Lockstep Consulting & Lockstep Technologies
Lockstep is dedicated to strategic research, analysis and advice in digital identity. Lockstep Consulting helps organisations come to grips with emerging authentication technologies (especially public key infrastructure and smartcards), best practice and regulations. Lockstep Technologies conducts its own R&D program in digital identity and privacy protection, and has made several breakthroughs applying smart authentication technologies to address Card Not Present fraud, medical records confidentiality, age proofing and e-voting.
We have a proven track record of innovation. We don't take security and privacy for granted; we think deeply about these issues, eschew many of the fads, and see things that others have missed.
- Stepwise - a unique patented privacy enhancing technology that could solve digital identity theft in most of the forms as we know it today
- "Privacy Engineering" - our special cross-disciplinary approach to designing privacy in to information systems (rather than auditing it in)
- an iconoclastic view of the popular Federated Identity movement; in particular, we have identified what we believe is the fatal flaw in most federation models
- Public Key Superstructure - a family of enhancements to transform PKI, including such original concepts as "Relationship Certificates" and the "Security Printer" model for PKI operations
- a novel statistical model for quantifying Return on Security Investment, since adopted by the US Department of Defence.
For a small firm we have published what is probably an unequalled body of work, covering all aspects of digital identity, and including several peer reviewed academic papers.
Looking ahead: Is your identity management strategy likely to last more than a few months?
Identity management has become a complex field -- we think too complex sometimes. You may be trying to combat identity fraud, streamline services, improve confidence, simplify security technology, and comply with a host of new regulatory requirements, while actually accelerating online services to your customers, partners and staff. You may be detecting a lot of excitement around "federated identity" but getting lost in the vendor jungle amongst "OpenID", "Cardspace" and "Liberty Alliance". Who's the new kid on the block -- "Kantara"? -- and what do they mean to me?
Many organisations are caught somewhere between analysis paralysis and jumping off too soon onto a bandwagon with an unknown outlook.
Lockstep Consulting offers independent research, analysis, advice, strategy and policy development, to help organisations break through the identity management challenge. Lockstep is expert in:
- digital identity
- technologies like smartcards and PKI
- verticals like government, e-health and financial services, and
- governance and regulatory regimes.
Lockstep was founded in early 2004 by Stephen Wilson, a leading international authority on identity management, authentication and information security. Stephen has helped organisations throughout the Asia Pacific, with advice and management consulting in security strategy, architecture, privacy, risk management, governance, public policy, and technology selection. He is a widely respected writer and commentator on all issues relating to digital identity. His career spans 23 years in IT, software engineering and R&D management, in both Australia and the USA, with 15 years dedicated to identity security.
Lockstep's analysis and advice is always:
- penetrating and
Our professional services are technologically sophisticated; we avoid platitudes and hollow management cliches, grounding our advice instead in many years of our own independent R&D.
Further details on specific areas of technical expertise may be found in the links at the top-left, while a broad spectrum of white papers, published articles and conference presentations are available in the Lockstep Library.
Stephen Wilson is a world expert on electronic authentication. His company Lockstep Consulting provides independent research, analysis and advice on authentication strategy, policy, and the integration of business processes and security technology.
After completing degrees in physics and electronics, Stephen spent nine years in software engineering and medical device R&D, in Australia and the US. He entered the e-security industry in 1995. Between then and 2003 he held senior management and principal consultant positions with Security Domain, KPMG Consulting, PricewaterhouseCoopers beTRUSTed and SecureNet. In 1998 he conceived the pioneering Enshrine business PKI, introducing two year evergreen SSL certificates for the first time, now industry standard worldwide. In 1999 he made the breakthrough proposal to build cross-border PKI on existing ISO 17025 accreditation and mutual recognition frameworks. In January 2004 he founded Lockstep.
Stephen is a highly respected analyst and commentator on all aspects of digital identity, well known for his penetrating articles, interviews and conference presentations. He has been awarded three PKI related patents for web fraud, anonymity and e-health inventions. He is a member of the Asia PKI Forum, the Gatekeeper Policy Committee, and the Board of the Australian IT Security Forum. From 1998 to 2001 he was Chair of the Certification Forum of Australasia. He is a past member of the National Electronic Authentication Council (NEAC), the APEC eSecurity Task Group, and the Federal Privacy Commissioner's PKI Reference Group.
Through 2005, Stephen was retained by the Australian Government Management Information Office (AGIMO) to assist with the development of the new Gatekeeper Framework. In late 2005 he was engaged by the AGIMO as Consulting Editor for the new Australian Government Smartcard Framework, to develop recommendations regarding FIPS 201 and other standards. Stephen's other recent clients include Medicare Australia, the Internet Industry Association, eASEAN, OASIS (USA), and NSW Health.