Lockstep Technologies’ R&D has focussed to date on smart personal authentication devices, Internet anonymity, and Card-Not-Present (CNP) payments fraud. Our goal is to enable radically better security and privacy for an individual’s identity attributes and personal information.
We could radically cut most “identity theft”
Our flagship solution “Stepwise” uses asymmetric cryptography (native to most smart devices today) to “encapsulate” Digital Identity attributes, allowing individuals to keep their online personae distinct and secure, and, in many cases, thereby transact anonymously.
Stepwise creates a strong virtual triangle joining an identity attribute to an Individual via an authentication Device under their control. The structure of the triangle can be proven and relied upon without revealing all the constituent personal detail.
Stepwise seals (digitally signs) transactions using a capsule (certificate) that explicitly conveys an identity attribute, but no other personal information about the user. Furthermore, because the process ensures that the Stepwise capsule was issued to a genuine device under the control of the user, the signature proves that the particular user with the given attribute truly originated the transaction, without revealing their identity. The triangle is preserved but the individual is masked!
Consistent with Lockstep’s fresh breakthrough treatment of Digital Identity in terms of relationships, Lockstep Technologies’ novel application of digital certificates conveys elemental personal relationships (rather than abstract “identity”) and safeguards attributes against abuse.
Authentication device issued to individual and controlled by them
Recognised authority issues (or vouches for) a particular attribute of the individual
Pseudonymous certificate holding the attribute and bound to device by Private key.
Comparing Stepwise with other leading PETs
One of the best known Privacy Enhancing Technologies (PETs) is Microsoft’s “U-Prove”. Based on new “Zero Knowledge” cryptography algorithms, U-Prove promised to enable parties to validate “unanticipated identity assertions”. In contrast, Stepwise leverages mature, ubiquitous digital signature standards, entailing no new algorithms. Lockstep’s ambition is perhaps less lofty: we are concerned with anticipated assertions. We contend that in the vast majority of economically important use cases, parties know from the context exactly what assertions or attributes to expect (merchants expect to see credit card numbers, health services expect to see health IDs, social networks expect to see handles, employers expect to see employee numbers). Our focus is the reliability and integrity of distinct context-specific identity details, while cutting back the disclosure of extraneous personal details.
Online payments security
We have also demonstrated and patented the application of Stepwise principles for protecting financial account details online. Lockstep Technologies was the first in the world to see how to exploit the cryptography embedded in Chip-and-PIN cards in the online and mobile environments, to protect Card Not Present payments. We treat CNP fraud as digital skimming and carding, and we address it in exactly the same manner; please see the blog post “Killing two birds with one chip”.
The Stepwise CNP payment security technique can be realised in mobile phones, leveraging SIMs or other Secure Elements, and in Chip-and-PIN cards connected to web browsers wireless or by contact readers.
System and method for anonymously indexing electronic record systems
- US 8,347,101
- AU 2005220988
- EU pending
Authenticating electronic financial transactions
- US 8,608,065
- US 8,286,865
- AU 2009238204
- NZ 589160
- EU pending
See also awards.
- December 2014: AU Patent 2009238204 Authenticating electronic financial transactions
- December 2013: US Patent 8,608,065 Authenticating electronic financial transactions
- January 2013: US Patent 8,347,101 System and method for anonymously indexing electronic record systems
- October 2012: US Patent 8,286,865 Authenticating electronic financial transactions
- March 2010: Stepwise made the finals of the Asian SESAMES awards in Hong Kong
- February 2009: awarded a place in Finextra’s Financial Sector Innovation Showcase
- September 2008: we made the Top Five Asian Semi-Finals of the Global Security Challenge.
- August 2008: we were awarded a place in the Australian Technology Showcase
- October 2007: we won a competitive AusIndustry COMET grant.
Stepwise featured on ABC TV’s “New Inventors” program. This clip shows Stepwise in action. No smoke and mirrors!
How it works
Stepwise uses native asymmetric cryptography to encapsulate identity attributes or other personal details (account numbers, identifiers, customer reference numbers etc). When an individual needs to present a particular attribute in an online transaction, such as a Card Not Present payment, they do so using thin client software that seals (digitally signs) the transaction with the pertinent Stepwise capsule. Thus the transaction cannot be tampered with and replayed, the attribute value cannot be stolen and replayed, and the receiver is able to verify the capsule instantly using standard cryptographic software modules.
Please refer to technical information, and a set of peer-reviewed conference papers on our research, at the links at the top-left.