The Next Generation Identity Verification and Assured Rights Management Preventing Cybercrime and Protecting Privacy

Company Profile Founded in 2011 Founder and CEO – John Napoli President – Rich Wilcox Headquartered in Centennial, CO with offices worldwide serving the public and private sectors Privately-owned LLC Mission: Develop and implement the next generation of identity management and assured rights management for enterprises of all sizes, establishing ourselves as the ultimate response to the worldwide escalation of cyber fraud.

How much is cybercrime costing? A report by McAfee and think tank CSIS puts the annual hit to the global economy at more than $400 billion. The report characterizes this estimate as conservative.report The Question: If industry is spending hundreds of millions on cyber security efforts, then why are we continuing to lose billions of dollars? Many of the current solutions are not addressing the causes. There is more emphasis on detection and response and not prevention. The Cost

Primary Cause Impersonation of a valid user enables most data breaches (the person is not the person) There are two primary reasons: 1.Identity verification is inadequate in many enterprises 2.Effective rights management and access controls are lacking in most enterprises User ID’s and passwords offer little protection

Example 1 Commercial breaches in the news every week – “Saudi ARAMCO clearly points to administrative and privileged accounts as the priority target….” – “Data breach at home improvement retailer Home Depot” – “JP Morgan Chase hack impacted more than 80 million accounts” – “eBay announced it is aware of unauthorized access….” – Sony hack – Intellectual property and privacy lost – Subcontractor credential compromised – Weak rights management – Poor auditing and alerts

Example 2 Government Homeland Security Presidential Directive 12 (HSPD-12): Policy for a Common Identification Standard for Federal Employees and Contractors – Directed development and use of interoperable smart ID cards for all US federal government employees and contractors for physical and logical access Approximately 10 years later – 96% of employees have been issued cards – Unfortunately, many are used for physical access only; many as flash passes Where credentials are used for logical access – Rights management systems are weak and; – Credentials are not integrated with existing systems – They are not used enterprise wide

Assured Rights Management

Chain of Trust The SolPass Value Proposition: Prevents fraud and cyber crime Saves money Creates a competitive advantage

The Pass Biometrics held here – not on the server One-to one relationship between the Pass and the user; One-to-one relationship between the Pass and the Gatekeeper through the SolPass Platform for each session; Therefore, one-to-one relationship between the user and the server for each session Data storage moves to the Pass Form factor does not matter

The Platform Affordable (less expensive than the standard platform) Efficient migration on a rollout basis Flexible configuration Online or offline use Forensic wipe after each transaction (no local storage on the Platform ) No retraining required A single Pass can be used through any SolPass Platform Can be used in open environments

The GateKeeper Works with all current or future platforms Works with existing rights management (if desired) SolPass GateKeeperPlus provides granular rights management Serves as the trust broker and rights manager (if desired) Easily configured to fully implement enterprise security policy Enterprise user data never stored outside the enterprise Facilitates migration

You can make any device a SolPass device with three external components: Terminal drive-to-go certified Biometric sensor Pass

Partner Opportunities The SolPass solution will be implemented through a number of partners: Consulting : To establish a baseline, review and advise on the security policies, and review and advise on the rights management scheme. Implementation and Integration: SolPass will license our solution to companies with the necessary skills to implement our solution. Managed Service: Partners would build our solution under license as their own infrastructure and offer managed services to their customers. Manufacturing and Engineering Services: To modify and manufacture existing devices (computers, tablets, smart phones, ancillary devices) to make them more secure. Sustaining Support Services : Companies that provide support services and have a proven track record in this area.

The Managed Service Solution

What Will SolPass Do For You? Assured identity verification – Biometrics based (only on the pass) – Individual, role or group member Rights assigned on the GateKeeper ; stored only on the GateKeeper and the Pass – Access control through the existing rights management system, or –GateKeeperPlus - executed granular rights management Enforces enterprise security policies (imposes no additional processes) Access as granular as needed – Internal users IAW enterprise security policy – Subcontractors and partners IAW enterprise security policy – Specialized controls – Transaction-based access Implementation at your own pace – Migration assistance with GateKeeperPlus Migration – Measured investment Platform independent

What Is Needed? Commitment Education and Cultural Shift – Many, including senior leaders, do not understand the threat – Anonymity and privacy are not the same, nor are they mutually exclusive The next generation of solutions: – Biometrically enabled – Consistent and secure chain of trust from the user to the enterprise – Human out of the loop – Protection against malware – Assured rights management/access control – Standards compliance/interoperability – Auditing