WTG New Technology Corp Passfaces Corp About the companies WTG New Technology Corporation (NewTech) is a technology transfer company specializing in the Washington DC market. Passfaces Corporation is a security technology company, featuring Passfaces, a bi-directional, two factor, cognometric authentication system based on a patented technology that leverages peoples innate ability to recognize faces. The Companies To provide the online world with a secure, usable and affordable strong authentication solution and a practical alternative to tokens and biometrics. The Mission

WTG New Technology Corp Passfaces Corp Royal Credit Union More About Passfaces Passfaces: Strong / Two Factor Authentication and Phishing Protection Used primarily in Banking and Healthcare Also used – without problem – for 8 years by a major branch of the US Government Core technology is cognometrics, the human brains innate ability to recognize familiar faces CU Service Provider Patents granted world-wide Deployed without hitch to users at a major credit union in 2008 Selected by major healthcare provider with users in 2009 Customers include:

WTG New Technology Corp Passfaces Corp Why Strong Authentication ? Strong authentication is an essential enabler for the provision of online services It is needed for: Transaction & Data Protection E.g. Online banking, Personal Health Records Compliance E.g. FFIEC, HIPAA User Reassurance / Trust Insecure users wont use online services And because Passwords: can be guessed or cracked are written down And people use the same one everywhere Users forget them (and call the help desk) And, most critically today, they can be phished! Passwords are the weakest of weakest links – Bill Gates

WTG New Technology Corp Passfaces Corp Why Passfaces ? Passfaces provides strong authentication – and phishing protection – without pain! Easy to deploy Leverages existing password infrastructure No user hardware or software – works in browser No new servers or databases Easy for users No device to lose or forget No personal questions/answers to remember Machine & location independent – i.e. fully portable Built-in anti phishing does not require user attention Easy for administrators [Almost] no resets Actually liked by users Easy on budgets Less than one tenth the cost of tokens Save on purchase, implementation and support

WTG New Technology Corp Passfaces Corp Passfaces is Different Graphics and images are among the simplest and most effective means to communicate and interact with people But, like a password, you still need to recall a graphic or image Faces are Different The brain uses a dedicated, intuitive process to learn and remember faces The brain recognizes, not recalls, faces Face recognition is a universal skill – independent of age, language or education Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology Passfaces is a graphical authentication system

WTG New Technology Corp Passfaces Corp Passfaces Strong Authentication Passfaces provide a simple, but powerful, means of overcoming the vulnerabilities of passwords Passfaces are used with a password to provide two factor or strong authentication For two-factor authentication, users are typically assigned 3 secret passfaces in addition to their password Here are your Passfaces

WTG New Technology Corp Passfaces Corp Passfaces Strong Authentication To log on, users pick out one of their Passfaces from a challenge grid of 9 faces Each challenge grid contains 1 Passface and 8 decoy faces The process is repeated for each of the users Passfaces Click On Your Passface

WTG New Technology Corp Passfaces Corp A CREDIT UNION DEMONSTRATION For your convenience, we would like to show you a brief demonstration of a credit union's use of Passfaces for their online membersdemonstration

WTG New Technology Corp Passfaces Corp 1.Security – better than passwords alone 2.Usability – no complex pass codes or procedures 3.Non-Intrusive – users are averse to change and reluctant to do more 4.Visibility – users want to see that companies are increasing security 5.Mobility – users log on using different PCs in different locations 6.Consistency – of user experience 7.Reliability – no false rejection, no system errors, no user errors 8.Bidirectional – verify the User to the Site AND the Site to the User 9.Flexibility – for varying risk levels and customer choice 10.Easy Integration – with current systems and procedures 11.Low Cost – Procurement, deployment and ongoing maintenance Source: Gartner Inc. Strong Authentication Requirements Usability is key – especially for consumers. If they cant or wont use the security system, then it wont work!

WTG New Technology Corp Passfaces Corp What Are the Alternatives? Biometrics Smart Cards Tokens Crypto Cookie Code Cards Keypad Scrambler

WTG New Technology Corp Passfaces Corp Strong Authentication Alternatives Passfaces Virtual Keypad Biometrics Risk Analysis Code Cards Crypto Cookies Smart Cards Tokens Personal Pictures Security Bidirectional Intrusiveness Visibility Usability Mobility Management Integration Rollout Cost Click On Your Passface Good OK Bad Passfaces is unique in meeting all the requirements for strong authentication

WTG New Technology Corp Passfaces Corp Integrates Passfaces with any Internet platform Includes Server-side code Passfaces Web Clients Administration Console Reference Implementations Detailed integration information Passfaces Image Library Passfaces For NFCU

WTG New Technology Corp Passfaces Corp Existing User Database ODBC or LDAP connector or JDBC/JNDI Interface Web Server Passfaces Web Access End User Client Java Script, ActiveX, or Java No Software or Installation Required Application Server Windows, Java, or SDK Face Library Passfaces Admin Existing Web Application Integrated with

WTG New Technology Corp Passfaces Corp Passfaces Web Access Separate Passfaces Server (JavaScript, ActiveX or Java) No installation! Web Users Passfaces Web Client Web Server/Outlook Web AccessInternet Existing Application Server Passfaces Server (Windows IIS or Java) SSL SQL Database or LDAP Directory Server AD or SQL Database or LDAP Directory Server Administrator Passfaces Admin Console

WTG New Technology Corp Passfaces Corp SSL Passfaces Web Access – Architecture for SSL VPN Connectivity Corporate Network Passfaces Admin Console Web Users Passfaces Web Client Passfaces Server (Windows IIS or Java) DMZ Login information and control Corporate Resources SSL/VPN AD or SQL Database or LDAP Directory Server

WTG New Technology Corp Passfaces Corp SSL Passfaces Web Access – Architecture for Citrix Connectivity Corporate Network Passfaces Admin Console Web Users Passfaces Web Client Passfaces Server (Windows IIS or Java) DMZ Login information and control Corporate Resources Citrix Server AD or SQL Database or LDAP Directory Server

WTG New Technology Corp Passfaces Corp Everything Needed to Add Passfaces Administration Console Web Based (Java application servers) Windows (Microsoft IIS) Server-side code Java class package Java servlet (HTTP interface) ISAPI extension DLL for Microsoft IIS Passfaces Web Clients JavaScript / Java applet / ActiveX Reference Implementations Sample JSP/ASP/HTML pages Detailed integration information Passfaces Image Library Standard or Custom

WTG New Technology Corp Passfaces Corp Customizable User Interface Add Your Logo Change Background Colors

WTG New Technology Corp Passfaces Corp Integrated, Editable User Help Manual User Authentication Thornberry is adding Passfaces, an enhanced logon procedure, to our online services. The new process places an additional security lock to existing Online IDs and passwords. We are taking this step to provide the best protection possible for your online account information. Users are required to enable Passfaces over the next thirty days. You will be prompted to enable Passfaces each time you login. We recommend you enhance your login security as soon a s possible. The process takes from 3 to 5 minutes. We also recommend you View the Demo before starting the process. Thornberry Authentication Link to Passfaces Help Modify Files to Create a Custom Help Manual Add Your Logo Easily edited HTML lets you add sections specific to your Web Access procedures Built In Help

WTG New Technology Corp Passfaces Corp NIST Acknowledgment of Passfaces? From NIST Appendix A2 page 61: A.2 Other Types of Passwords Some password systems require a user to memorize a number of images, such as faces. Users are then typically presented with successive fields of several images (typically 9 at a time), each of which contains one of the memorized images. Each selection represents approximately 3.17 bits of entropy. If such a system used five rounds of memorized images, then the entropy of system would be approximately 16 bits. Since this is randomly selected password the guessing entropy and min-entropy are both the same value. It is possible to combine randomly chosen and user chosen elements into a single composite password. For example a user might be given a short randomly selected value to ensure min-entropy to use in combination with a user chosen password string. The random component might be images or a character string.

WTG New Technology Corp Passfaces Corp Customer Testimonials Passfaces is one of those products that just works… We installed it 7 years ago and have never had a problem with it… I see all these complicated new authentication systems being introduced by the banks and wonder why they dont just use Passfaces. CISO, US Government. We selected Passfaces as it not only raises the bar in terms of security, but it is both easy to use and to implement. David Vandeven, President/CEO Midwest Independent Bank. "ParadigmHealth was an early innovator of website security and authentication. Security and data privacy remain our focus, but now with Passfaces we are also highlighting the importance of increasing ease of use. Passfaces fully addresses the authentication requirements for the large-scale deployment of Personal Health Records." Tom Hagan, ParadigmHealth CIO. Thank you again for your support, your product is already making my life a lot easier and you can quote me on that if you like… Paul Osnes, CIO Easter Seals of Southern California. Passfaces was so unique and we felt our client base would find it very much cutting edge. We wanted something exciting; something different that had security second to none. It excited our folks internally and I knew it would excite our client base as well. Tom Leib, Product Manager RC Olmstead. Buckeye State Credit Union understands its members concerns for secure online banking. We feel that our members financial information is worth the best and most secure layer of authentication we could find. That is why we chose Passfaces. This is much more secure than asking questions like your mothers maiden name or your favorite pets name, or choosing a static picture like a watermelon or a beach scene as your login sign.… Our initial rollout was far more successful than I had ever imagined. My staff and I were prepared and we set realistic expectations that were exceeded. Sometimes the right choice is hard to make but today I am confident that our members information is secure because of Passfaces. Charles Stanfield, Information Systems Director, Buckeye State Credit Union.