PLENARY GRAND OPENING INNOVATION FOR CONNECTED LIFE
This cross-disciplinary day will outline the next five years changes and challenges for the connected consumers, citizens, employees, cities and smart devices. The Grand Opening is common to Smart Contactless World, M2M Innovation World, World e-ID & Cybersecurity and Connect Security World.
The Digital Identity in 5 years
First keynotes announced • Donna Dodson, Chief Cybersecurity Advisor and Executive Director CCoE, US NIST • Samia Melhem, Lead Policy Officer, Global ICT Group, World Bank • Dr. Angelika Steinacker, IAM Competency Leader Europe / Global Security Practice, IBM
The m-Wallet War Relaunched: Apple Vs. Google Vs. Samsung
How will Apple, Google, Samsung and Traditional Payment Players Boost Contactless Payments? Animated by François Lecomte-Vagniez, Associate Partner, Lobary; Conference Program Committee Chair
Panellists will include execs from Edgar, Dunn & Company • Ingenico • Mastercard • Total …
After several years of slow growth, contactless payment has finally found its path to (relative) success with Apple PayMore
Its US launch in September 2014 has marked an important step: Apple Pay accounts for more than two thirds of American contactless payments. And it now takes a new dimension with its expansion to the UK in July, and more European countries soon (including Slovakia, the Czech Republic). In addition to its attractive, secure NFC solution for the consumers, Apple Pay has been receiving a large support from major card providers, hundreds banks, retailers, brands, merchants in the US and UK. The other contactless payment big players aren’t outdone and have made important announcement: a new Wallet War is on the way, around a phone-based payment system rather than digital wallet apps. The new Samsung Pay solution is announced to launch in Korea and the US in September 2015, with an extra feature (LoopPay) not requiring contactless PoS, a selling point in the US. Android Pay, successor to Google Wallet will add tokenization and fingerprint verification for any Android device with NFC. This open platform is to be launched by the end of the year (September again?!). If these competitors bet on similar technologies – NFC, cloud-based HCE, tokenization… – their business models differ. For example, Android Pay will not charge any transaction fee from credit card issuers unlike Apple Pay. Models are not settled yet!
• Apple Pay one year after its launch: results and lessons
• Impact of Apple Pay in Europe for retailers and merchants? For the banks and payment networks?
• Is the Apple Pay business model compatible with every regional market?
• Do the Internet players’ wallets threaten the traditional payment players?
• What about the latest updates of the m-payment solutions of other big Internet names such as Paypal, Facebook, etc. ?
Securing IoT Devices, Infrastructure and Ecosystems
The world of connected “everything” offers an exciting future, but it presents unprecedented challenges in the way we secure and manage devices, the data they produce, and entire systems themselves. This session reviews the different options to integrate security in the IoT context at device, infrastructure, standards and ecosystems levels. Multiple focuses on specific use cases will show also the evolving needs.
Threat Modelling for the Internet of Things Eric Vetillard, Product Manager, Java Card and IoT Security, Oracle, France
• Identifying the specific threats to Internet of Things More
• Mitigation of threats around an IoT Cloud Service
• Countermeasures applied on an IoT Gateway
• Determining the appropriate level of security for a deployment
Creating a ‘Fabric of Trust’ for IoT Phil Attfield, CEO, Sequitur Labs, USA
• Scalable management framework with highly flexible deployment options: data center/cloud, gateways, mobile devices, Internet of Things, or other embedded devices More
• Distributed, end-to-end device and service management of IoT and mobile devices via trusted-execution-environment (TEE) and/or secure element, backed by hardware root of trust
• Programmable policy enabling real time, event driven, context aware security & management
• Use-case scenarios that position the management & control framework in terms of enterprise, industrial & consumer applications.
Rethinking Security for the Internet of Things Mikael Dubreucq, IoT Marketing Director, Inside Secure, France
• The IoT ecosystem will require flexible levels of protection: optimized and adapted for the object to object environment More
• Which IoT security solution (chip, HW platform, software & applications) is best depends on the use case
• The right security architecture for IoT will secure the root of trust in the value chain
Developing the Right Architecture for Secure IoT Devices Kerry Maletsky, Senior Director, Cryptographic Products, ATMEL, USA
• IoT designers cannot ignore the accelerating rate of publicized security problems More
• IoT Systems can be re-architected to include cost effective hardware security
• Most current systems can be easily attacked in multiple ways
• Every IoT device, no matter how small, needs to include hardware security
Privacy Issues in 6LoWPAN Wireless Sensor Networks Florian Pebay-Peyroula, Head of connected objects/systems security Laboratory, CEA, France
• Description of 6LoWPAN standard and protocols More
• Analysis of privacy information contained in the headers when no security is used
• Study of private information still disclosed when security is enabled
• Synthesis of information intercepted in a 6LoWPAN network with a proper use of the security
Connected Health and Cybersecurity Edmond Cisse, IS Risk Manager, URAEUS Consult, France
• IoT and BYOD concepts growing implantation in healthcare industry More
• Focus on new intentional cyber-threats against healthcare organizations
• The cybersecurity threats mitigation tools (regulations, risk management, controls… )
HINT’s Technologies for IC Authenticity & Integrity Checking Thomas Hübner, Security Projects Manager, Morpho, Germany
The sessions address the latest issues in security and privacy ofcloud services/data, mainly seen from a client-side security perspective. Besides virtualization risks and HSMs, “end -to-end encryption vs client-side encryption for cloud” debate is on the agenda.
Cloud Centric Data Security Michael Osborne, Manager Cloud Solutions and Security, IBM Research Division, Zurich Research Laboratory
· Extracting business insights from big data using cloud technologies More
• The uniqueness of data
• The challenges with protecting data, approaches to desensitising data
• Insight into the future data protection technologies
How One to One Sharing Enforces Secure Collaboration Laurent Henocque, Founder and CEO, Keeex, France
• Cloud and sharing solutions abound, but do not make our life easier More
• Collaborating over heterogeneous clouds or systems is impossible in confidentiality
• Secure One2one sharing over legacy cloud/technical solutions solves the problem
End-to-End Encryption Vs Client-Side Encryption for Cloud
Data Protection for the Perimeterless Enterprise
Strong Authentication on the move
DIY ID – Self-Service Models for Secure Mobile Credentials Chris Edwards, Chief Technology Officer, Intercede, UK
• How can ‘bring your own ID’ work? More
• How can we derive verifiable credentials from a range of breeder documents?
• How can we protect and trust derived credentials?
• When should we use self-asserted identities?
Why we need an Offline Personal Authentication Device Audun Josang, Professor, University of Oslo, Norway
• The OffPAD (offline personal authentication device) concept More
• Portable multilateral authentication
• Id model and device compatibility
• Immunity against malware
Electronic identity is more and more the bond of trust between citizens and online public services, and in some countries banking services. As m-payment industry is looking for stronger customer authentication, Mobile ID solutions can provide a strong level of identity assurance while keeping it simple for end users. Review of the latest mobile ID projects round the world, their convergence with m-payment and the technology requirements.
Mobile Identity – The Fusion of Financial Services, Mobility and Identity in a Hyper-Connected World Rocky Scopelliti, Global Industry Executive – Banking, Finance & Insurance, Telstra, Australia
• In a world where the smartphone has become the link between our human identity and our digital one, how do consumers now prefer to be identified? More
• How can mobile technologies shift the trust paradigm from one of having to prove who we are, to one of being recognised for whom we are?
Where e-Payments and Mobile ID Meet David Ruana, Product Manager, Safelayer Secure Communications, Spain
• Using National eIDs, in general, and MobileID, in particular, as a form of identification for e-payments More
• eIDAS contribution to the e-payment industry
• Compliance with SecuRe Pay and Payment Service Directive (PSD2) in the EU
Orange & GSMA Mobile ID experience (TBA)
Speaker from GSMA TBC
From Mobile KYC (Know Your Customer) to Strong Authentication, Biometrics is Flooding the Market Philippe Le Pape, VP Sales Biometrics Solutions, Morpho, France
• Banks and financial institutions’ challenge is to improve customer’s trust assessment to provide access to more valuable operations in an omni-channel environment. More
• KYC (Know Your Customers) process: How to ensure customer’s state-issued identity, uniqueness and eligibility?
• Usage of biometrics as strong authentication method.
• Identity derivation: a way to leverage upon trusted ID
Mobile ID Part II:
National Mobile ID Schemes: Learning from Today’s Best Practices Coralie Mesnard, Digital Identity Solutions Marketing Manager, Gemalto, France
• Unique study on Mobile ID in 14 countries/regions More
• Give some readability on Mobile ID projects : trends are shown
• Lessons learnt: Learning from past experience and today’s best practices
• Not about Gemalto but countries
Mobile ID – Strong Authentication Tool for e-Services Jana Krimpe, Founder “B.est Solutions” LLC, Head of the Mobile ID project consortium in the Republic of Azerbaijan
• How to establish Mobile ID infrastructure based on private-public-partnership (PPP) model? More
• Asan İmza (Mobile ID) – a technology needed for moving from e-government to m-government
• How Asan İmza functions – the complete description of the Mobile ID ecosystem in Azerbaijan
• Cases of use of Asan İmza – from e-services to cross-border digital signature platforms
Realizing Mobile Identity Solutions with GlobalPlatform Specifications Gil Bernabeu, Technical Director, GlobalPlatform, USA
• An overview of the mobile ID landscape, key use cases and enabling technologies More
• An insight into how GlobalPlatform Specifications can be leveraged to meet the mobile ID needs for a wide variety of markets such as government-to-government, government-to-citizen, enterprise, eHealth, financial and commercial
• An explanation of the key findings from GlobalPlatform’s mobile ID white paper
e-ID-services goes mobiles: lessons and perspectives
Mobile (smart) devices opened a new chapter for the security industry. This session will review the challenge posed to service providers and enterprises to ally security limitations within mobility with the users wish for usability.
Changing The Game with Hardware Based Security in Windows 10 Janne Uusilehto, Senior Manager, Product Security & Privacy,, Microsoft
• Hardware or software only solutions are not enough More
• How Windows 10 takes advantage of hardware rooted trust to provide security from the inside out
• How developers can benefit from Windows hardware security services
• Focus on the hardware features (UEFI, TPM, processor-based visualization and memory protection)
Mobile Security Technologies Revolutionize Consumer and Enterprise Applications Thierry Spanjaard, CEO & Principal, Smart Insights, France
• Mobile security: an issue More
• TEE: software vs. hardware, functionalities, threats, standardization, etc.
• TEE security applications: corporate security, content management,mobile payment, etc.
• Mobile forecast and market trends
Hookdroid –Dynamic Analysis of Android Applications on Real-World Devices Valerio Costamagna, PhD Student, University of Turin, Italy
• Android applications dynamic instrumentation on real-world devices More
• Supporting latest Android runtime (ART)
• Android application behaviour analysis and anomaly detection at runtime
Mobile Device Security
GlobalPlatform’s Secure Component and the Root of Trust Gil Bernabeu, Technical Director, GlobalPlatform, USA
• Insight into the need for a root of trust in delivering secure mobile services. More
• Overview of the two secure components as defined by GlobalPlatform.
• Details of why a trusted certification and compliance program are needed to support the development of a scalable and interoperable ecosystem.
Trusted Execution Environment in a Virtual Machine Mike Borza, Member of Technical Staff, Synopsys, Canada
• Virtualizing the SoC architecture extends the usual notion of virtualization beyond the CPU More
• Virtualization at this level has implications at the lowest levels of the IC architecture
• Hardware virtualization allows enforcement of the separation between virtual machines
TAM for TEE – Trusted Application Delivery Chris Edwards, Chief Technology Officer, Intercede, UK
• Trusted Execution Environments offer significant security benefits” More
• TEE adoption has been held back until recently by the cost and complexity of deployment
• The Trusted Application lifecycle
• Practical experiences of deploying Trusted Applications via a cloud service
Security is a crucial issue for the contactless services adoption especially with sensitive services such as m-payment. From standards and regulation to Secure Element integrations, this session covers the elements of the security chain required to ensure end users’ trust.
Comparative Analysis of Information Security in Contactless Transactions Matti Penttila, Senior Researcher, VTT Technical Research Centre of Finland
• Different use cases for contactless transactions give different requirements for security More
• What are the common features of different use cases and what are the differences?
• Privacy-related risks in these transactions
Mobile Transaction Security: What do you need to protect? Robert Fargier, Senior Consultant, ISTIUM, France – Jean-Luc Garnier, Senior Consultant, Knowbile Consulting, France
• Consumers love their smartphones but do not trust it, slowing down mobile services adoption More
• How can we build this trust and which techno do we have at hand to build it?
• Overview of the components that participate the global security fence into mobile devices.
• Value of the data we want to protect: do we need techno or education?
GlobalPlatform’s Value Proposition for mPOS Kevin Gillick, Executive Director, GlobalPlatform, USA
• Overview of the trusted execution environment (TEE) and the value of the TEE for enabling smartphones as MPOS devices. More
• Insight into the role of the trusted user interface in securing payment transactions.
• Snapshot of GlobalPlatform’s work in this area and details of upcoming developments.
End-to-End Security with NFC
Implications of HCE, SE and TEE-Based Security For Mobile Services Christian Damour, Security Business Line Manager, FIME, France
• NFC mobile ecosystem main security risks More
• Security implications for HCE, SE and TEE-based mobile services and market status
• A view to the future in mobile payment regarding security aspects
Providing Chip to Cloud Security to Fight Against Cloning and Gray Market Florent Renahy, Embedded Security Architect IoT, Inside Secure, France
• Provide an innovative and highly secure solution to the counterfeiting problems More
• This solution relies on cutting-edge technologies in the fields of both hardware and software
• The answer to such problems can be achieved by tight combination of relevant products
• The presentation will show different aspects of security, in chip and in mobile phone application
Using Secure Element in the Cloud From HCE-SE Open Platform Prof. Pascal Urien, Telecom ParisTech, France
• Host Card emulation is a promising technology, does it need an open model? We believe yes. More
• An open technology based on secure elements in the cloud and secure elements hosted in the mobile.
• RACS (Remote APDU Call Secure) is a core building block for this technology
• Open mobile software platform based on these concepts
Overcoming Standards Challenges
Security Tokens are still largely dominated by proprietary or not interoperable solutions and new domains like Big Data, Cloud and IoT added to the growing attention to the Privacy aspects are challenging Security experts in the industry and government. This session explores possible convergences among standards across different area of interest but even across different standards organization.
GlobalPlatform: Supporting the Development of a Global TEE Certification Program Gil Bernabeu, Technical Director, GlobalPlatform, USA
• The current mobile threat landscape and how it is evolving. More
• The importance of developing a stable and scalable TEE ecosystem and the benefits this brings to the industry.
• GlobalPlatform Trusted Execution Environment Protection Profile and the steps that association has undertaken to gain support from national certification bodies globally
The Path to Inter-Industry Standards for Utilizing Smart Card in Web Applications Olivier Potonniée, Senior Research Engineer, Gemalto, France
• Web applications using smart cards More
• Review of existing and ongoing standards
• Privacy aware security policies
Privacy and Mobile ID : Standardisation and Certification Dr. Matthias Schwan, Bundesdruckerei, Berlin, Bundesdruckerei, Germany; Dr. Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO, Giesecke & Devrient, Germany (speaker)
ID Management and Security: Standards convergence Salvatore Francomacaro, Information Technology Lab, Computer Security Division, NIST
• ISO: a national and international standardization collaboration More
• ISO standard and Global Platform Specifications
• Overview of the standardization effort in the ID Management and Privacy space effort
PANEL DEBATE: How Can End-to-End Security Benefit From (and Influence) Regional and International Standards?
Expected panellist include ETSI, ISO representatives
End of the Conference
INSTITUTIONAL FOUNDING PARTNER
GRAND OPENING SPONSOR
PUBLIC LOCAL PARTNERS
CO-LOCATED WORLD SMART WEEK CONFERENCES:
for Connected Consumers
Driving growth through
Identity and Protection Services for Government, Mobility and Enterprise