Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Presentation Title

VIEWS: 2 PAGES: 37

									ProofSpace Presentation
Data Authenticity Made Simple


February 2008
                      Agenda

                          • Company Overview / Business Partners
                          • Product Description
                                - Business Need & Catalysts for Change
                                    - Legal – Regulatory - Technical
                                - ProofSpace Technology
                                - Operational Overview
                          • Product Demonstration
                                - Baseline Products / Functionality
                                - Additional Tools / Functionality
                                - System Technology
                          • Questions


     ProofSpace
   Confidential –     2   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      ProofSpace Has the Best Technology for Proving
                      Data Authenticity
                      Mature Product - ProofMarkTM                   World-Class Technical Advisors
                      ►    Issued Patents                            ►   Dr. Guy Bunker
                                                                         Distinguished Engineer at Symantec responsible
                           — Transient Key Digital TimeStamp             for data security strategy
                             technology (US Patent No. 6,381,696).
                             Also issued in Australia, Israel &      ►   Dr. Taher Elgamal
                             Korea, and applied for in Canada,           Invented the SSL protocol and is one of the
                             Japan and the EU (PCT)                      world’s leading experts in cryptography

                           — System and Method for Widely            ►   Dr. Dan Geer
                             Witnessed Proof of Time (US Patent          Chief Scientist at Verdasys and a pioneer in
                             No. 7,047,415)                              information security and distributed computing

                           — System and Method for Graphical         ►   Ed Reed
                             Indicia for Certification of Records        Ex-Security Tzar at Novell, where he led security
                             (US Patent No. 7,210,035)                   product strategy and developed Novell's identity-
                                                                         based computing solutions
                      ►    Established ANSI Standard                 ►   Dean Tribble
                           — X9.95-2005 Trusted Time Stamp               Principal Architect at Microsoft and leading
                             Management and Security                     development of security and compliance features
                                                                         for Microsoft Exchange
                           — Standards-based solutions with
                             common APIs are easier for              ►   Dr. Gene Spafford
                             regulators to support because they          Purdue University professor whose research
                             facilitate customer choice and ease         focuses on computer and network security.
                                                                         Founder of Center for Education and Research in
                             of implementation                           Information Assurance and Security (CERIAS )
                           — ProofMark is the only X9.95 solution
                             that can be deployed as software
                             within the enterprise
     ProofSpace
   Confidential –      3
All Rights Reserved
                      Management & Advisors
                          Management Team
                          -   Paul Doyle - Chairman & CEO
                          -   David McClellan - VP & GM - Financial Services
                          -   Steve Lassig - VP Vertical Sales
                          -   Rick Summer - VP Channel Sales
                          -   Kurt Stammberger - VP Marketing
                          -   Yuxin Ruan - VP & Chief Architect
                          -   Paul Krappman - VP Product Management

                          -Board of Directors

                          -   Bob Hoyler - President, Centro
                          -   Ken Hunt - CEO & Chairman, VASCO Data Security
                          -   Jim Shein - Attorney with McDermott Will & Emory - Kellogg professor
                          -   Darrell Williams - MD, Dusable Capital

                          Business Advisory Board
                          -   Ed Gaudet – VP Product Management & Marketing, Liquid Machines
                          -   Mike Miracle - former head of business and corp. development, Veritas
                          -   Howard Schmidt - leading expert in forensics & security
                          -   Mike Aisenberg- leading expert in law & security


     ProofSpace
   Confidential –
                      4
All Rights Reserved
                      Business Partners




     ProofSpace
   Confidential –
All Rights Reserved
                      Agenda

                          • Company Overview / Business Partners
                          • Product Description
                                - Business Need & Catalysts for Change
                                    - Legal – Regulatory - Technical
                                - ProofSpace Technology
                                - Operational Overview
                          • Product Demonstration
                                - Baseline Products / Functionality
                                - Additional Tools / Functionality
                                - System Technology
                          • Questions


     ProofSpace
   Confidential –     6   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      What is Data Integrity?

                      Defined as: The consistency in state
                      and unchanged condition of a set of
                       data, or a record, from a point in
                        time where time can be proven.




     ProofSpace
   Confidential –
All Rights Reserved
                                       What is ESI?




                      Computers generate electronic records in a way that, in principle,
                      differs very little from the way this familiar toy works. Would you
                      accept a contract if it were memorialized on a Magna Doodle™? The
                      next time you look at an electronic record, ask yourself, “What makes
                      it reliable and how would I know if it is Authentic and or if it is not?
     ProofSpace
   Confidential –
All Rights Reserved
                      ProofSpace Overview

                      ► Proving  authenticity of electronic stored information (ESI) an
                          emerging issue for 2008 and beyond
                      - After years of scandals, corporations are increasingly distrusted by regulators
                        and courts. Since corporations have the technical ability and incentive to
                        manipulate electronic records, how do they prove they haven’t?
                      - Tougher legal standards emerging for managing and proving authenticity of
                        ESI
                      ► Our   patented technology, ProofMark, provides instant,
                          mathematical proof of the authenticity of ESI, no matter where
                          the record resides or who has controlled it
                      - We provide a “tamper seal” for data similar to what you would find on a
                        bottle of Tylenol or ketchup
                      - World class technologists agree ProofSpace has the best method for proving
                        data authenticity
                      - Business value: mitigate business and legal risk, enable cost savings,
                        strengthen trust with customers and partners




     ProofSpace
   Confidential –     9
All Rights Reserved
                                   Insider Risk Examples




                                       
                                                                 Proof of
                         Pick-6                            Good Conduct!
                        Scandal
                      Prevention and
                      Detection of                  Johnson&Johnson
                      Fraudulent                         Case
                      Behavior




     ProofSpace
   Confidential –
All Rights Reserved
                       Johnson & Johnson…
                      ….it is a business issue!!!
                                   - $23BB in single day




     ProofSpace
   Confidential –
All Rights Reserved
                      Technical Drivers: Existing Information Security
                      Controls Fail To Ensure Data Authenticity




                      Information security has built complex controls to “keep the bad guys out”.
                      But how does one prove that the controls worked flawlessly together over a
                        record’s life cycle, especially when the data is in motion? How does one
                        prove data is authentic, particularly when insiders control the controls?
     ProofSpace
   Confidential –
                      12
All Rights Reserved
                       Why Is Data Integrity A Problem?

                                          Security controls stop at the application layer
                      problem
                                                    Few controls exist at the content layer itself, so integrity is
                       1                            inferred based on data’s context and custody…but there is no
                                                    way to prove it

                                          Insiders control the controls and can do virtually
                      problem
                                          anything they want
                       2                            If one can get to the data or exert control over the controls
                                                    around the data…then all bets are off. Every organization
                                                    has people (eg, DBA, sysadmin) who have access to the data
                                                    and control the controls around the data. They can do
                                                    virtually anything they want, without detection. There is no
                                                    way to know if data have been changed

                                        Insiders often have economic incentives to manipulate
                      problem
                                        electronic records by exerting control over the controls
                       3                of the data
                                                   In the current environment, regulators often start with a
                                                   presumption of bad behavior. So how can a trusted insider
                                                   prove good behavior (prove a negative?)


     ProofSpace
   Confidential –
                       13   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Why Now? Data Authenticity Is an Emerging
                      Business, Legal and Technology Issue
                                                              Distrust of Corporate America
                                                Given the last decade of corporate scandals, regulators and the
                                                courts are increasingly presuming bad behavior and raising the bar
                                                for proving business record authenticity.
                                                • Mutual fund late trading
                                                • Options backdating
                                                • Earnings restatements
                                                • Subprime witch hunt



                           Regulatory Drivers                                                                         Market Drivers
                      Regulators are increasingly concerned                                               Current solutions are expensive and risky.
                      with data authenticity, because it                                                  • Expert testimony is easily discredited by
                      underpins their ability to monitor                                                    attacking the complex controls and
                      businesses, steward markets, and                                                      process. So many moving pieces must
                      protect consumers.                                  Data                              work flawlessly together over ESI’s life
                                                                                                            cycle, reasonable doubt is easy to
                      • Sarbanes Oxley
                      • Graham Leach Bliley                            Authenticity                         create.
                      • SEC Broker-Dealer rule 17a4(f)                                                    • Forensic analysis costs $1800 per GB, or
                      • 21 CFR Part 11                                                                      $100Ks for routine cases…in the hope
                      • Electronic Signature Act                                                            that your lawyers prevail. Antiforensics
                      • HIPAA                                                                               can make “any machine look guilty or not
                                                                                                            guilty …whatever I want”


                                                                         Legal Drivers
                                                Courts are transforming how businesses must manage and prove
                                                authenticity of electronically stored information (ESI).
                                                • Case law: Amex and Markel Insurance have evidence thrown out by
                                                  judges for failure to prove authenticity
                                                • Federal Rules of Civil Procedure now require firms to produce ESI
                                                  and email
                                                • Sedona Group publishing criteria in March 08 for proving
     ProofSpace
   Confidential –                                 authenticity of ESI that may be adopted by Fed. Rules of Evidence
All Rights Reserved   14
                      Trust in Corporate America Has Eroded




                                           Trusted insiders have the incentives and ability to alter
                                           electronic business records.
                                           Is it any wonder judges are demanding proof that business
                                           records are what they purport to be?

     ProofSpace
   Confidential –
                      15   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Authenticity As Legal Catalyst for Change

                           Court declines               Amex                               Lorraine        “Considering the
                           three times to                 v                                   v            significant costs
                              admit Amex’                                                                  associated with
                                  business
                                                     Vee Vinhnee                            Markel         discovery…it makes little
                                records as                                                                 sense to go to all the
                                 evidence                                      Case Law                    bother and expense to get
                            …even though                                                                   electronic information
                              defense had                                                                  only to have it excluded
                                   no legal                                                                from evidence …counsel
                                  counsel.                                                                 would be prudent to plan
                           - December 2005                                                                 to authenticate records
                                                            Federal Rules            Federal Rules         by the most rigorous
                                                                  Of Civil           Of Evidence           standard.”
                                                                                                               - Judge Paul Grimm, May 3,
                                                               Procedure                                                            2007



                                                                               Sedona
                                   Requires the                                Working
                             preservation of ESI                               Groups
                                 and “meet and                                               Sedona is now laying out principles for
                             confer” process to                                              how ESI should be managed in order to
                             formulate plan for                                              qualify as evidence…proof of authenticity
                            managing electronic                                              is a key issue…likely to form the basis for
                                      evidence                                               amendments to FRE.
                      - Amended December 2006                                                                           - Initiated May 2007


     ProofSpace
   Confidential –
                      16     ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Authenticity As Regulatory Catalyst for
                      Change




                               Regulators are increasingly concerned with data authenticity,
                               because it underpins their ability to monitor businesses, steward
                               markets, and protect consumers

     ProofSpace
   Confidential –
                      17   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Information Assurance CIA Model

                            Authentication                                                   Storage & Archiving
                             Authorization                                                   Back-up & Recovery
                            Access Control                                                   DRA & Business
                                                                                               Continuity
                       Digital Signatures
                                                                                              Classification & Index
                                 Encryption
                                                                                              Search
                                        Privacy




                                                                     Trusted TimeStamping




                                                     Integrity has been taken for granted –
                                              it is the least understood and least invested in.


     ProofSpace
   Confidential –
                      18   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      The Need for Data Level Controls
                                                                              “The security industry has been
                                                                              running backwards in our view –
                                                                              starting at the edge (perimeter)
                                                                             and working its way to the actual
                                                                                 point of the intent – the data
                                                                                    itself…the availability and
                                                                                       protection of the data is
                                                                                                      the core…
                                                                                             perhaps closest to
                                                                                             the core is a small
                                                                                         company (ProofSpace)
                                                                                              we’ve seen trying
                                                                                      to establish the integrity
                                                                               of the data itself with the non-
                                                                                        debatable tag of time.”

                                                                                                — Peter Kuper
                                                                                        Morgan Stanley analyst
                                                                                            in March 15, 2007
                                                                                                research brief




     ProofSpace
   Confidential –
                      19   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Data-Level Controls Drive Efficiency

                                                     Context-based
                                                     Inferential Controls                ProofMark is a data-level
                                                                                         control that provides
                                                                                         instantaneous proof of
                                                                                         authenticity, which
                                Complexity $ Cost


                                                                                         significantly reduces
                                                                                         complexity, risk and cost!


                                                                                 Data-level
                                                                                 Intrinsic Controls
                                                                                                      Time-Record
                                                                                                      Lifecycle


                                                    Over time, the context around a given data set or record grows.
                                                    …And so does the cost associated with proving authenticity.



     ProofSpace
   Confidential –     20   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Simple, Elegant Technology, With Many Use Cases
                      ►    Records, email and file archiving
                           ProofMark records and emails prior to archival or at legal hold. Improve efficiency of eDiscovery by
                           reducing legal expense, forensic analysis, and expert testimony on system controls.
                      ►    E-process enablement / Mortgage and Auto Loan Processing
                           Stop printing documents and using expensive storage facilities for “official” records, since ProofMarked
                           e-records have provable authenticity. Strengthen electronic signatures and digital signatures, and
                           enable electronic contracts.
                      ►    Check fraud / positive pay
                           Apply a ProofMark directly to an issued check and the receiving bank can instantly detect forgery. A
                           superior alternative to positive pay systems for the entire check processing ecosystem. Check fraud
                           losses in the US are estimated at$20 billion annually. ProofSpace filed a patent in January 2008.
                      ►    Regulated process controls
                           ProofMark FDA regulated controls for R&D (drug clinical trial data), manufacturing (enhance digital
                           signatures), transportation (regulated temperatures).
                      ►    Loan and insurance claim processing
                           Enable paperless mortgage and auto loan application and syndication, or prove authenticity of insurance
                           claims (eg, Katrina claims class action suit).
                      ►    Intellectual property
                           ProofMark IP (e-lab notebooks) to prove first to invent.
                      ►    SOX financial controls
                           ProofMarks financial systems (options grants), decreasing need for auditing to validate effective controls
                           and authenticity.
                      ►    Electronic voting
                           ProofMark e-voting machines to prove clean elections.

                           ProofMark adds value wherever it’s important to instantly prove the “what and
                             when” of an electronic event. ProofMark mitigates business and legal risk,
     ProofSpace
                              enables cost savings, and strengthens trust with customers and partners.
   Confidential –
                      21
All Rights Reserved
                      Integration Across the Information Life Cycle




                                    Legal Hold,
                                                  Create
                                     Deliver &
                                                  Content
                                      Prove

                                                                 Sungard
                                  Archive             Transact
                                     &                   &
                                  Recover             Exchange

                                            Store &
                                            Manage




     ProofSpace
   Confidential –
All Rights Reserved
                      The ProofMark System & Transient Key™
                      Technology
                                Provides a method for a self-validating proof of time

                                Creates cryptographic timestamps (ProofMarks) that
                                 never expire

                                Is immune from the compromise of secret keys

                                Is independent of a Trusted Third Party

                                Securely operable by an enterprise or a service
                                 provider

                                Is a fully distributed and scalable system

                                Easily integrates with OEM and customer applications



     ProofSpace
   Confidential –     23   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      ANS X9.95-2005 Trusted Time Stamp
                      Management and Security


                           • X9 Accredited by ANSI to develop
                             technical and procedural standards for
                             the financial services industry
                             (www.x9.org)
                           • 5 Methods
                                 - Digital Signature
                                 - MAC (commercially impractical)
                                 - Linked Hash
                                 - Linked Hash & Digitally Signed
                                 - Transient Key


     ProofSpace
   Confidential –     24   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      How It Works
                           • The ProofMark transient key technology system creates public
                             keypairs where the private key is an interval in time
                           • At the end of each time interval, a new keypair is generated for the
                             upcoming interval
                           • The new public key is signed by the old private key
                           • The old digest log is itself hashed - and this hash becomes the first
                             entry in the new interval’s digest log




                           • The old private key is destroyed

     ProofSpace
   Confidential –
                      25   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Sourcing Time & Cross-Certification
                           • Time values are obtained from a trusted time source (eg, NTP)
                           • Independent ProofMark servers regularly cross-check each other’s
                             time values and cross certify each other’s interval chains
                           • Cross-certification provides independent proof of the existence of an
                             interval (and its public key) at a given point in time, creating a widely
                             witnessed web of proof




     ProofSpace
   Confidential –
                      26   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Cross Certification Enables Scalable Deployment


                           • ProofMarks “strong as the strongest link”
                                 - ProofMarks are as trustworthy as those issued by the
                                   most reliable of the Cross-certifying Servers
                           • In contrast, PKI certificates are considered only as
                             reliable as the weakest cross-certifying authority
                                 - Compromise of a single PKI private key can destroy the
                                   trust-tree for the entire network, halting operations until
                                   every single key in the hierarchy can be re-issued
                           • Cross-certification enables a software deployment
                             within the enterprise line of business
                           • Such a software deployment is highly scalable,
                             especially relative to service-based models


     ProofSpace
   Confidential –
                      27   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Agenda

                           • Company Overview / Business Partners
                           • Product Description
                                 - Business Need & Catalysts for Change
                                     - Legal – Regulatory - Technical
                                 - ProofSpace Technology
                                 - Operational Overview
                           • Product Demonstration
                                 - Baseline Products / Functionality
                                 - Additional Tools / Functionality
                                 - System Technology
                           • Questions


     ProofSpace
   Confidential –     28   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      Base Line Products

                       • Web Services
                       • Enterprise




     ProofSpace
   Confidential –
All Rights Reserved
                      Base Line Products

                       • Symantec Enterprise Vault
                       • Lighthouse Global Technologies
                       • Cabinet NG
                       • ProofDoc
                       • ProofMail
                       • ProofMark On Demand




     ProofSpace
   Confidential –
All Rights Reserved
                      Product Demonstration

                       • ProofDoc
                       • ProofMail
                       • ProofMark On Demand




     ProofSpace
   Confidential –
All Rights Reserved
                      System Technology

                       • Scalability
                       • Performance
                       • Architecture
                       • Disaster Recovery
                       • Security
                       • Customer Service
                       • Infrastructure




     ProofSpace
   Confidential –
All Rights Reserved
                           ProofMark Software Architecture


                                      OEM Application                        ProofMark issue             ProofMark Server
                                                                             request


                                                                                                          ProofMark Servlets
                                    ProofMark Client API                        XML

                                                                              Newly issued
                                                                                               Application Server /
                                         HTML Servlets                        ProofMark
                                                                                                 Servlet Engine
                                                                                                                           Database

                                      Web/HTTP Server
                                                                              HTTP 1.1            HTTP Server

                                                                                                         OS (Windows, Linux)

                                                          ProofMark
                                                          generating
                                                            event




     ProofSpace
   Confidential –     33   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      The ProofMark System
                       • Forward                                • Irrefutable
                         Secure                                      proof of
                       • Reduced                                    state and
                         Private Key                                  time of
                         risk                                      existence
                                                    Digital
                                       Transient
                                                    Chain-of-
                                            Key
                                                    Evidence


                                          Cross     Widely
                                       Certificat   Witnesse
                                              ion   d
                       • Not                                    • No single
                         vulnerable                                point of
                         to insider                               attack or
                         risks                                       failure
     ProofSpace
   Confidential –
All Rights Reserved
                         ProofMark Check Fraud Solution: A Disruptive Technology

                          Current Positive Pay Solutions                                 ProofMark Secure Pay
                      ► Checks today have sophisticated controls                 ► ProofMark Secure Pay Solution creates a unique
                        imbedded into the check paper, but the controls            ProofMark identifier using the unique data from
                        don’t vary by check.                                       each check (routing number, check number,
                                                                                   payee, amount). It is printed on the check by
                      ► Fraud scenario: Criminal intercepts and “washes”
                                                                                   the check writer.
                        valid check for $4321, gives it to Victim as part of
                        “secret shopper” scam. Victim deposits check,
                        waits for it to clear, then wires $3000 to Criminal.
                      ► Current industry solution, called “positive pay”,
                        shields check writer and their bank, but not the
                        payee, victim, victim’s bank, or the Fed.
                               Victim

                                                 Victim’s
                                                  Bank
                       Payee                                                     ► When the payee/victim deposits the check,
                                                                                   each bank in the process can validate the
                                                                                   check in the ProofMark Forensic Repository and
                                                                                   verify that the payee and amount is valid.
                                          $                       Federal
                                                                                 ► Current feedback from several large banks and
                                                                  Reserve
                                                                                   SMEs is that our proposed solution appears to
                                 Criminal                                          be superior to existing positive pay solutions,
                                                                                   and could eliminate significant fraud damage,
                                                                  Positive Pay     estimated at $20B annually in the U.S.
                                                                    System       ► ProofSpace filed a patent for this solution in
                                                   Check                           January 2008.
                          Check Writer           Writer Bank
     ProofSpace
   Confidential –
All Rights Reserved                  35
                      Agenda

                           • Company Overview / Business Partners
                           • Product Description
                                 - Business Need & Catalysts for Change
                                     - Legal – Regulatory - Technical
                                 - ProofSpace Technology
                                 - Operational Overview
                           • Product Demonstration
                                 - Baseline Products / Functionality
                                 - Additional Tools / Functionality
                                 - System Technology
                           • Questions


     ProofSpace
   Confidential –     36   ProofSpace – Confidential – All Rights Reserved
All Rights Reserved
                      The ProofMark System
                             A Data Authentication
                                Software Solution




     ProofSpace
   Confidential –
All Rights Reserved

								
To top