Identity & CyberSecurity Innovation World - The New Keys to Business Transformation & Trust | Sept. 24-26, 2018 – Marseille, France

Program

DAY 1 - Monday September 24 Afternoon

2.00pm – 6.30pm: Opening Session | 3.50pm – 4.30pm: Coffee & Refreshment Break – Networking – Exhibition

PLENARY GRAND OPENING
Connecting the World with the New Privacy Reality
Heaven or Hell?
Chaired by: Jon Shamah, Chair of EEMA ; Principal Consultant, EJ Consultants, UK

Common to the co-located conferences forming Smart Security Week, the Grand Opening will be addressing the global move to put the consumer and citizen back in control of their data at multiple levels (citizen ID, customer ID, IoT devices ID, social network ID etc.).

This non-technical plenary session will explore both the latest privacy and data protection initiatives –policies, regulations, standards…– and their related societal and economic challenges.

On stage, several keynotes from high-level representatives of the EU, US, international organizations and other countries, as well as private sector representatives.

Day 1
24 Sep 2018
Jon Shamah

The New Privacy Reality

Part 1 – The Impact on Service Providers
Day 1
24 Sep 2018
Day 2
25 Sep 2018
Orlando Scott-Cowley

Enhancing Privacy and Compliance in the Cloud with AWS

● Service providers perspective of helping customers deliver privacy and compliance in the cloud
● The mechanisms AWS offers its customers to help with their compliance programs and the GDPR

Dr. Detlef Houdeau

Progress report of European Cybersecurity Industry Leadership (ECIL) recommendation to EC

● Digital Sovereignty- as answer to the behavior of China and US
● Security Certification (in reflection of the Cybersecurity Act)
● Role of ENISA
● Further Harmonization in EEA
● Incident Shaping and Reporting
● Encryption – cooperation with law enforcement

PANEL: Is it the end of the information-based “mega $ corporate”?

While some IT companies are arguing that the very concept of privacy is dead in a digital world, public authorities are pushing new regulations to protect customers and citizens. Privacy enhancing techniques enable new data monetizationbusiness models while ensuring compliance to various data protection legislations.
- Can information based corporations survive with the new legislations?
- What responsibility will they gain or lose?
- What sort of business models?
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
With:
Martin Claich, Privacy Solution Consultant, OneTrust, UK
Mark Lizar, CEO & Founder, Open Consent, UK
Jon Shamah, Chair of EEMA
Martin Claich
Mark Lizar
Jon Shamah
Unknown

Title TBC

Part 2 – The Impact on the Citizen and Digital Society
Day 1
24 Sep 2018
Day 2
25 Sep 2018
Slawomir Górniak

EU Cybersecurity Act (Title TBC)

PANEL: The eternal debate – privacy or security? CCTV, Cyberwars, Politics and GDPR

- What more can we do to protect the citizens and society from direct cyberthreats?
- How can we reduce the impact of privacy invading techs such as CCTV and cross-domain communications?
- How can governments maintain privacy while improving efficiency?
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
With:
Slawomir Górniak, Expert, Security Tools and Architecture Section, ENISA
Didier Serra, EVP, Sales & Marketing, SecureKey, Canada
Jon Shamah, Chair of EEMA
Oliver Väärtnõu, CEO, Cybernetica, Estonia
Slawomir Górniak
Didier Serra
Jon Shamah
Oliver Väärtnõu
Unknown

Title TBC

Smart Security Week Innovation Live
2.00pm: Exhibition Opening

DAY 2 - Tuesday September 25

9.00am - 1.00pm: Break-out Sessions | 10.50 - 11.20am: Coffee & Refreshments Break – Networking – Exhibition
Track 1: Digital ID Techs Advances
Track 2: Trusted Digital Transformation
   

Digital Identity & ID Management
Moderated by: Slawomir Górniak, Expert, Security Tools and Architecture Section, ENISA
Day 1
25 Sep 2018
David Ruana
Sandra Mendes y Fernández

Global Trends about the eID and Trust Services

● Evolution of trust services and new standards
● Authentication and electronic signature solutions
● Lessons learnt from large-scale eIDAS projects

David Rihak

eID Fundamental Requirements under a Microscope

● Concept of identity in ecosystem of independent services is fundamentally different to the identity used for a single service.
● New requirements for the seamless and efficient eID ecosystem (eIDAS, NIST, IDESG, DTA, Horizon2020)
● Detailed analysis of each requirement
● Practical application of all minimum requirements to create an efficient eID ecosystem

Oliver Väärtnõu

Estonian eID Future Development Paths (Title TBC)

● Weaknesses/Threats to the Estonian Digital Identity Ecosystem
● Smart-ID Service/SplitKey technology, its unique characteristics
● Future roadmap and ideas on Digital Identities

Salvatore Francomacaro

Standards in the space of ID Management, Security and Privacy (Title TBC)

ID for Digital Transformation 1 – From IAM to Consumer ID Management
Moderated by: Dr. Detlef Houdeau, Senior Director of Business Development, Identification Market, Infineon; Member of Silicon Trust, Eurosmart and BITKOM
Day 1
25 Sep 2018
Carlos Sousa

Identity Management as an Enabler for Digital Transformation

● Identity Management is a primary digital business enabler for companies
● Proper Customer Identity Management is a leverage for Sales and Marketing
● Strong Identity Management is a requirement for GDPR compliance
● Create the foundation for strong IAM procedures inside your company

Shaked Vax

Know Your (Digital) Customer in the Identity Theft Era

● How to deliver a high level of digital trust to your customer
● How to protect your data and your customers
● Discover the true meaning behind knowing your customer

Martin Claich

Subject Access Rights: GDPR Implementation Guide

● How organizations can get ahead in the new era of privacy and increased data subject rights
● Specific recordkeeping requirements for data controllers
● A roadmap and best practices for compliance

Timo Neumann

Creating an Open, Usable and Secure Ecosystem for Identities on Mobile Devices

● Latest development of identities on mobile: why an open ecosystems is needed
● Getting the security straight: eIDAS as framework for secure identification and authentication
● Secure element and Trusted Service Manager (TSM) as key to managing the variety of hardware in the field
● Mobile eID use cases in OPTIMOS 2.0

ID & Trust Verification Advances
Moderated by: Slawomir Górniak, Expert, Security Tools and Architecture Section, ENISA
Day 1
25 Sep 2018
Courtney Austin

Insights From the Latest 2018 Cybercrime Report

● Latest trends in European fraud, based on actual cybercrime attacks detected
● How can merchants protect themselves and their customers
● Identity abuse and payment trends: results of the 2018 Q2 Cybercrime Report just released

Frederic Engel

Streamlining fast, AI-powered, eIDAS level 2-compliant eKYC for strong, frictionless consumer authentication

● Stringent regulatory requirements create global demand for new, chatbot-enabled, natural language processing attribute-based credentials enrolment apps
● At stake is for banks, telecom, transport operators’ user experiences (UXs) to benefit from the best of both ID Security and Data Protection worlds
● User cases illustrate how industry leading identity verification solutions integrate themselves in mobile applications that facilitate everyday life

Joshua Peper

The Future of ID Verification Using Artificial Intelligence and Deep Learning Networks

● The challenges of next-gen authentication & verification technologies
● Bleeding edge verification technology; using artificial intelligence & deep machine
learning
● The need for change in the ID industry and the quest for better and transparent information

Jon Shamah

LIGHTest Automated Trust Verification: Helping to Make Good Choices

● How can we know whether a remote someone/something is trustworthy?
● LIGHTest EU funded project: Lightweight Infrastructure for Global Heterogeneous Trust management in support of an open Ecosystem of Stakeholders and Trust schemes
● Automatic Trust Verification relies on 2 items: Individual Trust policy and Electronic Transaction

Wes Kussmaul

Measuring the Reliability of an Identity Credential

● Identity Quality Assurance quantifies the reliability of an identity credential
● The Identity Quality score is publicly disclosed with PKI identity certificates
● Threshold ID Quality scores allow for individualized usage
● ID Quality is calculated from eight metrics that contribute to confidence in an ID Certificate

ID for Digital Transformation 2 – Trusted Transactions
Moderated by: Thierry Spanjaard, Principal, Intelling
Day 1
25 Sep 2018
Georg Nikolajevski

Addressing Business Challenges on Tightening e-Identity Regulations

● Tightening regulations on secure online authentication
● Importance of personal and corporative e-identity to replace outdated solutions
● Retaining business efficiency during customer behaviour digitalization

Josje Fiolet

Digital customer onboarding: security and convenience are two sides of the same coin

● Digital customer onboarding: main reasons of bad customer experience
● New entrants are challenging status quo
● Risk and security features can enhance onboarding experience
● Benchmark of onboarding practices across Europe;

John Devlin

Analysis of Digital ID Verification for Banking and Crypto Currencies

Rieks Joosten

Self-Sovereign Identity as Electronic Transaction Enabler

● Self-Sovereign Identity: why, how, what
● Maybe it’s not about identity, but about enabeling electronic business transactions
● Significant savings in cost and throughput make a compelling business case
● This is something we have to learn and/to do together

John Erik Setsaas

Challenges with B2B Electronic Signatures

● Extending electronic signatures to businesses
● Trusted electronic signatures from an authorized signer
● Protecting business to business communication

1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 6.45pm: Break-out Sessions | 3.50 – 4.30pm: Coffee & Refreshments Break – Networking – Exhibition

ID on Blockchain & Other Decentralized Models 1/2
Moderated by: Jim Dray, Senior Computer Scientist, Information, Technology Laboratory, National Institute of Standards and Technology, USA
Day 1
25 Sep 2018
Jim Dray

Smart Contract Identity Management

  • What is a smart contract?
  • Why is a smart contract suitable for identity management?
  • Comparison of traditional and blockchain identity management trust models
  • Discussion of the NIST Smart Contract Federated Identity Management project
Didier Serra

Building a Blockchain-Based Solution to Put Consumers in Control of Their Identities

● Digital identity is in a state that demands immediate change for the better
● Blockchain technology is capable of transforming the way data is stored and shared
● An ecosystem collaboratively developed by leading organizations can provide a solution
to the identity problem
● Making processes frictionless while keeping consumer data secure is achievable

Thorsten Niebuhr

From Silos and Warehousing to Just-In-Time: Disclosing Entity Relations

● From Data Warehouse to Data ‘just-in-time’: preventing silos
● Basics on Identity/ Entity Relationship Management
● The missing glue for decentralized Identity Management DIDM
● Authorizations vs obligations

Miroslav Minović

Identity I wanted but never got

● Digital identity should provide proper balance between rights of individuals, organizations and society.
● Digital identity should be trustworthy, secure and usable, solution should not be searched on either end of the equation.
● Blockchain architecture enables better implementation of Digital ID than with centralized approach.

Dr. Angelika Steinacker

IoT and IAM – Challenges, Considerations and Strategies

ID for Digital Transformation 3 – Trust in eIDAS & PSD 2 Era
Moderated by: Raghu K Dev, Global IAM Director, BNY Mellon, USA
Day 1
25 Sep 2018
Jon Shamah

FutureTrust Project Updates (Title TBC)

Jimmy Fong

Mobile as a Factor of Authentication for PSD2

● Rise of mobile adoption & opportunity for banks
● Developing a mobile first strategy, using the device for banking and authorisation/authentication
● KYD – Know You Device – using the device as a trusted token of authentication
● Meaning of SCA
● OTP via SMS – does not fulfil all of RTS security requirements
● What a simple/secure/compliant SCA PSD2 solution fulfils
● InAuthenticate: helping banks achieve PSD2 SCA compliance

Thierry Mennesson

Preparing for Cyber Defenses Mutualization in the Financial Sector

• Strategic perspectives new cyber-attacks typology in a transforming financial sector
• Outside-in view on market trends leading toward cyber defenses mutualisation as key resolution
• Presentation of strategic options for mutualizing cyber defenses and enable efficient synergies
• Proposal of a 3-step cyber-defenses mutualization roadmap for financial institutions until 2021

PANEL: Open Banking: How to Balance Security, Customer Trust and Business Requirements?

Raghu K Dev, Global IAM Director, BNY Mellon
Panel Chair and Moderator
Regulations such as EU PSD2 and UK’s Open Banking are transforming the financial services industry. Yet, their customer identity-centric approach of banking and payment services significantly increase the threat surface that customer’s data assets are exposed to. During this panel discussion, digital identity experts from security and finance industries will tackle multiple challenge of balancing security, compliance and risk, while providing a seamless user experience at optimal cost:
• What are the latest trend of identity fraud?
• How to ensure large scale strong customer authentication while protecting sensitive data and privacy?
• How does it impact finance organizations business models?
• How effective is fraud detection analytics and other emerging techs?
Agenda:
• “Introduction” by Raghu Dev
• What are the latest trend of identity fraud?
• How to ensure large scale strong customer authentication while protecting sensitive data and privacy?
• How effective is fraud detection analytics?
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
Other panellists include Jimmy Fong, VP of Sales EMEA, InAuth; Josje Fiolet, Manager, INNOPAY, Netherlands (TBC); John Devlin, Principal, P.A.ID Strategies (TBC); Johanne Ulloa, Director Sales Engineering, Southern Europe, ThreatMetrix, a LexisNexis Risk Solutions Company
Raghu K Dev
Jimmy Fong
Josje Fiolet
John Devlin
Johanne Ulloa

ID on Blockchain & Other Decentralized Models 2/2
Moderated by: Jim Dray, Senior Computer Scientist, Information, Technology Laboratory, National Institute of Standards and Technology, USA
Day 1
25 Sep 2018
Dr. Angelika Steinacker
Raghu K Dev

IAM and Blockchain (Title TBC)

● The scope of blockchain technologies for Identity and Access Management
● Bring clarity to decision makers whether to adapt blockchain technologies for IAM
● Show practical considerations for adapting blockchain technologies for IAM

Dr. Ilesh Dattani

Blockchain for Public Good: A United Kingdom Viewpoint

● Testing DLT (Distributed Ledger Technology) for enhanced delivery of government services to the citizens of the UK
● Requiring effective collaboration within and between the public and private sectors

Sid Desai

Next Generation Authentication: Bringing PKI Infrastructure to the Blockchain

● How Blockchain-powered PKI can make passwords obsolete
● The new, distributed standard of Public Key Infrastructure for the interconnected world: benefits, use cases and architecture
● No more passwords — no more break-ins
● Unbreakable, foolproof user authentication to protect your users, employees, and company’s data from cyber attacks

PANEL: Blockchain Based Identity Management Beyond Pilots

Jim Dray, Science Adviser, US NIST
Panel Chair and Moderator
Agenda:
During this panel discussion, digital identity experts will map the first implementations of ID on Blockchain and identity the strengths and weaknesses of a technology still emerging:
What pilot blockchain identity management projects are underway, and have any produced positive results yet?
What models are emerging for blockchain identity management?
Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
How do blockchains impact privacy?
Will standards in this area help? If so, what standards are needed?
Panellists will include:
- Dr. Ilesh Dattani, Director, Assentian, UK; advisor, e-forum – European Forum for e-Public Services
- Raghu Dev, Global IAM Director, BNY Mellon
- Salvatore Francomacaro, National Institute of Standards and Technology (NIST), Information Technology Laboratory, Computer Security Division (TBC)
- Didier Serra, EVP, Sales & Marketing, SecureKey, Canada
- Dr. Angelika Steinacker, CTO for Identity & Access Management, IBM Security Europe (TBC)
Jim Dray
Dr. Ilesh Dattani
Raghu Dev
Salvatore Francomacaro
Didier Serra
Dr. Angelika Steinacker

IoT Certification & Trust Frameworks
(Jointly with Connect Security World)
Moderated by: Dr. Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Day 1
25 Sep 2018
Stefane Mouille

KEYNOTE Cybersecurity Act and the Impact for the European Smart – Security Industry

Ernst Bovelander

Assessing the Security of ‘Simple’ IoT Devices

● Security of ‘simple’ IoT devices explained
● Assuring the security of IoT devices
● How to develop secure IoT devices

Dr. Beatrice Peirani

Mobile Security with Software, Which Role for the Standards

● Mobile security by software
● ETSI CYBER role
● The example of cloud-based payment
● The example of FIDO

Abilash Rajasekaran

Internet of Things made secure with Freedombox using Decentralized Architecture

● How to make data secure in Internet of Things
● Solving most of the IoT security issues
● Use case in accessing IoT devices even without internet
● Freedombox and IoT architecture

PANEL: EU IoT Trust Label and Cybersecurity Act: Status and Challenges

Eric Vétillard, Head of Future Certifications, NXP Semiconductors
Panel Chair and Moderator
Agenda:
The trilogue discussions have started on the EU Cybersecurity Act (European Commission, Council of the European Union and European Parliament), and we will know the result by the end of the year. One year after the initial announcement, a few things are becoming clearer, but many questions remain unanswered, and we will consider a few with that panel: more

The role of schemes in the EU Cybersecurity Act
The role of governmental entities in the EU Cybersecurity Act
The impact (or not) of non-mandatory certification on IoT devices
The impact on the EU Cybersecurity Act on complex systems like (semi-)autonomous cars
Panellists will include:
- Marion Andrillat, Business Development manager, CEA-Leti, France (TBC)
- Ernst Bovelander, Chief Business Officer, Brightsight, Netherlands (TBC)
- Lars Lydersen, Senior Director of Product Security, Silicon Labs, Norway (TBC)
- Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO, Giesecke+Devrient (TBC)
- Stefane Mouille, President, Eurosmart (TBC)
Eric Vétillard
Marion Andrillat
Ernst Bovelander
Lars Lydersen
Dr. Gisela Meister
Stefane Mouille

DAY 3 - Wednesday September 26

9.00 – 10.50am: Break-out Sessions | 10.50 – 11.20am: Coffee & Refreshments Break – Networking – Exhibition | 11.20am – 1.00pm: Break-out Sessions

Biometrics & Strong Authentication Advances
Moderated by: Antonio D’Albore, Founder, Embedded Security News, Italy
Day 1
26 Sep 2018
Georg Nikolajevski

Trends in User Authentication: How to Make the Most of Biometry?

● The role of biometrics in strong authentication
● Trade-off between security and convenience
● Risks of biometrical authentication
● Choice depending on your business needs

Christopher Richard

Multi-Biometry Authentication to Replace Passwords

● Is the password dead?
● Why Multi-Biometry?
● Why Behavioural Biometry a plus?
● Database anonymization process for preserving end user privacy
● Customer cases

Eugene Shablygin

Right Factor authentication – Not your grandfather’s OTP

● 82 percent of all breaches attributed to weak credentials
● Passwords declared “dead” in 2004, but there are 100 Billion of them in use today
● “Second Factors” costs businesses billions, and people hate them
● Align factors in the right order, beef-up security, save millions, and your users love you

Dr. Beatrice Peirani

FIDO Model for Certification of Strong Authentication

● Authentication with biometrics and second factor is coming on board
● FIDO is one of the standard that may become “the” authentication standard
● Certification is a must for security
● FIDO proposes a certification process to guarantee the security of the solutions

Gil Bernabeu

Trusted UI and Biometrics: From APIs to Certification

● What is really a trusted UI
● From standardized APIs to a Security certification
● Collaboration with IFAA and FIDO

Biometrics Implementations: Payments, Travel and more
Moderated by: Antonio D’Albore, Founder, Embedded Security News, Italy
Day 1
26 Sep 2018
John Erik Setsaas

Behavioral biometrics to adress the PSD2/SCA requirements

● How to simplify strong authentication for end‐users
● How banks can fulfill the PSD2/SCA requirements, without risking losing users
● Data‐driven authentication – based on multiple parameters
● Risk based authentication

Jonas Andersson

Biometric System on Card, Status of Trials and Experiences

  • Review of the current and completed trials involving Biometric System on Card (SoC) around the world
  • Common issues and opportunities identified in the trials
  • Biometric SoC applications in current trials: Payment cards, contact and contactless, access cards,
    physical and logical, and ID Cards
  • Next step in testing and piloting this new technology

PANEL: Is it truly time for “mass market biometrics” beyond smartphones?

Jonas Andersson, Head of Standardization, Fingerprint Cards AB
Panel Chair and Moderator
This panel gathering will take stock of biometrics advances around the world as of Fall 2018.
- What models are emerging for blockchain identity management?
- Can self-sovereign and traditional hierarchical identity management schemes co-exist on the blockchain?
- Blockchains can break down silos and promote interoperability. However, there are different types of blockchains and it is not clear that they will interoperate. How do we avoid building a new world of siloed blockchain identity management systems?
- It is critical for users and developers to understand blockchain's decentralized trust models. What work is being done in this area and what needs to be done?
- How do blockchains impact privacy?
- Will standards in this area help? If so, what standards are needed?
Panellists will include Antonio D’Albore, Founder, Embedded Security News, Italy; Christopher Richard, Co-Founder, United Biometrics, France; Eugene Shablygin, CEO, WWPass, USA
Jonas Andersson
Antonio D’Albore
Christopher Richard
Eugene Shablygin
1.00 – 2.00pm: Lunch – Networking – Exhibition | 2.00 – 4.30pm: Break-out Sessions

AI for Cybersecurity
(Jointly with Connect Security World & Predictive Security World)
Moderated by: Dr. Ilesh Dattani, Director, Assentian, UK; advisor, e-forum – European Forum for e-Public Services
Day 1
26 Sep 2018
Ina Wanca

I, Human: Cognitive Cybercrime Prevention Tools in the Domain of Personal Digital Security

● How do users make decisions that can expose them to cyber-threats?
● Deep dive into the human and psychological factors of the insider threat.
● Detecting cognitive biases in human cybersecurity behavior: user behavior analytics.
● Can cognitive learning applications help online users to self-regulate their cybersecurity behavior?

Johanne Ulloa

Unleashing the Power of Digital Identity

● Breached identity information is changing the nature of global cybercrime
● Merchant-specific trends in global cybercrime
● Different approaches to protect against identity abuse and fraud attacks.

Dr. Ilesh Dattani

FINSEC: Protection of Critical Financial Infrastructure from Emerging and Future Cyber Threats

● Infrastructures of the financial sector are increasingly vulnerable to security attacks
● FINSEC EU project: Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures
● Introducing a novel standards-based reference architecture for integrated (cyber & physical) security

Gerd Pflueger

VMware Appdefense – The Future of Application Security for Edge, Branch and DC

● Concept of “Goldilocks Zone” and “Ensuring Good”
● Difference to the established security solutions
● VMware AppDefense solution based on Hypervisor technology
● Usecases with NFV, IoT and EdgeComputing

Josh Fu

Artificial Intelligence: Impact on the World

● Artificial intelligence and machine learning are everywhere, but overused and misunderstood
● Learn about the history and subfields of AI and ML and how the tech applies to various industries
● AI is imperative to solving IoT scalability challenges from worker shortages and overwhelming malware creation

End of the conference