PrimeKey Tech Days 2021

PrimeKey Tech Days 2021

Date: Live broadcast on September 15
Location: Online
Ticket price: PrimeKey Tech Days 2021 will be free of charge
Social media:

PrimeKey Tech Days is your opportunity to keep up with widespread changes in cryptography, PKI, and related IT-security topics. This is a unique hardcore tech event that brings together PKI and security leaders from all over the world. There will be presentations from experts at leading global companies and demos from practitioners showing PKI in action.

Sign up now to learn from excellent speakers, network with your peers from all over the globe, and why not take the chance to talk to PrimeKey product managers, support agents and crypto nerds.

For a glimpse of what you can expect from the event, you can find recordings from previous years on the PrimeKey YouTube channel.

The topics are very high level and I really like the networking.

-Alexander Eßer, Bank-Verlag Product Manager, Security & Trust Services


PrimeKey Tech Days 2021

PrimeKey Tech Days 2021 will be free of charge.

Registration is now open! Please sign up below.

Follow us on LinkedIn and Twitter for event updates.



Agenda for 2021 is not yet available. Have a look at our speaker list to see the topics of the day!

Attend PrimeKey Tech Days to listen to distinguished speakers from leading international companies and organizations. We are excited to continue to plan the 7th edition of the event that gives experts in PKI, Crypto, Open Source, eIDAS, Digital Signing and other areas of IT security an opportunity to connect and share knowledge on widespread changes and more.

Speaker list 2021:

  • Agile PKI using Intelligent Composed Algorithms from D-Trust
  • Hardcore PKI from PrimeKey
  • IIoT Security from Siemens Energy
  • Hardcore Crypto from BouncyCastle, a PrimeKey company
  • Public Trust, CAB Forum and PKI Industry Update from Harica
  • …and more is to come!


Revealing the secret protected from the PKI industry – Microsoft

Rashmi Jha

About the Topic

As the cloud landscape evolves, products and services are being operated through cloud data or are being built on top.
It has been well established that PKI is a Must-Have for cloud security. The lesser-known fact is that PKI has gone from being a backend infra to being in critical path of these cloud products and services.
Be ready to have a mind shift that not only these cloud services need to be ‘always on’ but it is becoming imperative for PKI services supporting these cloud services to be highly available. This changes entirely how we view PKI today and how we create PKI management solutions in future.

About the Speaker

Rashmi is a passionate, effective, collaborative person and bring wealth of expertise in PKI space. She has shipped several releases of AD CS and recently brought Azure Key Vault Certificates from inception to market.

Rashmi enjoys new challenges and excel at product planning, product definition, execution and product/company representation. It is important for her to focus on the synergy of her core team and have strong relationships with internal or external partners along with the work she does.


PKI for Industrial Communication Networks and Devices – Achelos

Dr. Michael Jahnich

About the Topic:

Certified cyber-security becomes more and more important to manufacturers of industrial control systems, networks, and devices. These industrial products and services need to fullfil new security requirements from operators of critical infrastructures and suppliers of those security-critical systems. Therefore, industrial PKIs have become an essential building block to connect industrial devices and machines. In his presentation, Michael Jahnich from achelos will give an overview of use cases, standards (esp. IEC 62443) and security requirements in industrial communication networks and show how secure PKI solutions can help this industry to improve the cyber-security of their products.

About the Speaker:

Michael is a well-educated mathematician and electrical engineer, who decided that business, strategies, products and marketing are much more interesting to him than programming and figures (although he could easily give a lecture about NFC or ECC). He has always been working in areas related to product management or product development. Near-field communication, cyber security, smart cards, security certifications, ID cards and passports are among the topics that he has been involved with in his career. Currently, Michael works on security topics in connected vehicles and devices, especially on public-key infrastructures. He is achelos’ delegate in the Car-2-Car Communication Consortium. Moreover, as a product owner, Michael is responsible for the eIDAS Inspector, which is a highly flexible and fully automated verification system for electronic certificates according to the eIDAS regulation and which was developed especially for the requirements of eIDAS trusted service providers.

Agile PKI using Intelligent Composed Algorithms – D-Trust GmbH

Dr. Kim Nguyen, Dr. Klaus-Dieter Wirth, Frank Bysio

About the Topic:

In the prospect of upcoming quantum computers, cryptographic agility becomes an issue, which has long been neglected. It is expected that the NIST competition will lead to several algorithms, China and Russia have selected own algorithms. Consequently, we must be prepared to use several, coexisting algorithms in the future. The coexistence of algorithms does not only affect the migration from RSA and ECC to new algorithms, but is likely to remain permanent. These circumstances must be adequately put in practice in applications, protocols, and the PKI. The simultaneous use of different algorithms concerns in particular the PKIs. There are several approaches to dealing with multiple algorithms with different pros and cons.

This presentation introduces a new approach: Intelligent Composed Algorithms (ICA) have been developed as a mechanism for introducing new cryptographic algorithms into applications and PKIs in an agile way. Using ICAs, known cryptographic algorithms (Component-Algorithms) can be combined in order to get stronger algorithms. Using ICAs, it is also possible to use known Component-Algorithms as mutual alternatives. Furthermore, the combined and alternative use of Component-Algorithms as ICAs shall enable agile use of cryptographic algorithms without having to change standards as X.509 or CMS. An Intelligent Composed Algorithm is a flexible group of cryptographic algorithms together with the corresponding rules for their combination. The rules for the combination of Component-Algorithms are defined as algorithms (Controlling-Algorithms) themselves. In applications, ICAs are used as conventional algorithms, described by an algorithm identifier (an OID) and matching parameters. The chosen Component-Algorithms are defined by parameters of the Controlling-Algorithm.

Give that simultaneous use of different algorithms in PKIs and applications is of concern, the use of ICA in PKIs has many advantages compared to other approaches. A crucial point is that ICAs allow the combination of cryptographic algorithms in PKIs and applications without changing or modifying the well-known standards, as e.g. X.509, RFC 5280, RFC 6960, RFC 2986, RFC 4210, and RFC 5652.

About the Speaker:

Kim Nguyen studied mathematics and physics at the universities of Göttingen (Germany) and Cambridge (UK) and received a Ph.D. in mathematics for his work on the relation between classical number theory and cryptographic security of elliptic curves. He joined the German Federal Print (Bundesdruckerei GmbH) in 2003. At that time he was responsible for the topics of cryptographic and chip security as well as infrastructure aspects in the ePassport and eID projects in Germany. He additionally took over the position of Managing Director of D-TRUST, the trust service provider of the Bundesdruckerei group, in June 2012. Nguyen was awarded the title “Fellow” in June 2015. As of January 1, 2019, he heads the business unit “Trusted Services” of Bundesdruckerei GmbH.


Back to Basics: Simplifying PKI in Complex IT Environments – Keyfactor

Ted Shorter

About the Topic

Deploying PKI is far from what it used to be. Today, trust requirements, migration, specialized use cases, and hybrid environments are all key drivers for the use of multiple PKI and CA deployments. So, how do we balance the demand for scale and performance with need for trust and control?

In this session on Back to Basics: Simplifying PKI in Complex IT Environments, Ted Shorter, Chief Technology Officer (CTO) at Keyfactor will share insights into how the PKI landscape has evolved and how organizations can maintain governance, visibility and control in modern hybrid and multi-cloud environments.

Key takeaways will include:

  • Emerging use cases: PKI in DevOps, IoT identities, Zero-Trust architectures
  • How PKI requirements differ between private, public and cloud-based CAs
  • How enterprises can scale PKI to meet on-premise and cloud requirements
  • Why crypto-agility and root of trust management are the keys to success

About the Speaker

Ted Shorter is the Chief Technology Officer and co-founder at Keyfactor. Responsible for Keyfactor’s Intellectual Property development efforts, Ted helps align Keyfactor’s focus with the changing security landscape, ensuring our clients understand the importance of crypto-agility.

Ted has worked in the security arena for over 25 years, in the fields of cryptography, Public Key Infrastructure, authentication and authorization, and software vulnerability analysis. His past experience includes 10 years at the National Security Agency, a master’s degree in computer science from The Johns Hopkins University, and an active CISSP certification.

Public Trust, CAB Forum and PKI Industry Update

Dimitris Zacharopoulus

About the Topic

As the former CA/Browser Forum Chair (2018-2020) and participant in several PKI industry fora like ACAB-c, ETSI ESI and the PKI Consortium, this presentation will provide an update on topics and activities around:

  • Publicly Trusted Server certificates
  • Code Signing
  • S/MIME

About the Speaker

Dimitris Zacharopoulus

Dimitris is the PKI Manager of the Hellenic Academic and Research Institutions Certification Authority – HARICA, and former CA/Browser Forum Chair. The CA Browser forum defines the requirements for so-called “Publicly trusted CAs”. Those are CAs that are trusted in web browsers by default for example Mozilla, Google Chrome, Apple Safari and Microsoft. As such, the forum is critically important for the security of the Internet.


IIoT Security – Siemens Energy

Prashanth A.C

About the Topic

Digitalization is being adapted by critical infrastructure at a fast pace. Advancements in electronics for industrial control systems, industrial protocols, connectivity devices, standards, and regulations are just adding to this pace. This fast pace is also brining cybersecurity as a point of discussion from procurement to boardroom discussions.

We have mature technologies proven over time, which can be implemented as strong controls to mitigate multiple risks. There are standards such as IEC 62443, which are enabling secure development and deployment of IIoT/ IoT. All the stakeholders for industrial automation and controls system (IACS) security, such as, original equipment manufacturers (OEMs), integrators, asset owners and regulatory auditors can use these standards to mitigate risks from a common point of view. Additionally, regulatory requirements, including compliance to NERC CIP, California Connected Device Law, BDEW, IoT Cybersecurity Improvement Act, and others are pushing for a secure IoT/ IIoT ecosystem.

IT – OT convergence is so prominent in industrial control systems, it’s difficult to demarcate them clearly. IEC 62443 defines a systematic approach to address cardinal points of IACS security i.e., availability, integrity, confidentiality, safety, and reliability, over dimensions of people, process, and technology. It defines controls at system level and product level.

When we dive into strengthening IIoT/ IoT products as per IEC 62443, we observe, there are component requirements (CRs) in IEC 62443-4-2, which specifically mentions requirement of public key infrastructure (PKI) based controls, above and from security level (capability) [SL(C)] -02, where devices SHALL implement these controls. These controls are effective not only to adhere to standards, but also successful in compliance with regulations such as California Connected Device Law. We get a granular control of security on device and communication channels. We will discuss more about how standards and technology such as IEC 62443 and PKI can be robust in securing IIoT/ IoT in critical infrastructure.

About the Speaker

Prashanth A.C is an accomplished Information Security Professional with 15 years of experience. He managed secure IT operations within the military environment of Indian Navy, Min of Defense, New Delhi, and was released in 2017 with the rank of Lieutenant Commander.

Prashanth worked with Schneider Electric and led a global team of 20 members in hardware security. Core responsibilities were penetration testing (pentest) of all the Schneider Electric products before release. Those included PLCs, PAC drives, Gateways, RTUs, HMIs, Home automation systems etc., dealing with oil and gas, energy, solar and home automation. In due course, he handled 300 + hardware projects for pentest.

He is an ISA 62443 cybersecurity expert and gained experience on 62443 standards from the perspective of OEM, Integrator and End User. Assessed by ISA Europe and recognized as ISA trainer for ISA 62443 certification courses, he also holds certifications such as CISSP, CISM, GICSP, ISO 27001:2013 LA, AWS Certified Security Specialty etc.

Presently, Prashanth is working with Siemens Energy as Product and Solutions Security Expert, handling security of Sensproduct®, an advanced IIoT/ IoT/ AI powered solution for monitoring of critical assets at electrical utilities, which involves sensors, IIoT/ IoT devices, Cloud solution, Mobile solutions etc.


To keep updated, follow us on LinkedIn and Twitter.



How can we help?

  • Hidden
    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.
Contact us