GuardTimesKeyless Signatures provide

proof of time, origin and integrity for

the worlds electronic data. Signature
verification is based solely on mathematics,
free from secrets or keys.
Singapore
(HQ) +65
9536
|View
info@guardtime.com
Singapore (HQ) +65
6818 9536
| 6818
Mountain
+1 650 336 5119 | | www.guardtime.com
www.guardtime.com
Tokyo +81 3 5577 6027
|
Beijing +86 10 8518 9999
|
Tallinn +372 6 555 097
|
Mountain View +1 650 336 5119
Tokyo +81 3 5577 6027 | Beijing +86 10 8518 9999 | Tallinn +372 6 555 097 | info@guardtime.com

BusinessReliance on TrustworthyInformation
An organizations data is arguably its greatest asset. Data can be created, transferred, and reside nearly
anywhere imaginable; stored inside the organization, distributed throughout the organization, shared
outside the perimeter of the organizations network for partners and customers to utilize, and even hosted
in the cloud for immediate global access. How can each user of the data (employee, partner, attorney, etc.)
be guaranteed that the data is authentic and intact? One thing is for sure, using questionable data to run
a business is unacceptable. Trust, simply put, is not enough.

The Risks o
f Tampered Data Storage and Data Communications
Organizations collect, share, send, store, and archive all types and forms of data for many purposes and
for varying lengths of time. Regulatory policies and industry standards define specific data retention
requirements for event logs, transaction logs, and other policy-oriented data. eDiscovery requirements, for
example, may call upon your data to be used as legal evidence at any time: 5, 10, or even 20+ years after
being archived. What damage could occur from using invalid data? Simply hoping that the data hasnt
been tampered with is not a risk organizations can afford to take.
In addition to the risks of compromised data at rest, organizations must also be concerned with man-inthe-middle attacks as data is transmitted throughout multiple networks, including internal, external, and
cloud-based networks. How can both ends of the transmission (both sender and recipient) prove that the
content sent did indeed come from the entity that claims to have sent it? How can the recipient prove that
the content has not been tampered with after it left the sender or was forwarded by another recipient?

Maintain Integrity Forever, Wherever

The integrity of an organizations data must stand the tests of time. Furthermore, the integrity of the data
must remain intact and follow any organizational and operational changes made to the business along the
way. When the data needs to be resurrected from its place of rest, the organization needs to be able to
prove that the data remains unchanged, regardless of its future purpose.

2011. Copyright GuardTime. All Rights Reserved.

It does not matter how or when the data was sent or stored - or even how it is received or retrieved on the
other end - when the data has been signed by GuardTimes Keyless Signatures, the signature remains with
the data, thereby eliminating the need to rely on any public/private key technologies or any other form of
secret to validate the signature.

Keyless Signature Service

Keyless Signature Solutions

GuardTime maintains and operates a distributed

network for keyless digital signatures, utilizing
the model defined by the Keyless Signature
Infrastructure.

GuardTime Keyless Signature Solutions are purposebuilt offerings designed to deliver a mathematicallyprovable audit trail for all the electronic data in any
business.

The infrastructure is hierarchical, at the heart of

which is a cluster of core servers designed for the
highest levels of availability and performance.

Proof that your business data is authentic, that it

belongs to your organization, and that it remains
intact... are all critical attributes when looking to
make business decisions. GuardTimes solutions
enable any business process to convert trust to proof.

Singapore (HQ) +65 6818 9536

|
info@guardtime.com
|
www.guardtime.com
Tokyo +81 3 5577 6027
|
Beijing +86 10 8518 9999
|
Tallinn +372 6 555 097
|
Mountain View +1 650 336 5119

Complete D
ata Integrityfor EveryScenario | Keyless Signature Products
GuardTimes products help its customers, technology partners, and industry-leading solutions and service
providers to deliver undeniable proof of integrity for all of their business data: in the cloud, on disk, and
in transit. GuardTimes products are networked server components that operate as part of the Keyless
Signature system, connecting to the Keyless Signature service over the Internet via one or more access
points. Each product can be internally deployed or hosted by GuardTime, and accessed via the Keyless
Signature SDK.

Data Audit Server | Bring a Provable Audit Trail to any Business Process
Organizations can conduct business electronically with a mathematically-provable audit trail for their
electronic data, making fraud harder to conduct and insider attacks nearly impossible to hide while
strengthening the legal admissibility of their digital records.
The primary role of the Data Audit Server is to sign large volumes of transactional (non-document) data.
Using the Data Audit Server, organizations will benefit from tamper-evident transparency, indisputable
audit trails, durable verification, and unlimited signing capabilities.

Document Signature Server | Bring a Provable Audit Trail to any Document Workflow
Organizations can move a larger number of their paper-based processes to a more auditable, electronic
model by digitally signing individual documents and then packaging multiple documents into a single
signed PDF container. The resulting keyless signature enables organizations to share, transmit, store, and
archive their electronic document containers, providing mathematical proof that the documents were
signed by a particular individual or organization at a specific moment in time and that the contents of the
container have not changed since then.
The primary role of the Document Signature Server is to sign data in the form of traditional office documents
using the GuardTime Keyless Signature service. As an option, the Document Signature Server is able to
take one or more data items and bundle them into a single PDF container so that it can be signed as
a single unit. Using the Document Signature Server, organizations will benefit from portable auditable
documents with the option to have multi-document signed containers, tamper-evident transparency, and
durable verification.

Singapore (HQ) +65 6818 9536

|
info@guardtime.com
|
www.guardtime.com
Tokyo +81 3 5577 6027
|
Beijing +86 10 8518 9999
|
Tallinn +372 6 555 097
|
Mountain View +1 650 336 5119

2011. Copyright GuardTime. All Rights Reserved.

Sample business process

Enterprise Messaging Server | Certify any Email and all of its Contents
Organizations can deliver assurance to their email recipients that the emails they receive are authentic
and remain intact by signing each electronic mail as a single, portable unit. The signature benefits both
sides of the communication as it provides proof that the email was sent at a specific moment in time by the
sending entity, and that the contents of the email have not changed since then. The proof remains intact
for the life of the email and is portable, following the email as it is sent, replied to, forwarded, and archived.
The primary role of the Enterprise Messaging Server is to take a snapshot of the entire email message being
signed, add to this a snapshot of all the attachments included in the email, package them up into a single
PDF container, and then sign that PDF package using the GuardTime Keyless Signature service. Using the
Enterprise Messaging Server, organizations will benefit from reduced SPAM and phishing, tamper-evident
messaging, life-long non-repudiation, and reduced printing and courier costs.

Cloud Audit Server | Bring Complete Operating Integrity to the Cloud

Organizations can automatically sign and validate their cloud operating environment prior to allowing
applications to execute on their virtual machines (VM). By preventing any compromised applications from
running, you remove the risk of malicious software from being capable of running on the VM, thereby
preventing any unexpected application behavior from occurring due to unapproved application changes
being applied.
The primary role of the Cloud Audit Server is to sign and validate your private cloud environment prior to
allowing applications to execute using the GuardTime Keyless Signature service to sign the applications
and logs. Using the Cloud Audit Server, organizations will benefit from auditable proof of private cloud
operating integrity, tamper-evident cloud environments, transparency into potential insider attacks, and
increased strength of internal and regulatory compliance.

Independent Verification

GuardTime openly publishes its algorithms and

integrity codes globally, enabling independent data
validation without the need to possess any well-kept
secret or key.

Long-Term Verification

GuardTimes Keyless Signatures do not use any

public or private cryptographic keys for purposes of
verification and therefore can ensure that the integrity
and authenticity will never expire.

2011. Copyright GuardTime. All Rights Reserved.

Massive Scalability

Massive scalability is achieved through the globally

distributed Keyless Signature Infrastructure where the
Keyless Signatures are generated using a hierarchical
set of high-performance and redundant servers.

High Availability

All of GuardTimes solutions are built on a telco grade

infrastructure with ultra high availability delivered through
its proven distributed and redundant infrastructure.

Provable Security

GuardTimes Keyless Signatures use the only known

provable signature service available where the signatures
can be mathematically verified using the integrity codes
published in the Financial Times and other media
publications.

Flexible Pricing

GuardTime does not charge for signature verification,

and the pricing associated with signature requests is
designed to allow every data item to be signed - nearly
eliminating the need to selectively choose which data is
important enough to sign.

A Red Herring Global 100 and Frost & Sullivan Product Innovation Award Winner, GuardTime was founded with the goal of solving
one of the biggest problems in computing: trust. GuardTimes Keyless Signatures provide proof of time, origin and integrity
for the worlds electronic data. The verification of the signature can be done offline without the reliance on keys, secrets, or the
existence of a trusted third party. GuardTimes mission is to change the world to one where
keyless signatures are ubiquitous and a natural part of the everyday data lifecycle, whether
on disk, in transit, or in the cloud. For more information, please visit www.GuardTime.com.

Singapore (HQ) +65 6818 9536

|
info@guardtime.com
|
www.guardtime.com
Tokyo +81 3 5577 6027
|
Beijing +86 10 8518 9999
|
Tallinn +372 6 555 097
|
Mountain View +1 650 336 5119