1

Anonos Granted U.S. Patents For Cybersecurity Innovations

That Enhance Both Data Privacy And Value

Dynamic De-Identification and Anonymity eliminates, for the first time, tradeoffs between protecting individuals anonymity and maximizing the value of underlying data

Washington, DC July 9, 2015 Anonos, Inc. (www.anonos.com), the inventor of technologies that unlock the true value of data without compromising privacy, announced today that it has been issued U.S. Patents for its pioneering solutions to architecturally enforce controlled conditions capable of satisfying even the most stringent United States and European Union data privacy regulations. Anonos CEO, Gary LaFever, commented, The biggest data security challenge confronting global enterprises in the medical, pharmaceutical, finance, and consumer markets is protecting individual privacy without sacrificing the value of that data. Stringent United States and European Union privacy regulations have forced an unacceptable but, until now, necessary trade-off between either more privacy and less value or more value with insufficient privacy. Anonos patented and patent-pending technologies solve this problem for the first time, unlocking the value of data while substantially increasing privacy and security by reducing re-identification risk to near-zero. Anonos technology and intellectual property works by producing de-identified, but fully usable, data with no greater likelihood of re-identification than that of highly encrypted data. Yet, while Anonos is fully compatible with all methods of encryption, it neither relies upon nor requires encryption itself. Rather, Anonos architecturally enforces desired levels of data privacy, security, and value, while enabling authorized, trusted third parties to enforce policies at a granular data element level using a much wider range of quantifiable policy controls than previously possible. Anonos solutions thus unlock the true value of data, transforming it into business intelligence by replacing old-style static access controls with technologically enforced dynamic permissions applied per-element and per-use instead of across entire records or applications. This dramatically reduces the value of data to attackers, while enabling compliance-driven access controls and protecting personal information from unauthorized and inappropriate use. Anonos Dynamic De-Identification and Anonymity / Just-In-Time-Identity (JITI) technologies and intellectual property:

1. Enforce privacy policies: Dynamic and concurrent architecturally enforced policies enable access control per data element and table instance, with unlimited instances available simultaneously on demand.

2. Enhance security: Source data is intentionally worthless to unauthorized parties and freely portable when decoupled from the JITI enforcement ecosystem, even in cases where super users have broad visibility due to revocation of ephemeral key credentials.

2

3. Enable privacy / security respectful innovation: Data utility is maximized as a matter of policy, compliance, commercial, and societal objectives, without hindrance by restrictive and inflexible security controls.

Potential Use Cases / Applications of Anonos Technology and Intellectual Property Data Breach (Hack) Damage Reduction: Organizations like Anthem*, Target*, Home Depot* and even the U.S. Office of Personnel Management (OPM) suffer when their facilities are breached (as do their millions of subscribers / customers / citizens whose identities are hacked) and data is kept in unencrypted form to enable use of the data. As a result, attackers can gain unauthorized access to personal data in cleartext form i.e., unencrypted information that is in the clear and understandable. In contrast to standard encryption, which is generally fully on or "off," or traditional data masking techniques which do not protect data at the database level, Anonos Just-In-Time-Identity (JITI) technology and intellectual property could help protect against data loss from external breaches without losing use of data for authorized purposes within the organization. With JITI, an attacker may gain access to data but would not gain access to JITI keys (kept securely in separate virtual or physical locations) necessary to reveal personal information. Protection of Credit Card User Identities: The January 2015 Science* journal (see http://www.sciencemag.org/content/347/6221/536.abstract) includes a three month study of credit card records for 1.1 million people that shows four spatiotemporal points are enough to uniquely re-identify 90% of credit card customers. Anonos Dynamic De-Identifiers (DDIDs) could de-identify credit card customers for each transaction providing a Just-In-Time-Identity (JITI) for each transaction. As a result, customers could not be re-identified by means of correlating static anonymous identifiers. The Anonos approach makes limiting the ability to single out, link or infer a data subject a policy choice instead of a statistical risk. See http://www.anonos.com/unicity for an interactive version of this example. Mobile OS tools: The trend between the two major mobile operating systems, iOS* and Android*, is to encrypt personal data both on the device and in the cloud environments of the platform operators. Application developers, however, are generally free to bypass these controls, either by using their own libraries for interaction with data-driven applications, or by using proxies and VPNs to conceal their information queries. A privacy-friendly mobile OS could be built whereby no data interactions were permitted unless they were enabled via Anonos Just-In-Time-Identity (JITI) keys. The platform operators would therefore be able to define quantifiable and enforceable conditions under which lawful intercept; search and seizure would be permissible, without the present risk of leakage and casual browsing of personal data by unauthorized users. Data subjects could therefore choose whether or not to share personal data not based on vague promises and murky assurances, but instead based on concrete evaluations of the governance policies surrounding lawful intercept. Control could therefore be returned to the data subject, and informed choices and consent could both be possible and revocable at any time and for usage of personal data within the mobile ecosystem. At the same time, technology companies and platform operators could have a positive, constructive conversation with regulators about conditions under which authorized disclosure would be permitted, and cascade those back down in plain, simple language to the end users whose data would be affected.

3

About Anonos Anonos solves the problem of delivering data privacy and security while empowering users to leverage the full power of their data. For companies, Anonos technology and intellectual property can transform information at the data element level to deliver security while preserving the value of underlying data for deep analysis. For individuals, Anonos tools can provide controls for data subjects to share information in a controlled manner that allows them to receive personalized information, services and offerings, while protecting against misuse of their data. Anonos patented and patent-pending technologies and intellectual property obscure and anonymize information at the data element level while preserving the full value of all the underlying data (see http://www.anonos.com/data_scientist_privacy_analysis). Anonos Founders Gary LaFever and Ted Myerson helped revolutionize data risk management protection for worldwide financial markets with their prior company, FTEN. In 2010, NASDAQ acquired FTEN, where its solutions today form an integral part of real-time data risk management technology around the globe for financial markets. Anonos was granted U.S. Patent Nos. 9,087,215 (Application No. 14/529,960, see http://www.anonos.com/us_patent_application_14529960) and 9,087,216 (Application No. 14/530,339, see http://www.anonos.com/us_patent_application_14530339) for Anonos Dynamic De-Identification and Anonymity. Anonos Dynamic De-Identification and Anonymity facilitates enhancements to data privacy, security and value for electronic commerce, credit cards, connected cars, the Internet of Things (IoT), digital healthcare, pharmaceuticals, medical research, personalized medicine and other industries by enabling the complete use of data without revealing, intentionally or unintentionally, the identities of underlying data owners. To learn more, visit www.anonos.com. ### Press Inquiries: +1-212-658-1132 press@anonos.com * Anonos, Just-In-Time-Identity, JITI, De-Identifiers, and DDIDs are trademarks of Anonos Inc. protected under U.S. and international trademark laws and treaties. Other marks appearing in this release are the property of their respective owners. Anonos makes no claim of relationship to, or affiliation with, any owners of marks not owned by Anonos.