World e-ID & CyberSecurity - Digital Identity and Data Protection for Citizens and Businesses | Sept. 25-27, 2017 – Marseille, France

Pre-Program

This version is continuously updated and enriched with additional speakers: keep posted!
Update: June 23, 2017
PROGRAM AT A GLANCE
DAY 1 – Monday Sept. 25 AFTERNOON
World e-ID and Cybersecurity Smart Security Week Innovation Live
PLENARY GRAND OPENING
Keynotes & panels addressing transversal topics of the Smart Security Week conferences

2.00pm: EXHIBITION OPENING

Welcome Cocktail
DAY 2 – Tuesday Sept. 26
Track 1 Track 2  
 
Digital Identity Management and FuturE ID GDPR: Managing Privacy & Compliance
All-day: Exhibition & Demos
Mobile ID for Gov & Business Managing Cybersecurity in Business
 
eIDAS & GDPR in Business & Government
Exhibition & Demos
PSD2: Leveraging Identity Data in Banking eIDAS Impacts on Trust Services Provision
Smart Security Week Awards Ceremony
Gala Evening
DAY 3 – Wednesday Sept. 27
From National e-ID to Digital ID
Exhibition & Demos, Business meetings
Access control & Biometrics Advances National ID Deployments & Border Management
Exhibition & Demos, Business meetings

DAY 1 - Monday September 25 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

PLENARY GRAND OPENING
Cooperative Cybersecurity for our Connected World

The Opening adresses transversal topics of the Smart Security Week conferences.

Part 1 – Large Scale Cybersecurity Initiatives Worldwide
Day 1
25 Sep 2017

European Union Cybersecurity Strategy: a new framework to deal with new challenges

Cooperation between States & Cybersecurity Agencies

Donna Dodson

US NIST Cybersecurity Framework 1.1: Achievements & Road Ahead (Title TBD)

Public-Private Partnerships on Cybersecurity

Ammar Jaffri

Regional Conflicts VS Cyber Conflicts… Need for Regional Cooperation

• Regional Conflicts are natural and has a History of Conflicts due to Number of Reasons
• There is an urgent need to bridge the Gaps in Cyber Space as Terrorists are getting benefit
• Only Cooperation in Cyber Space and timely sharing of Information may create confidence
• Gaps may be identified which can be used to trigger any Cyber War between Countries

PANEL DISCUSSION: Forging an United Response to Universal Cyber Threats

Part 2 – Preparing to Cyber Attacks: Security Industry Responses to Protect Data, Assets and People
Day 1
25 Sep 2017

IoT Security: EU’s certification and labelling for connected devices

Raghu K Dev

Cognitive Security and Threat Intelligence (Title TBD)

Telco’s Role

Helmut Scherzer

Reload the Responsible Internet Citizen – The Internet of the Future

• Personal Identity Card with free Digital Signature
• Signature for Internet Communication
• Wiki-Reality
• Name the ‘dark side’ of the power
• Privacy Initiative
• Back to the responsible Citizen
• Reality Check

Alain Ducass

PANEL DISCUSSION: Next Massive Attacks of Biometric Databases: Are We Ready?

Smart Security Week Innovation Live
2.00pm: Exhibition Opening
Welcome Cocktail

DAY 2 - Tuesday September 26

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition

Track 1: Technologies & Enterprise
Digital Identity Management and Future ID
Day 1
26 Sep 2017
Gustav Poola
Karina Egipt

Secure Governance of Digital Identity and Authentication

● Identifiers definition methods
● Rules of the game to use identifiers
● Identifiers and authentication relation to new informational concepts
● Assurance and accountability of information systems designed for efficient use of identifiers

Stephan Krenn

Credential: Secure and Private Cloud Service Managing Digital Identities

● Innovative secure cloud service for storing, managing and sharing digital identity & personal data
● Providing a high level of security for accessing user data through strong multi-factor authentication
● Use of complex proxy cryptography for preserving data user privacy
● Open architecture and broad interoperability and portability between systems and services

Augustin Mrazik

TRUST-EX – Object-Oriented Trust Model

● Trusted identity of users – crowd-funded as well as automatic rating of user credibility
● Easy-to-use strong authentication
● Transparent encryption of all data and messages
● Encapsulation of present identities, users continue using their previous e-mail accounts

Arshad Noor

Leveraging PKI Towards Simpler, Stronger Authentication

● X.509 Certificate/Smartcard-enabled web-applications are neither easy/cheap to create
● A FIDO Alliance protocol is gaining traction and becoming a W3C standard this year for web-auth
● FIDO strong-authentication protocols are easier/cheaper to integrate in applications, and to use
● Leveraging PKI credentials to get o FIDO strong-authentication is a viable bridge to the future

Track 2: Cybersecurity Regulations
GDPR: Managing ePrivacy & Compliance
Day 1
26 Sep 2017
Spyros Antoniou

The GDPR and its Main Actors: What are the Challenges Companies Face under this New Regulation?

● How to approach the Data Protection responsibilities under the GDPR;
● ICT Security and Privacy issues related to Personal Data in Information Systems and processes;
● Data Protection cases: 100 million CVs (Europass CV format) and staff Internet monitoring;
● How to deal with data breaches and complaints about the personal data you collect

Rob van der Staaij

How to Protect Privacy Data in the Most Effective Way

● The General Data Protection Regulation requires that privacy-related information be protected
● Encryption is by far the most effective means to protect privacy data
● Many organisations do not have sufficient knowledge and expertise in the area of encryption
● Yet, encryption can be implemented in an effective way

Yul Bahat

Small Businesses Also Need Protection

● Most cyber security consulting companies focus on large enterprises, completely ignoring SMEs
● SMEs today are completely unaware of the risk they are in, and the implications of GDPR
● During 2016-2017 we worked with SMEs in Paris, raising awareness, security levels and compliance
● Security for SMEs requires mostly awareness and time, not a big budget

Chris Cooper

Consentfulness a New Measure of Trust

● In a personal information economy it is essential participants share data
● Citizens need to stay in control of this data – especially as per GDPR – Consent
● How then to compare equitably these organisations?
● Consentfulness is how. A new measure of trust that Consentua enables

Mobile ID for Gov & Business
Day 1
26 Sep 2017
Andras Barsi

Mobile ID Provision: Empowering the End-User in the Digital World

● Legal compliance, an ever-growing problem for service provider creating a barrier to expansion
● Mobile ID provision can be the next generation value added service for banks or telecom companies
● Demo of Mobile ID in a banking scenario

Christian Bull

Data-Driven and User-Friendly Authentication on Mobile Devices

● Continuous authentication from smartphone sensor data is possible and promising
● Security and privacy of our solution is key and requires care, including user requests to delete or access data
● Machine learning can help make sense of the stream of data about you
● Requiting and motivating users is important for the success our project

Libor Neumann

Triangle Authentication for a Trusted Mobile e-ID Ecosystem

● Logistics of mobile eID is very different from smart card eID logistics in eID ecosystem
● Introduction to triangle authentication – four types of triangle authentication description
● Triangle authentication use cases – local and remote identity proofing, self-service authenticator management and remote digital signature
● Triangle authentication – a solution to eID logistics

Lukas Praml

The Next Digital ID – It’s Not All About the Blockchain

● User centric identity management system
● Self-sovereign identity versus state issued identity
● Integrated solution of IDs and eIDs
● Security built upon secure processes rather than hardware

Managing Cybersecurity in Business
(Jointly with Security Automation World)
Day 1
26 Sep 2017
Ricardo Uribe

Hackers Also Wear Suit

● Hackers attacks the weakest link in the chain:Human Hacking
● Experiential hacking laboratory shows several ways how you can be hacked in 30 seconds
● Strategies to enter the corporate networks through close relatives of the victim, co-workers, high executives…
● Protect your company in 10 steps

Ali Pabrai

Cyber Risk = Disruptive Business Risk

● How to establish an audit-ready compliance program.
● How cyber-attacks compromise sensitive enterprise assets.
● Critical areas to address in an enterprise security plan

Peter Allor

Where Cybersecurity Strategy (Risk Management) and Practical Deployment Meet

● Risk based Strategy
● Formulating a risk approach that can realize a practical deployment
● Where to start & what tools can help with risk based strategy
● Get past strategy and to the practical reality

Aljosa Pasic

WATIFY: Awareness Campaign for the Modernisation of Europe’s Industry

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

ID on Blockchain for eGov & Developing World
(Jointly with Identity World)
Session Chair: Jim Dray, Science Adviser, US National Institute of Standards and Technology (NIST)
Day 1
26 Sep 2017
Adewale Omoniyi

Blockchain – Building Trust through Digital Identity

● Blockchain as a Trust Broker – Public Private Decentralized Ledgers
● IBM POV on digital Identity for Governments
● Blockchain and Cyber Security POV
● Identity – Fundamental to Access – Financial and Economic Inclusion, Access to Health and Social Services, Education, Governance and Transparency

John Erik Setsaas

Identities on a Global Level – Taking the Blockchain Thinking to the Next Level

● Blockchain is excellent for ensuring immutability, and thereby that identities cannot be deleted
● Blockchain is not the best when it comes to privacy and the right to be forgotten
● A new distributed infrastructure is needed, where blockchain is an important part
● Four storage areas in the distributed network: blockchain, IdP truststore, identity data, secret key

Daniel Gasteiger

How Blockchain Technology Can Enable Governments To Deliver Secure Digital Identity And E-Gov Services

● The Issue with Identity and how blockchain can help (self-sovereign digital identities)
● How such an identity forms the basis for secure e-gov services on blockchain tech
● Switzerland as a logical hub for companies involved in such products (democracy, stability/security, data protection

eIDAS & GDPR in Business & Government
Day 1
26 Sep 2017
Erik Van Zuuren

e-Identity and Trust Services in the Area of e-Justice

● Trusted eIdentities for secured lawyer access
● Qualified eSignatures to ensure legal value in real court cases
● Qualified eDelivery to have guaranteed notification/delivery in legal proceedings
● Trustworthy Operational environment (incl stringent privacy protection)

John Erik Setsaas

Client On-Boarding and the Future Role of eIDAS

● Onboarding for financial institutions is costly and complex
● 40% of clients abandon
● eIDAS defines assurance levels
● Reasonable assurance and gradual onboarding

Jon Shamah

Extending Trusted Services beyond eIDAS

● Public and private sector schemes need to grow and interlink
● Scemes can either Integrate or Interconnect
● Visibility of Standards, transparent policies, as well as technical interoperability is essential
● As part of The EU Horizon 2020, FutureTrust and LIGHTest projects are driving that Interconnection

Dr. Shaun Topham

EKSISTENZ EU project in eIDAS scenarios (Title TBC)

Matthias Schwan

Seven Steps to Get Connected to eIDAS Network

PSD2: Leveraging Identity Data in Banking
Day 1
26 Sep 2017
Erik Van Zuuren

eIdentity & Cyberchallenges in the Era of PSD2

● Quick overview of key PSD2 characteristics
● Modelling the required platform – Understanding the key building blocks
● PSD2 from a hacker/fraud perspective
● Overview of required eIdentity (verification) and other security measures

John Erik Setsaas

Turning the Open API Requirements of PSD2 into a Business Driver for Banks

● PSD2 puts new requirements on the bank – Identities is an important part of this
● Banks have valuable identity data, which can be monetized, by making it available
● Internal identities must be consolidated

Georg Nikolajevski

Next Generation e-ID

● Cross-border authentication and e-signing challenges
● One key to all e-services across European Union
● Changing user’s experience in digital world
● Trusted eID for banks

eIDAS Impacts on Trust Services Provision
Day 1
26 Sep 2017
Arno Fiedler

eIDAS Website Authentication and the Global Web PKI

● eIDAS Framework for Trust Services
● Qualified Website Certificates and PSD/2 Requirements
● CA/B-Forum and Google Requirements for Publicly-Trusted SSL/TLS Certificates
● ENISA approach for global recognition

David Ruana

Cloud Identity and Remote Signature

● Compliance with the security requirements for trustworthy systems supporting server signing
● Use cases of implementation of signature generation services in real projects

Eric Bohner

Electronic Signatures (Re-)Invented: 5 Value-Adding Services

● Plain electronic signature solutions don´t suffice for high-value and risky transactions
● 5 important needs to achieve complex transactions
● Client cases to increase the value of plain electronic signature solutions significantly

Ingolf Rauh

Digital Onboarding – How PKI and Certificates Protect You in 2017 & 2018

● Important topics to be respected in 2017 and 2018: https everywhere, GDPR, eIDAS, CT log
● What is a certificate and why should I use it?.
● Best practices and pitfalls in choosing and using different certificate types
● The importance of the governing law behind certificates

PANEL DEBATE – Cybersecurity regulation & standards in EU: what path for harmonization for the Security Industry and for the consumers?

Gala Evening

DAY 3 - Wednesday September 27

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

Next Gen Secure Documents
Day 1
27 Sep 2017
Petri Viljanen

First ‘Common Criteria-like’ Physical Security Evaluation Scheme and Launch of a Self-Evaluation Tool

Marc Pic

A Sealed ID-Picture Against Falsification

● ID Picture is the main target of physical ID document falsification
● An offline and low-cost way to secure the authenticity of the picture
● A smartphone allows to check its authenticity
● Dematerializing the ID without infrastructure costs

From National e-ID to Digital ID
Day 1
27 Sep 2017
Stefane Mouille

The Future Digital Identity Landscape in Europe

Salvatore Francomacaro

NIST Updates: eID, Cybersecurity and more

• Cybersecurity Framework: what is new
• SP 800-63-3 – Digital Identity Guidelines: the new edition
• Mobile ID, Derived Credential and other
• Blockchain for Identity

Andre Boysen

The Economics of Identity – Canada Case

● Identity authentication is more important now than ever, requiring a need for effective online verification
● Digital identity ecosystem to verify online ID by leveraging trusted digital credentials
● Major Canadian and American institutions cases

Urmo Kestel

Smart-ID : A New Split Key Technology Based e-ID Solution

● Smart-ID: a new generation PSD2 and eIDAS compliant eID authentication scheme
● First widely used split key technology based eID solution
● Key success factors of modern eID
● The biggest challenges of rolling out the new eID scheme

Access control & Biometrics Advances
Day 1
27 Sep 2017
Yves Chemla

Multibiometry including Behavioural Biometry to Replace the Password

● Is the password really dead?
● Why Multi-Biometry?
● Why Behavioural Biometry a plus?
● Database anonymization process for a better end user privacy
● Customer cases

Mohammed Murad

Iris Comes of Age for National ID Programs

● Overview of Iris recognition technology
● Implementation of case studies
● Lessons learned from real-life deployments
● The technology works equally well for children

Jonas Andersson

Mobile Biometric Identification (Title TBC)

Tomas Trpisovsky

Smartporter Kit

● Physical access control management based on identification, authentication and localization of persons
● Deterministic access control in parallel with behavior profiling
● Sensors on LP WAN integrated
● Advanced Power Actuators for site management

National ID Deployments & Border Management
Day 1
27 Sep 2017
Oktay Adalier

Latest Advances in Turkish National İD and Security Documents

● Issuance and personalization of huge amount of enrollments: National security document Personalization Center
● Usage of eID in Turkey
● Usage of Turkish eID in web based technologies like Open ID Connect and OAuth2.0
● Coming feature works of eID technologies in Turkey

Christophe Rapine

Strong Identity, Strong Borders

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

IoT Security: Trusted ID & Certification
(Jointly with Connect Security World)
Day 1
27 Sep 2017
Jan Rochat

Blurred Boundaries in Physical and Logical Security

● Why boundaries are blurring? / Effect of Internet of Things
● Data collection; Security & Value vs. Privacy
● Governance, Privacy & Security by Design
● End to End Secure ecosystem / Securing physical & logical security
● Continuous trust by adding identity assurance

Ali Pabrai

IoT + DDoS = Disruptive (Business + Cyber) Risk!

● Why IoT = Internet of Threats
● How botnets and DDoS can be disruptive to sites and Web applications.
● IoT Security Policy that addresses key compliance requirements.
● Strategy for addressing threats in the context of an enterprise cyber security plan

Ernst Bovelander

Security and Trustworthiness in Connected Devices

● Trustworthiness in critical connected IoT devise, e.g medical devices
● Focused on a practical approach to establish assurance through third party evaluation
● What can we learn from different sectors, e.g. payment industry
● Next steps towards successful certification

Andy Ramsden

IoT – Imprinting Security by Design

● How to differentiate between ‘trusted’ and ’untrusted’ devices
● Roots of Trust into devices at the design stage is the solution
● Coupled with end to end security: strong user or device authentication, trusted people, systems and devices

Philippe Cousin

Trust IoT Labelling

● challenge in IoT trust and security
● challenge in current security certification scheme
● Need for new European certification-labelling scheme for IoT-Trust IoT labelling
● need for automated and formal approach to testing: the model based testing

Benoit Makowka

IoT Security through Digital Identity and Reliable Root of Trust

● How can data collected by sensors and edges devices be trusted to be used in IoT application (back-end servers)
● How can devices remain under the controlled of authorized authorities (and not hackers)
● How can stake holders can be protected against attacks (DDoS, men in the middle…)
● A solution through Digital Identity and reliable Root of Trust based on PKI technology

PANEL DEBATE: Secure Labelling of Connected Devices: Where does EU Stand, Challenges and Road Ahead

WORKSHOP
(Joint with Identity World)
eIDAS & Mutual Recognition Lessons for Developing World
Scouring the European landscape in order to provide contributions for the design of a model identity ecosystem for a developing country.
With representatives of e-Forum, Porvoo Group, Finnish Population Register Centre,  eIDAS
Day 1
27 Sep 2017

title

End of the conference