1. Validy Net Inc , 1001 SW Fifth Avenue – Suite 1100, Portland, Oregon 97204 – USA – www.validy-net.com – Tel: (503) 535 8078
__________________________________________________________________________________________
__________________________________________________________________________________________
1/2
OVERVIEW - Validy licenses a breakthrough Software Assurance technology, called “Validy Technology”, ensuring
both software trustworthiness and predictable execution. Validy Technology achieves protection by combining software
code transformations with a piece of secure hardware, behaving as a co-processor. It is independent of Operating Systems
and is able to secure embedded systems as well as traditional computer programs. Validy addresses global markets: from
automobiles to banking systems, from aeronautics to telecommunication networks from computing equipments to
consumer electronics. Validy Technology is the result of 9 years of R&D. Validy has been granted 10 patents and is
extending them in more than 50 countries. Given the numerous market segments encompassed by the technology, Validy
has chosen a business model based on Licensing. Validy Technology’s key differentiation from competition consists in
its ability to ensure by itself the integrity of software during execution, without any third-party help. Thus it can be
viewed as the new self-defense solution for electronic and IT equipments.
MARKET HIGHLIGHTS - Validy addresses global markets: Homeland Security to banking systems, aeronautics to
telecommunication networks, computing equipments to consumer electronics. Today, the company is focusing on the
protection of Energy etwork Distribution (SCADA), embedded software in cars and embedded software in
mobile phones. A strategic target in those markets consists in securing security software programs: Those programs,
more than any others, must be able to run correctly without being diverted from their normal behavior by pirates. Validy is
also taking particular care of the embedded systems market for which Validy Technology is a definitive answer to ensure
justifiable confidence in the field.
TECHNOLOGY - Validy Technology protects software against sabotage, cyber-criminality, cyber-terrorism and
is a basic building block for Software Assurance. Any program protected by Validy Technology continuously checks its
own integrity while running and takes reprisals if any problem is detected (Detection and Coercion patent). Validy
Technology’s mutual check mechanism even extends the protection to distributed architectures. For instance, a client is
protected by its server and a server is protected by its clients. To put into place the protection of a program, the developer
needs to compile it with the Validy post-compiler. While running, the secure co-processor becomes an extension of the
main processor and provides the protection. The update of an existing program using the Validy protection is very simple:
The developer has to use the same parameters when running the post-compiler and the existing co-processors will run
with the "new" program. Depending on the application, the co-processor can be housed under various form-factors: USB
Key, Surface Mount Chip, SIM, … There is no need to change the architecture to add protection. Developers can continue
to use their usual development tool.
REFERENCE IMPLEMENTATION - In order to offer a working example to licensees, Validy has developed
“Validy Soft aos for Java”, a Reference Implementation of Validy Technology using a co-processor housed inside a USB
token. Since the technology doesn’t rely on any secret information, Validy Soft aos for Java not only shows a possible
implementation of the technology but is at the same time a real product providing great protection against piracy (illegal
software copy). Given this capability, it can be used by software publishers who develop Java applications and we market
it as such.
The Validy SoftNaos USB Token
EXAMPLES - Validy technology is able to efficiently secure Electric Distribution etwork by protecting Supervisory
Control And data Acquisition (SCADA) software as well as software embedded in electric equipments involved in
electric distribution. The protection is really effective because Validy Technology protects software during its execution.
This feature is particularly important for high availability systems and high criticity systems like electric distribution. The
protection is simple to deploy. During upgrades, there is no need to change the Validy co-processor protecting the
software embedded in electric equipments on the field: the instructions aren’t stored in the co-processor but are directly
EXECUTIVE SUMMARY

2. Validy Net Inc , 1001 SW Fifth Avenue – Suite 1100, Portland, Oregon 97204 – USA – www.validy-net.com – Tel: (503) 535 8078
__________________________________________________________________________________________
__________________________________________________________________________________________
2/2
sent to the coprocessor on the fly during execution. Electric Distribution companies will find a cheap and efficient
solution to protect their electric distribution network from cyber-criminality and cyber-terrorism.
Validy technology is able to efficiently secure embedded software in cars. As soon as a piece of software is detected as
corrupted, the retaliation countermeasure keeps the behavior of the car safe for the driver. Car manufacturers will
appreciate this solution to guarantee the safety of their cars.
Validy Technology is able to secure embedded software in a smartphones. With Validy Technology, the user will not be
able to jailbreak his smartphone. Phone manufacturer or telecom companies will appreciate this feature to guarantee their
business model.
Validy’s technology has a strong differentiation from the solution of competitors like TPM module because it is easier to
use and really more secure ensuring the security of the software during its execution.
COMPETITIVE EDGE - Validy Technology solves the problems of trustworthiness and predictable execution that
have been plaguing IT systems for more than 30 years. Like other modern cryptographic algorithms and protocols, Validy
Technology does not rely on any hidden know-how and the innovation is entirely described in the patents. In spite of this
openness, none of the experts who have faced the technology has stated any reservation on the solution's sturdiness neither
for today nor for the future. Thanks to a novel approach of security, Validy Technology allows to easily secure distributed
IT architectures, embedded systems and software. The protected software actively defends itself against attacks. The
notion of external or internal threat has no meaning for Validy Technology, which is not the case for current solutions that
require to define a security perimeter (e.g. firewall, intrusion detection systems, risk managers…) A small but essential
part of the application is executed out of reach (in the security co-processor), the protection departs radically from
software only solutions, common "dongles" or integrity checks performed at program load time. Data and instructions are
not the only hidden elements. Associating an identifier or "tag" with each instruction that defines a value and a list of
expected tags with each use of a value, assertions about the normal control flow of the application can be embedded in the
ciphered instructions. As it verifies these assertions during runtime, the token can detect and thwart most attacks that alter
the flow of instructions coming from the main processor. Attackers wanting to modify the behaviour of an application,
cannot simply “patch” the application. They must understand the hidden elements to implement their changes in a way
that is not detected by the token. The protection is so effective that the difficulty to achieve such a stealthy attack is
extremely high.
IMPLEMENTATION STRATEGY - Our top prospects are: Department of Homeland Security, Boeing, IBM,
Checkpoint, Cisco, SUN, Microsoft, GE, GM, Ford, APC, Westinghouse, Intel, Motorola, HP, Bank of America, PTC,
Oracle, Adobe, ATT, Verizon,… or any company wishing a software assurance for embedded software or for IT systems.
The licensing of Validy Technology will provide to Validy and its partners, revenues of several billions dollars. Validy
will win those customers since Validy Technology insurance of trustworthiness and predictable execution is very effective.
It is a real breakthrough in the security field. Moreover it is simple to deploy and requires no change of architecture.
FINANCING - Validy Net Inc has already raised 9 millions dollars. As of today, 80% of the company is held by its
founders. Validy’s top priority is to license the Validy Technology to the first major reference customers. In addition
Validy Softnaos for C/C++ will also be developed to provide a Reference Implementation for C and C++. To market the
technology worldwide Validy is looking for an additional funding of $ 2 million (USD) and a strategic partnership.
MANAGEMENT SUMMARY - Gilles SGRO, President and CEO, graduated with a master of strategic management.
He also runs as founder with his wife the “Fingerprint Technologies” company, a successful Internet service company
with a revenue of $1 million USD. Jean-Christophe CUE OD, CTO, graduated from “Ecole Normale Supérieure”. He
has worked in one of the best research centers of Silicon Valley: Xerox PARC (Palo Alto Research Center). He was then
team leader for the design of workstations at Digital. The workstations he designed have represented up to 2% of Digital’s
sales. Its work at Digital is very well known by the general public since the bus specifications he made for one of those
workstations have been used by the USB consortium. Christophe VEDEL, graduated from “Ecole Polytechnique”. He is
in charge of software developments and as compiler specialist brings up his exceptional software skills to the Validy team.
CONTACTS
Mr Gilles SGRO - President - Cell: +33 6 84 60 00 96 - Email: gilles.sgro@validy-net.com
Mr Jean-Christophe CUENOD – CTO – Cell: +33 6 71 62 86 15 - Email: jcc@validy-net.com