Secure Communications Secured by TrustChip® Encryption Engine KoolSpan – Samsung S-1 Corp. (SafeTalk)

KoolSpan – SafeTalk Como estan protegiendo sus comunicaciones mas sensibles? Viajes al exterior (Monitoreo por parte de Gobiernos de cada pais) Movimiento Ejecutivo/Proteccion Despliegue de personal / Activos Postura de Seguridad Física Proteccion de data confidencial Cumplimientos Regulatorios Cumplimiento (HIPAA, SOX, FISMA, GLBA, Dodd-Frank Act) Politicas de Comunica Internas Informacion Clasificada

Many Attack Vectors Operator A Operator B Access at Network Facility Tower Spoofing Illegal Monitoring Unwanted Surveillance by a Foreign Government Hacker Exploit of Lawful Call Monitoring Taps 3rd Party Application Exploits

Suite de Productos WiFi TrustCall – Secure Voice TrustText – Secure SMS Trusted Platform WiFi Trust Satellite xI843tT 2Wz 8+/p #@RBvc Trusted Apps – Chat, Video (TDK) etc. Secure Data (TrustBox)

S-1 trabaja con Koolspan para proveer cifrado extremo a extremo de Voz, Texto y Data Encriptado movil de voz, texto y transferencia de data (archivos) de extremo a extremo utilizando smartphones via GSM y Wi-Fi para BlackBerry, Android y iPhone TrustChip® siendo la columna vertebral a traves de proteccion de hardware micro-SD Voz Segura, Texto y data a estandares FIPS 140-2 Trabaja con 2G, 3G, 4G and LTE Funciona entre diferentes Carriers (GSM or CDMA) Alcance Global: En mas de 150 paises TrustSuite = TrustCall, TrustText, TrustBox (data) Llamada se convierte en VOIP (data) = Ahorros Significantes ***

TrustCall Ecosystem TrustCall PC

KoolSpan Background - Oficinas Corporativas en Area de Washington, DC - Fundada in 2003 16 Patentes, 32 Pendientes NIST / FIPS 140-2 Solution Set Clientes de Gobierno y Comercial Clientes en mas de 60 Countries Soluciones Robustas y con varios Premios de Industria Mencionado en libros de espionaje y accion

Data Storage NAND Flash Componentes TrustChip® Hardened, self- contained security No puede ser reprogramado Todo en uno - autenticacion, adminsisttracion de claves y encriptado Soporte Multi- applicativo Puede ser Administrado Remotamente Compatibilidad amplia, microSD (USB con adaptador) Claves invulnerables al “rooting” del telefono Data Storage NAND Flash CPU Memory SD Interface Crypto Engine KoolSpan Firmware Hardened 32-bit Processor Secure Key Storage microSD “Mobile Encryption Engine”

Management Notification & Communications TrustCall Call Set Up Call Notification Management Notification & Communications Call Communications Call Set Up Device Discovery Carrier Network or WiFi Initiation 9 9

Core TrustChip functions: Remote Key Management/Enterprise Management: TrustCenter™ Enterprise or MSS Server Encrypted, Remote, OTA Management Manages keys, users and application config Each transaction uniquely encrypted/sequenced to specific TrustChip – Replay Attack protection All transactions have complete feedback loop MSS = Managed Security Services – typically provided by MSSP – MSS Provider Administrator portal access Automates adds, moves and changes Visibility into security status at endpoint Centralized control, distributed trust WinServer 2003 Core TrustChip functions: Add TrustGroup Installs new TrustGroup into a TrustChip Remove TrustGroup Deletes TrustGroup from a TrustChip Password Reset a user’s TrustChip password/PIN Stun Temporarily disable a TrustChip Destroy Keymatter “zeroized”, TrustChip inoperable

Caracteristicas de Administracion de Seguridad : TrustChip™ Two Factor Authentication Algo que tiene: El TrustChip Algo que sabe: PIN/Password hasta 120 Caracteres TrustChip puede ser bloqueado TrustChip <-> SIM TrustChip <-> Dispositivo TrustChip puede ser Inactivado/Destruido Remotamente

Remote Key Management/Enterprise Management: TrustGroups® Fireteam 2 TrustGroups® enable Communities of Interest (COI) to communicate securely KoolSpan All Proposal Team Senior Staff Sales Project X IT DoD-FBI FBI-NYPD TrustGroups® are… Collections of 1,024 256-bit Symmetric Keys Shared by all TrustGroup members Used for authentication Securely loaded OTA by TrustCenter Never exposed outside TrustChip during use Each TrustChip can support 45 TrustGroups There is no implied trust between groups Encrypted Key Storage

Use of Multiple TrustGroups® for Secure Voice Universal TrustGroup Operations Executive Alice Sr. VP Universal TrustGroup Information Systems Executive Dave VP Bob Director Operations Universal TrustGroup Carlos Partner Universal TrustGroup When Alice talks with Bob, the Universal TrustGroup is used, as it is the only TrustGroup they have in common. When Alice talks with Carlos, the Euro Bank TrustGroup is used, as it is a higher priority group. When Alice talks with another Euro Bank Executive, that TG will be used.

TrustCall Secure Voice IP-based (Carrier Networks, Wi-Fi, SATCOM (IP) Carrier-Grade: Official Secure Voice for AT&T (Encrypted Mobile Voice) Cross-Carrier: GSM (AT&T, T-Mobile, INTNL), CDMA (VZW, Sprint) Cross-Platform: Blackberry, Android (Various), iPhone (Q3/4) Hardware-Anchor: Defendable TrustChip Engine Low Profile: Standard Devices, Simple App, Discreet Chip Easy Management: Remote OTA (TrustCenter) Scalable/Flexible/COI Focus: (TrustGroups) Rapid Deployment: Relay Server SBU-Grade: AES-256 Encryption (FIPS 140-2) Peer-to-Peer: Seamless Encryption

TrustCall Secure Voice Low bandwidth consumption Approximately 16Kbps, full duplex 100 minutes of calling uses about 23.4MB of data Designed to support GSM Edge network bandwidth capabilities Low power consumption Only connects to relay server during calls Proprietary VoIP Gateway/relay server Very low overhead SMS/KNS used for call setup/peer call request Relay server provides rendezvous for users, but is not involved in peer to peer authentication/encryption Formerly known as One Vault Voice or OVV Discuss “encrytped” vs “Encrypted”

Enable Secure Mobile to Desktop conversations PBX Integration TrustBridge Enable Secure Mobile to Desktop conversations PBX Integration Cellular Operator Network/Internet Secure Voice <<UDP>> PBX Internal Enterprise Network SIP/RTP Secure VoIP Bridge Call Set up Notification Service

TrustChip Encrypted File Transfer Universal TrustGroup Mobile TrustGroup TrustGroups are granted and revoked

TrustChip Roadmap Where We’re at…Where We’re Going iPhone 4/4s and 5/5s: Jan 2013 - Launched Protective sleeve with an SD Card slot TrustBridge: Mar 2013 - Launched Enable secure Mobile to Enterprise conversations TrustText for iPhone: Q1 2014 – End of February Compatible with Blackberry and Android TrustBox: Q1 2014 – Beta now, End of February Launch Sending of encrypted attachments (file transfer and DAR) TrustCall PC: End of Q1 2014 Laptops, tablets, PC and desktop phone PKI Integration (Soft Certificates/HSPD-12): Q1 2014 TrustChip App Validation/Root of Trust: Q1/2 2014

TrustChip PKI Evolution Eliminate Smart Card Readers: PKI functionality organic to the TrustChip Low Profile: No sleds, sleeves or smart cards exposed from the device Hybrid Key Usage: PKI for authentication, TrustGroups for encryption Standards Based PKI: Hardware protected derived credentials Certificate Security: Certificates invulnerable to jailbreaking or phone rooting Remote Management: Add or remove PKI certificates via the TrustCenter Compatibility: Ability to perform PKCS#11 and PKCS#7 operations TrustAPI: Exposes PKCS#7, PKCS#12 and PKCS#15 drivers PKI Middleware: Open SSL standards-based crypto, standard crypto libraries Next Step: TrustChip w/Smartcard integrated circuit – Local loading of certs

Root of Trust – Application Security Hardware Anchor for Mobile Applications App Challenge and Response: Mutual authentication between TrustChip and apps to verify and validate that the TrustChip is present and is the correct device, and that individual apps are intact and have not been modified or tampered. Application Code Signing: TrustChip will serve as an anchor and secure repository for code/application signatures, allowing for the applications to self-validate or for management applications to invoke validation via application signature. Trusted Application Installation: Application installation system in which application packages are encrypted and wrapped with a special installation package that will only allow the application to be installed if the device has a TrustChip with the appropriate TrustGroup.

“Crypto-Enabling” Apps TrustAPI - TrustChip® Developer Kit (TDK) Simple set of API's and samples that allow for rapid TrustChip application development Integrated with application as “application layer device driver” Bilateral Protocol – Encrypted live sessions for two TrustChips Unilateral Protocol – Encrypted data streaming (such as multicast) or file storage Binaries licensed for redistribution Provides FIPS crypto for: Android J2SE+Native BlackBerry OS Win32/J2SE+Native Linux MAC OS Windows Mobile/Phone

TrustChip PKI Evolution - Roadmap Today – FIPS 140-2 Level 1 Suite B Algorithms added to TrustAPI TrustChip PKI Support using soft certificates deployed OTA from TrustCenter Suite B Suite B FIPS 140-2 Level 3 of current TrustChip Next Generation TrustChip with integrated smartcard Suite B “Derived credential” – NIST FIPS 800-157 Suite B Suite B FIPS+EAL TrustChip 2013-Q2 2013-Q3 Q4 2014-Q1 Q2 Q3 Q4

TrustChip Dispositivos Samsung Aprobados Galaxy S2 (I9100) Galaxy S2 (I777) Note (N7000) Galaxy S3 (I747) Galaxy S3 (I9300) Galaxy S4 Y demas dispositivos Samsung con MicroSD slot

Android Secure Voice Select Contact Choose “Secure” Or “Normal” Call Connected! Incoming Call Authenticating

Android TrustText – Secure SMS Launch TrustText App Reply Received Choose Contact Type Message Message Sent