Copyright © 2007-08 Lockstep Technologies Pty Ltd Lockstep Stepwise Introduction to de-identification solution Stephen Wilson Lockstep Technologies Pty.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
AFCEA TechNet Europe Identity and Authentication Management Systems for Access Control Security IDENTITY MANAGEMENT Good Afternoon! Since Yesterday we.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Approved Person for e-Insurance Account PROCESS GLOBAL FINSOL PRIVATE LIMITED { Erstwhile TEAM LIFE CARE COMPANY (I) PVT. LTD }
Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.
Bringing HIPAA to Hospital Systems HIPAA impact on hospital systems viaMD solution for HIPAA compliance W e b e n a b l i n g Pa t i e n t A d m i t t.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Information Assurance Management Key Escrow Digital Cash Week 12-1.
1. 2 Someone steals your personal information to commit fraud. A “buy now, pay never” shopping experience. What is Identity Theft?
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
Department of Labor HSPD-12
Public Key Superstructure It’s PKI Jim, but not as we know it! 7 th Annual “IDtrust” Symposium 5 March 2008, Gaithersburg MD, USA Stephen Wilson Lockstep.
SOLVE THE PROBLEM OF IDENTITY THEFT An online, real-time solution for KYC, POPI, RICA and FICA compliance May
FIT3105 Smart card based authentication and identity management Lecture 4.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Why Comply with PCI Security Standards?
“Electronic Payment System”
Ecommerce Applications 2009/10 Session 31 E-Commerce Applications E-payment.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
WELCOME TO THE SEMINAR ON Money Pad, The Future Wallet
BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.
Bank On It FDIC Money Smart for Young Adults Building: Knowledge, Security, Confidence.
May 28, 2002Mårten Trolin1 Protocols for e-commerce Traditional credit cards SET SPA/UCAF 3D-Secure Temporary card numbers Direct Payments.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Private and Confidential. Levels of Identity Verification Is this person who they claim to be? Knowledge based Authentication Is this a real identity?
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
COAG AUSTRALIA The Prime Minister, Premiers and Chief Ministers signed the IGA at the COAG meeting on 13 April The key objectives of the Strategy,
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Step 2 – Register a Card To register a UR Card, you can send an to or fill out the registration form at one of our awesome
Electronic Banking & Security Electronic Banking & Security.
EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.
Commercial Card Expense Reporting (CCER) The Trustees of Roanoke College An internet solution Accessed via Wells Fargo’s secure Commercial Electronic Office.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
2016 FRAUD.
April 20023CSG11 Electronic Commerce Payment systems John Wordsworth Department of Computer Science The University of Reading
Smart Money Concept.
Documenting Life in the UK
Entrepreneurship Secure Ordering Presented By Mrs. Bowden.
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Depository Institution Essentials
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Who Uses Encryption? Module 7 Section 3.
Overview of Zero-Knowledge Systems Inc
E-identities (and e-signatures)
Presentation transcript:

Copyright © Lockstep Technologies Pty Ltd Lockstep Stepwise Introduction to de-identification solution Stephen Wilson Lockstep Technologies Pty Ltd

Copyright © Lockstep Technologies Pty Ltd Now … What’s your full name? Your date of birth? Your billing address? The supplementary card holder? Your mother’s maiden name? Your credit limit? What’s the CCV number? Now … What’s your full name? Your date of birth? Your billing address? The supplementary card holder? Your mother’s maiden name? Your credit limit? What’s the CCV number? Our numbers are under attack! Good morning Madam. Can I start with your account number please? Sure, it’s OK, thanks for that. The more personal details we divulge to prove our identity, the greater the leakage and the risk gets worse!

Copyright © Lockstep Technologies Pty Ltd Meds: Anti-coagulant Notarised by: Dr Blogs Issued on: Health & Welfare Access Card CCN Issued by: Acme Bank Issued on: Gold Credit Card Safety in numbers! When a number is quoted on its own, nobody can tell if it’s real, or stolen and replayed, or simply made up. Stepwise encapsulates personal data – like a credit card number or any customer reference number – with a two- fold “pedigree”. Firstly, Stepwise shows who issued the number in the first place, to prove its bona fides. Secondly, Stepwise names the particular type of personal security device on which the data has been carried, and thus safeguarded against theft or replay. Other types of important personal data can have their pedigree similarly assured. For instance, medications data can be notarised by a qualified healthcare professional and secreted on a smartcard.

Copyright © Lockstep Technologies Pty Ltd Benefits of Stepwise In e-government: Eliminates the major political risks associated with privacy fears Transforms ID cards into friend of the citizen, not agent of government Creates a potent strategic weapon against identity theft; demonstrates government leadership Increases confidence in government online Increases card utility card with e.g. health identifiers, proof-of-age etc. Brings new revenue potential through commercial applications enabled by privacy architecture; enhances ROI on smartcards Transparent, uncomplicated security model, readily verifiable, and capable of attracting cross-sector support from diverse stakeholders.

Copyright © Lockstep Technologies Pty Ltd Benefits of Stepwise In e-commerce and payments: Vastly improved customer experience: simpler, faster, ATM-like Greatly reduced risk of Card Not Present payments fraud Increased confidence in shopping online Radically better privacy protection, reduced disclosure of extraneous personal details; reduced incentive for identity theft For e-merchants – better compliance with PCI obligations, lower cost For e-merchants & banks – simpler, lower cost implementation; less reliance on centralised authentication servers For banks – enhanced ROI on Chip-and-PIN (EMV) cards.

Copyright © Lockstep Technologies Pty Ltd A/C No Acme Bank Access Card CRN Govt Agency B Access Card UHI Health Dept Access Card Pt ID Health D/B Access Card Policy xzy Insurance Access Card Meds: Anti-coagulant Dr Blogs Access Card CRN AAA Govt Agency A Access Card Allergies: Penicillin Dr Blogs Access Card Identifiers and personal data encapsulated by Stepwise cannot be cloned, faked, or copied every capsule bears a tamper-proof pedigree, proving its data is authentic, was carried in an authentic smartcard, and was presented with the consent of the cardholder encapsulated data can be verified offline additional capsules can be added at anytime, memory allowing. Multiple Stepwise capsules

Copyright © Lockstep Technologies Pty Ltd Doctor’s surgery Patient Notes Patient : John Citizen Local ID: 1234 Age56 Next Kin:Joan Smith Notes: Angina BP:140/100 Cholesterol:7.1 Prescribe: Sotalol Sched fee:$40.00 Doctor fee: $60.00 Gap: $20.00 Patient Notes Patient : John Citizen Local ID: 1234 Age56 Next Kin:Joan Smith Notes: Angina BP:140/100 Cholesterol:7.1 Prescribe: Sotalol Sched fee:$40.00 Doctor fee: $60.00 Gap: $20.00 Govt Claim Date 2007/03/06 Provider No.: Item 666 Govt Agency A CRN AAA Transaction de-identification Stepwise capsules are bound to transactions through standard digital signatures. Each transaction bears the minimum personal data needed to authorise it, with no extraneous personal details. The contents of each capsule are “baked in” so their integrity can be verified by the receiver quickly and simply, offline.

Copyright © Lockstep Technologies Pty Ltd Home Order Date 2007/03/06 Item: 999 Amt $ Merchant Solving Card Not Present fraud CCN Issued by: Acme Bank Issued on: Gold Credit Card A Stepwise capsule issued by a bank to an EMV (Chip and PIN) smartcard can protect credit card numbers presented over the Internet. Each payment transaction bears an indelible copy of the genuine credit card number, ‘sealed’ by the smartcard. The number cannot be replayed against the merchant site by a fraudster.

Copyright © Lockstep Technologies Pty Ltd Notification Date 2007/03/06 Provider No.: Condition xyz Event Summary Sotalol Angine BP: 140/100 Chol: 7.1 Doctor’s surgery Patient Notes Patient : John Citizen Local ID: 1234 Age56 Next Kin:Joan Smith Notes: Angina BP:140/100 Cholesterol:7.1 Prescribe: Sotalol Sched fee:$40.00 Doctor fee: $60.00 Gap: $20.00 Patient Notes Patient : John Citizen Local ID: 1234 Age56 Next Kin:Joan Smith Notes: Angina BP:140/100 Cholesterol:7.1 Prescribe: Sotalol Sched fee:$40.00 Doctor fee: $60.00 Gap: $20.00 Govt Claim Date 2007/03/06 Provider No.: Item 666 CRN CRN AAA Insurance Claim Date 2007/03/06 Provider No.: Item abcdef Policy xyz Health Record Govt Agency B Govt Agency A Insurance Company UHI Deidentification Stepwise secured transactions cannot be cross linked. Each uses the relevant ID or customer reference number. There is no leakage of personal data between transactions or receivers.

Copyright © Lockstep Technologies Pty Ltd Home Registration Nickname: Bruce Online Social Networking service “Holder is Over 18” Anonymous Proof of Age An anonymous Stepwise capsule issued by a government agency can carry a simple tamper proof notarisation of the cardholder’s age, revealing no other personal information. The proof-of-age could be used when registering for age-restricted services (either adults or minors). Or it could be displayed by a handheld device at nightclubs and the like. Similarly, a capsule could also contain a photograph. “Holder is Over 18” Issued by: Government Agency Issued on: ID Card

Copyright © Lockstep Technologies Pty Ltd Technically, the three way binding of a card holder, a piece of personal data, and the issuer or notary of that data, is achieved using anonymous digital certificates. In the example, a bank has issued one of its customer with a digital certificate that identifies only their credit card number The Public Key in the certificate is associated with a unique Private Key generated and stored within the customer’s EMV smartcard. The certificate is signed by the bank, which will only issue this type of certificates to known customers holding current credit cards. Thus it is impossible to clone or counterfeit a Stepwise certificate – because each of them is linked to a different private key secreted inside a smartcard – or to substitute the name of another issuer or notary of the data – because each certificate is digitally signed. A conventional digital identity certificate will contain a complex “distinguished name” for the Subject, including their full name, nickname, address, organisation affiliations and so on. The Stepwise certificate on the other hand holds only a pseudonym, such as the credit card number, or any other Customer Reference Number, identifier, biometric template, or personal data. Note that the Certification Path can be used to create a chain of command from the issuer back to the peak scheme owner, adding an additional level of “branding” to each capsule. For example, the certificate issuer used to create Dr Blogs’ medic alerts could itself be signed by DHS, for added security against unauthorised issuers of data to Access Cards. How Stepwise capsules are created using anonymous digital certificates Under the covers Copyright © 2007 Lockstep Technologies Pty Ltd

Copyright © Lockstep Technologies Pty Ltd Stephen Wilson Lockstep Technologies +61 (0)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.