ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Peter Alterman, SAFE‐BioPharma Association Dr. Peter Alterman is Chief Operating Officer of SAFE‐BioPharma Association. Until his retirement from federal service, he was Senior Advisor to the National Program Office of the National Strategy for Trusted Identities in Cyberspace, NIST. Before that he served as the Senior Advisor to the NIH CIO for Strategic Initiatives, Assistant CIO for e‐authentication at the National Institutes of Health and Chair of the U.S. Federal PKI Policy Authority. Dr. Alterman serves on several industry identity and access management committees and workgroups. He has received numerous government and private sector awards for pioneering work in federated identity management. He received his M.A. in 1970 from Adelphi University and his Ph.D. in 1974 from the University of Denver. Carlos Ares, Safelayer Secure Communications Carlos Ares is Product Manager at Safelayer Secure Communications. Carlos holds a Computer Engineering degree from Universitat Politècnica de Catalunya and Marketing studies from EADA. With more than 10 years of experience in security and digital identity PKI‐based projects, he has worked as a teacher at Universitat Oberta de Catalunya and as a technology provider at Safelayer Secure Communications, a leading security software vendor for PKI, multi‐factor authentication, electronic signature and data encryption. After his work in different areas of software development (design, implementation, QA,support and documentation) and his participation in statewide deployment and research projects, since 2011 he leads the e‐signature and encryption solutions area, which provides standard‐based trust services for the protection of electronic transactions. Robert Bielecki, ARhS Luxembourg Robert Bielecki was born in 1970. Today he lives between France and England. With 24 years of experience in IT and as a former teacher at CNAM (France) and IBM (Belgium), he acquired strong experience in object‐oriented design and architecture. In his career, he has worked in many countries, in a wide range of sectors such as: industry, education, banking and administration. He was also involved in various types of projects with teams based in different locations including managing outsourcing projects in India. For over three years, he has been in charge of the SD‐DSS project for the European Commission. He found his bearings quickly, and proposed several significant changes in the architecture of the framework. Attracted by the field and the complexity he acquired an extensive knowledge of the standards, the basis of the digital signature. He takes part in ETSI ESI workshops. He was actively involved in the promoting of the European SD‐DSS framework and participated in many conferences in Member States. Currently he is concerned with the interoperability issues in the cross‐border signature validation. He is also interested in the work of ETSI standardization of the emerging field of quantum and post quantum cryptography. Michael Bode, Federal Office for Information Security in Germany Michael Bode worked for the institute of computer science of the Free University of Berlin in a project with a French communication company issuing the potential communication traffic of smart meters in the Internet. He also worked as a programmer for a start‐up and a big media institution and gave lectures in programming. Since March 2015 he is working at the Federal Office for Information Security in Germany. He is concerned with the German service for registered mail, called De‐Mail, and he is involved in the eSENS pilot. Michael Bode holds a diploma in mathematics and computer science from the Humboldt‐University of Berlin. Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Luca Boldrin, InfoCert Luca Boldrin received a Laurea (MS.S) in Computer Science and a Ph.D in Computational Mathematics. He presently leads international activities for InfoCert, one of the largest Certification Authority and Trust Service Provider in Italy, after a career across different public and private institutions (National Research Council, Telecom Italia, SAS, InfoCamere) as software architect and project manager.Since 2005 he has been involved as an expert in ETSI standardization activities related to digital signature and Trust Services, with recognized expertise on eID and eDelivery. He took part to several european initiatives (WeSIGN, SPOCS ‐
Simple Procedures Online for Crossborder Services, PEPPOL ‐ Pan‐European Public Procurement Online, eSENS) with specific focus on the implementationof cross‐border digital solutions. He regularly manages national and international innovation projects; recent achievements include the set up of a commercial identity provider service in the context of SPID (Public Digital Identity System) in close collaboration with Agenzia per l'Italia Digitale, aswell as the implementation of a Global Platform Controlling Authority for deploying PKI security on 4G USIM cards. Johan Borendal, Trust Weaver Mr. Johan Borendal is co‐founder and Chief Technology Officer of TrustWeaver, a market leader in e‐invoice compliance, archiving and e‐signatures, supporting over 50 countries worldwide. Johan has extensive experience from IT security standardization and international e‐invoicing standardization work, e.g. as Chair for CEN Working Group 3 on “Cost Effective Authenticity and Integrity”. In addition, Johan is frequently advising large B2B service providers and multi‐national companies on their e‐invoicing, security and compliance strategies. Prior to founding TrustWeaver, Johan served as Vice President Engineering for RSA Inc. and as CEO for RSA Security AB in Sweden. Johan has more than 25 years of experience in managing the development of systems and service platforms for the IT security market. Johan is or has been on the Board of Directors of FollowIT, PharmaVision, Dynasoft, RSA and TrustWeaver. Juan Carlos Cruellas, Universitat Politècnica de Catalunya Juan Carlos Cruellas is an Electronic Engineer since 1983. In 1989 got his phD. And at present he works as professor at Universitat Politècnica de Catalunya (Spain). He has been involved in PKI standardization since 1990. He has participated in a number of PKI‐related European Projects and since he joined ETSI ESI TC he has been the editor of XAdES related specifications (TS 101 903, TS 103 171 and the pre EN 319 132). He has also been the STF Leader in the STF 318 and STF 402 that produced the ETSI TS 102 640 on Registered Electronic Mail (REM). He is, at present the STF Leader of the STF 459 that has produced the ETSI SR 019 530, which proposes a framework of standards for Electronic Registered Delivery within the framework of standards for electronic signatures being produced by ETSI and CEN. Giuseppe Damiano, Intesi Group S.p.A. The last 15 years of professional experience were focused on PKI projects and electronic payments solutions. He collaborated to the creation of one of the first Italian Certification Authority infrastructure in the banking environment. Technical consultant to the IdenTrust CA project for Italian Banks. Responsible of the design of HSM solutions to manage security data for electronic payment instruments (such as debit and credit cards and fuel cards). Solutions that are now used by several banking institutions in Italy and by some international oil companies to securely manage electronic payments transactions. He was in charge of the design and implementation of digital signature softwarecomponents of the Belgium electronic identity card. Collaborated in the drafting of the Italian official technical regulations of XML XAdES digital signature format. Security architect and advisor of PKI projects for some of the major Italian banking institutions and some of the most important qualified CA. In the last three years he has managed and developed Time4Mind cloud platform ‐ the most complex and well structured project ever developed by Intesi Group. In early 2015 he managed and got for PkBox Digital Remote Signature solution the European Certificate of Secure Signature Creation Device. Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Olivier Delos, SEALED SEALED is the association of the skills and expertise from two senior e‐Security & e‐Solutions consultants, Sylvie Lacroix (CISA) and Olivier Delos (CISSP, CISA), totalizing more than 40 years of experience in e‐
Security and trust services. They are European recognised experts in e‐Signatures, e‐Proofs, PKI and eID design & consulting, combining academic, business expertise in these matters. Olivier provides consulting services in the area of eSignature, eAuthentication and Identification, PKI, trust services and their business exploitation and usages, whether in corporate, national or international infrastructure programs. He also has a pretty good experience with regards to the legal & regulatory aspects as well as with the assessment and standardization of these techniques. In Belgacom and then in Certipost, Olivier set up and managed the first Belgian Certification Service Provider issuing qualified certificates, providing time‐stamping services and registered email. Since 2005, he advises numerous customers including European governments (e.g. on eID, ePassports, eSignatures), corporate enterprises, the European Commission (e.g. CROBIES, IAS & IAS², Trusted Lists), as well as international institutions (PKIs). He is also active in standardisation activities (ETSI STF leader within Mandate M460). website: www.sealed.be ‐ email: olivier.delos@sealed.be Marijke De Soete, Security4Biz Since April 2004 Marijke is offering business and technical consultancy services for systems and applications based on emerging technologies, in particular related to security. Before she was holding various positions at Europay and subsequently MasterCard, where she managed departments responsible for the security aspects of chip card based payment products including the development and operation of supporting services such as key management. From 1989 till 1994 Marijke worked for Philips where her team was in charge of the design and implementation of cryptographic protocols and security services using chip cards. She holds a Ph.D. in Mathematics from Ghent University (Belgium) and was more than 15 years involved in research in mathematics and cryptography. Marijke has been and is still active in several standardisation committees in the domain of IT security and chip cards including ETSI, ISO, and GlobalPlatform. She was involved in the creation of EMVCo and acted as a Board member for several years. She is Vice‐Chair of ISO/IEC JTC 1 /SC 27, IT security techniques since 2004. Anna Drieux, French ministry of Economics, Industry and Digital Affairs
Anna has been working for two years for the French ministry of Economics, Industry and Digital Affairs, and as such, was involved in the debates about the European regulation on electronic identification and trust services (eIDAS). She previously worked both for the private sector (in a Young Innovative Company providing software and data basis solutions designed for industry’s compliance with EU Regulations) and for the public sector in France and abroad (Polish ministry of Foreign Affairs, French General Secretariat for National Defense, French Prime Minister’s Service for Legal and Administrative Documentation, Europai Tanulmanyok Központ at Szeged Law Faculty). She holds a Master’s degree from the French Institute of Political Sciences (Sciences Po Paris) where she followed the Graduate Program for International Affairs specialized in Security & Defense Issues, and the Undergraduate Program specialized in Eastern European Affairs. Riccardo Genghini, Studio Genghini & Associati, ETSI TC ESI Chairman Riccardo Genghini is not only one of the best known specialists in the field of electronic signature standards, he is also a respected academic, Visiting Professor of Comparative Commercial Law at the Università Cattolica del Sacro Cuore of Milan. Developer of technologies for the certification of digital data, transactions and identities, since 2010 he is the Chairman of the Electronic Signatures Coordination Group, which coordinates the standardization effort of CEN and ETSI in the field of electronic signatures, with the aim of providing a rationalised framework for electronic signatures at EU level (EC mandate 460). This role has been acquired thanks to his experience as Chairman of technical bodies both in CEN (ISSS ‐ Information Society Standardization System) and ETSI (ESI ‐ Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Electronic Signature and Infrastructures). Moreover, he currently carries out his activity as a Public Notary in Milan, where in 1990 he founded the Studio Notarile Genghini, one of the most technologically advanced legal offices in Italy and in Europe in working with digital agreements and deeds. Thomas Kopp, LuxTrust
Thomas Kopp (born 1961, German & French nationality)  CIO at LuxTrust S.A. since 2013  Head of IT Development since 2012  Former responsible for the Security Development Department of DIaLOGIKa GmbH in Germany  Long‐term & wide‐range experience in nearly all fields of Information processing with special focus on network protocols and security infrastructures, PKI and advanced electronic signatures Some sample activities:  Responsible for specification and development of security‐relevant infrastructures used by German law enforcement authorities  Specified and implemented an SSL protocol stack of the W3C reference server for the HTTP protocol  Responsible for development of the OPOCE Authentic OJ dematerialization project of the European Official Journal with employment of qualified electronic signatures; also authored the European OJ signature policy  Responsible for the design and development of the AdES signature library used by Luxembourg governmental administrations and private sector customers  Study of Mathematics & Computer Science at the University of Saarbrücken/Germany (Diploma Degree in 1987) Risto Laanoja, Guardtime Risto Laanoja is Guardtime's Security Architect. Risto was part of the original engineering team, responsible for building trusted and standard‐compliant security procedures and cryptographic schemes. He is a key member of Guardtime's Research & Development directorate. His field of expertise covers security infrastructure, Internet protocols, trust services etc; delivering patents, academic articles, and working prototypes of innovative ideas. Risto's role spans across research, development, integration and operations. Before joining Guardtime Risto spent 10 years at SEB in data security management and infrastructure development positions. Back then, he was responsible for security and pioneering online‐banking and national digital signature infrastructure applications. He has graduate and undergraduate level teaching experience. Risto is pursuing his PhD degree at Tallinn University of Technology, working on provable security of KSI and its applications. Franck Leroy, Docapost Chief Technical Officer at DOCAPOST ‐ Digital Trust Services Franck Leroy studied Computer Science at Université Paris Sud (France) and received Master’s degree in engineering diploma in 1996. From 1999 to 2004, he worked as a software project leader in the domain field of PKI and then as R&D department manager. From 2007 as CTO of the French Post Certificate Authority, Franck started to participate to normalization works in 2011 at CEN. Editor of the Server Signing technical specification, he is also an expert in ETSI specialized task force covering the area of trust service providers supporting electronic signature, where he is in charge of the time‐stamping policies. Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Peter Lipp, Graz University of Technology Peter Lipp is Assistant Professor at IAIK, Graz University of Technology and CEO of Stiftung SIC. He is responsible for the Java‐Crypto‐Development at IAIK and has been involved in security, PKI and digital signatures for more than 20 years. He has been member of ETSI ESI for many years. Currently he is the editor of the standard for Creation and Validation of AdES Digital Signatures. Gisela Meister, G&D Dr. Gisela Meister has been employed with G&D since 1989 and is G&D´s Standardisation Director as well as the Head of R&D´s Technology Consulting Department. She convenes the European standardisation working group for digital signature applications on smart cards (SSCD). Since 1994, Dr. Meister has been a member of the DIN national committee on Card Standardization NIA 17, which she chairs now and since 2006 to recently she chaired the technical committee NIA 17.4 and now acts as head of German delegation of its international mirror committee within ISO/IEC. Dr. Meister has degrees in mathematics and economics from the University Münster, has received the SIT Fraunhofer Smart Card prize 2004 and is a member of several program committees regarding smart cards and security aspects, e.g. the BSI IT‐Sicherheitskongress 2013‐15, the Fraunhofer Smart Card Workshop, the Chip to Cloud or ID World symposia. Stéfane Mouille, Gemalto Stéfane Mouille, NFC Mobile Apps Strategy Director at Gemalto and Vice‐President of Eurosmart Stéfane has 15 years experience in digital security industry, digital identity related business and NFC contactless applications, leading projects in Banking, Telco and Public Sector markets. His responsibilities include the definition of Gemalto NFC strategy for Payment, Transport and Digital Identity applications within a mobile environment. This involves managing Gemalto’s activities within several countries. Prior to his current role, Stéfane was Strategy director for the European market including institution relationship with French central administration, European institutions such as Parliament, Commission and the Council on several European regulations such as eIDAS, electronic passport, resident permit and the smart border package. Stéfane has also held several positions in Product Marketing, Field Marketing and Business Development. Stéfane holds a Bachelor of Sciences in Electronic and Computing Engineering from Napier University Edinburgh Scotland, a Master Degree in Marketing and Management from ESC Wesford Grenoble and a Master Degree in Political Sciences from Sciences Po Aix‐en‐Provence France. Jon Ølnes, Unibridge AS Jon Ølnes holds an M.Sc degree in informatics from the University of Oslo and works for Unibridge AS, a consulting company specialising in electronic identity and e‐signature. He is a member of the ETSI ESI (Electronic Signatures and Infrastructures) committee and participates as expert in ETSI STF458 Area 1 signature creation and validation. He has about 15 years’ experience from work on international aspects of e‐signatures, among others as one of the main architects for the global validation services solution that was successfully piloted by the PEPPOL large‐scale pilot project. He has published numerous journal/conference papers on e‐signature topics and is a frequent speaker at conferences and workshops in Europe. Denis Pinkas, DP Consulting Denis Pinkas is graduated from the Supelec engineering school. He is a security consultant with an expertise on PKI, time‐
stamping, advanced electronic signatures, smartcards, PDF and electronic archiving. He has been the main editor of several RFCs at the IETF and the editor of many ETSI Technical Standards (TS) and Technical Reports (TR) related to signatures policies and to electronic signatures. After having worked for Bull SAS for a long time, he created his own consulting company two years ago: DP Security Consulting SASU. He has been active and is still active in many standardization international committees: IETF, ETSI TC ESI, ISO SC 27 WG 5 (Identity management and privacy technologies), ISO TC 171 SC 2 WG 8 (PDF 2.0 and PAdES signatures), Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
CEN TC 224 WG 16 (APDUs for smart cards) and the newly created CEN JWG 8 (Privacy by Design). He also participates to the corresponding AFNOR shadows committees. Nick Pope, Thales e‐Security Nick Pope is a principal consultant at Thales e‐Security supporting their customers on use of Thales’ hardware security modules, as well as the SafeSign signing software, in banking, governmental and commercial sectors. He has been involved in ETSI and CEN standards in this area for more than 15 years and before that development of X.509 standards in ISO. Currently, he leads the ETSI specialist task force concerned with electronic signatures and trust services, and also is the UK lead expert and ETSI liaison on CEN activities security requirements of hardware security modules and remote signing solutions. Kornél Réti, Microsec Ltd Kornél Réti is a research engineer at Microsec Ltd., the leading certificate authority and prominent supplier of PKI applications in Hungary. Microsec operates the electronic company registry systems in Hungary, which is a significant field applying PKI‐based electronic signatures. Microsec has also developed and maintains an e‐delivery system for judicial documents, which proved an enormous success due to the cost efficiency and strong evidence of delivery it provides. Kornél Réti has hands‐on experience in all these fields. Moreover, he has led the development of a registered e‐mail system based on the ETSI REM (TS 102 640) specification, which has given him a thorough insight into the various issues of e‐delivery. Kornél Réti has studied at the Budapest University of Technology and Economics, holds a Master's Degree in Technical Informatics, specialized in IT security. Philippe Schneider, European Commission, DG Informatics (DIGIT) Philippe has an Engineering Diploma from the Institut National des Sciences Appliquées of Lyon, France and a Master's Degree in Computer Science from Brigham Young University, USA. After 14 years at Alcatel Business Systems in Strasbourg in various R&D positions, Philippe joined Hughes Network Systems in Maryland, USA, as a Principal Engineer, then as a Technical Manager for the Network Operations Control Center (NOCC) Service Management design team of the Spaceway program. Philippe joined the European Commission in 2005. He is in charge of the electronic signature engineering team that built and maintains the Electronic Signature Infrastructure Service for the Commission (ESSI). Since 2014, he also manages the CEF eSignature Building Block project at DIGIT. Christoph Sutter, TÜV Informationstechnik GmbH Christoph Sutter is working in the field of IT Security since 1998 when he joined TÜV Informationstechnik GmbH (Essen) to work as certifier for signature products and security concepts. In 2006 he became head of the accredited certification body for IT Security. The main areas are certification of data centers, certification of signature products and qualified trust service providers according to national legislation, Common Criteria and electronic signature related ETSI specifications as well as certification of electronic document management solutions. Since 2007 Christoph convenes working group WG17 of CEN TC224 that deals with Protection Profiles for secure signature creation devices and related products. Recently published standards comprise security requirements for server signing and for trustworthy systems managing certificates and time‐stamps. Walter Trezek, Document Exchange Networks GmbH Walter Trezek began his career in the postal industry over 30 years ago with the family company, representing postal processing manufacturers. During the late 1990‘s Walter recognized that the postal and digital worlds would merge and so, after gaining his Master‘s in law from the University of Vienna, joined Stamps.com, the Silicon Valley internet start‐up which created the world‘s first digital postage mark. He was their Senior Consultant, Managing Director EMEA and a member of their successful 1999 IPO team. Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
In 2000 Walter was invited to become Head of Technology at Austria Post. He also took over their address management and direct marketing divisions, and contributed to the restructuring of the organization, before leaving in 2004 to set up Document Exchange Network GmbH and communication‐logistics.com. Walter‘s horizons have always been international. Chairing Working Groups at the Austrian Standards (AS), at European level (CEN), and acting as liaison officer on European Postal Standardization to the Universal Postal Union (UPU) and ETSI. Walter plays an active role in setting the standards and determining the future environment in which European Hybrid, Secured electronic Postal Services & E‐Commerce as part of global network industries, will operate. He is a board member of Austria‘s dialog marketing association (DMVÖ) and represents the organization at FEDMA, their European counterpart. In 2012 Walter started work to develop service standards in the field of digital Marketing and document related communication, in order to establish Code of Conducts to protect personal data, enhance trust, data security and privacy, in a more and more complex digital economy. Walter is actively involved in re‐engineering postal incumbents and developing new business models. 2013 he was elected to become Executive Board Member of AS, advising Austrian Government on Infrastructure and technical Regulation policies as Presidential Advisor. Maura Turolla, Telecom Italia
Maura Turolla is Director of Trust Digital Life Development Department in Telecom Italia Strategy & Innovation, dealing with secure services mainly mobile payment, mobile wallet and mobile identity. She is the chairman of GSMA Digital Commerce Working Group that has the goal to accelerate the launch world wide of mobile payment interoperable services. She received her degree in Electronic Engineering from “Politecnico di Torino”; she is the author of several papers and publications and is named as inventor in several basic patents dealing with the mentioned topics. Patrick Van Eecke, DLA Piper Prof. dr. Patrick Van Eecke is partner at the law firm DLA Piper. He is a specialist in e‐signature, e‐commerce, e‐government, and data protection issues. Dr. Van Eecke advises both governments and enterprises on the legal compliant implementation of e‐signature solutions and is experienced in drafting and negotiating PKI related legal documents, such as Certification Practice Statements, Certificate Policies, Signature Policies and Relying Party Agreements. He is extensively involved in diverse research and consulting projects for the European Commission, international bodies and several national governments, including the European Commission, the United Nations (UNCITRAL), the European standardisation body ETSI, the American Bar Association (ABA), the UK government, the Belgian government, the Luxembourg government, the Romanian government and the Economic and Social Committee of the European Communities. As a national representative for Belgium at the European Council, Patrick was involved in the drafting of the European directive 1999/93 on electronic signatures and the 2001/31 directive on electronic commerce. Patrick obtained his PhD at the University of Leuven (including a visiting scholarship at Stanford University) having as subject “The legal status of electronic signatures”. Patrick is also teaching IT law at the University of Antwerp, at King's College and Queen. Mary University in London, United Kingdom. He is the author of diverse legal articles and books on electronic commerce, computer crime, electronic signatures, electronic contracting and privacy and is a regular speaker on national and international conferences. Ben Wilson, CAB Forum Ben Wilson is immediate past Chair of the CA/Browser Forum and currently serves as Vice President of Industry Relations and Compliance at DigiCert, a Certification Authority located in the State of Utah. Over the past 15 years he has advised clients on information security, identity and authentication, public key infrastructures, and e‐signatures. He is a past chair of both the American Bar Association's Information Updated 10/06/2015
ETSISecurityweek
eIDASThematicstream
Speakers’Biographies
Security Committee and the Utah State Bar's Cyberlaw Section. Prior to joining DigiCert in 2009, Ben worked as an attorney in private practice and in‐house at Digital Signature Trust and IdenTrust. From 2000 to 2002 Wilson served as rapporteur of the ABA’s Public Key Infrastructure Assessment Guidelines. Currently he also participates in work of the CA Security Council, the Online Trust Alliance, and the Identity Ecosystem Steering Group. Arvid Welin, Stork Arvid Welin obtained his Law degree at the Stockholm University in 1972. He worked as a lawyer until 1977 and as a project manager in the fields of organizations and personnel development until 1984. After that as an IT‐manager to develop and maintain technical platforms for the Swedish Tax and Enforcement services. 1998‐ 2005 with business development and as a procurement manager. After that he was a project manager for Skatteverket with Government assignments in the fields of Procurement and eSignature. Welin has represented Sweden in STORK and for 1½ years co‐chaired that LSP. In STORK 2.0 he represents Sweden and is the work package leader of Marketing, Communication and Dissemination. Updated 10/06/2015