Babysteps
A series of short papers shedding light on particular complex issues in e-authentication.
"Babysteps" are short papers -- one page each! -- which aim to shed light on particular hot topics in e-authentication. We hope that Babysteps are thought provoking, and that they deepen peoples' understanding of certain critical issues.
Comments are welcome, to swilson@lockstep.com.au.
 | Babystep 12: Electronic Medic Alert | [download, 40Kb] |
| This paper builds on the idea in Babystep 11 of encapsulating data to prove their pedigree, to show in some detail how medical information could be managed in ways that very closely reflect the trusted Medic Alert process. | ||
 | Babystep 11: Electronic pedigree | [download, 100Kb] |
| To restore trust in personal identifiers, we need to know their pedigree. We need to know when a number is presented that it is genuine, that it originated from a trusted authority, it's been stored safely in the meanwhile, and it has been presented with the owner's consent. There are ways of issuing personal data to a smartcard that prevent those data from being claimed by anyone else, copied from one card to another, or simply made up. | ||
| Babystep 10: What makes smartcards smart? | [download, 48Kb] |
| Smartcards are simply microcomputers embedded in plastic. Unlike magnetic stripe cards, a smartcard can tell what’s going around it; they can act as intelligent proxies for their owners. | ||
| Babystep 09: Authentication Family Tree | [download, 47Kb] |
| To help make sense of the bewildering array of authenticators on the market today, Lockstep has developed a new authentication family tree. | ||
| Babystep 08: A critical look at Bridge CAs | [download, 59Kb] |
| This paper looks critically at the Bridge CA model. BCAs might not be ideal in non-government environments, because they aim at establishing the equivalence of certificates. Cross recognition and Trust Lists, to convey fitness-for-purpose is a better model in most e-business. | ||
| Babystep 07: Smartcards and Prescription Shopping | [download, 69Kb] |
| Further to Babystep 6, smartcards can also address Prescription Shopping, showing how smartcards can detect this problem at source, without having to transmit and centralise sensitive patient information for every single clinical encounter. | ||
| Babystep 06 Smartcards and Provider Fraud | [download, 80Kb] |
| Smartcards can directly address fraudulent claiming by corrupt providers for services not actually delivered, or the counterfeiting of claims by administrative clerical staff. An un-forgeable, indelible virtual stamp created using an embedded key specific to the patient card and attached to event summaries would preclude bogus or replica claims. | ||
| Babystep 05: PKI interoperability | [download, 63Kb] |
| Is there a topic in PKI more important and yet more confusing than 'interoperability'? The notion is so 'axiomatic' that many pivotal papers omit to define interoperability, or to spell out its precise objectives. But it really isn't complicated. The best place to start thinking about interoperability is to unpack how digital certificates can help with the act of authentication. | ||
| Babystep 04: Exposing some PKI myths | [download, 49Kb] |
| The reality is that no other security technology provides long term transaction authentication. There are plenty of access control alternatives, but the AGAF for instance allows only PKI digital signatures for document authentication. And NIST says that the 'only practical solution [to Man in the Middle attack and web fraud] today uses PKI'. | ||
| Babystep 03: Biometrics under the microscope | [download, 46Kb] |
| Biometrics seem so simple and intuitive that the question sometimes arises: couldn't we just replace all our current authentication gadgets with a fingerprint reader or face scanner? The answer is emphatically not, for reasons that become apparent when we take a closer look at biometric technologies. | ||
| Babystep 02: A fresh look at smartcards | [download, 51Kb] |
| A fresh alternative view recognises that smartcards bring a unique bundle of capabilities to protect and empower consumers [including] proving the true identity of online services, to combat phishing, pharming and web fraud, ... and encrypting not just one but multiple, diverse identifiers, to quarantine backend systems. Smartcards can therefore radically enhance privacy and security at the same time. | ||
| Babystep 01: PKI in health & welfare | [download, 43Kb] |
| While PKI has had its difficulties (as have many new information technologies) its unique ability to secure paperless transactions is now widely acknowledged, especially in the complex, high risk, long lived and multi-party applications characteristic of the health & welfare sector. | ||