© 2018 Cyphre Intellectual Property. All rights reserved. 1

CyphreLockUnassailable Encryption for Enterprise Cloud Data

Cloud services are increasingly popular among enterprises that want agile and ubiquitous access to information. While there are obvious productivity and financial benefits to moving to the cloud, heightened and growing concerns over data breaches from internal and external attackers make further movement of data to cloud applications risky.

CyphreLock delivers a modernized approach to high performance and scalable enterprise-class data encryption that enables expansive growth in cloud computing and solves core security challenges. Purpose-built for enterprise users who access, transmit, store, and retrieve data from cloud services and applications, CyphreLock serves as an integration point for consistent deployment of security policies for data at rest in the cloud as well as data in transit between cloud and enterprise access points.

Based upon Cyphre’s BlackTIE® technology, CyphreLock offers unassailable encryption and key protection that scales in multiple dimensions to deliver true digital safety protection for data in-transit, at-rest, and in-use within cloud computing, Internet of Things, enterprise/private clouds, and traditional enterprise infrastructure. With CyphreLock, enterprises can extend a diverse set of cloud services to their users while also assuring that these services rigidly adhere to policies and protections determined by the enterprise.

Nullify Breaches, Hacks, & Threats Cyphre’s BlackTIE® technology does not require a threat to be detected in order to instantiate protection. The nature of Cyphre’s blackened keys ensures that they are inert and indecipherable. Unlike other encryption systems, BlackTIE® Keys are never readable in plaintext, and never exposed to the host CPU, operating system, application software, or memory. Even if a threat event occurs and an attacker is able to access the main memory registers, Cyphre’s BlackTIE® Keys are still protected and rendered completely unusable.

© 2018 Cyphre Intellectual Property. All rights reserved. 2

Experrttlly Manage Keys Advanced crypto processing via the Cyphre Security Engine generates Cyphre Black Keys that are impossible to expose to hijacking or exploitation. Embedded Key Management Interoperability Protocol (KMIP) offers enterprises the ability to directly own, control, and manage their keys. A hardware-driven True Random Number Generator (TRNG) entropy engine achieves true randomness and cryptographic strength random numbers using the TRNG output as its entropy seed. The industry-first implementation of a “one-file-one-key protection” limits the “blast radius” and promotes powerful collaboration of secure objects.

Since Cyphre Black Keys are required to be encrypted using a Key Encryption Key (KEK), which only the cryptographic accelerator in CyphreLock is aware of, these encrypted Black Keys must be generated within CyphreLock itself. Once the cryptographic accelerator encrypts a key using its KEK, it means that the key is rendered useless for any other entity. It has a side implication that the encrypted Black Key gets bound to the particular hardware accelerator and cannot be used in a software-based cryptographic algorithm implementation.

Flexible Deployment Models CyphreLock delivers a modernized approach to high performance, scalable, robust, and unassailable encryption, enabling expansive growth in cloud computing and solving core security challenges. In order to address the needs of virtually any size organization.

CyphreLock CyphreLockEnterprise

CyphreLockFabric

© 2018 Cyphre Intellectual Property. All rights reserved. 3

Security Engine & Key Management • Cyphre Security Engine has individual algorithm o oad engine, freeing upload the primary processor to perform

other functions, while supporting: RSA, D e-Hellman, Elliptic Curve, AES 256-bit, MD5, SHA-256, ECDH-nist384p, Random Number Generator

• QorIQ Trust Architecture performs secure boot and session key protection• Key generation of 260k keys/sec (AES-256 FIPS compliant)• Single openssl application in multithreaded or multiprocess mode• Multiple openssl applications each of which could be multiprocess and multithreaded• KMIP / customer or included Cyphre KMS

Cloud Applications Support*: • Microsoft Azure and O ce 365 • Salesforce.com• IBM Softlayer & Managed Cloud Service• HP Helion• CSC Agility Platform• Blue Jeans Network

• Sunguard Availability Services• VMware VCloud Air• Oracle Cloud• SAP Hanna• Google Cloud Platform• Dropbox

*Current and future integrations listed. CyphreLink core is customizable for expansion into non-HTTP-based protocols, such as iSCSI, in order to extend BlackTIE® encryption to commodity and proprietary network-attached block storage systems

Identity Management & API • IAM integration via customer AD/LDAP• Programmatic access to authentication, key issuance, encryption / decryption services• Integration access for CSP, CASB, client development organizations, storage and network equipment,

and service providers

System Visibility & Intelligence • System Monitoring, Event, Ticketing, & Performance via Cyphre Encryption console

with Cyphre API, SIEM integration• Available security reports: Availability, Performance, Capacity, Utilization, Reaction to Scale and Security Events

Ordering Information Product SKU Description CEGaaS-UMK User Master Key CEGaaS-UFK-10K User File Key BT1-1K-HA-CEG-EL HA - Enterprise Infrastructure Pkg - 1K Avg Users BT1-10K-HA-CEG-EL HA - Enterprise Infrastructure Pkg - 10K Avg Users CSE-CEG-CL Enterprise Infrastructure Cloud Pkg -Site License CSE-CEG-KAL End User License Package (priced based upon number of end users) EL-1K-5Y Turn-Key Enterprise license package - 1,000 users - 5 year contract - payable monthly EL-10K-5Y Turn-Key Enterprise license package - 10,000 users - 5 year contract - payable monthly CSE-CEG-ES-PC Private Cloud / Enterprise Storage Pkg -Site License CSE-CEG--ES-PC-EFSS EFSS Application Add-On Requires CSE-CEG-ES-PC BT1-CEG-F3 Add-on: HA - Enterprise Infrastructure FIPS 140-2 Annual Upgrade BT-KMS Add-on: HA - Key Management Server - Site License BT-KML Add-on: End User License Package (priced based upon number of end users)

Support and maintenance services also provided. Please inquire with your account manager.

CTS-1000 Class / Model: Cleantech Server

© 2018 Cyphre Intellectual Property. All rights reserved . 4/18 4

Security Appliance Hardware Specifications Processor

Processor Type NXP QorIQ P4080 8 PowerPC core 1.5 GHz Memory

Architecture PC-1333 ECCDDR3 with Parity Configured RAM 32 GB

Network Networking Freescale DPAA Ethernet Ports 2 x 10 G Base-T and 2 x 1 G Base-T

Internal Storage Hard Drive Avago LSI MegaRAID 6GiB SATA/SAS RAID4x 2.5inch HDD or SSD USB Flash Drive Up to 3 USB 2.0 connections

Panel Connectors Network adapter 1 GB 2 RJ-45 for integrated 1-GB network adapters Network adapter 10 GB 2 RJ-45 for integrated 10-GB network adapters USB (front) 2 USB 2.0 (Supports video over USB) USB (back) 1 USB 2.0 Video HDMI Power 100-240V AC 50/60 Hz Proprietary BT1 Server Power Supply (BT1 Server -PS)

Power Supply Wattage 203 W @ Maximum Voltage 100-240V AC 50/60 HzMaximum Inrush Current Under typical line conditions and over the entire system ambient

operating range, the inrush current may reach 25 A for 10 ms or lessSystem Battery BR2032 3.0 V DC Lithium Coin Cell

Physical Dimensions Height Width Depth Weight Form Factor Weight

4.2 cm (1.75 in) 21.0 cm (8.25 in) 35.6 cm (14 in) 4.04 kg (8.9 lbs.) 1U 8.9 lbs. (4.04 kg)

Environmental Operating Temperature 10° to 45° C Operating Altitude –16 to 2,000 m (–50 to 6,561.68 ft.)Storage Altitude –16 to 10,600 m (–50 to 35,000 ft.)Fans Long-life, High-e ciency Fans with Variable Auto-speed Control Ultra-Low Heat Output < 410 BTU/hr (Per Server)

About Cyphre Headquartered in Austin, Texas, Cyphre cloud encryption technology provides the highest level of security for cloud data. Period. Product offerings include Encrypted Cloud Storage and Enterprise Collaboration services, Secure IoT Integration, and CyphreLock.

Learn more at: www.cyphre.com, follow us on twitter @getcyphre, connect on LinkedIn, and like us on Facebook.