The Fort Knox Syndrome
The conventional risk model used in IT security is that of a link chain. The system is seen as a chain of events, where the weakest link is found and made stronger. But this approach is bound to fail.

HIPAA-compliance is
NMA ZSentry»

NMA Tech Notes
The NMA Tech Notes, a work-in-progress by our staff and collaborators, provide a fresh exploration in various areas of current and emerging IT security technology and compliance.

Questions?
Please contact us using our Support Center

About Us   Vision   Investor Relations    Contact Us

Ed Gerck, PhD, NMA CEO

“Ultimately, NMA is about people — who have so far been the weakest link in online security processes, and increasingly exposed as we are more and more online in everyday activities.”

The NMA Team includes recognized Internet & security industry leaders who have worked and contributed in the early ARPANET days in 1975, with the IETF (Internet Engineering Task Force), in the development of email MIME encoding, with the MCWG (Meta-Certificate Working Group) on digital certificates and trust models, the launch of First Virtual Holdings (1994) and its IPO (1996), the first successful online payment system, and other key accomplishments of the First Internet Era.

In the Second Internet Era (post-bubble), members of the NMA Team worked and contributed in proposing a secure online voting technology, first qualified by the California Secretary of State in 2000, and by the Swedish Government's Ministry of Justice Statskontoret in 2001, the launch of ZSentry Mail (Zmail) in 2004 as the first secure and usable email system, and the ZSentry Desktop technology in 2009, allowing recipients to open and reply securely to messages anywhere, using desktop, web or mobile, without registration.

We have made some of our most important progress through dialogue with users, and learning experiences in system-user interactions. We have also benefited greatly from higher-tier users and customers who are noted professionals in their fields.

Among the experienced talent who participated in the development of this technology, the NMA Team includes the following individuals who are noted by the contribution of their unique vision to the common objective. Contributions by other members of the NMA Team, and partners, are also acknowledged.

Ed Gerck, Ph.D. (founder), CEO: Founded NMA based on innovative technologies for secure communication using his seminal definition and theory of trust in Information Theory. He created and coded NMA ZSentry. Fluent in Java, PHP, HTML, Pascal, Fortran, works with C, C+, C#, and Perl.

Ed worked with IBM Brazil, Argentina, and Japan, the latter in product development of a secure-user web browser, was a postdoctoral and a doctorate researcher with the Max-Planck-Institut fuer Quantenoptik in Germany, obtained the Dr.rer.nat. degree with maximum Thesis grade from the Physics faculty of the Ludwig-Maximilians Universität in Germany, and graduated in Electronic Engineering jointly with the M.Sc. degree in Physics at ITA in Brazil. He is fluent in English, German, Portuguese, and Spanish. Ed has 30+ years experience and 140+ peer-reviewed publications in quantum physics, cryptography, and IT security. His work has received worldwide press coverage from the New York Times, Le Monde, O Globo, Forbes, CBS, CNN, Business Week, Wired, Aftonbladet and USA Today.

Ed has pioneered Internet security since 1997, when he founded the Meta-Certificate Group that grew to participants from 26 countries. In 1999, he was a member of the Registry Advisory Board of Network Solutions, Inc., Herndon, VA. Ed co-founded Safevote, Inc., proposing and testing a secure online voting technology first qualified by the California Secretary of State in 2000, and by the Swedish Government's Ministry of Justice Statskontoret in 2001. Starting in 1998, he has pursued applications of his theory of trust in Information Theory, that is at the core of the NMA ZSentry development, with several publications used worldwide in cryptography and other areas including business.

Ed also helps bring the gift of Information Technology to ease the day-to-day activities of those who would otherwise be left out but need it the most. He developed and tested with the blind an inexpensive Braille screen-reader, and conducted usability studies with the elderly for touch screen use. Through volunteer work, Ed currently assists patients with IT tasks at a public mental health facility in the Health & Human Services Agency, in San Diego County. These interactions also help him understand better the human side that is always in interface with IT.

Einar (Stef) Stefferud (founder): Participated in the early development of NMA, including NMA ZSentry protocol design and business development, until his retirement in 2006. He was Board Member and Chairman of the NMA Advisory Board. Stef was active in ARPA/NSF/IETF DARPA Internet research and development since 1975. He worked with the US ANSI OSI Registration Authority; the US National Mail Transfer Service Interest Group (USMTS), the IETF (Internet Engineering Task Force), where he was involved with email standards development for MIME, SMTP Extensions, and MHTML, the ITU for X.400/X.500 development, and with post-standards profiling in the NIST OIW (Open System Implementors' Workshop). He was Chair of the IFIP (International Federation for Information Processing) Working Group 6.5 on Upper Layer Protocols, Architectures and Applications (ULPAA) from 1990 to 1996. He was a co-founder (1994) of First Virtual Holdings (IPO in 1996), called "the first cyberbank" by the Smithsonian Institution, that launched an Internet Payment System in October 1994. First Virtual technology and patents are still in current use. He retired as an Adjunct Professor of Information and Computer Science at the University of California, Irvine. Stef was honored by Communications Week Magazine as one of the Top 10 Visionaries in the Computer-Communications Industry. Stef passed away in September 2011, while his visionary spirit, developments, and deep understanding of email remain with us.

Michael Hetherington, Patent Attorney (founder): made important contributions in shaping the language used in describing the technology, as well as in patent drafts and the Intellectual Property policy of NMA. He has a Juris Doctor Degree, 1982, from the University of San Francisco School of Law; B.A. with Distinction and Phi Beta Kappa, from Stanford University; studied Law at Eberhard-Karls University, Tuebingen, Germany; and has a M.S. in Engineering, 1976 from Stanford University, emphasis on Computer Simulation and Modeling; completed graduate electrical engineering courses on Principles and Models of Semiconductor Devices (1986) and VLSI Devices and Technology (1987). Michael has been registered to practice before the United States Patent and Trademark Office since 1986. He received a commendation from the State Bar Board of Governors for “Outstanding Contribution to Delivery of Pro Bono Legal Services” in 1988. From 1992 to 1997, Michael was an attorney with Wilson Sonsini Goodrich & Rosati in Palo Alto, CA. He wrote the patent that established the 56k modem V.90 standard. Since 1998 to the present Michael has been the principal of Woodside Intellectual Property Law Group, in Woodside, CA, working on patent applications in electrical, semiconductor and computer fields.

Technical articles and other references by the NMA Team are available at our Papers section.

Our Vision

Everyone has probably heard the phrase "Any computer can be compromised". This phrase accurately reflects the yet-unsolved security problem of protecting servers and clients against penetration attacks.

Why are secure systems not safe today? While more than one party or system are often at fault, we find that the key fault is not with software or technology, or even users. The key fault is with today's design.

Starting from ideas already available in our culture, and reflected in linguistics for quite some time, we observe that the very word "secure" comes from Latin securus, meaning "free from care". In modern terms, a secure system should, thus, be a system that has two main properties:

1. is safe for every user;
2. is safe from every user.

In other words, we see usability as the #1 property of a secure system. The #2 property, which is close to the etymological roots of the word "secure", means that the system can be used securely without trusting that all users are trained, careful, and honest, or without expecting users to "always do the right thing" (which is unrealistic even for highly security-trained users).

Using our pioneer model of trust [Gerck, 1998], which works for both humans and machines, we further realize that, as used online, "secure" is a property of machines and "usability" is a property of humans. This means that humans and machines should interact in human terms, the same terms that we have learned to use in thousands of years of history and commerce. This understanding and work division is critical to treat them in adequately different manners, so that online security (a property of machines) can become usable (a property of humans).

Thus, we see that online security is evolving to satisfy human needs, and the way NMA technology has been developed is functional with respect to these needs rather than arbitrary.

In this context, the security of NMA solutions is assured not by some fictitious "Fort Knox" type of security that would (vainly) promise to prevent all attacks, but by using NMA's "No Target" ZSentry technology that renders such attacks impossible by the sheer lack of existence of user data to attack, anywhere. ZSentry allows the NMA solutions to work without ever exposing the users’ passwords, keys, or private data.

Therefore, ZSentry’s user data and keys are never in danger from outside or inside attacks, neither in the servers providing the service nor in the user’s desktop or laptop client accessing the service. Even though one can argue that an attack may eventually succeed, for example in the case of an attacker who may even physically walk away with any number of servers, no user data would be compromised.

In short, NMA enables the best defense against data theft, which is not to have the data in the first place.

NMA's technology is represented in patent-pending IP and software. Read more about the ZSentry technology >>

Mission

Strategy

Investor Relations

NMA Inc. was founded in 2001. NMA is a privately held company, funded mostly by private investors. For company and investor information inquiries, please use any method described in our Support Center.

Employment    Legal Statement    Privacy Statement
Contents of this entire site are © Copyright, NMA Inc., 2009. Titles and product names are trademarks of NMA, Inc. as described in our Legal Statement.