Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

PKI Without Tears

A critical analysis of orthodox PKI, including a detailed outline of how a health PKI could be implemented

Traditional Public Key Infrastructure (PKI) is unnecessarily complicated. Largely as a result of early misconceptions that we needed an all-purpose digital passport to do business on the Internet, traditional PKI has become overloaded with invasive personal identity checks and complex legal arrangements. To try to support stranger-to-stranger transactions, user agreements for general purpose certificates have required people to read and understand huge and forbidding Certification Practice Statements. And yet the business benefits of going to all this trouble remain controversial.

There are new PKI models where the cryptography is embedded deeply into smartcards, to much the same extent that complex ferromagnetic technology is built into all the other plastic cards we take for granted. Application software can be engineered so that all digital certificate functions are automated; smartcards can be issued to professionals and business people under existing terms and conditions which reflect the users' standing. The user experience then becomes the same as with any conventional access card.

This paper, written for the American Bar Association's eBlast journal in 2003, presents a fresh look at the business drivers and true benefits of digital signatures, and shows how to deliver better usability, zero registration overhead, reduced training costs, simpler liability arrangements, and streamlined accreditation.

http://www.abanet.org/scitech/nosearch/eblast/eblastarticle1.html

© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions