Lockstep

[Skip Navigation]
  • Home
  • About Us
  • News
  • Services
  • Partners
  • Library
  • Contact Us
  • Babysteps
  • PKI
    • "Public Key Superstructure"
    • The importance of PKI today
    • Relationship Certificates
    • The "Security Printer" model for CA operations
    • Position Paper on PKI Governance in Australia
    • Position Statement on PKI of the Australian Security Industry
    • Audit based public key infrastructure
    • Privacy positive aspects of public key infrastructures
    • PKI Without Tears
    • Rethinking PKI - the electronic business card
    • Leveraging external accreditation to achieve PKI cross-recognition
    • Demystifying international cross-recognition of PKI
    • Will Biometrics Obsolete PKI?
    • Attribute Certificates and their Limitations
    • Problems in Mandating Strong Personal EOI in PKI
    • A vulnerability analysis of roaming soft certificate solutions
  • Privacy
  • Smartcards
  • eHealth
  • Identity & Authentication
  • Lockstep Technologies
  • Clients & Case Studies
  • Government submissions
  • Online Banking Review
  • Conference presentations
  • Selected Media Interviews
  • Return on Investment
  • Quotes
  • Links
  • Science generally
  • Downloads

Privacy positive aspects of public key infrastructures

Published in April 1999 in Privacy Law and Policy Reporter, this paper perhaps for the first time described how digital certificates could represent credentials, memberships and business relationships, instead of personal identity.

See http://bar.austlii.edu.au/au/journals/PLPR/1999/26.html

Highlights:

"A law society and a medical registration board might both establish CAs in order to issue digital certificates to their members. If the processes for issuing those certificates are integrated with present registration practices, then the certificates could represent electronic credentials. Thus, a title search digitally signed by a lawyer could be relied upon by a home buyer if the lawyer's certificate came from a recognised law society. And likewise, an electronic prescription digitally signed by a doctor could be trusted by a pharmacist if the doctor's certificate came from the recognised registration board. The relying parties in these respective transactions may care little for the actual identities of the signatories; rather, the relying parties need to trust the validity of the credentials."

And

"To date we have tended to think of digital certificates as being like electronic passports. Commercial CAs typically grade their certificate offerings according to the degree of identification required of the applicant, and the Commonwealth's Project Gatekeeper has almost enshrined the concept of '50 point', '100 point' and '150 point' certificates. But this is unfortunate because it is more accurate and far more powerful to think of certificates as electronic credentials, specific to the CA's community of interest.

In the real world, we don't characterise credentials according to personal identity levels. Rather, we allow different communities or bodies to set their own rules for admission. The legitimacy of those rules [is] the same thing as the authority to issue credentials to, say, lawyers and doctors ..."

© 2008 Lockstep Consulting ABN 59 593 754 482
11 Minnesota Avenue Five Dock NSW 2046
Mobile: +61 (0) 414 488 851 Email Us
Terms and Conditions