tech

• technology Next-gen - preserving

Nothing to remember. Nothing to steal. You are the .

01 overview who we are

Keyless is a deeptech, cybersecurity company Keyless provides a next-gen, privacy- Our zero-knowledge biometric solution •foundedoverview by renowned security experts, enhancing biometric eliminates the need for businesses to store and experienced technologists and business leaders, solution combining proprietary multi-modal manage biometric data, , and any backed by top-tier VCs, bringing 10+ years of biometrics and advanced cryptographic other sensitive information without research in biometrics and to life technology in a distributed architecture compromising on convenience or privacy

About us Capabilities Footprint

+ 40+ 8 10

Team Years of Multi-device: Strict GDPR Zero-trust: Global footprint HQ // United Kingdom members top 10 privacy research Enroll once, use compliance: Identification, with international R&D // Italy and Israel & sec. scholar everywhere no PII involved built-in MFA offices BD // Singapore

Trusted by Recognized by

03 mission

Enable everyone to seamlessly access any digital service from any device, at any time, while keeping personal credentials safe, private and under control.

Nothing to remember. Nothing to steal. You are the key. At Keyless, we believe in a world where people can be in control of their privacy and identity.

04 mission the world is going passwordless 51% $5bn 2.3bn of passwords are reused Facebook fine for years of credentials stolen across services privacy violation in 2017 alone (University of Oxford) (Reuters) (Shape Security)

Simplicity vs. Privacy vs. Security

By 2022, Gartner predicts that 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods

05 evolution why now

Accounts Hacked: PASSWORDS Single Factor 3 billion 1960s 500 million 267 million 143 million HARD TOKENS Two Factor 117 million 1990s

SOFT TOKENS 2000s SMS or App TOTP

BIOMETRICS 2010s Fingerprint, face • Local authentication • Centralized authentication

07 ZERO-KNOWLEDGE BIOMETRICS Face, behavioral Today • No storage of biometric data • Enroll once, use everywhere

Introducing privacy-preserving biometric authentication and personal platform.

Unique combination of multi-modal biometrics and privacy- enhancing technologies for seamless digital identification.

Authenticating people. Not devices. Not passwords.

08 problem fundamental limitations Existing biometric methods have fundamental limitations

Local Authentication

Local Reach Immutable Privacy Security User tied to Not universal Leakage of User not in Easy to hack one device data possible control of data (single factor)

Centralized Authentication

Security Privacy Immutable Central User not in Leakage of honeypot control of data possible when data sent to server

09 solution next-gen private biometrics

Keyless provides a next-gen, privacy-enhancing biometric authentication solution combining proprietary multi-modal biometrics (facial and behavioral) and advanced cryptographic technology

Software only solution Keyless Protocol: world s first commercial Authenticates the accessible through any device, implementation of MPC-based biometrics platform and application end-user, not just • No biometrics stored anywhere, the device / end-point not on device, not on a central database • 300x faster than general purpose MPC Enables multiple use (100ms instead of tens of seconds) cases in zero-trust • Highly computationally effective (no battery drainage) Exceeds strictest authentication, digital identity and beyond regulatory req. GDPR, CCPA, PSD2 Recognized by

Eliminates security risk MFA by design such as fraud, phishing and Distributed biometric credential reuse matching

010 industry recognition recognized by Gartner

Hype Cycle for Identity and Access Management Technologies, 2020 Gartner IAM Hype Cycle Jul 2020 Biometric Authentication

• Benefit Rating Moderate • Market Penetration 5% to 20% of target audience • Maturity Early mainstream • Sample Vendors: Auraya Systems, FaceTec, iProov, ImageWare Systems, Keyless Technologies, OneVisage, SensibleVision

011 technology how it works

Capture Split into shares Send to multiple independent servers and match Recombine secret for 1 2 3 4 biometrics and encrypt encrypted shares against encrypted patterns one-time use

Distributed on Keyless network Nothing to remember Nothing to steal User in control Enroll once, use everywhere, any No central honeypot, Fundamental privacy preserving platform, any device no data on user devices technology

Note: For further information on the technology, enrollment and authentication flow, please click here 012 technology building blocks

Zero-knowledge proofs AI and cryptography Distributed private for device identity at the edge computation

• Zero-knowledge proofs to • Deep learning on user's device • Processing of authentication with securely verify authentication to extract biometric template advanced secure multi-party requests are being launched from • Irreversible transformation of computation protocols in the a user's trusted device data into shards using Shamir’s cloud • No information about user’s Secret Sharing • Independent validation of identity can be obtained • Permanent deletion from device, authentication requests without after shares sent to servers in learning anything about the Keyless Network user's biometric data

014 technology multi-factor by design

User-friendly visible protection Invisible protection

Privacy-preserving Zero-knowledge, AI-driven Distributed private device recognition (ZKP) physical and behavioral biometrics computation (sMPC, SSS)

Use anywhere from any Continuous and dynamic AI-driven state-of-the-art Factor agnostic, multiple device and any channel multi-factor authentication anti-spoofing biometrics; private by design

026 portfolio product lines

Keyless Authenticator Keyless Mobile SDK Keyless PIM SDK and PIM Wallet • Workforceproducts Auth Consumer Auth Personal Identity Mgmt. [B2B] [B2B2C] [B2C]

Enables business to adopt zero-trust Enables businesses to strongly authenticate their Enables individuals to easily and securely passwordless authentication and protect their consumers under PSD2 in one simple action manage their own personal info and privacy remote workforce ✓ Employee identification and device verification ✓ Enroll once use everywhere and on any device ✓ Self-provisioning and management of user own ✓ HW / OS agnostic same experience for all ✓ Meets Strong Customer Authentication employees from laptop and mobile requirement (PSD2) ✓ Selective disclosure of personal data in a private, secure manner ✓ Cost and time saving ✓ No risk of consumer PII/biometrics

Coming in 2022 VPN IdP & Workstation Mobile & VDI RDP Android iOS React Active CIAM SSO Login Web Apps Authentication

033 Passwordless MFA across all employee touchpoints workforce authentication

One authenticator for many use cases

Passwordless SSO Keyless integrates with your existing IdP to enable passwordless MFA for your enterprise apps in minutes.

Desktop MFA Keyless eliminates passwords from your Windows 7,8 and 10 login experience and offers built-in MFA with one look.

Remote Login Keyless enables your workforce to securely authenticate to your VPNs - on any device, from any location.

036 products consumer authentication

Many use cases, easy to integrate

PSD2 SCA Provide your customers with a unified experience with built- in MFA that eliminates fraud, phishing and credential reuse

Customer KYC and MFA Integrate superior passwordless security that authenticates people, not devices, in minutes - for all users, on any device

E-signature Provide your users the ability to electronically sign documents using their face biometrics, from any device

043 technology unique capabilities powered by breakthrough technology

Software Based - Enroll Once - Authenticate Users - No Biometrics/PII Hardware Agnostic Use Everywhere Not Devices Stored Anywhere

Keyless does not rely on Users enroll once in a 5- Keyless identifies users Keyless exceeds strictest the device hardware or second process and can across every touchpoint, privacy compliance sensors, and can thus be use it across all devices so you can make sure that requirements since no PII/ deployed on a large set of and touchpoints and the user who is logging in biometric data is stored devices and appliances enable seamless recovery is actually the correct user anywhere

No reliance on Face ID Multi-device support Unique identity for Exceeds privacy or other 3rd party tech and simple recovery every user compliance beyond GDPR

060 success story case study

Secure remote access for virtual exams Keyless Authenticator™ Simple, secure, and above all, private In response to COVID-19 lockdowns, LUISS Guido Carli University partnered with Keyless and Cisco, to allow their Nothing to remember Anti-fraud protection students to sit their summer exams remotely No central honeypot, Eliminates phishing no data on user device and man-in-the-middle

12+K 6+K 2.2K 10 Nothing to steal Privacy compliance One look multi-factor GDPR compliant, authentication private by design Students Auth/day Virtual exams Days to go-live Ubiquitous experience Easy to deploy Any platform, any Integrates with all device, anywhere identity providers

"The integration with LUISS and Keyless is a concrete example of the potential that can be unleashed when best available technologies come

said Agostino Santoni, CEO of Cisco Italy.

Keyless ZKB™ : Zero-Knowledge Biometric Authentication 061 success story case study

Passwordless MFA for Remote VPN Access Nothing to remember Anti-fraud protection No central honeypot, Eliminates phishing In response to COVID-19 lockdowns, a European digital bank no data on user device and man-in-the-middle partnered with Keyless to secure their remote workforce with seamless, secure remote access to VPNs and remote desktops Nothing to steal Privacy compliance One look multi-factor GDPR compliant, authentication private by design ~1K 2+K <2 1 Ubiquitous experience Easy to deploy Any platform, any Integrates with all device, anywhere identity providers Employees Auth/day Sec/auth Day deployment

Eliminating passwords in the financial sector

Enhanced Reduced Rapid security and friction and deployment login increased and saved experiences productivity costs

062 success story case study

Next-generation passwordless biometric Nothing to remember Anti-fraud protection No central honeypot, Eliminates phishing authentication, on the edge. no data on user device and man-in-the-middle

Global telcos and Keyless are partnering to enable new digital Nothing to steal Privacy compliance experiences and enhanced security using 5G, mobile edge One look multi-factor GDPR compliant, compute (MEC) and advanced privacy-enhancing technology. authentication private by design

Ubiquitous experience Easy to deploy 28% <0.3 11% <2 Any platform, any Integrates with all device, anywhere identity providers

Latency Seconds per Average Hour Reduction auth speedup deployment Enhanced user experiences, faster identification

Enhanced Reduced Rapid security and friction and deployment login increased and saved experiences productivity costs

063 Thank you!

https://keyless.io [email protected] @KeylessTech overview unique technology

Attractive Market Opportunity Cutting-Edge Technology

▪ Clear paradigm shift to passwordless ▪ Combines proprietary novel biometrics and methods underway advanced cryptography ▪ Large addressable market comprised of IAM, ▪ Universal biometric-key-management CIAM, SSI / PIM, all growing at 10%+ CAGR technology powering multiple use cases in zero-trust authentication ▪ Software only solution; true multi-device platform Easy Deployment & Integration Uncompromising Security

▪ Seamless integration with existing systems ▪ Nothing to steal no central honeypot, no ▪ Infrastructure agnostic accessible through data on user device any platform and supporting SaaS, on-prem ▪ Eliminates fraud, phishing and credential and cloud applications reuse ▪ Requires minimal efforts from internal IT teams ▪ Dynamic built-in MFA with just a look; authenticating the user, not the device Superior User Experience Privacy-Preserving

▪ User-friendly, easy to use ▪ GDPR, CCPA and PSD2 compliant ▪ Nothing to remember - passwordless ▪ Neither biometrics nor personal identifiable ▪ Enroll once, use everywhere through any information are stored channel and on any device ▪ Enables selective disclosure of personal data in a private, secure manner

068 architecture distributed cloud

Cloud Region #1 Cloud Region #2 Network Node/ Server Node/ Server Node/ Server Node/ Server Scalable dockerized sMPC sMPC sMPC sMPC multi-cloud setup Engine Engine Engine Engine without limitation Keyless Keyless Keyless Keyless Protocol Protocol Protocol Protocol (e.g., region, provider)

Client App Node/ Server Client Global Shared State sMPC Keyless API Engine Application can either Keyless be first- or third-party, Keyless SDK Cloud Region #3 Protocol depending on customer preference and use image Node/ Server Node/ Server Node/ Server Node/ Server case, i.e. workforce captured by sMPC sMPC sMPC sMPC vs. consumer device Engine Engine Engine Engine authentication Keyless Keyless Keyless Keyless Protocol Protocol Protocol Protocol

Client Network

069 deep dive // intellectual property breakthrough technology

Keyless Protocol: world s first commercial implementation of MPC-based biometrics A unique combination of multi-modal biometrics and privacy-enhancing technologies that offers secure, privacy- preserving biometric authentication, that exceeds regulatory requirements under GDPR/PDPA/CCPA

Breakthrough technology, multiple use cases Unparalleled security and performance

An AI-driven platform • 300x faster than general purpose MPC (100ms instead of tens of seconds) shares; following suite a distributed protocol reconstructs • Highly computationally effective (does the irreversibly encrypted shares into cryptographic keys not drain battery of end user devices) • generate tokens, sign documents, perform verifiable claims or securely authenticate the genuine user • Combines inherence and possession factors to provide Keyless Protocol user-friendly, secure and universal multi-factor security PCT/2020/017511

070 intellectual property portfolio of innovation

Cryptography Core technology Keyless-enabled identity management

Novel cryptographic technique for New protocols for linking privacy- A fresh look at identity and securely and efficiently generating key preserving distributed biometric management, enabled by our material from multiple sources of authentication with legacy identity groundbreaking cryptographic entropy, including biometric signals providers technology

• Time- and energy-efficient privacy- • Method for separating data privacy • Vault-less password and identity preserving biometric authentication domains in identity provider manager and key management via a unique authentication flows • Method for securely associating cryptographic protocol multiple devices to a single user • Biometric Authenticated Key account Exchange (BAKE) • Method for securely and consistently generating high-entropy cryptographic keys from noisy low min-entropy signals using a trusted device and one or more semi-trusted servers

071 evolution from authentication

Passwords Hard Tokens Soft Tokens Biometrics Zero-knowledge

Biometrics Evolution

Centralized Decentralized

On-premise Cloud Device Distributed Cloud Matching

072 evolution to the future of identity

siloed federated decentralized you are the key

Today, users are managing too many keys, identity landscape is fragmented, and concentrated in the hands of few For user-centric future, personal cryptographic keys need to be managed; but this is extremely complex Decentralized identity services enable people to self-provision and manage their own personal data and privacy in a virtual wallet using blockchain or another distributed ledger technology (Gartner) Keyless enables users to control and selectively disclose their personal data in an intuitive, private and secure way

007373 user identification authenticating people, not devices When using device-native biometrics, the device is authenticated not the user.

When device biometrics are used, the signing key is associated to the device rather than to the user. All enrolled users will authenticate using the same device key.

When Keyless is used, the signing key is generated directly from the biometrics. Each enrolled user will authenticate only with her unique key, allowing the service to identify the user.

074 multi-device enroll once, use everywhere

process for each device.

1 User enrolls on her first device, after going through onboarding process. Her device his linked to her biometric template.

2 User adds her second device by scanning a QR code on his first device. Both devices are linked to the iPhone 7 same template. No onboarding needed.

3 User can add and iPhone 7 Android 6 Device 1 revoke devices Device 2 from any of her Device 3 linked devices fully self service. 075 user onboarding backup and recovery Self-service identity recovery in case of a lost or stolen device without storing any biometric data.

1 User enables backup via the Keyless How is backup stored? Authenticator app Up to you. 2 User loses access to all his devices and acquires a new device and installs the Keyless app • Keyless backup information can be stored either on the user's personal cloud storage 3 User clicks account (iCloud/Gdrive) or on instead of re-enrolling all over again a Keyless hosted service. • In both cases, no biometric 4 User authenticates to Keyless and to data or PII is stored. a 3rd party storage and backup is restored automatically by Keyless

076 authentication offline mode Keyless can fallback to leverage a time-based OTP which is generated by scanning a QR code via the Keyless Authenticator app.

1 User enables backup via the Windows desktop client

2 When no internet connection is available, the user selects option from the Windows lock screen

3 User scans the QR code presented on the desktop using his mobile app The Offline Access Mode can be activated by the user to perform a workstation login when 4 User inserts the TOTP generated on there is no internet connection either on the his mobile device into the Windows workstation or the user's mobile device. lock screen

077