Q&A session at the end of presentation

Similar documents
CEF Telecom Call: eid & esignature. Carlos Gómez DG CNECT H.4 e-government & Trust

UNIversal solutions in TELemedicine Deployment for European HEALTH care

Supervision of Qualified Trust Service Providers (QTSPs)

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

Joao Rodrigues Frade. Introducing the CEF Building Blocks Enablers of secure crossborder digital interactions

COMMISSION IMPLEMENTING REGULATION (EU)

Digital signature : regional opportunity to ease trade exchange within MENA

Australia s National Guidelines and Procedures for Approving Participation in Joint Implementation Projects

Current and future standardization issues in the e Health domain: Achieving interoperability. Executive Summary

Council of the European Union Brussels, 20 April 2016 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

EU egovernment Action Plan

ASX CLEAR OPERATING RULES Guidance Note 9

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9

TEMPLATE Competition Rules B2professional audience Microsoft NV 14/08/2014

Brussels, 7 December 2009 COUNCIL THE EUROPEAN UNION 17107/09 TELECOM 262 COMPET 512 RECH 447 AUDIO 58 SOC 760 CONSOM 234 SAN 357. NOTE from : COREPER

Interoperable eid as a key enabler for pan-european (egovernment) services

March 14, pm ET

LotusLive. Working together just got easier Online collaboration solutions for the working world

COMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE EUROPEAN PARLIAMENT

The EU GDPR: Implications for U.S. Universities and Academic Medical Centers

Telemedicine Legal. Telemedicina e e-saúde 2011/12 Pedro Brandão

RECOMMENDATIONS ON CLOUD OUTSOURCING EBA/REC/2017/03 28/03/2018. Recommendations. on outsourcing to cloud service providers

DOD MANUAL ACCESSIBILITY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT)

Notre Dame College Website Terms of Use

EU PRIZE FOR WOMEN INNOVATORS Contest Rules

Recommendations on outsourcing to cloud service providers (EBA/REC/2017/03)

Towards faster implementation and uptake of open government

Implementing open government at local level. Andrea Halmos European Commission DG CONNECT H4, egovernment & Trust Unit

TELEMEDICINE CART/ROBOT PATIENT PORTAL & APP WEARABLE/ MONITORING DEVICE

Education, Audiovisual and Culture Executive Agency GRANT DECISION FOR AN ACTION. Decision Nr

SocialChallenges.eu Call for grants 2 nd Cut-off date

STANDARD GRANT APPLICATION FORM 1 REFERENCE NUMBER OF THE CALL FOR PROPOSALS: 2 TREN/SUB

ERASMUS MUNDUS Frequently-asked questions ACTION 2: Questions from higher education institutions Latest update: January 2011

ACI AIRPORT SERVICE QUALITY (ASQ) SURVEY SERVICES

Terms and Conditions for Custody Accounts Applicable from 1 March 2018

Sub-granting. 1. Background

Request for Proposal for Digitizing Document Services and Document Management Solution RFP-DOCMANAGESOLUTION1

PART II: GENERAL CONDITIONS APPLICCABLE TO GRANTS FROM THE NORWEGIAN MINISTRY OF FOREIGN AFFAIRS

STATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER

Declaration on a Pan-European Ecosystem for Innovation and Entrepreneurship

Application Guide for the Aboriginal Participation Fund

Consolato d Italia. Cape Town

Guide to registration for children s social care services

OpenPEPPOL Guidance on the Connecting Europe Facility (CEF)

EUROPEAN SUSTAINABILITY AWARD Rules of Contest

APRE Agency for the promotion of European Research. Introduction to FP7 & Rules for participation in the Seventh Framework Programme ( )

Colorado Statewide Internet Portal Authority Annual Legislative Report to the Joint Technology Committee November 1, 2014

Participating in the 7th Community RTD Framework Programme. Athens 28/2/07 SSH Information Day

Prof. Dr.-Ing. Werner Enderle Head of System Evolution European GNSS Supervisory Authority

WORK PROGRAMME 2012 CAPACITIES PART 2 RESEARCH FOR THE BENEFIT OF SMES. (European Commission C (2011)5023 of 19 July)

The EU Open Access Policies in support of Open Science. Open data in science. Challenges and opportunities for Europe ICSU Brussels

Request for Proposal PROFESSIONAL AUDIT SERVICES. Luzerne-Wyoming Counties Mental Health/Mental Retardation Program

PRIVACY MANAGEMENT FRAMEWORK

Broadcast Diversity Scholarship Rules and Instructions. To be eligible for a Sinclair Broadcast Diversity Scholarship, an applicant must be:

City of Coquitlam. Request for Expressions of Interest RFEI No Workforce Scheduling Software

Atos Global FinTech program: A catalyst for innovation in Financial Services

Open Innovation and Intrapreneurship

Digital Economy and Society Index (DESI) Country Report Latvia

Netrust SSL Web Server Certificate Renewal Application Enrolment Guide

New England Telehealth Consortium

SPECIFIC PRIVACY STATEMENT ERCEA ERC- Proposals Evaluation, Grants Management and Follow-up

COMMISSION OF THE EUROPEAN COMMUNITIES

Statement of Guidance: Outsourcing Regulated Entities

Report No. D September 25, Controls Over Information Contained in BlackBerry Devices Used Within DoD

Terms and Conditions for Business Online

WHITE PAPER. The four big waves of contact center technology: From Insourcing Technology to Transformational Customer Experience.

LAUNCH EVENT Fast Track to Innovation

Tier 1 Exceptional Talent Visa for Digital Technology From

Deliver Secure Quality In-Home Patient Care Using the Simplicity of NFC

State Policy in Practice

Financial Technology. Thursday 28 May Peter Oakes ( / 1

DATA PROTECTION POLICY

INCOMPLETE APPLICATIONS WILL NOT BE PROCESSED

Using information and technology to transform health and care

european citizens Initiative

JFSA s Initiative to Facilitate Fintech Innovation

Automated License Plate Reader (ALPR) System. City of Coquitlam. Request for Proposals RFP No Issue Date: January 25, 2017

GENERAL TENDER CONDITIONS

The European Commission Mutual Learning Programme for Public Employment Services. DG Employment, Social Affairs and Inclusion PEER PES PAPER UK

Support for Applied Research in Smart Specialisation Growth Areas. Chapter 1 General Provisions

2017 HALF-YEAR RESULTS STUDIO HARCOURT 6 RUE DE LOTA PARIS 16 E SEPTEMBRE 14, H30

JOB VACANCY AT EIT FOOD

EU egovernment Action Plan

COMIC RELIEF AWARDS THE GRANT TO YOU, SUBJECT TO YOUR COMPLYING WITH THE FOLLOWING CONDITIONS:

Our Terms of Use and other areas of our Sites provide guidelines ("Guidelines") and rules and regulations ("Rules") in connection with OUEBB.

e-government the state of play

JOB VACANCY AT EIT FOOD / CLC North-West

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

PURPOSE/SCOPE: To establish policy and procedures for the implementation and monitoring of a telecommuting and work-at-home program.

Data Processing Agreement

Farm Data Code of Practice Version 1.1. For organisations involved in collecting, storing, and sharing primary production data in New Zealand

Call for Participants: ITIL Update October 2009

A map of social enterprises and their eco-systems in Europe

Therefore the provision of medicines is an area for which a Community regulatory framework should be properly supervised to ensure full and

New Zealand Procurement Excellence Awards 2018 Nomination Pack

GDPR readiness at efinancialcareers. Our Responsibilities and the General Data Protection Regulation

Europe's Digital Progress Report (EDPR) 2017 Country Profile Lithuania

SPECIFIC CALL FOR PROPOSALS COMM/SUBV/2019/M

The Evolution of the Conference Room and the Technology Behind it

Georgia Lottery Corporation ("GLC") PROPOSAL. PROPOSAL SIGNATURE AND CERTIFICATION (Authorized representative must sign and return with proposal)

Transcription:

MODERATOR: Jon Shamah - EEMA Chairman SPEAKERS: TITOLO DIAPOSITIVA SOTTOTITOLO Andrea Servida - Head of Unit egovernment and Trust at DG CONNECT, European Commission Craig Le Clair - Vice President, Principal Analyst at Forrester Research Carmine Auletta Chief Innovation Officer at InfoCert Q&A session at the end of presentation

MODERATOR TITOLO DIAPOSITIVA SOTTOTITOLO Jon Shamah is a graduate of Southampton University, specializing in Aeronautics & Astronautics. Jon is a digital Identity & Trust Subject Matter Expert, specializing in maximizing the technology and operational value chain of very large scale eid schemes and national eid programmes. He is a frequent public speaker on issues surrounding identity and Trust and facilitated the ministerial eid workshop in Poznan, Poland which directly led to the eidas, Trust Services regulations. Jon was a long-term consultant on eid issues to the Nordic Banking and Payments Consortium, NETS, and contributes to European Programs such as SSEDIC, STORK2.0, ATTPS, FutureID, FutureTrust and LIGHTest. Jon is former co-chairman of ITU-T, SG17, Joint Coordination for Identity and is a member of the Advisory Board of a number of European organizations and projects.

Speaker TITOLO DIAPOSITIVA SOTTOTITOLO He joined the European Commission in 1993 and since January 2006 he is Deputy Head of the Unit "Internet; Network and Information Security" in the Information Society and Media Directorate-General. Besides co-managing the Unit, he is in charge of defining and implementing the strategies and policies on network and information security, critical information infrastructure protection and, last but not least, electronic signature. He also coordinates the team responsible for the European network and Information Agency (ENISA). Until 2005, he worked in the Information Society Technologies Thematic Priority of FP6 with management responsibilities for the research activities on security and dependability technologies and applications.

The eidas Regulation Webinar "The disruptive power of eidas" 31 January2018 Andrea Servida DG CONNECT, European Commission Unit "egovernment & Trust" Andrea.servida@ec.europa.eu

eidas: boosting trust & supporting businesses! TRUST CONVENIENCE eidas CROSS-BORDER SEAMLESS

eidas The Regulation in a nutshell 2 MAIN CHAPTERS SUBJECT TO DIFFERENT RULES AND REQUIREMENTS Chapter II Mutual recognition of e-identification means Chapter III Electronic trust services Electronic signatures Electronic seals Time stamping Electronic registered delivery service Website authentication Chapter IV Electronic Documents

Timeline 2014 2015 2016 2017 2018 2019 eid 17.09.2014 Entry into force of the eidas Regulation 29.09.2015 Voluntary cross-border recognition 26.11.15 eid DSI v.1 eidas compliant 29.09.2018 Mandatory crossborder recognition Trust Services esignature Directive rules 1.07.2016 Date of application of eidas rules for trust services

eidas: Key principles for Trust services Transparency and accountability Technological neutrality Trust services Non-mandatory technical standards ensuring presumption of compliance Non-discrimination in Courts of ets vs paper equivalent Specific legal effects associated to qualified trust services Risk management approach The Regulation does not impose the use of Trust services

eidas General principles for trust services Liability regime for Q & non-qtsps (art.13) Liability for damages caused intentionally or negligently Reversal of the burden of the proof only for QTSPs Possible limitations of liability for the use of the service by the TSP subject to clear information to customers Applicability of national rules on liability Recognition of 3rd countries TSPs (art.14) Only through international agreements between the Commission and a third country or international organisation Principle of reciprocity Accessibility for persons with disabilities (art.15) 9

eidas Obligations of TSPs Minimum security requirements + notification of significant security breaches by all TSPs (art.19) Specific requirements to be met by QTSPs (art.24): staff, trustworthiness of their systems, liability insurance scheme, identification of the certificate owner, Conformity assessment of QTSP (art. 20 & 21): Ex ante (prior authorisation scheme art.21) SB may grant the qualified status in a given timeframe Inclusion in the Trusted Lists ex post (every 24 months & ad hoc art. 19) May withdraw the qualified status building upon Regulation 765/2008 conformity assessment scheme

eidas Supporting tools Trusted lists for QTSPs and QTSs (art.22 and ID (EU) 2015/1505) Ensure continuity with the existing TLs established under the Service Directive. Ensure legal certainty. Foster interoperability of qualified trust services by facilitating a.o. the validation of e-signatures and e-seals. Allow citizens, businesses and public administrations to easily get the status of a trust service. EU trust mark for qualified trust services (art.23 and (EU) 2015/806) Usage by QTSP after qualified status has been indicated in the TLs Trustmark indicates in a simple, recognisable, and clear manner the qualified status of a trust service Link to the relevant TL has to be ensured by the QTSP

eidas QTS and QTSPs Qualified trust service providers are qualified everywhere in the EU Qualified trust services are qualified everywhere in the EU Art 4 - internal market principle a qualified trust service based on a qualified certificate issued in one Member State shall be recognised as a qualified trust service in all other Member States. Art 25.3 QeSig is a QeSig in all MS Art 35.3 QeSeal is a QeSeal in all MS Art 41.3 QtimeStamp is a QtimeStamp in all MS Questions & Answers on Trust Services under eidas Help understand the legal framework on trust services Regularly updated 12

eidas: Key principles for eid Cooperation between Member States Principle of reciprocity relying on defined levels of assurance Mandatory cross-border recognition only to access public services eid Sovereignty of MS to use or introduce means for eid Full autonomy for private sector Interoperability framework 13 *The Regulation does not impose the use of eid

Where does eidas have an impact? UMM&DS Uniform User Management and Digital Signatures ehgi ehealth Governance Initiative ECI European Citizens' Initiative ESSN European Social Security Number SUP Directive on single-member private limited liability companies PSD2 Revised Directive on Payment Services AML5 5th Anti-Money Laundering Directive 14

An exemple: the financial sector On 27 November adoption of Delegated Regulation on Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication reference is made to both eidas notified eid means and trust services. eidas notified eid means possible solution for strong customer authentication Qualified electronic seals or qualified website authentication certificates mandatory for the communication between payment providers. On 14 December adoption of Commission Decision C(2017) 8405 final setting up the Commission expert group on electronic identification and remote Know-Your-Customer processes Jointly managed by DG CNECT, DG FISMA and DG JUST composed of up to 36 members comprising regulators, supervisors, identity experts, financial institutions and consumer organisations Call for applications closed on 26.01 explore how to facilitate the cross-border use of eid and KYC portability based on identification and authentication tools under eidas to enable financial institutions to identify customers digitally for onboarding purposes On 20 December political agreement on revised text of the Anti-Money Laundering Directive (AMLD5) explicit reference to eidas notified eid means as a possible way to fulfil Know-Your- Customer/Customer Due Diligence requirements for non-face-to-face interactions

eid schemes notified Germany National ID card 40.000.000 registered users 20.02.2017 On 23 August 2017, DE eid formally notified Published to OJEU on 26.9.2017! A milestone towards establishing eid and trust services in Europe achieved!. and ITALY prenotified its private-sector led scheme SPID on 24.11.2017! 16

For further information and feedback Web page on eidas http://ec.europa.eu/digitalagenda/en/trust-services-and-eid eidas Observatory https://ec.europa.eu/futurium/en/eida s-observatory Text of eidas Regulation in all languages http://europa.eu/!ux73kg Connecting Europe Facility Catalogue of Building Blocks https://ec.europa.eu/cefdigital eidas twitter account @EU_eIDAS Andrea Servida DG CONNECT, European Commission Unit "egovernment & Trust" Andrea.servida@ec.europa.eu 17

Speaker TITOLO DIAPOSITIVA SOTTOTITOLO Craig serves enterprise architecture and business process professionals. He is an internationally recognized expert in helping companies transform from manual and analog processes to the mobile, digital, and cognitive world. His technology coverage areas include robotic process automation and the emerging digital workforce, AI solutions in financial services, and potential workforce disruption due to these technologies. Prolific writer and speaker, Craig authored How To Succeed In The Enterprise Software Market and has been quoted in The Wall Street Journal, USA Today, Forbes, and many other publications and media outlets. Education Craig earned a B.S. in economics from Georgetown University and an MBA from George Washington University

2017 FORRESTER. REPRODUCTION PROHIBITED.

The Disruptive Power Of eidas How the new EU Regulation accelerates digital transformation and creates opportunities Craig Le Clair, VP & Principal Analyst, Forrester January 30, 2018 2017 FORRESTER. REPRODUCTION PROHIBITED.

Empowered Customers Open The Door For Disruption Age of manufacturing Mass manufacturing makes industrial powerhouses successful Age of distribution Global connections and transportation systems make distribution key Age of information Age of the customer Connected PCs and supply Empowered buyers chains mean those that demand a new level of control information flow customer obsession dominate Ford Boeing GE RCA Wal-Mart Toyota P&G UPS Amazon Google Comcast Capital One acy s Salesforce.com USAA Amazon 2017 FORRESTER. REPRODUCTION PROHIBITED. 21

Digital Transformation Can Start Today With Available Technologies 2017 FORRESTER. REPRODUCTION PROHIBITED. 22

Reviewed 25 E-Signature Production Implementations Digital Trends - Ease Of Implementation Drive E-signature Adoption Customer-facing Processes Remains Hot The European Market Shows Promise Eidas Will Foster Use Of Electronic Signatures Across Borders Within The EU. 2017 FORRESTER. REPRODUCTION PROHIBITED. 23

SaaS Solutions Are Making Implementation Faster. More than 65% of Forrester inquiries on e-signature are from enterprises that have opted for software-as-a-service (SaaS). Implementations range from an average of nine months for larger enterprises, 5.5 for medium-sized, and 2.3 for small businesses. Browser incompatibility, integration with core systems, signature pad support, diverse signing solutions, and user training were cited as challenges. 2017 FORRESTER. REPRODUCTION PROHIBITED. 24

Business Metrics Remain Strong, But Customer Experience Is A Key Success Criterion. Eighty percent error reduction, 85% productivity improvement, bank accounts being opened in just eight minutes, and 22,000 staff hours saved annually are some of the top business results A better audit process, reduced instances of fraud, and higher visibility into what has been signed all added to the value received. But customer perception outweighs these efficiencies as a benefit in the eyes of businesses. 2017 FORRESTER. REPRODUCTION PROHIBITED. 25

E-Signature Workflow Has Many Touchpoints 2017 FORRESTER. REPRODUCTION PROHIBITED. 26

E- signature Use Cases Have Different Characteristics Global Energy Global Bank 2017 FORRESTER. REPRODUCTION PROHIBITED. 27

Digital Identity Verification For Online Banking And Fraud Prevention Bank located within the European Union with many physical branches. Executives wanted to simplify the customer experience for new accounts by providing a 100% digital experience. Posses excellent customer satisfaction scores with high ratings from hundreds of thousands of customers. Engaged with InfoCert for about two years with the Trusted Onboarding Platform providing the enabling technology for its digital channel. Net Present Value: 11,6M Return on Investment: 174% Payback Period: 0,6 months Increase signed customers: 30% Case study analysis provided by Forrester on behalf of Infocert 2017 FORRESTER. REPRODUCTION PROHIBITED. 28

Global And EU Trends Will Emphasize Authentication EU has in place the most advanced regulation in terms of digital signatures and digital trust services. Banks can rely on regulated Qualified Trust Service Providers to implement digital transformation projects. In this way enterprises can externalize part of its risk/liabilities i.e. Make TSP liable for its activities The bank is not just adopting a technology but, is outsourcing part of identificatifon, certificate issuing, signature, and preservation exposure 2017 FORRESTER. REPRODUCTION PROHIBITED. 29

Better Mobile Support And Real-Time Session Management Will Push The Market Most implementation cases offered mobile signing support. Real-time session management is becoming a requirement. Mobile solutions are improving (although mobile challenges remain) 2017 FORRESTER. REPRODUCTION PROHIBITED. 30

E-Signature Is Only One Component Of Digital E- Transaction Blockchain & Distributed Ledger Innovation- etransaction Management Efficient and lower-cost payments esignature Applications that execute electronic signatures Has Move to SaaS Challenged by Freeware Consolidation Digital Components Signature As Component Of Digital Platforms Functionality combined with E-forms, workflow, and CCM platforms Looks at end-to-end business transaction Negotiable instruments- Secondary market focus Requires deep expertise in compliance Currency transfers and securities settlement SSL certificate issuance, Timestamping, Tamper-proof asset ownership and tracking ( 2017 FORRESTER. REPRODUCTION PROHIBITED. 31

Digital Transformation Platforms Form A Rich Ecosystem InfoCert DTM DocuSign RPA 2017 FORRESTER. REPRODUCTION PROHIBITED. 32

Summary E-Signature Adoption Is Growing And A Component Of Digitizing Your Business Recognize That E-signature Solutions Require Changing Business Behavior. The Important Technologies Are Here Today eidas Reduces Uncertainty And Will Encourage Adoption 2017 FORRESTER. REPRODUCTION PROHIBITED. 33

Craig Le Clair cleclair@forrester.com Thank you FORRESTER.COM 2017 FORRESTER. REPRODUCTION PROHIBITED.

Speaker TITOLO DIAPOSITIVA SOTTOTITOLO Carmine is InfoCert s Chief Innovation Officer where he is responsible, among other things, of Innovation, New Products Development, Strategic Planning and International development. Prior to joining InfoCert, Carmine gained 12 years of work experience in the energy sector working for Terna where he covered the role of Chief Technology Officer and VP of Marketing and Innovation. While in Terna, Carmine was also designated Chairman of CASC Audit Committee, the European central auction office for cross-border energy transmission capacity with a Net Turnover of 1.8 bln. Previously, Carmine gained 10 years of international work experience within Bain & Company and Accenture. Carmine studied in Italy where he earned a Bachelor's degree in Computer Science and a Master's degree in Telecommunications; he completed his academic background in the USA with an MBA from the Kellogg Northwestern University. He has published several papers on Physical Review B and Physica C.

The Disruptive Power of e-idas Web-Seminar, January 31 st, 2018 09/03/2018 Cannes, Nov 29th 2017 Carmine Auletta InfoCert - Chief Innovation Officer

InfoCert: the largest Certification Authority in Europe - ~ 4 Million Active Qualified Digital IDs in 2017 1,1 Million e-commerce Customers in 2017 > 6 Million ~ 100 Million TITOLO TOP Digital DIAPOSITIVA SOTTOTITOLO Transactions in 2017 - Digital Signature Transactions in 2017 > 10 Countries > 2.000 Enterprise Customers

The role of Qualified Trust Service Providers (QTSPs) Liability for the entire process Identity of the parties Strong customer authentication Validation & preservation QTSP Non repudiable edelivery Willingness to transact INFORMATION COPYRIGHT INFOCERT 38

InfoCert s distinctive factors in enabling an effective digital transformation 1. EIDAS REGULATION EXPERTISE 2. EIDAS IN CONJUNCTION WITH INDUSTRY-SPECIFIC REGULATIONS 3. COMPLIANCE TRIGGERED INNOVATION TITOLO DIAPOSITIVA SOTTOTITOLO 39

InfoCert: an innovation-driven Company 20% OF BUSINESS RESULTS FROM SOLUTIONS & PRODUCTS THAT DID NOT EXIST JUST 2 YEARS AGO 6% OF ANNUAL TURNOVER INVESTED IN R&D TITOLO DIAPOSITIVA #6 PROJECTS FUNDED SOTTOTITOLO BY EU RESEARCH FUNDS #14 REGISTRED PATENTS 40

TOP Trusted Onboarding Platform InfoCert revolutionized the Financial Services Industry introducing TOP, our patented solution for remote customer identification and digital subscription of contracts. Since its launch in 2013, we ve completed more than 6 million onboarding on TOP, enabling our customers to reduce time, costs and frauds. TITOLO DIAPOSITIVA SOTTOTITOLO 41

TOP a never ending innovation From prospect to customer in less than 10 minutes. Now also through Self Identification. AMLID eid WebID TITOLO DIAPOSITIVA SOTTOTITOLO SignID LiveID USER SelfID

TOP a never ending innovation A success story in Consumer Lending Market: the ING case From an old fashioned lending process... Paper signature and documentation Big customer s effort Poor customer experience to a distinctive instant lending experience Fully Digital Real time scoring Instant disbursement TITOLO DIAPOSITIVA SOTTOTITOLO Time to Cash up to 13 days Time to Cash in 5 Minutes Conversion rate increased by 40% Renounces rate dropped by 80% 43

GeoSign - Expand your proof of evidence GeoSign, another patented InfoCert s solution, certifies the geographic location (GPS coordinates) of the signer s hardened device and binds such data within the electronic signature. Thanks to the digital signature, georeferenced data gains integrity and enforceability to third parties. TITOLO DIAPOSITIVA SOTTOTITOLO Winner of Digital 360 Award* 2017 for Mobile Business Category 44 * Jury composed by 53 CIOs of the most important Italian companies

GDPR ready-solutions SecureDrive SecureDrive is an encrypted cloud platform where it's possible to store documents and guarantee their privacy. The use of asymmetric TITOLO key DIAPOSITIVA algorithms ensures the data SOTTOTITOLO secrecy, making it full compliant with GDPR Regulation, the new EU Law about privacy coming into force in May 2018. 45

GDPR ready-solutions SecureStream XXX SecureStream guarantees the integrity and non-repudiation of each single frame in any stream of digital data (audio and or video sequence, log etc..). TITOLO DIAPOSITIVA SOTTOTITOLO Each frame is digitally signed by InfoCert and dynamically bound to all previous frames in order to guarantee the integrity of the entire stream as it gets created. 46

What s about the future? Trusted Blockchain At the heart of Blockchain there is an algorithm which is pure perfection as long as it stays on paper. To be properly deployed at a business level it must be part of a secure Trust chain and within a clear Liability Framework. And it s at those areas where InfoCert is investing. INFOCERT IS A FOUNDING STEWARD OF SOVRIN NETWORK TITOLO DIAPOSITIVA SOTTOTITOLO Sovrin is a distributed identity network based on a software Open Source. A Founding Steward, like InfoCert, plays as a node of SOVRIN NETWORK: it is responsible to validate transactions, while the user s identity verification is made through Claims, Keys and Identifiers. 01 02 Pubblic and permissioned Consent receipt Keys 03 Public and private keys respectively used to verify and sign a transaction Claims Record referring to identiry: - Self asserted claim - Verifiable claim - Premium claim 04 Identifiers Cryptographic or noncryptographic, they uniquely identify each subject. They are saved on the ledger. Disclosures It allows the user to use only data and information useful for a particular identification 06 05 47

What s about the future? Trusted Internet of Things iot trends: the volume of connected objects on the internet is estimated to be in the range of 20 and 50 billion in 2020 Hack of IOT systems is growing: GPS spoofing Computer cars remote hacking control Power grid breaches Healthcare data breaches iot needs of TRUST for: Proof of identity Privacy Liability framework TITOLO DIAPOSITIVA SOTTOTITOLO InfoCert is piloting the concept of a Trusted IoT ecosystem 48

Thank you! Carmine Auletta Chief Innovation Officer carmine.auletta@infocert.it INFORMATION COPYRIGHT INFOCERT

Q&A SESSION TITOLO DIAPOSITIVA SOTTOTITOLO

Q&A Session Can a citizen of a Member State be identified by a QTSP accredited in a different Member State in accordance with the identification methods listed in the CPS and receive a qualified certificate? Can he use this certificate in his/her Member State with full legal validity of the signed documents Yes, this is possible. If a citizen is identified in accordance to the procedures listed in the CPS of the QTSP, and these procedures are recognized valid ones in the accreditation process bytitolo the national DIAPOSITIVA supervisory body, the citizen can receive a qualified certificate and, as provided in thesottotitolo eidas Regulation, this certificate is recognized as a qualified certificate anywhere in Europe. In this regard, Article 24 provides that QTSP shall verify the identity of the natural or legal person to whom the qualified certificate is issued in accordance to the national law applicable in the Member State where the QTSP is accredited and from where it may offer qualified services to clients everywhere in Europe. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session How and where can a user of a digitally signed document, for example a Fiscal Authority, verify if a Trust Service Provider is certified to provide trust services? The information that a Trust Service Provider is a QTSP is already stated in a valid certificate. In addition, to verify if this is trustworthy information, the authoritative sources to be used are the Trusted Lists (article 17) where the Qualified Trust Service Providers are listed under the responsibility of the national supervisory body granting the status of QTSP. TITOLO DIAPOSITIVA SOTTOTITOLO Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Does a public authority of a Member State, for example a Fiscal or Administrative Authority, need an explicit consent from the local Supervisory Body to accept a qualified certificate issued by another Member State QTSP? The answer is no. If a public authority is accepting at national level advanced electronic signatures, under the eidas Regulation it is obliged (Article 27) to accept electronic signature of the same or higher security level (i.e. up to qualified signatures), disregarding TITOLO DIAPOSITIVA SOTTOTITOLO whether such signatures are generated based on certificates or signature creation services provided in another Member State. This is particularly true for qualified electronic signatures. The Supervisory Body in the receiving Member States plays no role in this regard. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Can any Member State Supervisory Body or Parliament issue a law, a guideline or any other measure which may affect a different Member State QTSP only because the latter is issuing a qualified certificate in a cross-border situation? No, eidas Regulation defines the legal framework for qualified trust services and qualified trust service providers. At the national level no legal act or administrative measure can be enacted or adopted to change the scope and validity of the provisions in eidas Regulation. TITOLO DIAPOSITIVA SOTTOTITOLO If that will be the case, there will be incompatibility between the European primary law (i.e. eidas Regulation) and, as provided under the Treaties, the national law will be invalid. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Does eidas Regulation forbid remote identification to issue qualified trust services? Can a local Conformity Assessment Body or Supervisory Body approve it? eidas Regulation doesn t forbid remote identification. Qualified trust service providers can identify a person to whom they issue a certificate using a remote identification methods (for instance based on eid means that meets the requirements of Article 8) as long as such methods and the related procedures are recognized at national level and complies with the TITOLO DIAPOSITIVA SOTTOTITOLO eidas Regulation, i.e. they provide equivalent assurance (confirmed by a conformity assessment body) in terms of reliability to physical presence. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session A QTSP can identify a citizen to issue a qualified certificate with a notified or prenotified eid with a level of assurance substantial, or just the level high is allowed? In accordance with article 24 of the Regulation, when issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity of the person to whom the qualified certificate is issued. To this end, Art 24.1(b) sets out that electronic identification mean notified under eidas can be TITOLO DIAPOSITIVA SOTTOTITOLO used for remote verification provided that they meet the requirements set out in Article 8 with regard to the substantial or high level. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Can a bank or another subject different from a QTSP keep the private keys associated to the qualified certificates of their customers, in an HSM system installed on the bank s premises? Annex II of the Regulation sets out the requirements for qualified electronic signature creation devices, including HSM, that may be used to create qualified electronic signatures. Point 3 of the Annex states that the generation or management of electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider. TITOLO DIAPOSITIVA SOTTOTITOLO Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Why do you think that the supervisory body in the UK has still not published the processes for CABs? Although I'm not sure that the question relates to one of the tasks of the supervisory bodies as set out in the eidas Regulation, it is definitely a question for the UK authority. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission TITOLO DIAPOSITIVA SOTTOTITOLO

Q&A Session Given the global audience and interest for non-eu nation states with strong links to the EU, is it possible for the Regulation that non-eu schemes are notified by an EU MS? What advice would you give? Member States remain free to decide which electronic means may be introduced or recognized at national level for the purpose of electronic identification for accessing on line public services. It is their sole sovereign decision. However, when it comes to cross border recognition of eid means the provisions under eidas Regulation apply, in particular the TITOLO DIAPOSITIVA SOTTOTITOLO eligibility criteria for notification as set in Article 7. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Spain normally accepts 5 different means of e-authentication: ID card, e-certificate, permanent password, temporary SMS password and STORK / eidas, using Cl@ve, a mandatory common service for authentication. You quickly mentioned that the different means of electronic ID acceptable for a transaction are defined by each member state. This means that probably not all authentication methods will work across borders. How does this work in terms of interoperability and how does it affect the eidas objective of seamless authentication? What consequences may this have for member states that will need to support a growing number of authentication methods? TITOLO DIAPOSITIVA SOTTOTITOLO Once again, Member States are free to decide which electronic means may be used at national level for the purpose of electronic identification for accessing on line public services. However, only eid schemes and associated means notified under eidas will be recognized (as of 29 September 2018) across borders in all Member States. Such notified eid schemes will be interoperable as, among others, they will comply with the criteria and requirements of the interoperability framework set in the eidas Regulation and related Implementing Act. Andrea Servida Head of Unit egovernment and Trust at DG CONNECT, European Commission

Q&A Session Which are the main differences between European landscape and the rest of the world in the area of digital trust? The main difference is simply that the US has settled upon a type of signature based on multiple authentication aspects, not based on the certificate, even if in some of the elements could seem bound to the European concept of advanced signature. US signature is based especially on knowledge-based authentication, and even biometrics is growing in TITOLO DIAPOSITIVA SOTTOTITOLO importance (voice printing, facial biometrics). This approach made possible a really rapid market progress, but is more focused on customer experience, and not much on trust. Craig Le Clair Vice President, Principal Analyst at Forrester Research

Q&A Session How do you see the future of QTSP market in Europe? Nowadays, there are more than 170 QTSP in Europe, most of them small-sized. This made sense before eidas, because each country had a specific regulation. I believe that the market will be consolidated and in the end, will have a small number of big players, providing innovation and better solutions to the market. TITOLO DIAPOSITIVA SOTTOTITOLO Carmine Auletta Chief Innovation Officer at InfoCert

Q&A Session How should discontinuity be handled in a multi-sided contract environment? For example: three companies want to sign a contract, each company needs two signatures to validly sign, so we need six signatures. The first two use qualified electronic signature, the next wants to sign by hand, and uploads the scanned document, the next signs electronically, the next by hand... How can be generated a single document with all electronic signatures (still able to validate electronically) and all manual signatures as well on it? The most TITOLO effective DIAPOSITIVA approach in a multi-sided contract environment is to decide whether the process has tosottotitolo be fully digital or analogic. It s not recommended to mix digital and wet signature, because the act of printing and scanning documents creates a discontinuity in the trust chain that can impact on its formal validity as well as create vulnerabilities. In complex cases like the one described, the best approach would be to design the entire signing process and validate it against legal, functional and organizational requirements. Carmine Auletta Chief Innovation Officer at InfoCert

Thank you! INFORMATION COPYRIGHT INFOCERT

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback