DS9 Document EFTA01207240

Lane Trusted Identity & Authentication Management. February 2015 EFTA01207240 IperLane Vision IperLane manages identities for enterprises, restoring customer privacy while eliminating the burden of safely storing Pll and proper implementation of authentication Behavioral authentication leveraging the device as an "identity token" Identity tokens replace stored PII, sparing huge enterprise liability Continuous monitoring & anomaly detection on hardened databases EFTA01207241 Current Market Failures G O Enterprises are typically inept at both maintaining secure databases and properly implementing strong authentication Maintaining Pit represents a massive enterprise liability, particularly in light of new regulations regarding data breaches Consumer-facing firms ill-equipped to properly design security Trend towards unified logins via social media (eg Facebook) Consumers increasingly want control over their digital identities EFTA01207242 Significant Market Opportunity Iperlane sits at the intersection of high-growth markets in security: A Identity & Access Management: Driven by demand for Identity-as- a-Service as companies transition to cloud environments A IT Securny Outsourcim: Driven by the growing complexity and resource burden in IT security A Lyber insurance: High-profile data breaches fuel necessity of and demand for cyber risk coverage Sources: Gartner, IOC, Marsh Nearly $45bn opportunity by 2018 0 $21 bn $45bn 1 2014 2018 IAM Cyber Insurance IT Security Outsourcing 4 EFTA01207243 Identity & Authentication Landscape IperLane sits in the nexus of IAM and cyber risk transfer User/Device Fingerprinting AON 01 MARSH C_ LOCKTON Willis F RTER AIG ThreaMetrix. BehavioSec O41STP 0ET.Q ® iovatfoit Ipe TRAVELERS' Lane •>> simeio PingIdentity' ,nonY FORGEROCK YCROFT Centrify Cyber Cloud-based Insurance IAM EFTA01207244 Our Solution SDK for mobile applications to manage user identities ► Facilitate seamless authentication for users while managing security backend for the enterprise ► Provide enterprises with a secure channel to an optimized identity database allowing them to associate tokens with real identities EFTA01207245 Our Solution, continued ► State-of-the-art encryption and tokenization ► Cutting-edge OS-level protection ► Behavioral anomaly detection to prevent data leaks Verify Behavioral Authentication Manage Identity Tokenization EFTA01207246 Behavioral Authentication Leverage smartphone sensors (e.g. accelerometers, gyroscopes) & regularly collect sensor data to: ■ Authenticate users without the need of entering multiple passwords ■ Detect device tampering or theft ■ Correlate geolocation, address book & other data to verify consistency EFTA01207247 Identity Tokenization Decouple sensitive information to reduce risk: ■ Maintain an encrypted database with Pll ■ Associate anonymized tokens to database records and only expose tokens to the customer ■ Monitor database access behavior to spot potential attack s ■ Augment database security with market-leading OS-level protection to prevent attackers from utilizing known malware against our system EFTA01207248 Who We Are Our team has extensive experience, technical understanding and a sizable professional network in information security Experience in offensive security research grants unique insights Vincenzo lozzo ■ iOS Hacker's Handbook co-author ■ Black Hat Conference Review Board member ■ Recipient of DARPA Cyber Fast Track grant Kelly Shortridge ■ Co-lead of data security & analytics coverage at Teneo Capital ■ NYU Poly Cyber Symposium advisory board member Joi Ito ■ Director, MIT Media Lab ■ Board member of NYTimes & Sony ■ Board advisor, Stellar ■ Early investor in Flickr, Last.fm & Twitter EFTA01207249 Capital Raise Our seed round will grant us a runway of approx. 12 — 15 months ■ Basic authentication & identity management SDK [ Initial Partnerships ■ Hardened database based on a blend of proprietary technology and CockroachDB ■ Data Scientist / Chief Scientific Officer ■ Technical Developer / CTO ■ Insurance providers to transfer data breach risk ■ Potential high-growth SMB customers (e.g. Etsy) EFTA01207250 The Next 12 - 15 Months Develop legal framework to transfer customer's Pll risk to IperLane Hire CTO & Chief Scientist Winter 2014-15 Resolve potential compliance and regulatory issues Spring 2015 Begin Series A Go to Market Summer 201 5 Fall 2015 Develop behavioral authentication Finish mobile SDK for Android & iOS Develop hardened database Integrate compliance & regulatory requirements EFTA01207251 Summary ► Trusted identity management for enterprises, restoring customer privacy while eliminating the burden of safely storing Pll and proper security implementation ► Significant ($45bn), high-growth market opportunity in outsourcing identity & access management ► Highly differentiated offering through industry- leading mobile security and authentication expertise EFTA01207252 Lane Trusted Identity & Authentication Management. EFTA01207253 Appendix Product Mechanics Register Device Accept/Deny • IperLane ■ Aft 6061:10:13 Data • User registers, selects username and generates a temporary password • IperLane begins to collect data to build a comprehensive user profile in less than 24 hours • Every 2 to 4 hours, IperLane receives geolocation, accelerometer, gyroscopic and other data from the user's device • IperLane acknowledges or denies authorization requests based on profile data received EFTA01207254 Appendix — Product Implementation Authentication SDK di 0 User Authenticates User & Customer Interact Customer 4 42 Confirm / Deny Authentication Full Product Offering 1 User IperLane Authenticates 0 2 411 User & Confirm / Deny Customer Interact Authentication 3 Exchange of I Tokenized Data or / Transient Pll /Customer 4 16 EFTA01207255