SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
FOR ANNUAL AND TRANSITION REPORTS PURSUANT TO SECTION 13
OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
| x | ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the fiscal year ended December 31, 2002 or
| ¨ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from to
Commission file number 0-20270
SAFLINK CORPORATION
(Exact name of registrant as specified in its charter)
| DELAWARE |
95-4346070 | |
| (State or other jurisdiction of |
(I.R.S. Employer | |
| incorporation or organization) |
Identification No.) | |
| 11911 NE 1st Street, Suite B-304 |
||
| Bellevue, WA |
98005 | |
| (Address of principal executive offices) |
(Zip Code) |
Registrant’s telephone number, including area code: (425) 278-1100
Securities registered pursuant to Section 12(b) of the Act:
None
Securities registered pursuant to Section 12(g) of the Act:
Common Stock, $.01 par value per share
(Title of Class)
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes x No ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ¨
Indicate by check mark whether the registrant is an accelerated filer (as defined in Rule 12b-2 of the Securities Exchange Act of 1934). Yes ¨ No x
The aggregate market value of the common stock held by non-affiliates of the registrant, based on the last sale price on March 20, 2003, as reported on the OTC Bulletin Board, was approximately $54,955,000(1). The aggregate market value of the common stock held by non-affiliates of the registrant, based on the last sale price on June 28, 2002, as reported on the OTC Bulletin Board, was approximately $32,711,000(1). There were 25,612,558 shares of common stock outstanding as of March 20, 2003.
| (1) | Excludes shares held of record on that date by directors, executive officers and greater than 10% stockholders of the registrant. Exclusion of such shares should not be construed to indicate that any such person directly or indirectly possesses the power to direct or cause the direction of the management or the policies of the registrant. |
DOCUMENTS INCORPORATED BY REFERENCE
The information required by Part III of this Report, to the extent not set forth herein, is incorporated herein by reference from the registrant’s definitive proxy statement relating to the registrant’s 2003 annual meeting of stockholders, which definitive proxy statement shall be filed with the Securities and Exchange Commission within 120 days after the end of the fiscal year to which this report relates.
| Page | ||||
| PART I |
||||
| Item 1. |
3 | |||
| Item 2. |
16 | |||
| Item 3. |
16 | |||
| Item 4. |
16 | |||
| PART II |
||||
| Item 5. |
Market for the Company’s Common Stock and Related Stockholder Matters |
17 | ||
| Item 6. |
18 | |||
| Item 7. |
Management’s Discussion and Analysis of Financial Condition and Results of Operations |
18 | ||
| Item 7(a) |
34 | |||
| Item 8. |
34 | |||
| Item 9. |
Changes in and Disagreements with Accountants on Accounting and Financial Disclosure |
34 | ||
| PART III |
||||
| Item 10. |
35 | |||
| Item 11. |
35 | |||
| Item 12. |
Security Ownership of Certain Beneficial Owners and Management |
35 | ||
| Item 13. |
35 | |||
| PART IV |
||||
| Item 14. |
35 | |||
| Item 15. |
Exhibits, Financial Statement Schedules and Reports on Form 8-K |
36 | ||
| 39 | ||||
| F-7 | ||||
2
PART I
Certain statements in this annual report on Form 10-K constitute forward-looking statements, within the meaning of the Private Securities Litigation Reform Act of 1995, that are not historical facts but rather reflect our current expectations concerning future results and events. Words such as “believe,” “expect,” “intend,” “plan,” “anticipate,” “likely,” “will,” “may,” “shall” and similar expressions are intended to identify such forward-looking statements. Such forward-looking statements involve known and unknown risks, uncertainties and other important factors that could cause the actual results, performance or achievements of our company (or entities in which we have interests), or industry results, to differ materially from historical results or future results, performance or achievements expressed or implied by such forward-looking statements.
Readers are cautioned not to place undue reliance on these forward-looking statements, which reflect management’s view only as of the date of this annual report on Form 10-K. These forward-looking statements include without limitation statements regarding our expectations and beliefs about the market and industry, our goals, plans, and expectations regarding our products and services and product development, our intentions and strategies regarding customers and customer relationships, our relationships with the software development community, our intent to continue to invest resources in research and development, our intent to develop relationships and strategic alliances, our beliefs regarding the future success of our products and services, our expectations and beliefs regarding competition, competitors, the basis of competition and our ability to compete, our beliefs regarding trademark and copyright protections, our beliefs and expectations regarding infringement claims, our beliefs regarding the development of industry standards, our expectations and beliefs regarding our ability to hire and retain personnel, our beliefs regarding period to period results of operations, our expectations regarding future growth and financial performance, our expectations regarding licensing arrangements and our revenue, our expectations and beliefs regarding revenue and revenue growth, our expectations regarding our strategies and long-term strategic relationships, our expectations regarding defects in products, our expectations regarding fluctuations in revenue and operating results, our beliefs and expectations regarding our existing facilities and the availability of additional space in the future, our intent to use all available funds for the development and the operation of our business and not to declare or pay any common stock cash dividends, our expectations regarding software development costs, our beliefs and expectations regarding our results of operations and financial position, our beliefs regarding estimates in valuing in-process research and development, our intentions and expectations regarding deferred tax assets, our beliefs and expectations regarding liquidity and capital resources and that cash flow from existing operations, existing cash, cash equivalents and short-term investments will be sufficient to meet our cash requirements, and our expectations regarding the impact of recent accounting pronouncements and revenue recognition matters. These statements are subject to risks and uncertainties that could cause actual results and events to differ materially from those anticipated. These risks and uncertainties include without limitation those identified in the section of this annual report on Form 10-K entitled “Risk Factors That May Affect Future Results” below. We undertake no obligation to publicly release the result of any revisions to these forward-looking statements, which may be made to reflect events or circumstances after the date hereof or to reflect the occurrence of unanticipated events, conditions or circumstances.
As used in this annual report on Form 10-K, unless the context otherwise requires, the terms “we,” “us,” “the Company,” and “SAFLINK” refer to SAFLINK Corporation, a Delaware corporation, and its subsidiary.
Overview
We provide cost-effective network security software solutions to protect the safety of information assets and track network access by authorized personnel. We develop software and resell hardware from leading manufacturers of biometric hardware devices. Our products may be used to protect business and personal information and to replace passwords and personal identification numbers (PINS) in order to safeguard and
3
simplify access to electronic systems. Biometric technologies identify computer users by electronically capturing a specific biological or behavioral characteristic of that individual, such as a fingerprint or voice or facial feature, and creating a unique digital identifier from that characteristic. Because this process relies on largely unalterable human characteristics, it is both highly secure and highly convenient for the individual seeking access.
The process of identity authentication typically requires that a person present for comparison one or more of the following factors:
| • | something known such as a password, PIN, or mother’s maiden name; |
| • | something carried such as a token, card, or key; or |
| • | something physical such as fingerprint, iris or voice pattern, signature motion, facial shape or other biological or behavioral characteristic. |
Comparison of biological and behavioral characteristics has historically been the most reliable and accurate of the three factors, but has also been the most difficult and costly to implement given the complex nature of enterprise computer systems. However, recent advances in the development of integrated biometric software solutions, reduced cost of biometric devices, and the emergence of recognized industry standards to connect biometric components to applications have reduced the cost of implementing biometrics in commercial environments. We believe that government and private sector organizations will increasingly use this method of identity authentication because of the level of security and user convenience it provides and the reduced cost of password administration associated with such a security system.
Our software products are designed for large-scale and complex computer networks and allow computer users to be identified from various biometric technologies. Our products comply with recognized industry standards, which allows us to integrate a large variety of biometric technologies within a common application environment without costly development related to each technology. Our products also provide our customers with the flexibility to deploy a mixture of different biometric technologies within their network to meet specific user and environmental requirements while providing protection against technology obsolescence since new devices can be added to, or upgraded within, the system without replacing or modifying the underlying biometric network support infrastructure.
In December 1997, SAFLINK and the National Security Agency (NSA) jointly introduced and demonstrated the Human Authentication Application Programming Interface, or HA-API. HA-API was the first definition of a standard way to allow software developers and biometric technology suppliers to build their products using a uniform method for connecting many different biometric devices to computer systems. HA-API was developed by SAFLINK under a contract from the NSA and was subsequently released into the public domain as a proposed biometric interoperability standard. HA-API subsequently evolved into a new standard called BioAPI. BioAPI has recently been recognized by the American National Standard Institute (ANSI), and has been designated as ANSI/INCITS 358 BioAPI. This standard is now being considered for adoption by the International Organization for Standards (ISO) and ballot approval is expected to take place by the end of 2003. One of our employees serves as the elected Chair of the BioAPI Consortium that represents over 100 organizations that have collaborated to develop this new standard. We also support other related standards efforts, including the Common Biometric Exchange File Format (CBEFF) specification and we intend to keep all of our products compliant with these standards as they continue to evolve.
We are positioning and promoting our Secure Authentication Facility, or SAF, brand in conjunction with selected biometric technologies currently available in the marketplace including those from:
| • | AuthenTec, Inc., BIO-key International, Inc., Billionton Systems, Inc., Dream MIRH Co., Ltd., Identix, Inc., Lifeview, Inc., Key Source, Inc., Precise Biometrics, A.B., SecuGen Corp., SCM Microsystems, Inc., Startek, Inc., ST Microelectronics Group, Targus Group International, Veridicom, Inc., and Zvetco, Inc., for fingerprint imaging; |
4
| • | Anovea, Inc., and Scansoft, Inc., (formerly Lernout & Hauspie Speech Products NV) for voice verification; |
| • | Identix, Inc. (formerly Visionics Corporation) for facial recognition; and |
| • | Iridian Technologies, Inc., Panasonic Security and Digital Imaging Co., and Oki Electric Industry Co., Ltd. for iris recognition. |
Available Information
We are headquartered at 11911 NE 1st Street, Suite B-304 Bellevue, WA 98005. We file reports with the Securities and Exchange Commission (“SEC”), including annual reports on Form 10-K, quarterly reports on Form 10-Q and other reports from time to time. The public may read and copy any materials we file with the SEC at the SEC’s Public Reference Room at 450 Fifth Street, NW, Washington, DC 20549. The public may obtain information on the operation of the Public Reference Room by calling the SEC at 1-800-SEC-0330. We are an electronic filer and the SEC maintains an Internet site at http://www.sec.gov that contains the reports, proxy and information statements, and other information filed electronically.
Our Internet site is http://www.saflink.com. We make available free of charge, on or through our website, our annual, quarterly and current reports, and any amendments to those reports, as soon as reasonably practicable after electronically filing such reports with the SEC. Information contained on our website is not part of this report.
Market Overview
As computer use migrates towards a networked environment, and our economy shifts towards information as a primary asset, individuals and organizations are becoming more concerned with protecting individual privacy and ensuring the security of information maintained on personal computers, the Internet, and corporate networks. A number of technologies and strategies have been developed to address this concern, including encryption methods, firewalls, intrusion detection tools, access permission systems, passwords, identification cards or tokens, digital certificates, and single sign-on applications. However, the effectiveness of each of these technologies and strategies is dependent upon the most critical and vulnerable component of the security process: positive personal identification and authentication of the individual seeking access.
With the growth of electronic commerce, access points to the Internet and corporate networks (which we sometimes refer to as enterprise networks) have increased significantly, and now include corporate desktops, home PCs, mobile laptops, and hand-held devices. Using passwords as the primary method of verifying the identity of remote users is subject to a number of security weaknesses. Passwords are frequently shared. Passwords are often written down and placed where others can see them. Common passwords like a user’s pet’s name or spouse’s name can be guessed. More complex passwords can be broken in minutes through sophisticated “dictionary” attacks based on tools that are easily available from Internet websites. Disgruntled or unethical employees also account for a large percentage of the increasing incidence of significant financial loss from unauthorized access to electronic data or files. For large organizations, there is also a measurable cost of managing forgotten and expired passwords relating to administration overhead and lost employee productivity.
We believe that a sustainable market is developing for biometric technologies used in information security and data privacy applications. There are several factors that we believe will contribute to the growth of this industry:
| • | Concern regarding critical infrastructure security which has been heightened significantly since the terrorist attacks of September 11, 2001. As a result, federal and local government funding is being increased to help protect critical government network infrastructures. The private sector is also recognizing the importance of securing networks against attacks by cyber-terrorists and is seeking more secure methods of user authentication. |
5
| • | Recent publicity regarding biometric authentication. According to a publication of the International Biometric Industry Association, “Surging curiosity about biometrics [has] led to Congressional hearings and extensive media coverage that vastly broadened knowledge about how the technologies could serve as an important tool to help protect facilities, networks, and infrastructure from attack and disruption.” |
| • | Highly publicized security breaches in computer networks and Internet sites, which have been traced to the vulnerability of password-based authentication systems by hackers and unauthorized access by disgruntled employees. |
| • | The growth of e-commerce as a medium for business and consumer transactions, which requires the implementation of technologies that facilitate the positive identification of anonymous parties. |
| • | The cost and inconvenience of using multiple and or complex passwords that are frequently changed. |
| • | The information technology industry is beginning to utilize advanced solutions to protect computer information. The primary means of protecting computer information is data encryption, which requires protection of the encryption “keys” used to lock up the data. Today, these keys are generally stored in computers or smart cards and are commonly protected by simple PIN numbers or passwords. We believe biometrics will play an important role in protecting these keys from unauthorized access. |
| • | IT industry leaders such as Citrix, Computer Associates, Novell, Microsoft, IBM, Intel, Dell, and Compaq are supporting the integration of biometrics within their system platforms and have publicly announced that information security is a top corporate focus. |
| • | Rapidly falling prices for biometric collection devices, such as fingerprint sensors, digital cameras, microphones, etc., and improvements in the accuracy, performance, and user acceptance of this technology have made integration of biometrics with desktop PCs and portable computers a cost effective security alternative for the commercial market. |
| • | New and even more powerful biometric devices, such as silicon chip-based fingerprint sensors and iris recognition cameras, are now widely available from name-brand commercial vendors such as Targus and Panasonic. |
| • | The International Biometric Industry Association (IBIA), the industry’s official trade association, has been effective in helping to shape public policy in favor of the use of biometrics as a viable security mechanism. |
| • | The BioAPI Consortium, a group of over 100 organizations from the biometrics industry, government and information technology vendors, has succeeded in having Version 1.1 of the BioAPI Specification accepted as an official standard by the American National Standards Institute (ANSI). This specification defines a single industry standard software specification for connecting biometric devices to computer systems and is expected to encourage implementation of biometrics by facilitating the interoperability of different biometric technologies. |
Quantifiable Business Benefits
In addition to replacing passwords with biometrics, our enterprise network security solutions provide a number of powerful benefits for customers regardless of the industry they occupy. At the highest level, our solutions are designed to ensure protection, security, and safety for a company’s computer network, facilities, and intellectual property. Specifically, these benefits include:
| • | Increased network security. Our solutions economically address a critical security threat by eliminating passwords for the primary network login and replacing them with the strongest known means of security: a unique individual identifier, such as a fingerprint, iris pattern, voice pattern, or facial characteristic. |
| • | Convenience and productivity. Biometric authentication allows users to be more productive by replacing their traditional text-based passwords with a unique individual identifier they cannot lose or forget. |
6
| • | Compatibility with leading single sign-on systems. Our solutions are designed to interface with leading third party single sign-on systems to provide biometric authentication at the application and transaction level in addition to the primary network login. |
| • | ROI/Administrative cost savings. An IDC report estimates that the annual cost of password management is approximately $200 to $300 per user. Since our solutions can cost as little as $40 per user for a permanent license, customers can achieve a rapid return on investment by replacing passwords with biometrics. |
| • | Reliable audit capabilities. Our solutions also provide the ability to track individual logins, logoffs, biometric enrollments, and other biometric related network events, which help to mitigate fraud and ensure compliance with government regulations. |
Technical Features and Benefits
Our products also offer a number of technical features and benefits which help administrators, responsible for large-scale enterprise networks, easily deploy our products to their existing user bases and provide effective administration over the long term. Primary features include:
| • | Reliability. To ensure that users can be authenticated, and have access to key applications and data when desired, we have taken several steps designed to ensure product reliability. We provide features such as automatic failover and load balancing, and we conduct pre-release testing of our products by our network platform partners including Citrix, Microsoft, Computer Associates, and Novell. |
| • | Scalability. Our products are designed to be scalable and redundant to meet the needs of large enterprises. Our products achieve this scalability by integrating directly into existing identity management and provisioning infrastructure provided by the underlying network operating system and/or single sign-on platform. |
| • | Manageability. Our products include features that are designed to allow for rapid deployment, with the minimum requirement of IT personnel or internal disruption. These features include: a wide range of centrally administered policy settings that can be defined at user, group, or organizational unit level; the ability to install our client workstation components over the network using automated software distribution tools; and a flexible enrollment process for users. |
| • | Security. Not only are the biometric devices we support encrypted, but so is the communication between the devices, the host computer, and the servers. We believe our software architecture uses some of the most advanced security measures available, such as digital signing of software components, mutual authentication and trust relationships, and strong encryption. |
| • | User training and enrollment convenience. We provide features designed to make the user experience easier, including a biometric practice utility and a self-enrollment wizard. |
Industry-Specific Value Proposition
While our products may not need to provide features or functionality that are different across industries, it is important that we position them differently to address the unique requirements and business drivers of vertical markets. There are a number of internal and external market drivers which are specific to individual industries. For this reason, we have focused our sales and marketing efforts on the following sectors:
Healthcare
One of the strongest market drivers in the Healthcare industry is a broad series of government regulations, introduced by the Health Insurance Privacy and Accountability Act (HIPAA), designed to protect the privacy of patient data. These regulations specify that each healthcare organization must provide “irrefutable identification”
7
of individuals accessing electronic patient information. Since biometric authentication is based on unique physical characteristics, it provides an effective solution to this problem—biometrics cannot be lost, borrowed or stolen. Multi-factor authentication is also a HIPAA requirement, which our products support through integration of unique user IDs, smart cards, tokens and RF badges.
Pharmaceutical Manufacturing
In the pharmaceutical manufacturing business, FDA regulations dictate that individuals who are completing electronic forms relating to the various steps in researching, testing, or manufacturing an FDA regulated product must record their identity through a digital signature for any specific action. On the manufacturing floor, employees have to authenticate as many as 300 times a shift. Not only is this cumbersome, but it takes time. Time, in the pharmaceutical manufacturing business, can be very costly—every day that a company is delayed going to market with a new product can cost the company millions in lost revenue. Since the utilization of biometrics can save time and provide audit trails and proof of identity, our value proposition here is very compelling.
Financial Services
Title V of the Financial Services Modernization Act of 1999 highlights the obligation of financial services institutions to protect the security and confidentiality of customer nonpublic personal information. Our products provide a valuable tool to help these institutions fulfill their obligations to protect information in their databases against unauthorized access. The elimination of passwords can provide banks a higher level of access protection while also providing financial savings by eliminating the management of multiple passwords. In the case of one of our Fortune 100 financial services clients, brokers are accessing as many as 30 applications in a given day, each with a unique username and password. By using biometric authentication and a single sign-on solution, these brokers can now substitute one fingerprint for multiple passwords and improve their productivity while reducing password management costs.
Government
Due in part to the increased recognition of the need for infrastructure security following 9/11, government agencies have been looking for a way to positively verify an individual’s identity. The use of biometric identification is being considered on a number of federal projects as a component of a broader identity management solution, often in conjunction with a smart card.
Interoperability is also a strong requirement in the government sector, since government agencies are often large and must accommodate a variety of individual and environmental requirements. We believe our standards-based approach to supporting multiple biometrics in a common software infrastructure addresses these concerns.
Education
In educational environments, IT administrators face several challenges, including students “borrowing” passwords from other students to surf undesirable Internet sites, delays in starting computer training classes due to password-related problems, and a constantly rotating end-user base. Since a biometric identifier is based on a physical characteristic and cannot be shared, lost, or stolen, it provides a reliable solution to these problems for students needing to access their work assignments and grades over the network.
Products
Our software products support a wide variety of biometric technologies to improve workstation and internal enterprise network security. Instead of being asked for a password, users are prompted for a unique biometric characteristic using any one of a number of biometric technologies. We design software that will work with a
8
variety of biometric devices, including fingerprint readers, iris cameras, facial recognition cameras and microphones using speaker verification technology. Our products can be divided into two groups: enterprise network products and stand-alone workstation products.
Enterprise Products:
Our enterprise products that are designed to operate in the computer network environment of large organizations include:
| • | SAFsolution Enterprise Edition—SAFsolution Enterprise Edition is a biometric security solution that enables users to log on to their Windows® workstations and enterprise network domains based on Microsoft’s Active Directory™ and Windows 2000 Server. Designed and tested for enterprise-level deployments, SAFsolution tightly integrates with Microsoft Active Directory™ to allow administrators to secure network and workstation access. SAFsolution works with a wide variety of biometric hardware devices, including fingerprint, voice, iris, and facial recognition devices to provide maximum flexibility for enterprise environments. SAFsolution Enterprise Edition fully leverages the Active Directory management infrastructure to provide advanced features for centralized policy management and event auditing as well as flexible biometric enrollment options necessary for large-scale deployments. SAFsolution Enterprise Edition has been qualified for use with the single sign-on (SSO) products from Healthcast, LLC and Passlogix, Inc. SSO products provide fast and convenient connection to applications on a network by supplying a user’s password automatically from an encrypted file. We provide the initial user access to the SSO software product through a secure biometric verification of the user for enhanced security. SAFsolution Enterprise Edition also includes a feature that enables employees on a company network to share account privileges for specific work-related reasons, e.g., a senior executive who wishes a trusted assistant to enter and manage the executive’s personal email account. This feature allows an administrator to delegate the logon rights of employees to authorized assistants or co-workers through SAFsolution’s security control interface. The delegate then uses his or her own biometric ID to access the other person’s account. To ensure accountability, all delegate logons are automatically audited and logged for later review by security administrators. |
| • | SAF2000 for the Enterprise—SAF2000 replaces passwords for enterprise users that are accessing a Microsoft Windows NT or Windows 2000 network server from a Microsoft Windows workstation. Biometric information is stored and managed on a separate central SQL database using a SAF2000 component called the SAFserver. SAF2000 provides features for the system administrator that assist in managing the initial enrollment and storage of biometric information. These features are provided as extensions to Microsoft’s standard administrative tools so that system administrators do not have to learn how to use a new tool. Communication between an individual employee’s computer and the SAFserver is secure and encrypted. |
| • | SAFmodule for NMAS—SAFmodule is a companion product to Novell Corporation’s Novell Modular Authentication Service™ (NMAS) security product and is fully certified and tested by Novell as an approved NMAS authentication method. SAFmodule replaces passwords for enterprise users that are accessing a Novell NetWare server and Novell’s e-Directory central repository from a computer running Novell software components. SAFmodule extends Novell’s administrative tools to assist the administrator in managing the initial enrollment and storage of biometric information and includes the ability to share account privileges between users under administrator control. Communication between the individual employee’s computer and the Novell server is secure and encrypted. SAFmodule has also been qualified for use with Novell Corporation, Healthcast and Passlogix Single Sign-On (SSO) products. |
| • | SAFaccess for eTrust SSO—SAFaccess is a companion product to Computer Associates’ eTrust SSO security product. SAFaccess provides a secure and positive biometric verification of a user’s identity when he or she uses Computer Associates’ SSO product. SAFaccess extends the standard administrative tools provided by Computer Associates to manage the initial enrollment and storage of biometric information on the SAFserver SQL database. SAFaccess now supports the combination of biometric |
9
| authentication and tokens such as smart cards or proximity cards. One proximity card product supported by SAFaccess is capable of automatically capturing a person’s user name from a distance of up to 12 feet. |
Standalone Workstation Product:
| • | SAFsolution Windows Workstation Edition (“SAFsolution Workstation”)—SAFsolution Workstation provides multi-biometric logon and unlocking of Windows workstations based on Microsoft NT/2000/XP operating systems. SAFsolution Workstation stores the user’s biometric information and Windows password in a hidden encrypted file on the local workstation disk drive. When properly configured, SAFsolution Workstation also logs the user onto the enterprise network using the cached network profile stored in the local disk drive. It is intended to provide a simple and low-cost method of deploying biometric authentication in an enterprise environment without requiring additions or modifications to the network server components. It is also intended to provide a direct upgrade path to the enterprise version of SAFsolution that is fully integrated with Microsoft’s Active Directory Service and Microsoft Management Console for central storage and management of biometric credentials. SAFsolution Workstation has also been qualified to directly interface with the Passlogix SSO product. |
Marketing and Distribution
We use both direct and indirect sales and marketing to market our products and services. Our sales staff focuses on selling our products to end-user customers primarily within the sectors of healthcare, pharmaceuticals, education, government, and financial services in North America. Our business development staff trains and supports our indirect distribution channel partners, who resell our products worldwide.
We market our products to potential customers across a wide range of general business sectors primarily through:
| • | direct sales representatives who contact potential end-user customers through leads generated by our various marketing initiatives; |
| • | distributors who act as middle-men distributing our products to a network of resellers in a specified region (primarily outside of the United States); |
| • | resellers who purchase our products directly from us and sell them to end-user customers in a specified geographic region; |
| • | original equipment manufacturer resellers (hardware manufacturers) who buy our software to resell to customers with their biometric device hardware as a combined or “bundled” product; |
| • | sales agents who act like “manufacturer’s representatives” to introduce our products into key accounts; and |
| • | strategic alliance partners, such as Citrix, Computer Associates, Healthcast, Microsoft, Novell and Passlogix who frequently introduce our products into their customer accounts that need biometric authentication features added to their respective product platforms. |
Our relationships with distributors, resellers, original equipment manufacturer resellers and sales agents are generally formalized in written contracts that address the specific products that can be sold, applicable pricing discounts and the geographic territory within which our products can be sold. Our strategic alliances are with companies that have formal “partner” programs. These companies generally publicize our status as an alliance partner on their web sites and in other publications and forums. Alliance partnerships can provide us with specific benefits such as:
| • | access to key alliance partner technical, marketing and sales personnel; |
10
| • | early access to new versions of the alliance partner’s software so that we can modify our software and release it at the same time that our alliance partner releases its new software version; |
| • | ability to package our products with our alliance partner’s product; and |
| • | participation in joint partner marketing programs such as seminars, trade shows, conferences, and co-op advertising. |
Our marketing goals include identifying potential distributors and resellers of our products, creating awareness of our product offerings, generating leads for follow-on sales and achieving greater order volume by disseminating our products through multiple direct and indirect distribution channels worldwide.
Some of our reseller partners combine our enterprise software with their own biometric technology and sell the combined product through their own sales channels. We also have relationships with international distributors that carry our products and make them available to a broader audience of secondary distributors and resellers within their markets.
Our software products are typically priced on the basis of the number of users that have enrolled their biometric information into the central server database. As the number of users increases, the software license price per user decreases. Resellers purchase our products at a favorable discount for resale at a price that provides an attractive gross margin for the reseller. We believe that this pricing model is competitive and cost-effective for the end-user customer and is attractive to our resellers.
Enterprise Products:
We intend to focus on promoting our enterprise network security products to take advantage of the growing awareness of the importance of protecting enterprise network infrastructures from unauthorized access. We have a team of business development and sales professionals who are located in various regions of the country. They focus their marketing efforts on high profile end-user customers. They also identify, recruit, train and support a network of distributors and resellers. Typically, these resellers are already selling enterprise network products that are based on Citrix, Computer Associates, Microsoft or Novell products, which our products are designed to complement. Our network of resellers often provides a range of additional services to their customers, including network component sales, network consulting, security consulting, systems installation, technical services and network management services.
We also sell our products alongside the sales organizations of our strategic alliance partners. We believe that our products complement theirs and fill a customer need that would not otherwise be met. We strive to leverage the existing sales organizations and reseller networks of these companies to achieve sales of our products at minimum expense. We work closely with each of these strategic alliance partners to support these joint sales efforts.
Standalone Workstation Products:
We intend to offer our SAFsolution Workstation product through biometric technology resellers and volume distributors that want to package this product with biometric technology to create a bundled product for their customers. We intend to market SAFsolution Workstation through the direct and traditional reseller channels as a basic offering. We believe this will provide a set of biometric authentication functions that can be utilized “out of the box” as a first step to deploy biometric authentication within an enterprise setting to create a bundled product for the customer. We believe that SAFsolution Workstation will provide a straightforward upgrade path to the enterprise versions of our products.
11
Technology Partnerships and Licensed Technology
Fifteen technology partners currently supply us with fingerprint-based hardware devices and algorithm software, which are used to capture a fingerprint image. The software that we develop allows our customers to use this fingerprint hardware and algorithm software to gain secure access to computer networks and workstations. Our technology partners’ products are packaged with ours into a single product for sale to our customers. Most of the business relationships with these companies can be characterized as manufacturer-to-reseller agreements. Most of the fingerprint device suppliers that we support have established no-cost software licensing arrangements with us. We are authorized to sell fingerprint readers or software provided by the following companies:
| • | AuthenTec, Inc.—Makes software algorithms and chip-based fingerprint technology sensor components for integration into a variety of form factors by several OEM manufacturers. |
| • | BIO-key International, Inc—Makes software algorithms that support a variety of fingerprint sensor devices. |
| • | Billionton Systems, Inc.—Makes chip-based fingerprint reader devices packaged into a Personal Computer Memory Card (PCMCIA) fingerprint reader for laptop computer applications. |
| • | Dream MIRH Co., Ltd.—Makes chip-based fingerprint reader device packaged into a computer mouse and connected to the desktop computer through a Universal Serial Bus (USB) port. |
| • | Identix, Inc.—Makes software algorithms and optics-based fingerprint reader devices packaged into a standalone fingerprint reader that interfaces through a USB port and a PCMCIA fingerprint reader for laptop computer applications. |
| • | Keysource, Inc.—Makes specialized keyboard products that incorporate various types of fingerprint sensors. |
| • | Lifeview, Inc.—Makes chip-based standalone fingerprint reader devices that are cable-connected to a desktop computer workstation through a Universal Serial Bus (USB) port. |
| • | Precise Biometrics AB—Makes software algorithms and chip-based fingerprint and smart card reader devices that are packaged into a computer keyboard, standalone device, combination fingerprint and smart card reader, PCMCIA fingerprint reader for laptop computer applications. These devices can be connected through USB or parallel interfaces. |
| • | SCM Microsystems, Inc.—Makes chip-based fingerprint reader devices packaged into a PCMCIA configuration for laptop computer users. |
| • | SecuGen Corporation—Makes packaged software algorithms and optics-based fingerprint reader devices that are packaged into a computer keyboard, standalone device, and computer mouse configurations that are connected to a desktop computer workstation through a parallel or USB port. |
| • | ST Microelectronics Group—Makes software algorithms and chip-based fingerprint and smart card reader devices that are packaged into a standalone device, combination fingerprint and smart card reader, and combination SIMM chip and fingerprint reader. These devices are connected to a desktop computer workstation through a USB port. |
| • | Startek Engineering, Inc.—Makes chip-based standalone fingerprint reader devices that are cable-connected to a desktop computer workstation through a USB port. |
| • | Targus Group International—Makes chip-based standalone fingerprint reader devices that are cable-connected to a desktop computer workstation through a USB port and PCMCIA fingerprint readers for laptop computer applications. |
| • | Veridicom, Inc.—Makes software algorithms and chip-based fingerprint and smart card reader devices that are packaged into a standalone device and a combination fingerprint and smart card reader. These devices are connected to a desktop computer workstation through a parallel or USB port. |
12
| • | Zvetco Biometrics, Inc.— Makes chip-based fingerprint reader devices that are packaged into a stand-alone device and computer keyboards. These devices are connected to a desktop workstation through a USB port. |
We also resell iris recognition, voice verification and facial feature recognition software from various companies with which we have licensing arrangements. We bundle our technology partners’ recognition software into our own software products for sale to end-users. These license agreements are with the following companies:
| • | ScanSoft, Inc. (formerly Lernout & Hauspie Speech Products NV)—Makes speaker verification technology for text dependent technology modules that work with a Windows sound card and microphone. |
| • | Identix, Inc. (formerly Visionics Corporation)—Makes face recognition technology for modules that work with a Microsoft Video for Windows compatible desktop videoconferencing camera. |
| • | Iridian Technologies, Inc.—Makes iris recognition technology that supports camera devices manufactured by Panasonic Digital Imaging Co. and Oki Electric Industry Co., Ltd. |
We are not dependent on any of these licensing arrangements. Additionally, the bulk of our business relates to fingerprint technology and those relationships are primarily based on no-cost licensing arrangements.
We buy iris recognition camera hardware from Panasonic Security and Digital Imaging Company for use with the Iridian Technologies licensed software. Panasonic makes a dual-function iris recognition camera that provides iris capture and videoconferencing capability and connects to a desktop computer workstation through a USB port.
We also license our products to two original equipment manufacturer (OEM) companies that package our software with their biometric devices and sell them through their own distribution channel to end-users as a bundled solution. These OEM companies include the following:
| • | Oki Electric Industry Co., Ltd.—Makes a hand-held iris recognition camera that connects to a desktop computer workstation through a USB port. |
| • | SecuGen Corporation—Makes packaged software algorithms and optics-based fingerprint reader devices for standalone, mouse-integrated, and keyboard-integrated configurations that are connected to a desktop computer workstation through a parallel or USB port. |
We are able to provide our customers with a choice of technology by combining the appropriate biometric “plug-in” software module with our API standards-based, application software product framework. The customer may also purchase these plug-in API-compliant modules, and the related biometric device hardware, that will work with our third-party software. Our strategy is to evaluate, qualify, and integrate select biometric technology available from new and current technology vendors. We are in various stages of qualification of additional potential technology partners.
Competition
The markets for our products and solutions are highly competitive and are characterized by rapid technological change. We expect competition to increase as other companies introduce products that are competitively priced, which may have increased performance or functionality or that incorporate technological advances that we have yet developed or implemented. Other companies that have developed software products that utilizing biometric identification technology and are active in the United States include BioconX, Inc.,
13
BioNetrix, Inc., Digital Persona, Identix, Inc. and I/O Software, Inc. Our strategy is to differentiate our products in the marketplace by offering products that:
| • | are competitively priced; |
| • | meet the requirements for large-scale enterprise network implementation; |
| • | are able to use more than one biometric characteristic for identification; |
| • | are open-systems-standards compliant; and |
| • | are scalable as new users are added. |
We expect to continue to face competition from non-biometric technologies such as traditional passwords, token cards, smart cards, and digital certificates. While in some instances we will compete with these technologies, our strategy is to integrate other factors of authentication into our products. For example, “digital certificates” provide a secure method of encrypting messages and accessing services. However, only a password or PIN number often protects the sender’s certificate key. We currently offer SAF products that support smart cards, radio-frequency proximity badges and digital certificates, and we intend to continue to enhance these offerings.
As a non-exclusive licensee of biometric technologies, we could also experience competition from other products and services incorporating the technology that we license. Many of our present and potential competitors have substantially greater financial, marketing and research resources than we do. In order to effectively compete in this environment, we must continually develop and market new and enhanced products at competitive prices, and have the resources to invest in significant research and development activities. We may not be able to make the technological advances necessary to compete successfully. New or existing competitors may develop new technologies or enhancements to existing products or