The Next GenerationIdentity Verification and Assured

Rights ManagementPreventing Cybercrime and Protecting Privacy

Company Profile

• Founded in 2011• Founder and CEO – John Napoli• President – Rich Wilcox• Headquartered in Centennial, CO with offices worldwide

serving the public and private sectors• Privately-owned LLC• Mission: Develop and implement the next generation of

identity management and assured rights management for enterprises of all sizes, establishing ourselves as the ultimate response to the worldwide escalation of cyber fraud.

How much is cybercrime costing? A report by McAfee and think tank CSIS puts the annual hit to the global economy at

more than $400 billion. The report characterizes this estimate as conservative.

The Question:If industry is spending hundreds of millions on cyber security efforts,

then why are we continuing to lose billions of dollars?

Many of the current solutions are not addressing the causes. There is more emphasis on detection and response and not prevention.

The Cost

Primary Cause

• Impersonation of a valid user enables most data breaches (the person is not the person)

• There are two primary reasons:1. Identity verification is inadequate in many

enterprises2. Effective rights management and access controls

are lacking in most enterprises• User ID’s and passwords offer little protection

Example 1

• Commercial breaches in the news every week – “Saudi ARAMCO clearly points to administrative and privileged accounts as

the priority target….”– “Data breach at home improvement retailer Home Depot”– “JP Morgan Chase hack impacted more than 80 million accounts”– “eBay announced it is aware of unauthorized access….”– Sony hack – Intellectual property and privacy lost

– Subcontractor credential compromised– Weak rights management– Poor auditing and alerts

Example 2 Government

• Homeland Security Presidential Directive 12 (HSPD-12): Policy for a Common Identification Standard for Federal Employees and Contractors– Directed development and use of interoperable smart ID cards for all

US federal government employees and contractors for physical and logical access

• Approximately 10 years later– 96% of employees have been issued cards– Unfortunately, many are used for physical access only; many as flash

passes• Where credentials are used for logical access

– Rights management systems are weak and;– Credentials are not integrated with existing systems– They are not used enterprise wide

Assured Rights Management

Chain of Trust

The SolPass Value Proposition:• Prevents fraud and cyber crime• Saves money• Creates a competitive advantage

The Pass

• Biometrics held here – not on the server• One-to one relationship between the Pass and the

user;• One-to-one relationship between the Pass and the

Gatekeeper through the SolPass Platform for each session;

• Therefore, one-to-one relationship between the user and the server for each session

• Data storage moves to the Pass

• Form factor does not matter

The Platform

• Affordable (less expensive than the standard platform)• Efficient migration on a rollout basis• Flexible configuration• Online or offline use• Forensic wipe after each transaction (no local storage

on the Platform)• No retraining required• A single Pass can be used through any SolPass Platform

• Can be used in open environments

The GateKeeper

• Works with all current or future platforms• Works with existing rights management (if desired)• SolPass GateKeeperPlus provides granular rights

management• Serves as the trust broker and rights manager (if desired)• Easily configured to fully implement enterprise security

policy• Enterprise user data never stored outside the enterprise• Facilitates migration

You can make any device a SolPass device with three external components:

• Terminal drive-to-go

• certified Biometric sensor

• Pass

Partner Opportunities

The SolPass solution will be implemented through a number of partners:

• Consulting: To establish a baseline, review and advise on the security policies, and review and advise on the rights management scheme.

• Implementation and Integration: SolPass will license our solution to companies with the necessary skills to implement our solution.

• Managed Service: Partners would build our solution under license as their own infrastructure and offer managed services to their customers.

• Manufacturing and Engineering Services: To modify and manufacture existing devices (computers, tablets, smart phones, ancillary devices) to make them more secure.

• Sustaining Support Services: Companies that provide support services and have a proven track record in this area.

The Managed Service Solution

What Will SolPass Do For You?

• Assured identity verification– Biometrics based (only on the pass)– Individual, role or group member

• Rights assigned on the GateKeeper; stored only on the GateKeeper and the Pass

– Access control through the existing rights management system, or– GateKeeperPlus-executed granular rights management

• Enforces enterprise security policies (imposes no additional processes)• Access as granular as needed

– Internal users IAW enterprise security policy– Subcontractors and partners IAW enterprise security policy– Specialized controls– Transaction-based access

• Implementation at your own pace– Migration assistance with GateKeeperPlus Migration

– Measured investment• Platform independent

What Is Needed?

• Commitment• Education and Cultural Shift

– Many, including senior leaders, do not understand the threat– Anonymity and privacy are not the same, nor are they mutually

exclusive• The next generation of solutions:

– Biometrically enabled– Consistent and secure chain of trust from the user to the enterprise– Human out of the loop– Protection against malware– Assured rights management/access control– Standards compliance/interoperability– Auditing