The Fort Knox Syndrome
The conventional risk model used in IT security is that of a link chain. The system is seen as a chain of events, where the weakest link is found and made stronger. But this approach is bound to fail.
NMA Tech Notes
The NMA Tech Notes, a work-in-progress by our staff and collaborators, provide a fresh exploration in various areas of current and emerging IT security technology and compliance.
The NMA Team includes recognized Internet & security industry leaders who have worked and contributed in the early
ARPANET days in 1975, with the IETF (Internet Engineering Task Force), in the development of email
MIME encoding, with the MCWG (Meta-Certificate Working Group) on digital certificates
and trust models, the launch of First Virtual Holdings (1994) and its IPO (1996), the first
successful online payment system, and other key accomplishments of the First Internet Era.
Among the experienced talent who participated in the development of this technology, the NMA Team includes the following individuals who are noted by the contribution of their unique vision to the common objective. Contributions by other members of the NMA Team, and partners, are also acknowledged.Ed Gerck, Ph.D. (founder), CEO: Founded NMA based on innovative technologies for secure communication using his seminal definition and theory of trust in Information Theory. He created and coded NMA ZSentry. Fluent in Java, PHP, HTML, Pascal, Fortran, works with C, C+, C#, and Perl.
Ed worked with IBM Brazil, Argentina, and Japan, the latter in product development of a secure-user web browser, was a postdoctoral and a doctorate researcher with the Max-Planck-Institut fuer Quantenoptik in Germany, obtained the Dr.rer.nat. degree with maximum Thesis grade from the Physics faculty of the Ludwig-Maximilians Universität in Germany, and graduated in Electronic Engineering jointly with the M.Sc. degree in Physics at ITA in Brazil. He is fluent in English, German, Portuguese, and Spanish. Ed has 30+ years experience and 140+ peer-reviewed publications in quantum physics, cryptography, and IT security. His work has received worldwide press coverage from the New York Times, Le Monde, O Globo, Forbes, CBS, CNN, Business Week, Wired, Aftonbladet and USA Today.
Ed has pioneered Internet security since 1997, when he founded the Meta-Certificate Group that grew to participants from 26 countries. In 1999, he was a member of the Registry Advisory Board of Network Solutions, Inc., Herndon, VA. Ed co-founded Safevote, Inc., proposing and testing a secure online voting technology first qualified by the California Secretary of State in 2000, and by the Swedish Government's Ministry of Justice Statskontoret in 2001. Starting in 1998, he has pursued applications of his theory of trust in Information Theory, that is at the core of the NMA ZSentry development, with several publications used worldwide in cryptography and other areas including business.
Ed also helps bring the gift of Information Technology to ease the day-to-day activities of those who would otherwise be left out but need it the most. He developed and tested with the blind an inexpensive Braille screen-reader, and conducted usability studies with the elderly for touch screen use. Through volunteer work, Ed currently assists patients with IT tasks at a public mental health facility in the Health & Human Services Agency, in San Diego County. These interactions also help him understand better the human side that is always in interface with IT.
Einar (Stef) Stefferud (founder): Participated in the early development of NMA, including NMA ZSentry protocol design and business development, until his retirement in 2006. He was Board Member and Chairman of the NMA Advisory Board. Stef was active in ARPA/NSF/IETF DARPA Internet research and development since 1975. He worked with the US ANSI OSI Registration Authority; the US National Mail Transfer Service Interest Group (USMTS), the IETF (Internet Engineering Task Force), where he was involved with email standards development for MIME, SMTP Extensions, and MHTML, the ITU for X.400/X.500 development, and with post-standards profiling in the NIST OIW (Open System Implementors' Workshop). He was Chair of the IFIP (International Federation for Information Processing) Working Group 6.5 on Upper Layer Protocols, Architectures and Applications (ULPAA) from 1990 to 1996. He was a co-founder (1994) of First Virtual Holdings (IPO in 1996), called "the first cyberbank" by the Smithsonian Institution, that launched an Internet Payment System in October 1994. First Virtual technology and patents are still in current use. He retired as an Adjunct Professor of Information and Computer Science at the University of California, Irvine. Stef was honored by Communications Week Magazine as one of the Top 10 Visionaries in the Computer-Communications Industry. Stef passed away in September 2011, while his visionary spirit, developments, and deep understanding of email remain with us.
Michael Hetherington, Patent Attorney (founder): made important contributions in shaping the language used in describing the technology, as well as in patent drafts and the Intellectual Property policy of NMA. He has a Juris Doctor Degree, 1982, from the University of San Francisco School of Law; B.A. with Distinction and Phi Beta Kappa, from Stanford University; studied Law at Eberhard-Karls University, Tuebingen, Germany; and has a M.S. in Engineering, 1976 from Stanford University, emphasis on Computer Simulation and Modeling; completed graduate electrical engineering courses on Principles and Models of Semiconductor Devices (1986) and VLSI Devices and Technology (1987). Michael has been registered to practice before the United States Patent and Trademark Office since 1986. He received a commendation from the State Bar Board of Governors for “Outstanding Contribution to Delivery of Pro Bono Legal Services” in 1988. From 1992 to 1997, Michael was an attorney with Wilson Sonsini Goodrich & Rosati in Palo Alto, CA. He wrote the patent that established the 56k modem V.90 standard. Since 1998 to the present Michael has been the principal of Woodside Intellectual Property Law Group, in Woodside, CA, working on patent applications in electrical, semiconductor and computer fields.
Technical articles and other references by the NMA Team are available at our Papers section.
Everyone has probably heard the phrase "Any computer can be compromised". This phrase accurately reflects the yet-unsolved security problem of protecting servers and clients against penetration attacks.
Why are secure systems not safe today? While more than one party or system are often at fault, we find
that the key fault is not with software or technology, or even users. The key fault is with today's design.
Using our pioneer model of trust [Gerck, 1998], which works for both humans and machines, we further realize that, as used online, "secure" is a property of machines and "usability" is a property of humans. This means that humans and machines should interact in human terms, the same terms that we have learned to use in thousands of years of history and commerce. This understanding and work division is critical to treat them in adequately different manners, so that online security (a property of machines) can become usable (a property of humans).
Thus, we see that online security is evolving to satisfy human needs, and the way NMA technology has been developed is functional with respect to these needs rather than arbitrary.
In this context, the security of NMA solutions is assured not by some fictitious "Fort Knox" type of security that would (vainly) promise to prevent all attacks, but by using NMA's "No Target" ZSentry technology that renders such attacks impossible by the sheer lack of existence of user data to attack, anywhere. ZSentry allows the NMA solutions to work without ever exposing the users’ passwords, keys, or private data.
Therefore, ZSentry’s user data and keys are never in danger from outside or inside attacks, neither in the servers providing the service nor in the user’s desktop or laptop client accessing the service. Even though one can argue that an attack may eventually succeed, for example in the case of an attacker who may even physically walk away with any number of servers, no user data would be compromised.
In short, NMA enables the best defense against data theft, which is not to have the data in the first place.
NMA's technology is represented in patent-pending IP and software. Read more about the ZSentry technology >>
We empower your choices.™
We enable users to increase the utility of their devices, products, and services, including improved functionality, usability, security, mobility, and regulatory compliance.
NMA Inc. was founded in 2001. NMA is a privately held company, funded mostly by private investors. For company and investor information inquiries, please use any method described in our Support Center.
Employment Legal Statement Privacy Statement
Contents of this entire site are © Copyright, NMA Inc., 2009. Titles and product names are trademarks of NMA, Inc. as described in our Legal Statement.