The question we get asked most about our Paris Server, right after "How does it work?" and "How much does it cost?", is "What about security?" Punch Networks has been in business developing and licensing web and Internet based file management technologies and services since 1995. Our company has been built on the ability to not only keep our customers files accessible and up to date, but to provide these services in a manner which is ultra-secure and private - guaranteeing the absolute privacy and confidentiality of our customers' files. We believe this is one of the many reasons why our Paris Server and Paris Applications (Punch WebGroups and Punch WebDrive) are selected more than any other Internet-enabled Platform for storage and collaboration on sensitive legal and accounting files, where maintaining terms of client confidentiality and document integrity is not only important, but also required by law. Whenever evaluating a vendor for the handling of your private and confidential files there are several aspects of security you should be concerned about:

1. Security in Transit - Is the data protected from interception?
2. Physical File handling - How is the data stored on the central server computers and can it be accessed or misappropriated if someone gains access to the servers?
3. Security and Reliability of the Data Center systems - What precautions have been taken and what procedures are in place to protect the server computers from electronic forms of attack?
4. Physical Data Center Security - Who has access to the server computers? How is access regulated and monitored?
5. Disaster Preparedness - How does the company recover the service and customer files in the event of a catastrophic loss of the data centers?

The following sections describe the general security architecture for our Punch Paris-based Secure Internet File Storage services which we operate for our Retail, Corporate and OEM customers in our datacenter(s).

Security in Transit - 100% encrypted communications
At the Transit or communications layer all Paris SDKs, APIs and Paris Applications use the Secure Hyper Text Transport Protocol ("HTTPS"), which relies upon either 56 or 128 bit Secure Sockets Layer ("SSL") encryption, using the RC4 encryption algorithm. For all of Punch Networks products, including managed services and retail products, we do not allow any non-SSL communications. What this means is that it would be extremely difficult for someone or some machine to eavesdrop or record the communications between your web browser and our servers and to discover any intelligible or meaningful data.

Patented Secure File Handling Procedures
Punch Networks has received five patents on the steps involved in handling files securely at the data storage level inour Paris Server. These steps occur at the application layer before any data is written to disks on our servers.

1. When a customer uploads a file, either the server or the client goes through a process of deterministically or arbitrarily delimiting the file into several (1 + n) absolutely uniquely named sub-files, then
2. Encrypts said sub files with a 256 bit SHA algorithm based upon the owner/manager 's authentication credentials, then
3. Encrypted sub files are written arbitrarily across the storage arrays in our data center, then
4. Meta-data pointers are then committed to our database, which associate these encrypted sub files to a specific version of the specific original file being stored.
5. When a new version of a specific file is uploaded, our server goes through the same process described in step 1, deterministically or arbitrarily delimiting the file into several (1 + n) absolutely uniquely named sub-files, then
6. The Server compares n sub files of all previous versions to the sub files generated in step 5 to eliminate storage of any redundant data.

Network Security and Availability
Protecting our data-center from malicious and non-malicious electronic attacks is an extremely important aspect of keeping the Paris Server reliably available. Throughout multiple layers of "best-of-class" hardware and software firewalls and various network and sub-network topologies we run traffic analysis, monitoring, and intrusion detection systems (software and hardware) to ensure that our servers can be available at anytime.

Physical Security of our Data-center
Our primary servers are located at InterNAP's state-of-the-art colocation center at Fisher Plaza in Seattle. This data center has access to redundant wired, wireless, and satellite telecommunications channels, seven redundant fiber providers, and more than 6 MW of emergency generators. Physical access to the data center can only be gained by passing through multiple layers of authentication mechanisms, including card keys, combination locks, biometrics based palm readers, and closed-circuit video surveillance. In addition to our primary data center facilities, we have relationships in place with major telecommunications carriers and Internet service providers that allow us to offer our customers local data center presence and hosting facilities in most major cities around the world.

Disaster Planning and Recovery
To be prepared for any unexpected naturally occurring or human initiated disasters that could involve our data center facilities, we conduct a full backup of our entire server farm and all of our storage arrays on a weekly basis, with incremental backup snapshots taken periodically at least once every 24 hours. Our backup media is then permanently archived off site in a depository vault at major commercial financial institution. We also perform regular disaster preparedness drills, simulations, and data center recovery exercises, to be confident that in the unlikely event of a catastrophic failure of any kind, we could restore service for our customers and partners as quickly as possible.