For many years, Lockstep founder Stephen Wilson has published provocative, innovative and penetrating analyses of PKI, its historical problems, and practical ways to better deploy this unique technology. In particular he has shown how PKI can be hierarchical yet not dictatorial. That is, it can use a central anchor for better interoperability and scalability, while decentralising registration rules. 

Home » Library » PKI

Several of our “Babysteps” examine PKI; see the following:

  • No. 8: A critical look at Bridge CAs argues that BCAs might not be ideal in non-government environments, because they aim at establishing the equivalence of certificates.
  • No. 5: PKI interoperability unpacks how digital certificates can help with the act of authentication and shows it really isn’t complicated.
  • No. 4: Exposing some PKI myths acknowledges the grains of truth behind many of today’s misconceptions, and unpacks the real issues.
  • No. 1: PKI in health & welfare sets out PKI’s unique ability to secure paperless transactions in the complex, high risk, long lived and multi-party applications characteristic of the health & welfare sector.

IEEE paper on PKI based COVID certificates 

A recent paper published by the IEEE on how to build a digital yellow book using commmunity PKI.  

Read more

Turing Institute poster paper on Community PKI

I presented at the Turing Institute Trusted Digital Identity conference a design for decentralised PKI to reach the “Goldilocks” point for harmonised certificate interoperability but autonomous registration rules. 

Read more

New models for the management of PKI and Root CAs

An old paper that set out a quality control role for Root CAs, that would demystify their function, and simply PKI business models.

Read more

Some limitations of web of trust models

An old paper of mine with some relevance today as some stakeholders in digital identity architectures remain averse to hierarchical identification relationships.

Read more

“Public Key Superstructure”

A major peer reviewed paper presented at the 7th NIST Symposium on Identity and Trust on the Internet, Gaithersburg, MD, March 2008.

This work draws together most of Stephen’s deep thinking on PKI from over a decade’s work, canvassing the reasons for PKI’s historical difficulties, popular misconceptions, and ways to break the unhelpful nexus between Big PKI and centralised ID systems.

Read more

A novel application of PKI smartcards to anonymise Health Identifiers

A paper presented to the academic stream of the AusCERT 2005 conference about using anonymous digital certificates to securely convey health identifiers.

Read more

“Known Customer” certificates at Medicare

Around 2006, Lockstep worked with Medicare Australia’s Health eSignature Authority on a world’s first digital credential project.

Read more

The importance of PKI today

An international update published in “China Communications” Dec 2005

Read more

Relationship Certificates

A modified form of identity’ certificate for conveying credentials, based on work commissioned by the Australian Government Information Management Office.

Read more

The “Security Printer” model for CA operations

A simple new conceptual model to describe the role of backend CAs, likening them to secure printing bureaus, and thus decoupling CAs from business relationships between PKI end users.

Read more

Mobile Device Attribute Validation / ValidIDy

We won a series of three competitive commercialisation contracts with U.S. Homeland Security over 2016-19 to develop a verifiable credential mobile wallet for First Responders, based on Lockstep’s low risk decentralised PKI architecture. 

More details available here


Read more

Audit based public key infrastructure

This breakthrough paper from 2000 articulated in detail an interoperable PKI where the fitness for purpose and standards-conformance of certificates were evidenced by digital audit certificates. The audit of CAs would be overseen by an ISO 17025 accreditation framework, scalable to build an international PKI under the auspices of existing accreditation bodies.

Read more

Rethinking PKI – the electronic business card

Appeared in the international Secure Computing Magazine. It argues against one-size-fits-all “identity” certificates, because in business, we do not entertain stranger-to-stranger transactions. The paper also includes a useful taxonomy of electronic signature regulations.

Read more

Leveraging external accreditation to achieve PKI cross-recognition

A light touch, standards-based framework for cross-recognition of Certification Authorities that have been externally accredited, thus allowing certificates from one jurisdiction to be used in another. Paper presented to the Attorney Generals Privacy and Security conference, Melbourne, August 2001.

Read more

Demystifying international cross-recognition of PKI

A pioneering paper delivered in 2001 to the Information Security Solutions Europe Conference, London, outlining an international PKI framework.

Read more