Event Recording

Why KYC Isn’t Enough

Speaker
Ingo Ernst
GM Platform Division
Jumio
Ingo Ernst
Ingo is a committed Fintech entrepreneur with extensive experience in developing risk management and compliance software, implementing operational processes and managing multi-discipline teams across continents over the past 10 years. Ingo's ability to inspire his team and help businesses...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Protocol Independent Data Standards for Interoperability
May 12, 2022
Event Recording
Digital Identity and Privacy: Stories from the Frontline
May 10, 2022

As the pace of digitalization gathers momentum, organizations are witnessing a dramatic increase in the number of digital identities. These identities interact with systems and applications relentlessly to perform day-to-day IT tasks. Nevertheless, maintaining the privacy of this data is a daunting task. Enterprise data is hosted in multi-tenant cloud, managed service providers and distributed data center environments. How an organization can maintain data privacy in this evolving IT access control use-cases depends on the level of preparedness to protect and monitor those digital identities. An identity and access management solution provides adequate safeguards to enforce IT practices necessary to maintain data privacy.

Event Recording
Enabling MFA and SSO for IoT and Constrained Devices
May 13, 2022
Event Recording
The Changing Cyber Threat Landscape and its impact on IAM (II)
May 11, 2022
Event Recording
Panel | Assessing the Cybersecurity Impact of Russia’s Invasion of Ukraine
May 11, 2022

Russia’s invasion of Ukraine has tectonic consequences for citizens and businesses across the world. An expectation of normalcy post the pandemic has been replaced with fears of increased gas prices and supply chain disruptions. Attackers are expected to leverage the context to carry out advanced cybercrime intrusions, leaving businesses susceptible to attacks that could have potential second and third-order effects on their operations. A cyber problem immediately becomes a business problem that requires effective business continuity contingency plans built around defensible, risk-informed choices.  

In this panel session, you’ll hear from security leaders who will provide a pragmatic assessment of organizational dependencies to improve your odds of identifying and mitigating cyber attacks, while addressing the increasingly challenging risk environment organizations find themselves in 

Event Recording
Credentials and Privacy - History and New Kinds of Cards
May 12, 2022

David will talk aboout a new technology that allows the person owning a public key to prove that they have memorized a passphrase, from which they could at any time easily compute the private key.
One example use is for votexx.org elections, which are conducted remotely without polling places. The ballot-casting in such elections is done by a signature that is publicly verifiable as corresponding to a particular public key posted in advance by the election authority. The voter registration authority would require a proof that the voter knows the corresponding passphrase and hence ensures that the voter has irrevocable access to the private key corresponding to the posted public key. This lets the voter give all of their keys (in an extreme case) to a vote buyer and/or coercer – while the voter is never able to give up knowledge of the passphrase and the ability that it confers to secretly cancel any vote made with the corresponding private key. This is just one example David will feature in his presentation.

Event Recording
A Learning Agenda for Federal Identity
May 11, 2022
Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.

Event Recording
Panel | The Stack, the Stack, the Stack: How Trust over IP is Enabling Internet-Scale Digital Trust
May 11, 2022

The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems (aka self-sovereign identity or “SSI”) based on digital wallets and digital credentials. What industry insiders have demanded for long is becoming reality. This is bringing challenges to the forefront including resistance of the identity establishment and major questions about interoperability between emerging and existing identity systems.

The Trust over IP Foundation was founded by a pan-industry group of leading organizations with a mission to provide a robust, common standard and complete architecture for internet-scale digital trust. In this session, leaders in digital identity from the ToIP Steering Committee will outline the impact this missing layer has had on digitization of trusted interactions, why technology alone won’t solve this and how the ToIP stack is designed to tackle both technology and human governance to bring open and interoperable standards at each layer of the trust architecture. This interactive panel will be moderated by ToIP’s Director of Strategic Engagement and will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age.

Event Recording
How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions
May 11, 2022

Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once  can be a source of confusion: How do I actually build a decentralized or self-sovereign identity solution today? How do I put all the components together?  In this session we use the framework of a Trusted Data Ecosystem to show how you can use decentralized identifiers, software agents, verifiable credentials, and the supporting infrastructure to verify data without having to check in with the source of data. We show how we used Trusted Data Ecosystems to deliver solutions to financial services, healthcare, and travel to global enterprises—and we give you a preview of what the next steps are for these technologies. 

Event Recording
Dissecting Zero Trust, a real life example
May 11, 2022

After his presentation on Strategic and Tactical approaches for Zero Trust, in this presentation Fabrizio will breakdown the components of a Zero Trust implementation and highlight what a company needs to implement it. Fabrizio will also cover use-cases like legacy or cloud-based applications.

Event Recording
Insights from India’s Data Empowerment & Protection Architecture
May 13, 2022