Important information
The National AI Centre (NAIC) is transitioning from CSIRO to the Department of Industry, Science, and Resources (DISR) on 1st July 2024. You can find the latest NAIC content at industry.gov.au. For any NAIC-related questions, please email NAIC@industry.gov.au.
Twenty-five per cent of Australians have been a victim of identity crime at some point in their lives.
It costs Australians $2 billion and our government $36 billion a year in damages (Australian Institute of Criminology).
Cyber identity crime continues to be one of the most common crimes in Australia and across the world.
Most of these crimes can be avoided – critical identification information is often exposed due to negligence or is accessed through phishing scams.
The source of the problem is often rooted in the way businesses collect and verify forms of ID and proof of credentials. In the vast majority of cases, customers submit simple digital scans of physical documents to businesses (e.g. driver license, passport, qualifications, etc.) or they type out and share details from these documents. Hackers can use this information to open lines of credit, phone accounts, or make online purchases, adding to the incredible tally of damages each year.
Solving cyber identity crime requires a deep rethinking of how we share and verify online credentials.
What if you didn't have to share that data anymore, and instead, just provide digital proof of its validity?
A proof that:
- serves a specific purpose that you consent to
- does not disclose your raw data like your driver license number
- is non-reusable if it lands in the wrong hands.
This is made possible using a mobile app built at CSIRO called Macrokey.
Our vision is to create trust on the web by allowing you to collect and share proof of credentials without risking your identity data.
Macrokey enables businesses to minimise data collection and tightens data governance through verifiable user consent and credentials, creating trust with customers. This is made possible through a fully decentralised, secure method for sharing credentials and personal data.
Technology
Macrokey is a secure mobile app that manages the users’ identity credentials on-device, and a Web-SDK to allow organisations’ websites to connect to the app. This is done in a decentralised way for authentication, consent management, verifiable credentials and data sharing purposes.
Applications
Cyber identity crime affects individuals and organisations alike.
Individuals
From travellers to loan applicants, everyday people are affected by the way their identity details are requested, – often through simple web forms or email. Often it is unclear what users consent to and how their data is managed, including whether it will be exposed to third parties.
Using Macrokey, individuals control their personal data and credentials, and have a more secure and simple way to authenticate. Macrokey is a user-centric encrypted personal data vault that brings back control in the hands of the individual.
Organisations
Government agencies, large enterprises and small-medium businesses are also affected by loss of revenue and brand damage following data leaks.
Recent cyber identity crimes have impacted the telecom industry in Australia with major concerns over the way proof of identity is being collected, processed, stored and potentially leaked.
Organisations take on the burden of managing sensitive data that they are obligated to collect, store and maintain in accordance with ID scanning rules that the Privacy Act 1988 (Privacy Act) covers. Then they must comply with the Australian Privacy Principles when collecting personal information, in addition to state or territory privacy laws.
Organisations that adopt Macrokey can get proof of digital identities without centralised identity management. This applies to staff or customers and can include proof of identity, qualifications, and more, without the need to share raw data such as scans of documents. Instead, proof takes the form of cryptographically signed verifiable credentials that cannot be reused for other purposes if leaked. Organisations can improve their compliance through data governance with provable user consent, data provenance and traceability.
Intellectual property
Macrokey is fully developed at CSIRO’s Data61 based on patented research (3 CSIRO International Patents).
The team
Macrokey is developed by a team of highly experienced researchers within Data61’s Software and Computational Science Research Program along with a highly skilled commercialisation team.