Omlis Fact Sheet:Omlis Encryption Technology

www.omlis.com Private & Confidential

1 Private & Confidential

Current Encryption

The transfer of sensitive information from one place to another is subject to increasingly costly criminal attack and incidents of committed fraud. This is a particular problem for payment systems using mobile devices which cannot be kept behind firewalls and for any kind of communication that must pass through an insecure network (such as the internet or mobile telephony infrastructure).

Block-based encryption methods that are currently employed to protect sensitive payments (such as Triple-DES and AES) are entirely dependent on the security of the keys that are used. These methods employ the same keys repeatedly giving criminals a significant opportunity to obtain a key by using cryptographic analysis of data. Keys can also be obtained by breaching security (through bribery, extortion, theft, etc.).

Block-based encryption requires additional protocols to facilitate the exchange of keys, representing further opportunity for compromise, while the multitude of keys required for large number of clients can also be problematic.

Existing encryption methods require significant processing power to decrypt data. This requires powerful and costly central server infrastructure to handle encrypted communications from a large number of devices. Additional servers may also be required to handle key exchange protocols, adding further to costs.

The failure and limitation of existing encryption technology processes questions the traditional ‘bigger is better’ encryption philosophy. Omlis understands the limitations of current encryption technologies and offers an innovative solution that delivers a new encryption protocol offering unrivaled benefits.

Section Summary:

Fraud is dramatically increasing as mobile and internet centric payments increase

Block-based encryption is largely dependent on the protection of a single key

Existing encryption solutions place a significant burden on servers and infrastructure

ObjectiveThis fact sheet documents the failure and limitations of existing encryption technologies and shows how the innovative approach taken by Omlis in re-imagining encryption protocols offers a range of unrivaled benefits across a multitude of applications.

ContentsContents 1

Problem 1

Omlis Encryption Technology Outline 2

Security Strength 3

Implementation 4

Conclusion 4

Typical Use Cases 4

2Private & Confidential

Omlis Encryption Technology Outline

The most secure method of encryption, given a reliable source of unpredictable keys, is the “one time pad”. This type of encryption cannot be broken by cryptographic analysis, regardless of the scale of computing resources applied. The Omlis Encryption Technology uses “one time pad” encryption. This is used to encrypt small packets of data using unpredictable keys which are generated by the sending device (e.g. a mobile phone).

Each key is unique to a specific user, device and transaction and is created and used within a short time frame. This approach ensures minimal opportunity for data harvesting (to obtain keys) or for security to be breached. Exchange of keys is an integral part of the Omlis communication protocol and thus no additional key-exchange infrastructure is required. A system of tokens is used to provide secure identification of the device from which secure communication originates.

The Omlis key generation method utilizes a plurality of variables. Some will come from user input, others will be variables associated with environmental conditions on a device. The device contains the defining parameters of a plurality of scrambling functions and by using the variables can calculate a plurality of scramble values. Each scramble value comprises a combination of environmental variables combined in accordance with one of the plurality of scrambling functions. The Omlis encryption system also includes the process to produce a scramble code and generating the encryption key from the scramble code itself. This unique method ensures that keys cannot be predicted at all, eliminating the one possible attack against “one time pad” encryption.

Section Summary:

Inherently secure encryption via “one time pad”

Truly random key generation using one-way transformations on environmental variables

A unique token is used for identification of users, devices and transactions

...7315231113...

Light Lumens 123

Omlis Product Algorithm

Seed Feed

Subtractive Encryption

EncryptedPackage Transmitted

Output

Encryption

Environmental Variables

ID Token

Key

3 Private & Confidential

Omlis technology re-examines the fundamental equation P=NP (which asks “Is something that is easy to find, easy to check?”). By inverting this to become (NP=P) stating that something that’s hard to find is hard to check, it is possible to create an algorithm that uses NP inputs. By feeding these into itself, which is also NP in characteristic, an isolated and totally secure environment is created, which derives a P. This P is a pseudo-random number and is imaginary in character, only reflective of a process whose values are also defined by an imaginary group that is different in each running of the algorithm. By doing this the “one time pad” we create is unique and truly unpredictable. If a malicious party wished to predict this number they would have to work out the values of the two NP inputs used to create it – which means that the NP=P process would be reversed and fed back through the P=NP. It would need a computer far more powerful than any available to work out the actual number and even ‘big data’ analytics of inputs to the algorithm and output encryption data would not be reflective of the process, hence no pattern can exist.

As the key generated by the Omlis method is the same length as the “plaintext” data being encrypted, there is no need for a complex multi-stage encryption/decryption algorithm. This is a major advantage for a system handling encrypted communication from a large number of devices, such as a mobile payment system. The processing load for key generation is distributed among all the devices in the network and, as a result, does not burden the central server.

Security Strength

Encryption methods are conventionally assigned a security strength rating in terms of the effective number of bits in the encryption key. As an example, Triple-DES offers 112 bit security. This security strength rating indicates the number of calculations required to extract the key from encrypted data using a “brute force” attack (one that tries every possible key in turn). As computing speeds increase exponentially (Moore’s law) it is only a matter of time before the encryption methods currently in use are no longer secure. Quantum computing even suggests that it will eventually become possible for every key permutation to be given simultaneously; prompting systems to utilize larger sizes of keys. This will, in turn, require even more significant processing power for encryption and decryption before eventually falling short in the quantum age.

The Omlis Encryption Technology offers security by utilizing a “one time pad” for encryption. The key length is identical to the data length, there is no way to obtain the “plaintext” without knowledge of the key, regardless of the available computational power. This encryption method will never become obsolete provided that the key generation for the “one time pad” is seeded via truly random inputs – as is the case with Omlis.

Proof of the un-breakability of a “one time pad” type of encryption was provided by C.E. Shannon in 1949 in “Communication Theory of Secrecy Systems”. The assumptions under which this is true are: that the key is truly random (i.e. unpredictable); that the “plaintext” and key are the same size; and that the key is only used once. Omlis ensures truly random keys through use of our unique key generation algorithm - Data is split into packets of 128 bits and encrypted using a key of the same length (128 bits) and our secure communication protocol uses each key only once.

NP=P

P=NP

Section Summary:

As computing power increases exponentially, current encryption techniques become more vulnerable and easier to break

The Omlis “one time pad” can not be broken; even with infinite computing power

Omlis key generation occurs within a mobile device rather than overloading central servers

4Private & Confidential

Implementation

The Omlis Encryption Technology comprises two main software elements. A client element is installed on the sending device, this generates keys and handles the communication protocol. This is termed the “black box” as it is protected from access by security measures. The “black box” communicates with the Omlis Managed Services installed on a server, which in turn manages keys and transaction tokens for all Omlis-enabled devices in a network.

Software in the Omlis implementation has been developed using high-integrity software tools (SPARK Ada). These tools are typically used to develop safety-critical software used in aircraft, nuclear power stations and financial infrastructure. This approach ensures the Omlis software is not vulnerable to attacks, for example buffer-overflow attacks, that are used to breach the security of software developed using low-integrity tools.

ConclusionOmlis protocols represent a paradigm shift in encryption technology offering a multitude of unrivaled benefits over existing encryption solutions.

Typical Use Cases

Third Floor, Tyne House, Newcastle upon Tyne, United Kingdom, NE1 3JD

+44 (0) 845 838 1308 info@omlis.comwww.omlis.com

Secure payments from mobile devices

Device identification Merchant channel to take payments

Secure data entry on a software encrypted keypad

Secure web payment transactions

1

2

3

4

5

6

7

8

9

0Ne

xt

3

9

222

ext

3

9

3

6

xt

2

xt

3

9

3

955

22

511 555

2

Nex

Nex44

777

8

00NNeNe

xt444 82 4 1 22 4 1 2

Private & Confidential