Internet transaction and communication security

Introduces

Internet security today:

Cybersecurity today.

Trojan horses

Keylogging

Phishing

Impersonation

Malware

Bots

Worms

Viruses

Rootkits

Spyware

Recent breaches.

• Target– 70,000,000

• Facebook – 6,000,000

• Evernote – 50,000,000

• Adobe – 38,000,000.

• RSA – 660,000 to 1,000,000

• Zappos – 24,000,000

Today, this observation is all too true:

“A false sense of security is the only kind there is.”-- Michael Meade

Costs of cybercrime.

Cost of cybercrime surges to $113 billion.

Costs have climbed by an average of 78%.

Time required to recover from a breach has increased 130%.

In the United States alone, the annual cybercrime cost seen by the 60

businesses studied ranged from $1.3 million to more than $58 million and

averaged $11.6 million per company – an increase of $2.6 million from

2012. The average cost of cleaning up after a single successful attack was

$1 million.

But the costs of correcting data breaches are no longer the only

cause for concern. The legal consequences, such as class-action

lawsuits on behalf of third parties affected by such cyber attacks, are

a growing worry of business owners.

Cybersecurity today.

Today’s authentication scheme is 40 years old. It identifies its users from

one or a combination of the following elements:

1. Something the user has: computer, mobile phone or RSA key

2. Something the user knows: password, username, identification (PIN)

number etc.

Static authentication.

All authentication protocols currently in use have one common weakness:

They are static.

Static credentials are prone to manipulation and theft.

After several years of helping organizations investigate hundred of security

breaches around the world, Mandiant has found a constant:

100% of breaches involved stolen credentials.

And the average time until a breach is detected is 462 days.

Industry response.

Strong password

Two-factor authentication

Out-of-band verification. i.e. email, SMS, phone call follow-up

(very inconvenient and still only verifies initial login and doesn’t stop

Man-In-the-Middle intrusions)

Secure tunneling (SSL), disk or transparent encryption (AES)

Industry response is insufficient.

Reports of successful attacks on smartcard-based technology illustrate

that "true two-factor authentication is not possible without a physical

component that is not accessible digitally.”

-- Jaime Blasco, Director, AlienVault Labs

To overcome the limitation of static authentication – the weakness in digital

identity security – a new physical component is required.

But now there’s

Guardog has four elements that no other system has (think of them as

Guardog’s four muscular legs).

1

Guardog gives a user a physical element: a Guardog key which the user

inserts into his/her computer. This non-digital element, integral to a user’s

session with the service provider, is beyond the reach of any intruder.

The Guardog key is also available as a Smartphone app.

2

When a user logs in to the service provider, to authenticate who he/she is,

Guardog has the service provider authenticate itself back to the user. Since

this is the reverse of LOGIN, we call it NIGOL.

Login/Nigol starts a mutual authentication that we call . . .

The patented Guardog invention:

3

Cothentication™ does not stop at login. Instead, it continues throughout

every session. Each time a user makes a request of the service provider –

any monetary transaction or any transmission of information – Guardog

institutes another Cothentication. Guardog repeatedly verifies the user’s

and service provider’s identity.

4

Guardog’s Cothentication is dynamic, and based on 128 bit encryption

through randomly generated codes. Thus every exchange is different from

every previous exchange. This unpredictable characteristic defeats any and

every attempted intrusion.

1. The Guardog Key.

Guardog uses a unique and radically different approach to deliver the only absolute solution for Internet transaction and communication security. Guardog gives the user a physical element: the Guardog key, either as a USB key or as a Smartphone app which works in conjunction with the browser. By employing either of these physical elements, integral to a user’s session with the service provider, Guardog puts the session beyond the reach of any intruder.

1. The Guardog Key.

Simply put, the Guardog Key is a next-generation hardware security device.

It is designed to help all users achieve a higher level of digital security

simply and easily. The Guardog Key helps protect digital identity,

communications and transactions. It is a critical component in a state-of-

the-art closed loop security solution that leaves a would-be "Man In The

Browser" (MIB) and “Man-In-the-Middle” (MITM)...a "Man Out In The Cold!"

(MOITC).

2. The Guardog Server.

Mutual. The Guardog server “faces” both ways – toward the service provider

and toward the user. Guardog is a mutually trusted party.

It creates and validates randomized, “destination-aware” secure

communications and transactions.

Zero knowledge. Just as a dog guarding a valuable installation has no

knowledge of what’s inside, Guardog has zero knowledge of the Internet

transactions and communications whose security it protects.

3. The service provider (The Bank).

A service provider uses designated authentication servers to perform

special functions such as authenticating itself to the user and confirming

the user’s authentication back to the service provider.

16-step Cothentication process.

To begin a session with a service provider who has installed the

Guardog system, a user inserts his/her Guardog key in a USB port or

activates the Guardog Smartphone app in conjunction with his/her

computer browser. This sets in motion a 16-step Cothentication

process: the user authenticates himself/herself to the service provider

and the service provider authenticates itself to the user...all within

milliseconds. On step 14, Guardog "opens a gate" between the user

and the service provider. The gate stays open through step 15, then

closes on step 16...no time for a would-be intruder to get in.

16-step Cothentication process.

Once Guardog Cothentication is complete...

Only when these 16 authentication steps are complete does Guardog “open

a gate” or “open a window” between the user and the service provider, for

the communication or transaction itself.

Within a session, whenever the user makes a new request, these steps are

repeated. Once they are completed, Guardog opens another gate or

window, for this new communication or transaction.

Guardog visualized.

Imagine you are standing in front of a huge blank wall.

All of a sudden a window opens somewhere in the wall and an anonymous message passes through in a split second. Then the window disappears.

Then another window opens up in a totally different spot - and disappears.

It is never clear if and where another window will open.

That’s how Guardog works.

The message transfer cannot be spoofed, predicted or duplicatedbecause it is random, encrypted and dynamic.

This is Nuclear Launch Code Security.

AAF1267KL998MM6543)2

GHJ773121212KKJDCE34

AAF1267KL998MM6543)2

Competitive Analysis.

1. YubiKey

2. Safelock

3. Ironkey

4. iCloud Keychain

5. Smartcards

6. Public key/private key

Comparison.

Competitors Guardog

Strong password Non-transferable Dynamic Credential

2 Factor Authentication (RSA) Continuous Mutual Authentication

Out of Band Verification (email, SMS) Destination-aware Secure Messaging

SSL and transparent encryption (AES) Authenticated Encryption/Decryption

Encryption Key protected by password Encryption key protected by server and client side keys

END RESULTSIdentity fraud reduction Prevents identity fraud

Increased barrier of attacks Eliminates an entire category of threats

Mitigates the risk of impersonations

Provides physical control over digital xxxassets

Protects 100% of user accounts

Guardog API supports:

Operating System:

Windows Server 2008, 2008 R2, 2013, Linux

Web Servers:

Apache, IIS etc.

Database

MySQL, MSSQL etc.

Network Protocols:

TCP, HTTP, HTTPS

Development Languages:

PHP, Asp.net, C/C++, Java

In summary:

The old authentication

versus

the new authentication :

The existing Cybersecurity model:

She sat down at her computer and inserted her username and password

into her browser. Authenticated. She instructed her bank to move $150.00

from her checking to her savings account. She also sent a wire transfer to

her sister in California. She paid the bill for her American Express card and

instructed the bank to notify her of any payments over $200 as an

additional security measure.

Guardog’s Cybersecurity model:

She sat down at her computer and inserted Guardog’s patented

Guardog thumbdrive. She opened the browser for her bank Cothenticated

and Cothenticated instructed her bank to move $150.00 from her checking

Cothenticated to her savings account. Cothenticated She also sent a wire

transfer Cothenticated to her sister in California. Cothenticated She paid the

bill for her American Express card Cothenticated and instructed the bank to

notify her Cothenticated of any payments over $200 as an additional

security measure. Cothenticated

Protection of Intellectual Property.

Guardog technology is patented in the USA, Canada, China, Japan,

Australia and New Zealand.

In conclusion.

Cybersecurity has been solved.

The perpetual motion machine and cold fusion are next on our list.

Thank you.