Clients & Case Studies

Vicroads (2010)

Lockstep has partnered with Salinger Privacy, providing technology advice in Salinger’s Privacy Impact Assessment of the Registration and Licensing (RandL) project. RandL will provide a common application platform for registration and licensing processes in three agencies. RandL is a large-scale project with a scheduled completion date of late 2012.

Australia Post (2009)

We conducted a PIA for several elements of Post’s new “Trust Based Services” program.

Joint Standing Committee on Health Informatics Standards (2009-10)

Lockstep, Secureworx Consulting and Convergence collaborated on a project to research the Australian e-health standards landscape. The Joint Standing Committee on Health Informatics Standards has engaged Secureworx to identify and prioritise standards needed to progress e-health in Australia.

Australia Post (2008)

Lockstep developed a comprehensive Trust & Privacy Strategy for Australia Post’s R&D area investigating opportunities within the digital communications market. We undertook a pre-design stage Privacy Impact Assessment, and developed detailed Privacy Engineering Guidelines to inform architecture, identity management and policy for the organisation’s longer term strategic initiatives.

National eHealth Transition Authority (2007-08)

Lockstep was engaged by NEHTA to develop the business case for the proposed national authentication system for healthcare providers. We helped refine the concept of operations for a smartcard based digital credential system, envisaged to be based on modern “relationship” principles and multi-certificate PKI.

Financial sector smartcard product strategy

Lockstep developed a detailed strategic product plan for smartcards, for a large financial sector consortium. The plan included detailed analysis of the market drivers in Australia, business opportunities for banks, the inter-play of government and private sector policies, the advent and importance of new forms of digital credentials, and the special influence of programmes such as the Human Services Access Card and smart driver licenses.

OASIS ID Trust Resources Pages

Lockstep was retained by the OASIS ID trust Steering Committee to research and compile a new set of web-based resources for identity and authentication; see ID trust resources and ID trust wiki. This project built on Lockstep’s earlier refresh of the OASIS PKI Resources web pages, which entailed substantial new research into international authentication case studies, legal frameworks and policy, resulting in probably the most comprehensive collection of PKI materials on the Internet; see old PKI resources pages.

Australian Government Smartcard Framework

Stephen was engaged by the Australian Government Information Management Office (AGIMO) as Consulting Editor on the new Australian Government Smartcard Framework. He contributed new material on the business benefits of smartcards, the smartcard technology stack, interface specifications, and delivered recommendations on the adoption of important elements of FIPS 201. Lockstep was later subcontracted to assist the writing on the Smartcard Implementation Guide.

Australian Government Gatekeeper PKI Program

Through much of 2005, Stephen was retained by AGIMO as Principal Consultant to assist with the strategic review of the Gatekeeper government PKI regime, in which the primary objectives were to reduce the cost and complexity of Gatekeeper accreditation. Stephen’s chief contributions included the introduction of the new “Relationship Certificate” concept to streamline registration, and the “Security Printer” regulatory model which improves flexibility and reduces implementation costs. Later in 2006, Stephen was a subject matter expert in the consulting consortium that implemented the new Gatekeeper Framework. He was specifically responsible for developing Guidelines for Relationship Certificates, template threat-risk assessments and certificate policies, and new digital credential specifications.

IIA Two Factor Authentication Scheme Architecture

Lockstep was engaged by the Internet Industry (IIA) Association in early 2005 to architect a proposed national 2FA scheme and develop the high level business model. The IIA has for several years championed the importance of Two Factor Authentication in future e-commerce. Starting with its Authentication Virtual Taskforce, and working through an extensive industry survey, the IIA has articulated a vision for an industry-driven and open scheme with broad application in retail Internet business and government service delivery. The IIA engaged Lockstep Consulting to scope out the envisaged scheme and develop a comprehensive blueprint, comprising strategic business model, operational model, recommendations regarding the SAML standard, and technical interface specifications.

Medicare Australia Health eSignature Authority

Through 2005-06, Lockstep was retained by Medicare Australia help to develop new “push” distribution models for digital certificates for health professionals. Stephen has applied the new community-of-interest and “Known Customer” methods, in settings such as customised ID smartcards for hospital employees enabling logical, physical and face-to-face authentication, and for the automatic distribution of trusted national credentials to healthcare professionals.

NSW Government Statistical ROI Model

Lockstep was commissioned in 2004 to update the NSW Government’s “Return On Security Investment” guideline for managers, and to research and prototype a novel statistical model for studying the financial benefit of perimeter security. Using Monte Carlo techniques, Lockstep’s model predicts the likely spread in the costs of security breaches both with and without security mitigations, given the inherent variability in (a) likelihood of incidents, and (b) impact of incidents. The model allows practitioners to inject variations in the underlying statistics of breaches, and to set parameters relating to cost and frequency of different grades of incident.

See Return On Security Investment (ROSI).

Our work in this area was pioneering, and has been cited internationally; see Lockstep ROI.