World e-ID & CyberSecurity - Digital Identity and Data Protection for Citizens and Businesses | Sept. 25-27, 2017 – Marseille, France

2017 Program

DAY 1 - Monday September 25 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

Cooperative Cybersecurity for our Connected World
Chaired by: Jon Shamah, Chair of EEMA ; Principal Consultant, EJ Consultants, UK

Common to the co-located conferences forming Smart Security Week, the Grand Opening will give a global view of public and private Cybersecurity initiatives to forge a united response to cyber threats, from policies and regulations to PPP, from industry solutions to best practices. The European Union’s responses to cyber threats has paved the way to cooperative cybersecurity between Member States with the NIS Directive, cPPP, IoT “Trust Label”, Privacy, GDPR, eIDAS and a renewed cybersecurity framework in preparation. On the other side of the Atlantic, the US NIST’s Framework also aims to the convergence of cybersecurity responses. The recent development of these initiatives, and others from around the globe, will be presented and discussed in the first part of the Opening. The second part will focus on private sector cybersecurity responses with focuses on Digital Identity management and IoT security challenges.

Day 1
25 Sep 2017
Jon Shamah

Introduction: Keeping Safe in a Digitally Connected World

Part 1 – Large Scale Cybersecurity Initiatives Worldwide
Day 1
25 Sep 2017
Alar Streimann

Securing the Digital Society: e-Estonia Lessons

Slawomir Górniak

Cybersecurity Strategies in the EU

● Policies for cooperation at EU level: Cooperation and protection of infrastructure, Crisis management
● Emerging EU policy areas
● Strategies: Cooperation, Preparedness, Certification

James Clarke

Accelerating EU-US Dialogue in Cybersecurity and Privacy

● H2020 EU project AEGIS presentation: stimulating cooperation around cybersecurity
● EU-US Cybersecurity reflection on Research and Innovation
● EU-US Cybersecurity reflection on policy and legislation challenges in cybersecurity and privacy

Donna Dodson

US NIST Cybersecurity Framework 1.1: Achievements & Road Ahead (Title TBD)

Donna Dodson
James Clarke
Andrew Churchill
Claudio Caimi

PANEL DISCUSSION: Transatlantic Cybersecurity Cooperation: Forging an United Response to Universal Cyber Threats

Part 2 – Preparing to Cyber Attacks: Security Industry Responses to Protect Data, Assets and People
Day 1
25 Sep 2017
Helmut Scherzer

Reload the Responsible Internet Citizen

• Personal Identity Card with free Digital Signature
• Signature for Internet Communication
• Wiki-Reality
• Name the ‘dark side’ of the power
• Privacy Initiative
• Back to the responsible Citizen
• Reality Check

Dr. Detlef Houdeau

ECIL recommendations to EU Commission

European Cyber Security Leaders (ECIL): harmonization replace fragmentation, NIS2.0 should follow NIS, rapide action force is indicated, incentive for private actors to participate on security information sharing, recommendations for asset protection of SMEs in EEA, security algo based on guidelines from EU, staged security and mutual acceptance is needed, backdoor for illegal use must be prevented, EU regulatory sandboxing is recommended, new cyber security innovation via economic incentives.

Raghu K Dev

Cognitive Security and Threat Intelligence (Title TBD)

Patrice Slupowski

Future of Identity for a Global Connected World

• Life is becoming more digital so crime is following the trend
• With 15 connected objects for each user are we going to be physically hacked and harassed by things?
• Passwords are dead and new tools are absolutely required
• Privacy will become absolutely essential to protect our digital patrimony

Alain Ducass
Patrice Slupowski
Mohammed Murad
Michiel Loeff

PANEL DISCUSSION: Next Massive Attacks of Biometric Databases: Are We Ready?

Smart Security Week Innovation Live
2.00pm: Exhibition Opening

DAY 2 - Tuesday September 26

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition

Track 1: Technologies & Enterprise
Digital Identity Management and Future ID
Session Chair: Helmut Scherzer, Senior Technology Manager CTO Office, Giesecke+Devrient, Germany
Day 1
26 Sep 2017
Karina Egipt

KEYNOTE Secure Governance of Digital Identity and Authentication

● Identifiers definition methods
● Rules of the game to use identifiers
● Identifiers and authentication relation to new informational concepts
● Assurance and accountability of information systems designed for efficient use of identifiers

Stephan Krenn

Credential: Secure and Private Cloud Service Managing Digital Identities

● Innovative secure cloud service for storing, managing and sharing digital identity & personal data
● Providing a high level of security for accessing user data through strong multi-factor authentication
● Use of complex proxy cryptography for preserving data user privacy
● Open architecture and broad interoperability and portability between systems and services

Augustin Mrazik

TRUST-EX – Object-Oriented Trust Model

● Trusted identity of users – crowd-funded as well as automatic rating of user credibility
● Easy-to-use strong authentication
● Transparent encryption of all data and messages
● Encapsulation of present identities, users continue using their previous e-mail accounts

Arshad Noor

Leveraging PKI Towards Simpler, Stronger Authentication

● X.509 Certificate/Smartcard-enabled web-applications are neither easy/cheap to create
● A FIDO Alliance protocol is gaining traction and becoming a W3C standard this year for web-auth
● FIDO strong-authentication protocols are easier/cheaper to integrate in applications, and to use
● Leveraging PKI credentials to get o FIDO strong-authentication is a viable bridge to the future

Track 2: Cybersecurity Regulations
GDPR: Managing ePrivacy & Compliance
Session Chair: Dr. Shaun Topham, President EU e-Forum, Senior Expert EU-China Smart Green Cities Initiative
Day 1
26 Sep 2017
Zoltán Précsényi

KEYNOTE Digital Privacy: A New Dawn for Data Governance

Prokopios Drogkaris

ENISA activities on supporting security of personal data processing

● Risk based approach is an obligation under GDPR
● Defining of processing operation and it’s context
● Evaluating impact and calculating the risk
● Demonstrating compliance

Rob van der Staaij

How to Protect Privacy Data in the Most Effective Way

● The General Data Protection Regulation requires that privacy-related information be protected
● Encryption is by far the most effective means to protect privacy data
● Many organisations do not have sufficient knowledge and expertise in the area of encryption
● Yet, encryption can be implemented in an effective way

Frederic Engel

All of Me, Privately

Mobile ID for Gov & Business
Session Chair: Helmut Scherzer, Senior Technology Manager CTO Office, Giesecke+Devrient, Germany
Day 1
26 Sep 2017
Christian Bull

Data-Driven and User-Friendly Authentication on Mobile Devices

● Continuous authentication from smartphone sensor data is possible and promising
● Security and privacy of our solution is key and requires care, including user requests to delete or access data
● Machine learning can help make sense of the stream of data about you
● Requiting and motivating users is important for the success our project

Libor Neumann

Triangle Authentication for a Trusted Mobile e-ID Ecosystem

● Logistics of mobile eID is very different from smart card eID logistics in eID ecosystem
● Introduction to triangle authentication – four types of triangle authentication description
● Triangle authentication use cases – local and remote identity proofing, self-service authenticator management and remote digital signature
● Triangle authentication – a solution to eID logistics

Markus Hertlein

Strong Authentication: A Solution for the Upcoming Challenges

Marc Norlain

From Mobile Connect to eIDAS, a Path to Mobile Identity

● What is Mobile Connect
● eIDAS and the eIDAS French hub ‘FranceConnect’.
● The GSMA Mobile Connect-eIDAS Pilot
● ‘Mobile Connect et moi’: a Substantial Identity Provider

eIDAS & GDPR in Business & Government
Session Chair: Dr. Shaun Topham, President EU e-Forum, Senior Expert EU-China Smart Green Cities Initiative
Day 1
26 Sep 2017
Erik Van Zuuren

e-Identity and Trust Services in the Area of e-Justice

● Trusted eIdentities for secured lawyer access
● Qualified eSignatures to ensure legal value in real court cases
● Qualified eDelivery to have guaranteed notification/delivery in legal proceedings
● Trustworthy Operational environment (incl stringent privacy protection)

John Erik Setsaas

Client On-Boarding and the Future Role of eIDAS

● Onboarding for financial institutions is costly and complex
● 40% of clients abandon
● eIDAS defines assurance levels
● Reasonable assurance and gradual onboarding

Jon Shamah

Extending Trusted Services beyond eIDAS

● Public and private sector schemes need to grow and interlink
● Scemes can either Integrate or Interconnect
● Visibility of Standards, transparent policies, as well as technical interoperability is essential
● As part of The EU Horizon 2020, FutureTrust and LIGHTest projects are driving that Interconnection

Eric Bohner

Electronic Signatures (Re-)Invented: 5 Value-Adding Services

● Plain electronic signature solutions don´t suffice for high-value and risky transactions
● 5 important needs to achieve complex transactions
● Client cases to increase the value of plain electronic signature solutions significantly

Matthias Schwan

Seven Steps to Get Connected to eIDAS Network

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

PSD2: Leveraging Identity Data in Banking
Session Chair: Thierry Spanjaard, Smart Insights Chief Editor, France
Day 1
26 Sep 2017
Andrew Churchill

KEYNOTE Digital Identification & Authentication – Role of Standards in Interpreting GDPR/PSD2

Erik Van Zuuren

eIdentity & Cyberchallenges in the Era of PSD2

● Quick overview of key PSD2 characteristics
● Modelling the required platform – Understanding the key building blocks
● PSD2 from a hacker/fraud perspective
● Overview of required eIdentity (verification) and other security measures

John Erik Setsaas

Turning the Open API Requirements of PSD2 into a Business Driver for Banks

● PSD2 puts new requirements on the bank – Identities is an important part of this
● Banks have valuable identity data, which can be monetized, by making it available
● Internal identities must be consolidated

Georg Nikolajevski

Next Generation e-ID

● Cross-border authentication and e-signing challenges
● One key to all e-services across European Union
● Changing user’s experience in digital world
● Trusted eID for banks

Yves Chemla

An Easier Bank Customer Journey Following Both Together PSD2 & GDPR

● How can we authentify in large scale while protecting sensitive data & create a fraudless world?
● The need to offer a native solution supporting both PSD2 and GDPR European Directive
● What are the needs for Banks & Retail?
● How to best answer to PSD2 for payment-transaction?
● How to answer to GDPR for Web-banking & customer secure access?

Managing Cybersecurity in Business
(Jointly with Security Automation World)
Session Chair: Sławomir Górniak, Data Security & Standardization Unit, ENISA – European Union Agency for Network and Information Security
Day 1
26 Sep 2017
Emmanuel Meriot

KEYNOTE The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defence

● How new machine learning and mathematics are automating advanced cyber defence
● Why 100% network visibility allows you to detect threats as they happen, or before they happen
● How smart prioritisation and visualization of threats allows for better resource allocation and lower risk
● Real-world examples of unknown threats detected by ‘immune system’ technology”

Mark Hearn

Inside the Mind of a Hacker: Knowledge is Cybersecurity Power

● Security shouldn’t be treated as a check box
● How hackers operate, what they are after and how they gain access despite security measures
● Making difficult to exploit vulnerabilities from IoT services and connectivity
● Implementing a proper cybersecurity approach

Gerd Pflueger

The Mobile Security & Identity Management Collision

● When mobility and identity collide: with the rise of IoT, more mobile devices are being used for authentication
● The new identity management model in light of IoT
● How businesses can drive digital transformation securely without compromise between mobility and security

Aljosa Pasic

WATIFY: Awareness Campaign for the Modernisation of Europe’s Industry

ID on Blockchain for eGov & Developing World
(Jointly with Identity World)
Session Chair: Jim Dray, Science Adviser, US National Institute of Standards and Technology (NIST)
Day 1
26 Sep 2017
Adewale Omoniyi

Blockchain – Building Trust through Digital Identity

● Blockchain as a Trust Broker – Public Private Decentralized Ledgers
● IBM POV on digital Identity for Governments
● Blockchain and Cyber Security POV
● Identity – Fundamental to Access – Financial and Economic Inclusion, Access to Health and Social Services, Education, Governance and Transparency

John Erik Setsaas

Identities on a Global Level – Taking the Blockchain Thinking to the Next Level

● Blockchain is excellent for ensuring immutability, and thereby that identities cannot be deleted
● Blockchain is not the best when it comes to privacy and the right to be forgotten
● A new distributed infrastructure is needed, where blockchain is an important part
● Four storage areas in the distributed network: blockchain, IdP truststore, identity data, secret key

Daniel Gasteiger

How Blockchain Technology Can Enable Governments To Deliver Secure Digital Identity And E-Gov Services

● The Issue with Identity and how blockchain can help (self-sovereign digital identities)
● How such an identity forms the basis for secure e-gov services on blockchain tech
● Switzerland as a logical hub for companies involved in such products (democracy, stability/security, data protection

Salvatore Francomacaro

Blockchain and Distributed Ledger Technology in International Standards

Jim Dray
Adewale Omoniyi
Daniel Gasteiger
Salvatore Francomacaro
John Erik Setsaas

PANEL DEBATE – Blockchain Based Identity Management: From Promises to Reality

eIDAS Impacts on Trust Services Provision
Session Chair: Jon Shamah, Chair of EEMA, UK; Principal Consultant, EJ Consultants, UK
Day 1
26 Sep 2017
Slawomir Górniak
Arno Fiedler

eIDAS Website Authentication and the Global Web PKI

● eIDAS Framework for Trust Services
● Qualified Website Certificates and PSD/2 Requirements
● CA/B-Forum and Google Requirements for Publicly-Trusted SSL/TLS Certificates
● ENISA approach for global recognition

David Ruana

Cloud Identity and Remote Signature

● Compliance with the security requirements for trustworthy systems supporting server signing
● Use cases of implementation of signature generation services in real projects

Dr. Shaun Topham

EKSISTENZ EU project in eIDAS scenarios (Title TBC)

Ingolf Rauh

Digital Onboarding – How PKI and Certificates Protect You in 2017 & 2018

● Important topics to be respected in 2017 and 2018: https everywhere, GDPR, eIDAS, CT log
● What is a certificate and why should I use it?.
● Best practices and pitfalls in choosing and using different certificate types
● The importance of the governing law behind certificates

Jon Shamah
Carlos Serratos
Arno Fiedler
Prokopios Drogkaris

PANEL DEBATE – Cybersecurity regulation & standards in EU: what path for harmonization for the Security Industry and for the consumers?

DAY 3 - Wednesday September 27

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

Next Gen Secure Documents
Day 1
27 Sep 2017
Lukas Praml

KEYNOTE The Next Digital ID – It’s Not All About the Blockchain

● User centric identity management system
● Self-sovereign identity versus state issued identity
● Integrated solution of IDs and eIDs
● Security built upon secure processes rather than hardware

Petri Viljanen

First ‘Common Criteria-like’ Physical Security Evaluation Scheme and Launch of a Self-Evaluation Tool

Marc Pic

A Sealed ID-Picture Against Falsification

● ID Picture is the main target of physical ID document falsification
● An offline and low-cost way to secure the authenticity of the picture
● A smartphone allows to check its authenticity
● Dematerializing the ID without infrastructure costs

From National e-ID to Digital ID
Day 1
27 Sep 2017
Stefane Mouille

The Future Digital Identity Landscape in Europe

Didier Serra

The Economics of Identity – Canada Case

● Identity authentication is more important now than ever, requiring a need for effective online verification
● Digital identity ecosystem to verify online ID by leveraging trusted digital credentials
● Major Canadian and American institutions cases

Urmo Keskel

Smart-ID : A New Split Key Technology Based e-ID Solution

● Smart-ID: a new generation PSD2 and eIDAS compliant eID authentication scheme
● First widely used split key technology based eID solution
● Key success factors of modern eID
● The biggest challenges of rolling out the new eID scheme

Salvatore Francomacaro

NIST Updates: eID, Cybersecurity and more

• Cybersecurity Framework: what is new
• SP 800-63-3 – Digital Identity Guidelines: the new edition
• Mobile ID, Derived Credential and other
• Blockchain for Identity

Access control & Biometrics Advances
Session Chair: Tom Kevenaar, Director Technology, Genkey, Netherlands
Day 1
27 Sep 2017
Tom Kevenaar

KEYNOTE Biometric Identity and Privacy in the Cloud

● Identity attributes in the cloud
● Protection of attributes during identity proofing
● Private biometric identity proofing in the cloud

Mohammed Murad

Biometrics in the Enterprise

● The new generator of authentication is not based on what we know or what we have. It’s based on what we are
● Identifying people based on unique physical feature such as an iris, fingerprints and faces
● Benefits of iris recognition technology to rapidly and accurately identify and authorize people in the workplace and beyond

Yves Chemla

Multibiometry including Behavioural Biometry to Replace the Password

● Is the password really dead?
● Why Multi-Biometry?
● Why Behavioural Biometry a plus?
● Database anonymization process for a better end user privacy
● Customer cases

Tomas Trpisovsky

Smartporter Kit

● Physical access control management based on identification, authentication and localization of persons
● Deterministic access control in parallel with behavior profiling
● Sensors on LP WAN integrated
● Advanced Power Actuators for site management

National ID Deployments & Border Management
Day 1
27 Sep 2017
Oktay Adalier

Latest Advances in Turkish National İD and Security Documents

● Issuance and personalization of huge amount of enrollments: National security document Personalization Center
● Usage of eID in Turkey
● Usage of Turkish eID in web based technologies like Open ID Connect and OAuth2.0
● Coming feature works of eID technologies in Turkey

Christophe Rapine

Strong Identity, Strong Borders

Tuire Saaripuu

eIDAS and ID Interoperability in Finland and Estonia (Title TBC)

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

IoT Security: Trusted ID & Certification
(Jointly with Connect Security World)
Session Chair: Dr. Detlef Houdeau, Senior Director of Business Development, Identification Market, Infineon; Member of Silicon Trust, Eurosmart and BITKOM
Day 1
27 Sep 2017
Scott Choi

New Biometrics based authentication for IoT/Mobile Services in Korea

Jan Rochat

Blurred Boundaries in Physical and Logical Security

● Why boundaries are blurring? / Effect of Internet of Things
● Data collection; Security & Value vs. Privacy
● Governance, Privacy & Security by Design
● End to End Secure ecosystem / Securing physical & logical security
● Continuous trust by adding identity assurance

Ernst Bovelander

Security and Trustworthiness in Connected Devices

● Trustworthiness in critical connected IoT devise, e.g medical devices
● Focused on a practical approach to establish assurance through third party evaluation
● What can we learn from different sectors, e.g. payment industry
● Next steps towards successful certification

Philippe Cousin

Trust IoT Labelling

● challenge in IoT trust and security
● challenge in current security certification scheme
● Need for new European certification-labelling scheme for IoT-Trust IoT labelling
● need for automated and formal approach to testing: the model based testing

Bernard Vian

IoT Security through Digital Identity and Reliable Root of Trust

● How can data collected by sensors and edges devices be trusted to be used in IoT application (back-end servers)
● How can devices remain under the controlled of authorized authorities (and not hackers)
● How can stake holders can be protected against attacks (DDoS, men in the middle…)
● A solution through Digital Identity and reliable Root of Trust based on PKI technology

Dr. Detlef Houdeau
Ana-Maria Fimin

PANEL DEBATE: Secure Labelling of Connected Devices: Where does EU Stand, Challenges and Road Ahead

Digital ID for Next Gen Online Services
Day 1
27 Sep 2017
Frederic Reboulleau
Donal Mc Guinness
Cedric Damico
Mikael Breton
Atreedev Banerjee

PANEL DEBATE: Digital ID for Next Gen Online Services

Porvoo Group / EEMA / eForum WORKSHOP
(Jointly with Identity World)

This Porvoo Group / EEMA / eForum workshop will be scouring the European e-ID landscape to provide contributions for the design of a model identity ecosystem for a developing country.
Day 1
27 Sep 2017
Dr. Shaun Topham
Jon Shamah
Tuire Saaripuu
Gábor Bartha

WORKSHOP: eIDAS Deployments in the EU and Lessons for e-ID Globally

End of the conference

Discover 2018 renewed edition:

The New Keys to Business Transformation & Trust
Sept. 24-26, 2018 - Marseille, France