© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

© 2011. Copyright GuardTime. All Rights Reserved.

Raul.Vahisalu@GuardTime.comGeneral Manager Estonia

21.03.2012

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

GuardTimeProof of time, origin and integrity for the world’s electronic data

Founded in Estonia in 2006IP of Estonian scientists Ahto Buldas and Märt SaareperaAccredited timestamping service provider in EU since 2007Financed by ASI, Brother, Singaporean Government and Hong Kong based Horizons VenturesSubsidiary offices in Singapore, Hong Kong, Tokyo, Beijing, San Diego

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

3

Hash FunctionsGuardTime’s technology is based on cryptographic hash functions

When trust is not enough

Hash functions are cryptographically secure one-way operations that take arbitrarily-sized data as input and generate a unique fixed-size bit sequence as output

INPUT DATA HASH FUNCTION

HASH VALUE

AXSJ76SNWCRVRVLFFAONRDNZG4VUSU2HAS7DJWZR2U

ONE-WAY ONLY

REVERSE CALCULATION NOT POSSIBLE

The output is known as the hash value, message digest, or digital fingerprint

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

4When trust is not enough

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

5When trust is not enough

TIME

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

6

Keyless Signatures: How It Works

When trust is not enough

Receive a signature for

each data item signed

Signatures are mathematically

verifiable for the life of the

data

Sign the event logs, backups, archives, other

data and applications

Enable any system or

environment to use Keyless Signatures

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

7When trust is not enough

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

8

Prove This Didn’t HappenDoes your proof require that someone trust you?

When trust is not enough

Accidental(admin)

• ‘Cleaning up’ the application and system logs• ‘Fixing’ the backups and archives• Checking in untested applications

Intentional(admin)

• Removing application and system log entries• Changing database records• Adjusting application and system configurations

Malicious(hacker)

• Removing log entries• Changing database records • Inserting new code into the operating environment

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

9

Use Case: Auditable Scan-To-Server

When trust is not enough

Signing capabilities are embedded directly into the multi-functional printerDocuments are signed after scanned and converted to PDFThe signature is embedded within the PDFSigned PDF documents are stored on the serverRecipients of the documents can verify the signature of the documents from within the scanned PDFProvides proof of origin (e.g. which scanner), time and content for the stored documents

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

10

International team

When trust is not enough

Business is done by people! Our group CEO flight mileage last year - 2500000900-1700 Tallinn time +9h/-8h~10 different nationalitiesNegotiation and communication styleWork ethic, command of languagesPolitics, religion, women, alcohol

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

11

Research & development

When trust is not enough

R&D is in Tallinn, EstoniaTop of the technology pyramidSerendipity-led R&DCan innovation be outsourced?What is innovation?Accountability to investorsTest-site Estonia

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

Sales

12When trust is not enough

What do you sell?Business model, Pilot, Service (consumer, infrastructure), Product, Disruptive change, Fear

Naive, Pragmatic, StrategicIPObstacles

Not invented here

Nice to have but not compulsory (through legislation)

Too new, too disruptive for me

Technology push v. Market pull„GuardTime is not a technology problem, its a marketing problem“

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

13

Business modelGuardTime is sold as a monthly subscription service based on volume (Transactions/Second) shared with partners and downstream channelEstonia as a test site for the worldCooperation agreement with the Estonian Government for a service free of chargeIn Estonia - National Archive, RIK, MKM, Levira, SEB, Elion...

When trust is not enough

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

14

Orwell 1984

Big BrotherDoublethinkThoughtcrimeNewspeakMemory hole

When trust is not enough

© 2

011.

Cop

yrig

ht G

uard

Tim

e. A

ll Ri

ghts

Res

erve

d.

© 2011. Copyright GuardTime. All Rights Reserved.

Thank You!Email: raul.vahisalu@guardtime.com

When trust is not enough