Interpay Introduction

Company name | Interpay Co., Ltd. Location | Seoul, Korea Industry | Fintech, Security Homepage | www.interpay.kr Contact | biz@interpay.kr

Executive Summary

1. Technology

2. Trusted Authentication Platform (TAP)

3. TAP solution

4. TAP demo & benefits

5. Company History

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

Executive Summary

2

High smartphone penetration, spurring use of mobile transactions, coupled with recent financial deregulation have markedly increased the need for secure mobile transaction solutions. Interpay, receiving industry-wide recognition for its innovative TZ OTP and TZ SIGN solutions, is solidly positioned to answer the demand for secure and reliable authentication

TZ OTP and TZ SIGN, based the ARM® TrustZone® security architecture, are highly secure and user friendly solutions

TZ OTP resides in the smartphone, hence no need to manufacture a costly OTP token nor carry a cumbersome hardware which can be easily misplaced. More importantly, it is transaction sync’d using the high-end challenge and response convention to enhance the integrity of the data

TZ SIGN provides a higher level of authentication. Utilizing a Trusted Third Party to generate a digital signature, enhances the integrity of the transaction

The security of the service provider’s services are enhanced by processing all data in the secure TrustZone® isolated processing environment, and the use of an interface the effectively block key logging, screen mirroring and malware

Interpay has commercially launched TZ OTP through Korea’s leading credit card company and will be implemented on another client platform in the near future

In addition, financial settlement houses are currently conducting rigorous tests and reviews. Interpay expected the tests will yield positive results to significantly expand the Company’s market reach

Interpay aims create a single solution platform called TAP, which can be used from simple logins, money transfers, home security and more, thereby increasing user convenience while securely protecting sensitive data and service integrity

As Interpay’s expands its foothold in Korea, the testbed for many global IT companies, the Company plans to explore overseas markets to tap into the rapidly growing pool of ARM® TrustZone® security architecture embedded devices, currently estimated at over 400 million devices

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

1. Technology TrustZone® and TEE

3

REE1 TEE

Rich OS Trust OS

TEE concept

Trusted Execution Environments (“TEE”) Trusted OS houses the TEE, where all processing of sensitive data

are performed Separated from the normal rich operating system housing most

mobile apps, TEE is a secure isolated area providing security features such as isolated execution and integrity of Trusted Applications (“TA”)

Only a registered TA can access and process in the TEE, protecting the data from unwanted intruders

1. Rich Execution Environment: Most downloaded apps installed in this space: prone to hacking

TrustZone® Security architecture developed by ARM® , TrustZone® is a

dedicated security core on an Application Processor (“AP”) This system on a chip provides a virtual Trusted Operating System

(“Trusted OS”), where each Trusted OS is unique to each device AP Number of connected devices with the embedded architecture is

growing rapidly: projected to jump 2-fold to c. one billion devices

Interpay Interpay’s TZ OTP and TZ SIGN are TA solutions developed using the

TrustZone® architecture

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

2. Trusted Authentication Platform (TAP) TAP concept

4

Interpay developed a Trusted Application Platform (“TAP”), a smart and versatile platform

offering TrustZone® security, convenience and flexibility

Service Provider Interpay End user

Required verification Applications Medium

Possession

Transaction

Knowledge

Biometric

Digital

signature

Bank

Credit card

Securities

Portal

Home/building

security

Automotive

ID

·····

Login

Acct transfers

Mobile card

Stock order

Home security Intra company

report

O2O

IOT

Authentication Technology

OTP Signing TUI

Authentication Service

TZ OTP

LogTAP SendTAP BuyTAP

SignTAP

Desired task

····· TZ SIGN

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

3. TAP solution TZ OTP (One Time Password)

5

TZ OTP is a safe and cost-effective solution to widespread use of OTP, and answers the growing

demand for security and convenience

No need to carry a cumbersome separate OTP device

Significantly reduce OTP costs (no hardware): no production, inventory nor related costs

Maintain service integrity

Multi-purpose: conduct banking, credit card , stock transactions

TZ OTP

TUI protects sensitive personal and transaction data

Maintain high level of authentication confidence: 2-factor authentication (possession, knowledge) enhanced by transaction sync’d OTP

End user benefits

Servicer provider (Client) benefits OTP generated by a TA, which is activated in a TEE

Complex challenge and respond OTP algorithm; generate a transaction sync’d unique OTP

Safely complete transaction in less time

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

3. TAP solution TZ SIGN

6

TZ SIGN couples the highly secure transaction-based TZ OTP with the digital signature (non-

repudiation) from a Trusted Third Party (“TTP”) to maximize transaction security and authenticity

OTP KEY

Issue TZ SIGN

Service provider

ⓞ

①

② ④

④

③

TZ SIGN issue and registration

Transaction details and transaction sync’d OTP

Request transaction data verification and digital signature

Verify OTP and issue digital signature

0

1

2

3

Reply to request and execute transaction 4

Safe and convenient transaction execution

Private ID key stored in the smartphone (no need for separate device)

End-user benefits

Servicer provider (Client) benefits

Digital signature notarized from TTP

Non-repudiation on every transaction

High level authentication

Reduce transaction process (OTP + ID key)

Trusted Third Party

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

4. TAP demo & benefits

7

TAP

TAP TAP is a single platform capable of managing various authentication requirements TAP can be installed as an app or as a module in the Client app

Flexibility Authentication requirements set by service provider End-user conducts various authentication tasks with a single app in a highly secure, private

environment

Security Multi security layers protects sensitive data Only a specific Client app can initiate a TAP app residing in the end-user device Encrypted OTP and other data is sent from TAP app to server (end-to-end communication) Server verifies the Client app for integrity End-user verified through PIN or biometric Transaction sync’d authentication and digital signature enhances level of authentication

▶Shinhan Card ‘PhoneOTP’ with PIN

▶Shinhan Card ‘PhoneOTP’ with fingerprint

▶Samsung Card ‘AnsimOTP’ - commercialized

▶TAP Banking demo with TUI

▶TAP Payment demo with TUI

▶TUI with MHL cable

Demo Video Link (Click to view in Youtube)

Distribution of the contents of this presentation, in whole or in part, to any other third party is strictly prohibited

Partners & Clients

5. Company History

• January - Samsung Card selects TZ OTP for card authentication services

• February - Shinhan Card, world first to launch TrustZone technology based TZ OTP

- Invited to MWC 2016 to demonstrate solutions • March - Chosen by Shinhan Financial Group invites Interpay to participate in its second annual fintech program

- Received Innovation Award from ARM for development and commercialization of a B2C financial solution

• May - Presented at GlobalPlatform’s regional TEE seminar in Seoul

• June - Korea Financial Telecommunications & Clearing approves general use of TZ OTP

- Samsung Card launches mobile card with embedded TZ OTP solution

• July - Shinhan Bank signs MOU to use TAP

• September - Presented at Shinhan Futures Lab Demoday

• January 2013 - Registered as an electronic financial service with the Financial Service Commission

• July - Launched Paytok service

• November - Signed licensing agreement with Trustonic - Designated at a venture company by the Small & Medium Business Corp.

• December - Participated in a Financial Security Institute sponsored study to develop mobile transaction solutions

- Opened Paytok offline transaction service

• July 2009 - Establish Interpay

• May 2010 - Establish Paytok (mobile debit payment service)

• March 2012 - Completed buildout of Paytok system

• January 2015 - Presented at Financial Supervisory Service’s Fintech Forum

• March - Invited to MWC 2015 to demonstrate solutions

• April - KOSCOM, agree to jointly develop next generation authentication service

• May - Signed distribution agreement with Intercede

• August - Presented at the Financial Services Commission’s Fintech Demoday

• November - Shinhan Card agrees to use TZ OTP - Woori Bank signs cooperative agreement

• July 2014 - Completed development of TZ OTP - Opened Paytok mobile transaction service - Participated in a Financial Security Institute sponsored study to enhance mobile card security

• November - Completed development of TZ SIGN

• December - BC Card proved concept of payment system based on TZ OTP

- World first to develop TUI

2016 2014~2015 2009~2013