On September 25th we closed the application for Security Challenge, a unique startup program open to incomplete teams and individuals who want to build cybersecurity companies. The program, in cooperation with Cisco and LVenture Group, has recently brought on board two new partners: NTT DATA and InfoCert, subsidiary company of Tecnoinvestimenti Group SpA and one of Europe’s leading Certification Authority. We spoke with Danilo Cattaneo, CEO of InfoCert to better understand the areas of interest of the company and the future scenarios of cybersecurity. How important is it for your company the mix between internationalization and innovation? "Over the past 3 years, our revenues increased from 25 to 47 million with a double digits net profit. This result was possible thanks to our commitment to innovate. We became Chairman of DTCE Digital Trust and Compliance Europe, the European association of the Trust Service Provider, this is because of InfoCert - in the panorama of the certificate authority - is the one that has invested more in research and development." What are the areas of interest in cyber security on which you are focusing? "Cybersecurity is clearly fundamental to us and is applied by our device down to our data centers. Hackers can infiltrate by attacking password-protected accounts, but also seeping into our third-party chain and that is why we carry out a careful check also on our partners. The same goes for our employees. In order to avoid malicious operations, our internal data can never be modified by one person. These measures, together with other internal measures, help to ensure the safety and reliability of our company. The focus areas on which we focus on the subject of cybersecurity basically are two: cloud protection and process protection. We can not afford to have intruders in our cloud services and we have to ensure that the process chain is safe. We have a strong interest in blockchain and biometrics. Regarding the first, we have teamed up with the University of Salerno. While for Biometrics we have a group of innovation at our headquarters in Milan. At the moment, for example, one of these projects aims to add more accolades to graphometric signature. We also work with Israeli and German companies (helping to ensure the identity of the persons)." What does InfoCert and what is the main strategy of the company? "InfoCert deals with a particular area of cloud services: digital trust. We are a trusted third party that provides the digital identity of those who make the operations going so to ensure transactions. We are the biggest European emitter of digital signature certificates. We also offer are the preservation of documents services. In Italy, the contracts by law must be stored for 10 years, while medical diagnostics such as x-rays should be stored for a lifetime. We must ensure that in the years any kind of document remains legible. (we can provide these solutions) Also, an integral part of our strategy is to demonstrate to our customers that we are a highly reliable Certification Authority. To do so we worked to get many international certifications, according to various standards. Some results of this strategy? The European Community has chosen us for the time stamp of the Official Gazette in accordance with the new standards EIDAS." How reliable are today the biometric detection systems? What are the new scenarios and how can biometric evolve? "The reliability of biometric sensors is improving but used alone those systems are not enough. Take for example the fingerprint of the smartphone: even if the device is completely safe, no one can certify the identity of the subject. The consequence is that in addition to the biometric variables, it is essential to certify in a certain way (with questions, witnesses and identity documents) the identity of that person. At the moment, therefore, biometric variables can be used safely if combination with other identifying factors. For the future, we intend to reach a balanced compromise between "trust and usability". The digital signature in the past was safe but difficult to use, but today thanks to the advancement of our software is an excellent example of the compromise that we are looking for. Today biometric reader has a very high usability and used in conjunction with a system to certify the identity is also reliable. Obviously, as Certification Authority we always have the priority of ensuring compliance with EU regulations. We provide services to more than twenty banks including Fineco Widiba and Ing Direct that thanks to our certification authority services are able to open in paperless mode even a bank account. We can release - via online webcam - a digital signature in conformity with the norm even know your customer (AML)." In what terms you are interested in blockchain? Are you already doing research to apply these products to your technologies? "For us, blockchain is both a threat and an opportunity. In fact, the blockchain with cryptocurrency manages to compete with a bank regarding the transfer timing and the costs and also is based on a very secure algorithm. The limit of this new reality is that performs transfers without a central unit, with the consequence that you can not verify the identity of the subjects. The digital trust must be compatible with existing legislation. We guarantee identity and legal standards documents - which make us an identity provider to Italian and European standards - while blockchain although at a safe level does the same, can not guarantee the identity legally binding. For example, a company that preserves the invoices via blockchain systems, although safe, is not in good standing. In 5/6 years blockchain will probably be made in accordance with European standards. Despite these limitations, we are investing in the sector to ensure future opportunities for InfoCert. We currently invest in research, we collaborate with the British and French groups, and we have a university spin-off. Regarding fraud prevention, what are the results obtained in the last year by InfoCert? How InfoCert will move in future to improve its benchmarks? An example of our results on fraud prevention is our application that allows you to open a checking account in paperless mode and remote. With Widiba of 300,000 open current accounts in two years, there has been only three low-relief fraud for an amount less than one thousand euros. We have 2 types of fraud detection: From one side we analyze the past fraud to improve our controls and preventing that could happen again in the future, on the other hand, are continuously improving the process in order to ward off attacks to vulnerabilities. We also have several indicators that warn us in advance of anyone looking to make furtive operations, detecting suspicious behavior. Furthermore, have a blacklist of those who made attempts of fraud in the past. Measures can be considerably increased if there is some significant risk. We stop many frauds by changing the rules of the process, in fact, if someone puts a digital signature without the knowledge of the person concerned, the author can only be a person along the chain controlled by us, and therefore we can easily thwart fraud. The attempt to fraud is stopped more than with computer security with checks on the trust chain." Do you have any advice for young innovators who want to take their first steps into the world of cyber security? "Many years ago I graduated in Information Science and now I advise to focus on the research frontier by always verifying the business opportunities. Before investing time and resources in developing a system of cybersecurity I suggest you to do an analysis of business applications. It is essential to check if your idea has real applicability in the market. There may be highly secure systems without interesting commercial opportunities, such as a system to protect the car's navigation system from hacker attacks. An example of a business-oriented mind? The georeferenced signature that indicates with certainty where a document was signed. It can be useful for inspections or even to certify that a hole has been arranged by sending a photo with signature and geolocation. We patented this idea in May, and we sold it in June! There was a real problem in the market that could be solved. I suggest to start with the real world problems and find solutions."