Stepwise solution takes any established credential and encapsulates it within an X.509 digital certificate managed within a private root PKI. The solution leverages mature widely supported public key tools and white label managed services. 

Stepwise is a fully fledged verifiable credential solution implemented in a standard commercial managed PKI stack.

Lockstep was engaged by the Department of Homeland Security over 2016-19 to prototype the Stepwise solution, over a multi-stage project covering concept development, architecture, proof of concept and user acceptance testing.

We worked in a consortium assembled by Kantara and Rutgers University CCICADA (Command, Control and Interoperability Center for Advanced Data Analysis). Lockstep provided design authority, project leadership, architecture and intellectual property.

We appeared at successive DHS Cyber Technology showcases in Washington D.C. and featured in the DHS Cyber Security Division Technology Guide 2018 (PDF).

Lessons learned

MDAV is a practical demonstration of modern decentralised PKI built from standard X.509 standards and managed CA services. 

The private root PKI is hierarchical in that all certificates and issuing CAs chain to a root CA and hardware root of trust, but it is not dictatorial.

Every issuer within the MDAV family is autonomous over its own issuance policy (refer to the template master MDAV Certificate Policy).  Firefighting bodies issue MDAV certificates to firefighters; paramedic bodies issue MDAV certificates to paramedics.

Each MDAV certificate means nothing more and nothing less than the fact that the holder has met the credentialing requirements of the issuer.

Media coverage

Steve did a long interview with CCICADA consultant Christopher Biddle where he set out a practical vision for digitising established real world attributes into secure easy to use mobile wallets: in other words, Verifiable Credentials.

“What we need to do is get better at proving specific things that matter about people in specific contexts. We need ways of presenting specific attributes such that the data cannot be stolen and replayed. That’s what we do here at Lockstep Technologies. Our “Stepwise” innovation equips individuals with wallets of verified discrete attributes which they can present one by one during transactions or, in many cases, have the software do the presenting for them automatically. 

“We are focusing on embedded digital certificates all the way down to atomic attributes, so transacting parties can select just the things that matter in each context.

“If we don’t get a whole lot smarter with authentication on the Internet of Things, separating all the different facts we need to know about devices and their users, then we may end up with ‘informatic grey goo’. I hope we can help stop that.”