ANONOS GRANTED U.S. PATENTS FOR CYBER SECURITY INNOVATIONS THAT ENHANCE BOTH DATA PRIVACY AND VALUE

1.
1
Anonos Granted U.S. Patents For Cybersecurity Innovations
That Enhance Both Data Privacy And Value
Dynamic De-Identification and Anonymity eliminates, for the first time, tradeoffs between protecting
individuals’ anonymity and maximizing the value of underlying data
Washington, DC – July 9, 2015 – Anonos, Inc. (www.anonos.com), the inventor of technologies
that unlock the true value of data without compromising privacy, announced today that it has been
issued U.S. Patents for its pioneering solutions to architecturally enforce controlled conditions
capable of satisfying even the most stringent United States and European Union data privacy
regulations.
Anonos CEO, Gary LaFever, commented, “The biggest data security challenge confronting global
enterprises in the medical, pharmaceutical, finance, and consumer markets is protecting individual
privacy without sacrificing the value of that data. Stringent United States and European Union
privacy regulations have forced an unacceptable but, until now, necessary trade-off between either
more privacy and less value or more value with insufficient privacy. Anonos’ patented and patent-
pending technologies solve this problem for the first time, unlocking the value of data while
substantially increasing privacy and security by reducing re-identification risk to near-zero.”
Anonos technology and intellectual property works by producing de-identified, but fully usable, data
with no greater likelihood of re-identification than that of highly encrypted data. Yet, while Anonos
is fully compatible with all methods of encryption, it neither relies upon nor requires encryption
itself. Rather, Anonos architecturally enforces desired levels of data privacy, security, and value,
while enabling authorized, trusted third parties to enforce policies at a granular data element level
using a much wider range of quantifiable policy controls than previously possible.
Anonos solutions thus unlock the true value of data, transforming it into business intelligence by
replacing old-style static access controls with technologically enforced dynamic permissions
applied per-element and per-use instead of across entire records or applications. This dramatically
reduces the value of data to attackers, while enabling compliance-driven access controls and
protecting personal information from unauthorized and inappropriate use.
Anonos Dynamic De-Identification and Anonymity / Just-In-Time-Identity (JITI) technologies and
intellectual property:
1. Enforce privacy policies: Dynamic and concurrent architecturally enforced policies enable
access control per data element and table instance, with unlimited instances available
simultaneously on demand.
2. Enhance security: Source data is intentionally worthless to unauthorized parties and freely
portable when decoupled from the JITI enforcement ecosystem, even in cases where super
users have broad visibility due to revocation of ephemeral key credentials.

2.
2
3. Enable privacy / security respectful innovation: Data utility is maximized as a matter of
policy, compliance, commercial, and societal objectives, without hindrance by restrictive
and inflexible security controls.
Potential Use Cases / Applications of Anonos Technology and Intellectual Property
Data Breach (‘Hack’) Damage Reduction: Organizations like Anthem*, Target*, Home Depot* and
even the U.S. Office of Personnel Management (OPM) suffer when their facilities are breached (as
do their millions of subscribers / customers / citizens whose identities are “hacked”) and data is
kept in unencrypted form to enable use of the data. As a result, attackers can gain unauthorized
access to personal data in “cleartext” form – i.e., unencrypted information that is “in the clear” and
understandable. In contrast to standard encryption, which is generally fully “on” or "off," or
traditional data masking techniques which do not protect data at the database level, Anonos Just-
In-Time-Identity (JITI) technology and intellectual property could help protect against data loss from
external breaches without losing use of data for authorized purposes within the organization. With
JITI, an attacker may gain access to data but would not gain access to JITI keys (kept securely in
separate virtual or physical locations) necessary to reveal personal information.
Protection of Credit Card User Identities: The January 2015 Science* journal (see
http://www.sciencemag.org/content/347/6221/536.abstract) includes a three month study of credit
card records for 1.1 million people that shows four spatiotemporal points are enough to uniquely
re-identify 90% of credit card customers. Anonos Dynamic De-Identifiers (DDIDs) could de-identify
credit card customers for each transaction – providing a Just-In-Time-Identity (JITI) for each
transaction. As a result, customers could not be re-identified by means of correlating static
anonymous identifiers. The Anonos approach makes limiting the ability to single out, link or infer a
data subject a policy choice instead of a statistical risk. See http://www.anonos.com/unicity for an
interactive version of this example.
Mobile OS tools: The trend between the two major mobile operating systems, iOS* and Android*, is
to encrypt personal data both on the device and in the cloud environments of the platform
operators. Application developers, however, are generally free to bypass these controls, either by
using their own libraries for interaction with data-driven applications, or by using proxies and VPNs
to conceal their information queries. A privacy-friendly mobile OS could be built whereby no data
interactions were permitted unless they were enabled via Anonos Just-In-Time-Identity (JITI) keys.
The platform operators would therefore be able to define quantifiable and enforceable conditions
under which lawful intercept; search and seizure would be permissible, without the present risk of
leakage and casual browsing of personal data by unauthorized users. Data subjects could
therefore choose whether or not to share personal data not based on vague promises and murky
assurances, but instead based on concrete evaluations of the governance policies surrounding
lawful intercept. Control could therefore be returned to the data subject, and informed choices and
consent could both be possible and revocable at any time and for usage of personal data within the
mobile ecosystem. At the same time, technology companies and platform operators could have a
positive, constructive conversation with regulators about conditions under which authorized
disclosure would be permitted, and cascade those back down in plain, simple language to the end
users whose data would be affected.

3.
3
About Anonos
Anonos solves the problem of delivering data privacy and security while empowering users to
leverage the full power of their data. For companies, Anonos technology and intellectual property
can transform information at the data element level to deliver security while preserving the value of
underlying data for deep analysis. For individuals, Anonos tools can provide controls for data
subjects to share information in a controlled manner that allows them to receive personalized
information, services and offerings, while protecting against misuse of their data. Anonos’ patented
and patent-pending technologies and intellectual property obscure and anonymize information at
the data element level while preserving the full value of all the underlying data (see
http://www.anonos.com/data_scientist_privacy_analysis).
Anonos Founders Gary LaFever and Ted Myerson helped revolutionize data risk management
protection for worldwide financial markets with their prior company, FTEN. In 2010, NASDAQ
acquired FTEN, where its solutions today form an integral part of real-time data risk management
technology around the globe for financial markets.
Anonos was granted U.S. Patent Nos. 9,087,215 (Application No. 14/529,960, see
http://www.anonos.com/us_patent_application_14529960) and 9,087,216 (Application No.
14/530,339, see http://www.anonos.com/us_patent_application_14530339) for Anonos Dynamic
De-Identification and Anonymity. Anonos Dynamic De-Identification and Anonymity facilitates
enhancements to data privacy, security and value for electronic commerce, credit cards, connected
cars, the Internet of Things (IoT), digital healthcare, pharmaceuticals, medical research,
personalized medicine and other industries by enabling the complete use of data without revealing,
intentionally or unintentionally, the identities of underlying data owners.
To learn more, visit www.anonos.com.
###
Press Inquiries:
+1-212-658-1132
press@anonos.com
* Anonos, Just-In-Time-Identity, JITI, De-Identifiers, and DDIDs are trademarks of Anonos Inc.
protected under U.S. and international trademark laws and treaties. Other marks appearing in this
release are the property of their respective owners. Anonos makes no claim of relationship to, or
affiliation with, any owners of marks not owned by Anonos.