Shapes and Hairlines

Arrows

Hairlines / Dividers

100%

80%

Text 50%

Usher Mobile Identity Platform Deliver biometric-caliber security across the enterprise

2

Traditional Forms of Identity are Failing The inherent weaknesses of physical IDs and passwords are primarily to blame for the $250B lost to fraud and the $110B lost to cybercrime each year.

Physical Badges and Cards

Usernames and Passwords

Lost | Stolen | Counterfeited | Falsified | Misused

Cracked | Intercepted | Phished | Guessed | Keylogged

28M stolen passports and national ID documents in circulation in 2011

76% of data breaches are caused by exploited passwords

3

Mobile Identity is the Solution Usher replaces traditional forms of identity with biometrically-secured mobile identity, thereby eliminating identity-related fraud and cybercrime. It compounds four big ideas to deliver a comprehensive, industrialstrength identity solution for businesses, universities, and governments.

1 2 3 4

Dematerialize physical IDs into mobile software.

Link each mobile ID to its owner using biometrics.

Extend the use of mobile ID to applications, entryways, and transactions.

Deliver identity as an enterprise-class utility.

4

Mobile Identity Big Idea 1: Dematerialize Traditional IDs Dematerialize physical forms of identity into a consolidated mobile identity.

Mobile Identity

Traditional Identity

• Impossible to verify • Can be lost, stolen, and counterfeited • Static and never up to date

• Electronically verifiable • Never lost or stolen • Always accurate and up to date

5

Mobile Identity Big Idea 2: Link Mobile ID Link the mobile identity to the person biometrically, to the phone cryptographically, and to ID systems dynamically through out-of-band channels. These links make the mobile identity always accurate and impossible to counterfeit or steal.

Cryptographic Link Only designated phone(s) can use the mobile identity

Biometric Link Only the owner can use the mobile identity

Dynamic Link The mobile identity is always up-to-date and valid

6

Mobile Identity Big Idea 3: Extend Biometric Mobile ID Extend the biometrically-secured mobile identity to every application and business process. Enterprises will transform how they validate identities, access systems and entryways, and authorize transactions.

Personal ID

Verify anyone’s identity

Type Usher code

Cyber Security Scan Usher stamp

Physical Access

Transmit Usher signal

Transactions

7

Log in to applications

Unlock entryways

Authorize transactions

Mobile Identity Big Idea 4: Deploy Identity as a Utility Usher is the most comprehensive mobile identity platform in the world. Its four components work in parallel to provide enterprises with an industrial-strength identity ecosystem.

Usher Mobile

Usher Intelligence

Usher Manager

Usher Vault

The mobile app that replaces physical forms of identification.

The application that analyzes identity activity across the enterprise.

The administrative control center for managing the entire Usher system.

The secure server that provides out-ofband ID flow and encryption.

8

Usher Mobile Usher Mobile is an elegant and powerful mobile app that lets users validate credentials, access applications and entryways, and authorize transactions using five identification panels. Validate Identities

Key panel Bluetooth panel Log in to Applications

Site code panel

Unlock Entryways

Usher Badge Authorize Transactions

Validation panel 9

Usher Mobile: Validate Identities An industrial-strength security checkpoint in every user’s pocket

Verify identity in person

Verify identity over the phone

Validate group affiliation

Broadcast identity to anyone near you

10

Usher Mobile: Log in to Applications Usher strengthens cyber security by replacing passwords with biometric mobile identity.

Log in to web applications without passwords

Automatically lock and unlock workstations using Bluetooth

Strengthen SSO systems and implement mobile app SSO

• As simple as scanning a QR Code or approaching a computer with a smartphone • No passwords to be managed, reset, or stolen • Usher sends the user’s identity to the system via out-of-band, PKI secured channels

11

Usher Mobile: Unlock Entryways Secure every entryway with biometrics while offering greater convenience and manageability than physical keys. Tap an Usher Key

Scan an Usher Stamp

Automatically unlock doors with Bluetooth

12

Send temporary keys to others

Usher Mobile: Authorize Transactions Authorize transactions without payment cards and security questions. Usher provides additional factors of authentication or on-demand biometric validation for additional security.

Make Payments In Stores

Make Payments Online

13

Authorize Transactions Over the Phone

Usher Intelligence Usher Intelligence provides complete visibility of all identity actions across an enterprise in near realtime, allowing for better management, cyber security, and auditability.

Capture

Analyze

Control

Individuals | Groups

Cyber security | Resource management

Identity Actions Name | Action | Location | Resource | Time Periodic Location Tracking Name | Time | Location

14

Usher Intelligence: Capture Activity Across an Enterprise All identity activity is captured and stored in the Usher Intelligence database, including the type of activity, time of activity, user location, and user credentials. All activity is available for analysis. Map View

List View

See enterprise-level activity on a map.

Select an individual for more details.

15

Usher Intelligence: Analyze Individual Activity Drill down to see the trail of activity for an individual throughout the day. Automatically capture a user's location periodically or only when he uses his Usher badge.

16

Usher Intelligence: Analyze Group Activity Filter to monitor and analyze specific groups of people, such as everyone in a certain location, everyone with a specific skill set, or anyone currently online.

Select a group by filtering on any credential

Select a group by lassoing its location

Firefighters | Status: Online | Hazmat Certified

Police | Status: Online | Closest to the accident

17

Usher Intelligence: Control Systems and Resources Analyze the volume and timing of access requests for entryways or applications and set up proactive alerts when abnormal activity is detected. Cyber Security

Resource Management

Detect abnormal activities such as irregular usage patterns, after hours access, outlier activity, or users who seem to be in two places at once.

18

Usher Manager Create, configure, and manage Usher mobile identities and control the entire Usher ecosystem.

Generate branded badges and keys for individuals, groups, or the entire enterprise.

Set the frequency with which users must biometrically revalidate themselves.

Share temporary keys with visitors to manage guest access.

Remotely distribute and revoke badges and keys, instantly.

19

Usher Manager: Multi-Fencing Set powerful access controls and layer them in any combination for heightened security.

Geo-fencing

Time-fencing

Bio-fencing

Dual authorization fencing

Restrict access to a system or entryway based on a user’s location.

Limit the times at which users and groups can access systems or entryways.

Set high-security systems and doors to be accessible only after a biometric check.

Require specific systems and doors to be only accessible if two or more people submit simultaneous requests.

Within 500 feet of HQ

Mon. – Fri., 9:00 AM to 5:30 PM

Voice print required on-demand

20

Two VP-level or above must authorize at same time.

Usher Vault: The Core of the Usher Architecture The Usher Vault is a high-performance, highly scalable, highly secure server system that synchronizes identities with enterprise IDM systems of record and presents those identities to Usher clients.

Provides IDs to Usher Clients Securely relays IDs to mobile devices, applications, and entryways upon request using encrypted connections.

Controls ID flow Provides out-of-band communication pathway for IDs, and enforces geo-fence, time-fence, and biometric revalidation controls.

Synchronizes IDs with repositories Connects to existing ID repositories using prebuilt connectors or customizable connectors, guaranteeing the validity and accuracy of all IDs.

21

Usher Vault: Out-of-band Communication Usher's architecture provides a unique flow of identities between clients. The Usher Vault serves identities to requesting clients through encrypted out-of-band channels. personal code. 1 Generate 2 Every time an Usher ID is opened, Usher Mobile generates a time-limited personal code.

Offer personal code. To present an ID to another Usher client, the user offers his personal code to the client via an Usher Code (time-limited PIN), Usher Stamp (time-limited QR code), or Usher Signal (Bluetooth).

3

22

Capture and submit code. The receiving Usher client captures the user’s personal code and submits it to the Usher Vault.

ID. 4 Receive The Usher Vault returns the user’s ID to the receiving Usher client over an encrypted link.

Usher Platform: Three-Factor Authentication Usher provides a multi-factor authentication system to ensure that an Usher mobile identity cannot be compromised or stolen. Something You Know

Something You Have

Something You Are

Phone pass codes ensure that only the owner of the phone can use it.

PKI certificates ensure that only a phone registered to a user can ever authorize the Usher Vault to present his ID.

Voice print and face print ensure that only the owner of the mobile identity can use it.

23

Usher Platform: Phone Security Five layers of security protect identities if a phone is lost or stolen.

Layer 1 Phone pass codes

Layer 2 Finding or wiping the Phone

Layer 3 Deactivating Usher

24

Layer 4 Biometrics

Layer 5 Encryption