Grasping mood of the security industry during Chip to Cloud

Nice, the italian french town, with its car and boat parking lying in front of gigantic buildings, with amazing sea view. Nice with its old town and its awful modern contrast. Nice, with its World Smart Week [1], made of buzz words such as NFC, identity and cloud, held in Acropolis, offering a common exhibition area, demonstrating maturity of any-form-of-NFC solutions. An interesting initiative was conducted aside, called Université NFC des Territoires [2], allowing different french cities going NFC to share their experience and brainstorm in workshops.

I attended the Chip To Cloud Security Forum which tries every year to show a state of the art in terms of security (hardware, software), or progress on any tricky topics such as authentication (of machine, people, devices) and smart secure distributed services, including cloud. I captured this year, several interesting topics that fed the conversations during the coffee breaks.

Digital signing – The European Commission recently issued a regulation on digital signature. The announced objective is to boost the trust and the convenience for EU citizen, administrations, corporation and SME to use such digital powerful tool. The big plan is to switch from paper signature to digital signature, keeping the same value for the economy. All members are not mandated to implement this regulation, but in case they do (and the future will demonstrate that they might have some interest), all countries will implement it in the same way, with no means to create national schemes or deviation. In addition, any member applying this digital signature will be part of the cross-border recognition program. A German company signing a contract with an Italian company will have no more law mis-interpretation : the signatures will be mutually recognized. From what most of the people said about this initiatives – vendors, association of SMEs, cybercrime organisation – we can imagine that this regulation will definitely help the deployment of digital commerce, which was facing up to now a technical and national fragmentation.

Trusted Computing – I attended a session focusing on TPM technology, the technology answering the need of device authentication – making sure the device you talk to is the right one – and integrity – making sure that noone has changed any code of any application you are running in. After a state of the art and an explanation of the usage of Trusted Execution Environment (TEE) to deploy those services in a smartphone by Trusted Logic Mobility – a gemalto company – a university presented the recent development of a Java version of the TPM library, allowing application on a device to get benefit of the TPM services. While being interesting, this session did not get the success it deserved – maybe because TPM is deployed in millions of units to solve security problems since many year with a poor usability. Lets speak again about it after Windows 8 deployments.

NFC – The half day dedicated to NFC was not as crowded as expected, but for the ones taking time to join the amphitheater, they could hear about the recent news from Mifare For Mobile code named M4M, having some first success stories on its version 2.0. Intercode Solutions Ltd exposed an ambitious technical vision with an application managing all types of credentials of the user on mobile (from fingerprint to emails and identifiers), and able to integrate the new usages of NFC – phone to phone, phone to badge or phone to terminal interactions – to make the user authentication easier. University presented a funny combination of Wifi and NFC goelocalization based services to enhance experience in museum by improving visitors monitoring and improving visitors interaction and game while canvassing the museum. Finally Vasco made a great recap on technology revolution in banking world and its impact on banking services usage : from branch, to wired phone, ATM, mobile phone, internet and … NFC. They also explained the new job of analyzing a transaction nowadays. Evaluation of transaction is not anymore a simple ‘checking your face and signature’, it has moved to evaluation of platform or device, evaluation of user including its location based services and his behavioral usage, and finally the transaction itself. A real job migration supported by the technology.

Mobile Security – I was presenting the vision of Eurosmart – the voice of the smart card industry – in a session dedicated to mobile security. This is where each year the industry is positioning the different technologies to secure mobile. That year Eurosmart claimed – by my sweet voice – that the Secure Element and the Trusted Execution Environment – this tiny isolated execution environment running in your smart phone – may be a good tandem to bet on to deliver secure services over the mobile. Same questions as usual were raised about security weaknesses, but the industry paid much more attention to the TEE technology in order to get the most of it, after rejecting it during years. Things are changing there !

Identity in the cloud – Several views on the management of identities to access cloud services were presented, including an interesting swiss project MyIDP.org which aims to associate qualified and reliable attributes to identity of citizen. Other topic : access to cloud services thanks to NFC easy service deployment and user adoption – by gemalto. And a last one : identity management of Nespresso machines by Sierra Wireless, integrating in each Nespresso machine a module allowing monitoring of machine usage, consumption, water temperature,… This session was the most creative.

Once again Chip To Cloud has been a great conference to learn, exchange and shape the future if services relying on what we know as security state of the art. The mood of the industry was that we all felt that technologies for providing security in the digital world were more than ever mature, expecting its integration with services in innovative ways.

Note : Other active bloggers have trapped the different Chip To Cloud presentations and are worth visiting : Eric Vétillard On the road to Bandol and Andreas Leicher IDM Thoughts

[1] World Smart Week, [2] Université NFC des Territoires

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s