Exhibit 10.18
NETWORK SERVICES AGREEMENT
THIS NETWORK SERVICES AGREEMENT (this "Agreement") made as of August 1, 2003
(the "Effective Date") by and between StrikeForce Technologies Inc., a
___________ corporation with offices at 0000 Xxxx Xxxxxxx Xxxx Xxxx, Xxxxx 000,
Xxxxxx, Xxx Xxxxxx 00000 ("StrikeForce"), and Panasonic Management Information
Technology Service Company ("PMIT"), Unit of Matsushita Electric Corporation of
America, a Delaware corporation with offices at Xxx Xxxxxxxxx Xxx, Xxxxxxxx, Xxx
Xxxxxx 00000,
WITNESSETH:
WHEREAS, StrikeForce is an Authentication Solution Provider and offers to
its customers, among other technologies, its proprietary X.X.X.X.X.XX system;
WHEREAS, C.O.B.A.S. requires certain networking and telephone equipment and
Internet access to operate properly; and
WHEREAS, PMIT is willing to make available for use by StrikeForce certain
of its networking and telephone equipment and Internet access in order that
StrikeForce may provide its C.O.B.A.S. system to its customers,
NOW, THEREFORE, in consideration of the premises and the mutual covenants
set forth herein, the parties, intending to be legally bound hereby, agree as
follows:
ARTICLE I -SERVICES
1.1 General. PMIT will, during the term of this Agreement, operate a server or
servers (the "Server"), using C.O.B.A.S. software as uploaded by StrikeForce,
for use with Authentication Solutions sold by StrikeForce. The Server shall have
sufficient storage capacity to hold the database(s) containing customer and user
information which will be created by C.O.B.A.S.
1.2 Data Center. PMIT will provide secure data center facilities as described in
Exhibit A hereto. PMIT will construct or expand infrastructure requirements and
support to meet future growth and maintain service levels. The Server equipment
will also be installed in secured racks in order to provide additional physical
security access controls. Specifications for the equipment and software to be
initially used for the purposes set forth herein are also described in Exhibit
A.
1.3 Internet Infrastructure. As described in Exhibit B hereto, PMIT will provide
Internet infrastructure support with multiple carriers.
1.4 Data Security and Backup. As described in Exhibit C attached hereto, PMIT
will utilize in providing the services hereunder the same security policies and
procedures that are standard in the industry to protect client data. Daily
incremental and weekly full backups will be performed nightly and will be stored
offsite if so requested by StrikeForce. Antivirus software (Trend Micro or
equivalent) will be utilized and will be automatically updated with new pattern
versions as they become available.
Page 1
1.5 Service Levels. Based on the priority levels described in Exhibit D hereto,
PMIT and StrikeForce will develop service-level requirements and metrics to
identify key indicators that are focused on the business needs. Service levels
will be determined based on a combination of situations, such as physical
location, adherence to PMIT standards and external vendor response time, as
described in Exhibit D. Service level requirements can be adjusted to meet
StrikeForce's business requirements, but increased service level requirements
may result in an increase in PMIT's charges to StrikeForce.
1.6 System Availability. Access to the Server will be available twenty-four
hours a day, every day of the year, including holidays, except as follows. PMIT
may take down the Server to conduct routine maintenance checks during
established maintenance windows, as agreed to by the parties. All routine
maintenance shall be scheduled at least two weeks in advance and shall occur
outside of normal U.S. business hours. PMIT will exercise commercially
reasonable efforts to minimize the period of such maintenance. If PMIT
determines that emergency maintenance is required during business hours and PMIT
anticipates that the Server will be down for more than five minutes during such
time, PMIT will advise StrikeForce prior to any such maintenance. PMIT will use
commercially reasonable efforts to operate its back-up systems during any
maintenance period in order to limit Server downtime.
1.7 Maintenance and Support. PMIT will provide all maintenance and support
services for the Server necessary to ensure that it functions in accordance with
its specifications. PMIT will designate one Technical Manager to provide a
single point of contact to StrikeForce. The Technical Manager's responsibilities
shall include the management of services levels, provision of advanced technical
support and the coordination all PMIT activities.
ARTICLE II -- STRIKEFORCE'S RESPONSIBILITIES
2.1 Database Reports. StrikeForce shall create one or more reports with
agreed-upon metrics (including, but not limited to, number of authentication
transactions per month) to be run against the C.O.B.A.S. database(s) residing on
the Server. StrikeForce shall give PMIT sufficient user privileges with respect
to such database(s) in order that such reports may be run by PMIT at such times
as it desires.
2.2 Customer Support. StrikeForce shall be responsible for all contact with its
customers, configuration of the C.O.B.A.S. software, enrollment and first level
technical support to customers.
2.3 User Authorizations. StrikeForce shall be responsible for obtaining and
shall obtain, all necessary user consents and authorizations, whether under,
state law, or any other applicable law, regulation, permit, order, award,
injunction, decree or judgment of any governmental entity for PMIT to perform
its obligations under this Agreement, including, but not limited to, any and all
Page 2
authorizations necessary to collect, transmit, maintain, store, use and disclose
data obtained through C.O.B.A.S. StrikeForce shall hold PMIT harmless from and
against any claim, suit or proceeding insofar as it is based on an alleged
failure of StrikeForce to obtain any such consent or authorization.
2.4 Customer Training. StrikeForce shall be solely responsible for training its
customers and authentication providers in the use of the C.O.B.A.S. system.
ARTICLE III -- REPRESENTATIONS AND WARRANTIES
3.1 Freedom to Enter into Agreement. Each of StrikeForce and PMIT represent and
warrant that the execution and delivery of this Agreement, and the rights and
obligations being conferred hereunder, does not or will not (i) conflict with,
or result in the breach of any provision of the certificate of incorporation,
by-laws or other constituent documents of such party, (ii) violate any
applicable law or any permit, order, award, injunction, decree or judgment of
any governmental entity applicable to or binding upon such party or to which any
of such party's properties or assets is subject or (iii) violate, conflict with
or result in the breach or termination of, or otherwise give any other person
the right to terminate, or constitute a default, event of default or an event
that with notice, lapse of time or both, would constitute a default or event of
default under the term of any material instrument, material contract or other
material agreement to which such party is a party.
3.2 Compliance With Laws. PMIT represents and warrants that its operations
relating to the Server, any component thereof and the services to be provided
hereunder, exclusive of those responsibilities assigned to StrikeForce
hereunder, materially comply with all applicable laws, rules, orders,
ordinances, decrees and regulations.
3.3 Malicious Code. PMIT represents and warrants that it will exercise
commercially reasonable efforts to assure that the Server, and each component
thereof (excluding the C.O.B.A.S. software as provided by StrikeForce), does not
contain any virus or any other contaminant, including but not limited to codes,
commands or instructions that may be used to access, alter, delete, damage,
disable, cause disruption of or otherwise interfere with use of the System.
3.4 Services. PMIT represents and warrants that all services hereunder will be
performed in a competent and workmanlike manner in accordance with industry
standards.
3.5 Limitations. THE EXPRESS WARRANTIES SET FORTH HEREIN ARE EXCLUSIVE AND ARE
IN LIEU OF ALL OTHER WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING
WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
Page 3
ARTICLE IV - PRICE; PAYMENT TERMS; RIGHTS OF FIRST REFUSAL AND LAST MATCH
4.1 Price. The price for services provided hereunder by PMIT shall be specific
to the StrikeForce customer involved and shall be detailed in a separate
Customer Schedule to be prepared and executed by the parties with respect to
each such customer.
4.2 Invoicing and Payment Terms. Invoicing procedures for the services provided
hereunder by PMIT shall be specific to the StrikeForce customer involved and
shall be detailed in the Customer Schedule for such customer. Payment terms for
all invoices shall be Net 15 Days.
4.3 Minimum Payment Guarantees. If PMIT's actual xxxxxxxx to StrikeForce for
services rendered with respect to all of StrikeForce's customers during the
first nine (9) months of the term of this Agreement are less than Sixty Thousand
Dollars ($60,000), StrikeForce shall promptly pay the difference to PMIT. If
PMIT's actual xxxxxxxx to StrikeForce [including, for purposes of the first
year, any payment made by StrikeForce to PMIT pursuant to the prior sentence]
for services rendered with respect to all of StrikeForce's customers during each
year of the term of this Agreement are less than One Hundred Thousand Dollars
($100,000), StrikeForce shall promptly pay the difference to PMIT.
4.4 Rights of First Refusal and Last Match. During the term of this Agreement,
for each new customer which StrikeForce takes on, StrikeForce shall offer to
PMIT the opportunity to host the Authentication Solution which StrikeForce will
provide to such customer before StrikeForce offers such opportunity to another
hosting company. StrikeForce and PMIT shall thereupon commence good faith
negotiations concerning the terms and conditions, including pricing, of such
opportunity. If StrikeForce and PMIT are able to reach agreement on such terms
and conditions, a new Customer Schedule will be prepared and executed by the
parties. If StrikeForce and PMIT are unable to reach such an agreement within
thirty (30) days after StrikeForce first advises PMIT of such opportunity,
StrikeForce shall have the right to offer such opportunity to another hosting
company; provided, however, before StrikeForce accepts an offer from another
company with respect to such hosting opportunity, StrikeForce shall first allow
Page 4
PMIT to match the offer of the other company, and if PMIT is willing to match
such offer, StrikeForce shall accept PMIT's offer rather than the offer of the
other company. For purposes of the prior sentence, in evaluating whether an
offer from PMIT matches an offer from another company, both pricing and service
level agreements shall be taken into account. The provisions of this Section 4.4
shall not apply with respect to any customer of StrikeForce who intends to host
the Authentication Solution provided by StrikeForce on server equipment which is
owned or operated by such customer.
ARTICLE V -- CONFIDENTIALITY
Each party hereby agrees to use all reasonable efforts to cause its and its
affiliates' directors, officers, employees, advisors and affiliates to keep the
Confidential Information (as hereinafter defined) confidential, except that any
Confidential Information required by law or legal or administrative process to
be disclosed may be disclosed without violating the provisions of this Article
V, provided that the disclosing party shall give the non-disclosing party prior
notice of any such required disclosure so that the non-disclosing party is able
to seek a protective order or similar relief in respect of such disclosure. For
the purposes hereof, the term "Confidential Information" means, with respect to
each party, any and all information concerning the other party and its
affiliates, furnished to it by the other party or its affiliates,
representatives or agents, or obtained by it in connection with the transactions
contemplated by this Agreement, other than any such information that (i) is
available to the public or becomes available to the public other than as a
result of a breach of this Article V, (ii) is independently developed by the
non-disclosing party without reference to the Confidential Information, (iii) is
already known to the non-disclosing party prior to its disclosure hereunder
other than as a result of a breach of a confidentiality obligation, or (iv) is
obtained from a third party not subject to a confidentiality obligation.
ARTICLE VI --TERM AND TERMINATION
6.1 Unless sooner terminated as set forth below, the term of this Agreement
shall commence as of the Effective Date and shall continue for a period of five
(5) years thereafter (the "Initial Term"). After the Initial Term, this
Agreement shall continue in effect in perpetuity until terminated in accordance
with this Article V. The Initial Term as extended shall constitute the "Term".
6.2 This Agreement shall terminate immediately upon mutual written consent of
PMIT and StrikeForce.
6.3 After the expiration of the Initial Term, either party may terminate this
Agreement without cause upon ninety (90) days' written notice to the other
party.
6.4 StrikeForce may terminate this Agreement without cause at any time during
years 4 and 5 of the Initial Term upon sixty (60) days' written notice to PMIT,
provided that such notice by StrikeForce shall be accompanied by payment of an
early termination fee equal to fifty percent (50%) of PMIT's xxxxxxxx hereunder
to StrikeForce with respect to the twelve (12) month period immediately
preceding the month during which StrikeForce gives such termination notice to
PMIT.
6.5 StrikeForce may terminate this Agreement upon thirty (30) days' written
notice as a result of repeated failures by PMIT to meet the service level
requirements and metrics and other performance parameters set forth in the
exhibits hereto over any six (6) month period.
6.6 If any of the parties is in material breach of any of the provisions of this
Agreement, this Agreement may be terminated by the non-breaching party if the
breach is not remedied within sixty (60) days of receipt of written notification
of such breach by the non-breaching party to the breaching party.
6.7 A party may terminate this Agreement, immediately and at any time, after the
other party becomes subject to voluntary liquidation, winding up or any similar
insolvency proceeding or involuntary proceeding which is not dismissed within
sixty (60) days of the commencement thereof, becomes insolvent, applies for
protection under any bankruptcy, suspension of payments or similar insolvency
laws of any jurisdiction or has a receiver appointed.
6.8 Upon the termination or expiration of this Agreement for any reason, each
party shall promptly return to the other (or, at the other party's instruction,
destroy) all Confidential Information of the other party, and all copies
thereof, and certify its completion of same; provided that each party's legal
counsel may keep one copy of such Confidential Information for its records.
Page 5
6.9 Upon the termination or expiration of this Agreement for any reason, PMIT
will cooperate with StrikeForce during StrikeForce's transition to another
service provider and will work with StrikeForce to minimize any interruptions in
service to StrikeForce's customers.
ARTICLE VII -- INDEMNIFICATION
7.1 StrikeForce hereby agrees to indemnify, defend, and hold harmless PMIT and
its subsidiaries, affiliates, shareholders, directors, employees and agents
(each, a "PMIT Indemnified Party") from and against any and all claims, actions,
liabilities, judgments, losses, costs, fees and expenses (including without
limitation reasonable attorneys' fees) (collectively, "Losses") to the extent
such Losses are incurred in the defense or settlement of a third party lawsuit
or other action (or in satisfaction of a judgment or order arising therefrom),
which lawsuit or other action seeks damages that are attributable or allegedly
attributable to any StrikeForce Authentication Solution that operates on the
Server provided by PMIT hereunder, or StrikeForce's breach of this Agreement,
except to the extent such Losses are directly attributable to gross negligence
or willful misconduct on the part of a PMIT Indemnified Party.
7.2 Subject to the following two sentences, PMIT and each PMIT Indemnified Party
shall (i) provide StrikeForce with prompt written notice of any claim, suit,
demand or other action for which any PMIT Indemnified Party seeks to be
reimbursed, indemnified, defended or held harmless under this Agreement; (ii)
grant StrikeForce full authority and control over the defense and settlement of
any such claim, suit, demand or other action; and (iii) reasonably cooperate
with StrikeForce and its agents in defense of any such claim, suit, demand or
other action. Each PMIT Indemnified Party shall have the right to participate in
the defense of any claim, suit, demand or other action for which such PMIT
Indemnified Party seeks to be reimbursed, indemnified, defended or held harmless
under this Agreement, by using attorneys of its, his or her choice, at its, his
or her own expense. Any proposed settlement of any claim, suit, demand or other
action for which any PMIT Indemnified Party seeks to be reimbursed, indemnified,
defended or held harmless under this Agreement shall be subject to the prior
written approval of all involved PMIT Indemnified Parties, such approval not to
be unreasonably withheld.
7.3 PMIT hereby agrees to indemnify, defend, and hold harmless StrikeForce and
its subsidiaries, affiliates, shareholders, directors, employees and agents
(each, an "StrikeForce Indemnified Party") from and against any and all Losses
to the extent such Losses are incurred in the defense or settlement of a third
party lawsuit or other action (or in satisfaction of a judgment or order arising
therefrom), which lawsuit or other action seeks damages that are attributable or
allegedly attributable to any StrikeForce Authentication Solution that operates
on the Server provided by PMIT hereunder, but only to the extent such Losses are
directly attributable to gross negligence or willful misconduct on the part of a
PMIT Indemnified Party.
7.4 Subject to the following two sentences, StrikeForce and each StrikeForce
Indemnified Party shall (i) provide PMIT with prompt written notice of any
claim, suit, demand or other action for which any StrikeForce Indemnified Party
seeks to be reimbursed, indemnified, defended or held harmless under this
Agreement; (ii) grant PMIT full authority and control over the defense and
settlement of any such claim, suit, demand or other action; and (iii) reasonably
cooperate with PMIT and its agents in defense of any such claim, suit, demand or
other action. Each StrikeForce Indemnified Party shall have the right to
participate in the defense of any claim, suit, demand or other action for which
such StrikeForce Indemnified Party seeks to be reimbursed, indemnified, defended
or held harmless under this Agreement, by using attorneys of its, his or her
Page 6
choice, at its, his or her own expense. Any proposed settlement of any claim,
suit, demand or other action for which any StrikeForce Indemnified Party seeks
to be reimbursed, indemnified, defended or held harmless under this Agreement
shall be subject to the prior written approval of all involved StrikeForce
Indemnified Parties, such approval not to be unreasonably withheld.
ARTICLE VIII -- FORCE MAJEURE
8.1 Performance Excused. Continued performance of any obligation under this
Agreement may be suspended immediately to the extent made impossible by any
event or condition beyond the reasonable control of the party suspending such
performance, including acts of God, fire, labor or trade disturbance, war, civil
commotion, change in laws and regulations, unavailability of materials,
inability to access bank accounts due to the actions of a governmental entity or
other such event or condition whether similar or dissimilar to the foregoing (a
"Force Majeure Event").
8.2 Notice. The party claiming suspension due to a Force Majeure Event will give
prompt notice to the other party of the occurrence of the Force Majeure Event
giving rise to the suspension and of its nature and anticipated duration.
8.3 Cooperation. The parties shall cooperate with each other to find alternative
means and methods for the provision of the suspended services and Server. The
party subject to the Force Majeure Event shall use commercially reasonable
efforts to minimize the impact of the Force Majeure Event, but in any event
efforts at least as great as it uses for its own operations separate from this
Agreement.
ARTICLE IX -- DISPUTES
The parties hereby agree that all controversies or claims arising out of or
relating to this Agreement or the interpretation, performance, breach,
termination or validity thereof shall be referred to senior executives of
StrikeForce and PMIT. If these individuals are unable to agree upon a resolution
within sixty (60) days after referral of the matter to them, then each party
shall be free to pursue all remedies available to it.
ARTICLE X -- MISCELLANEOUS
10.1 Notices. All notices, requests, demands and other communications made in
connection with this Agreement shall be in writing and shall be deemed to have
been duly given on the date delivered, if delivered personally, by reputable
overnight delivery service that requires a signature on delivery or sent by
facsimile machine with telephonic confirmation of receipt to the persons
identified below, or three days after mailing in the US Mail if mailed by
certified or registered mail, postage prepaid, return receipt requested,
addressed as follows:
Page 7
If to PMIT, to:
Panasonic Management Information Technology Service Company
Xxx Xxxxxxxxx Xxx
Xxxxxxxx, Xxx Xxxxxx 00000
Facsimile No.: (000) 000-0000
Attention: President
With a copy to:
Matsushita Electric Corporation of America
Xxx Xxxxxxxxx Xxx
Xxxxxxxx, Xxx Xxxxxx 00000
Facsimile No.: (000) 000-0000
Attention: General Counsel
If to StrikeForce, to:
StrikeForce Technologies, Inc.
0000 Xxxx Xxxxxxx Xxxx Xxxx, Xxxxx 000
Xxxxxx, Xxx Xxxxxx 00000
Facsimile No.: (000) 000-0000
Attention: Chief Executive Officer
or to such other address of which such party has provided notice in accordance
with the provisions of this Section 10.1
10.2 Assignment. Except as permitted under this Agreement, (a) any of the
rights, interests and obligations created herein shall not be transferred or
assigned to any third party and such rights and interests shall not inure to the
benefit of any other person, including any trustee in bankruptcy, receiver or
other successor of either of the parties, whether by operation of law,
sub-license, transfer of the assets, merger, liquidation or otherwise, without
the prior written consent of the other party, and (b) any purported or actual
transfer or assignment of any such rights, interests or obligations without the
prior written consent of the other party is and shall be null and void ab
initio; provided, however, that either of the parties may, without the consent
of the other party, assign its respective rights and obligations under this
Agreement to a successor company of such party as the result of a corporate
reorganization or to a majority-owned affiliate of such party.
10.3 Counterparts. This Agreement may be executed in two or more counterparts,
each of which shall be deemed to be an original, but all of which together shall
constitute one agreement binding on the parties hereto, notwithstanding that all
parties are not signatories to the original or the same counterpart.
Page 8
10.4 Governing Law. This Agreement shall be governed by, and construed in
accordance with, the laws of the State of New York without giving effect to the
conflicts of law principles thereof.
10.5 Relationship of Parties. This Agreement does not create a fiduciary
relationship, partnership, joint venture or relationship of trust or agency
between the parties.
10.6 Compliance with Laws. The parties shall use all reasonable efforts to
comply fully with all applicable laws.
10.7 Survival. The parties agree that Articles V, VII, IX and X will survive
indefinitely the termination of this Agreement.
10.8 Limitation of Liability. In no event shall either party be liable for any
special, incidental, indirect or consequential damages, even if such party shall
have been advised of the possibility of such damages.
10.9 Additional Remedies. In addition to any other remedies set forth in this
Agreement, the remedies for any breach of any of the provisions of this
Agreement may include damages and injunctive relief.
IN WITNESS WHEREOF, duly authorized representative of StrikeForce and PMIT have
executed this Agreement as of the date first set forth above.
Panasonic Management Information
Technology Service Company, Unit of
Matsushita Electric Corporation of America StrikeForce Technologies, Inc.
By: By: /s/ Xxxx X. Xxx
--------------------------------- -------------------------------
Printed Name: Printed Name: Xxxx X. Xxx
------------------------ ----------------------
Title: Title: CEO
------------------------------- ----------------------------
Date: Date:
------------------------------- -----------------------------
Page 9
Exhibit A
The electrical power in the data center offers two types of power protection to
computer equipment: power surge protection and uninterruptible power supply
systems (UPS).
o The surge protection maintains a constant power flow going to the
computer and avoids electrical spikes that could potentially harm the
system. The second component is to prevent a computer from crashing if
the power at the utility company fails.
o UPS is configured with line-interactive, and constantly monitors the
integrity of the utility power, increasing or reducing voltage and
automatically switches to battery power if the deviation becomes too
great.
o In the event a power failure occurs, the UPS switches directions and
converts the battery DC power to AC and signals the generator to start
and switches to generator within 5 minutes.
o In addition, the UPS contains a full redundant set of batteries and
has the capability to sustain full power for approximately one hour.
Power faults are automatically switched to the generator which is
capable of sustaining power for 24 hours on a single fuel tank, but
becomes unlimited with refueling.
o UPS and Generator maintenance are performed monthly to assure
functionality and availability.
o Power Distribution Units (PDU's) are strategically located in the data
center to accommodate power sources from different PDU's to support
the equipment that supports N+1 power supplies. This ensures the
proper distributed of electrical power distribution.
The data center is protected against fire by a Halon system, which offers
physical protection in the event of a fire by extinguishing the fire without
destroying the data. The data center has water sensors installed throughout the
perimeter of the outside walls and around A/C units to signal if water is
present below the raised floor.
Physical security to the data center is monitored by PMIT employees and with
security cameras located throughout the data center. Access is limited to
authorized and approved employees with proper card key access.
PMIT's data center is located at: Xxx Xxxxxxxxx Xxx, Xxxxxxxx, XX.
Server Specifications
PMIT will maintain the Server infrastructure (as defined in Exhibit B - Figure
1) necessary to satisfy the service level agreement specified in Exhibit D. PMIT
will take reasonable measures to expand the Server infrastructure and internet
bandwidth as needed to satisfy sustained growth in transaction activity.
Page 10
Server Specifications - continued
There are four functional units in the COBAS ASP server environment.
1) SQL Database
2) COBAS Authentication Servers
3) COBAS Agent servers
4) COBAS Management console
1) SQL Database
Microsoft SQL Server 2000 databases provide the data repository for all COBAS
authentication information. The server platform is implemented in a multi-server
cluster using the Microsoft SQL Server 2000 cluster blueprint.
Overall:
--------------------------- -----------------------------------------------------------------------
Servers: 2 (or more)
--------------------------- -----------------------------------------------------------------------
Technology: Intel Pentium 4 or better
--------------------------- -----------------------------------------------------------------------
OS: Microsoft Windows 2000 Advanced Server w/Service Pack 3 or later
--------------------------- -----------------------------------------------------------------------
Database: Microsoft SQL Server 2000
--------------------------- -----------------------------------------------------------------------
Additional: Network hardware to support Microsoft SQL Cluster configuration
--------------------------- -----------------------------------------------------------------------
Disk Storage:
---------------------------- ----------------------------------------------------------------------
Organization: RAID 1+0
---------------------------- ----------------------------------------------------------------------
Controllers: Dual redundant
---------------------------- ----------------------------------------------------------------------
Server Interfaces: 2 per server (per Microsoft SQL Cluster specification)
---------------------------- ----------------------------------------------------------------------
Capacity: 80 GB minimum expandable to 1 TB minimum
---------------------------- ----------------------------------------------------------------------
Per server:
--------------------------- -----------------------------------------------------------------------
CPUs: 2 (or more) Pentium 4 or better
--------------------------- -----------------------------------------------------------------------
CPU Speed: 1 GHz minimum
--------------------------- -----------------------------------------------------------------------
RAM: 2 GB
--------------------------- -----------------------------------------------------------------------
OS: Microsoft Windows 2000 Advanced Server w/Service Pack 3 or later
--------------------------- -----------------------------------------------------------------------
Boot Storage: dual mirrored boot drives
--------------------------- -----------------------------------------------------------------------
Storage interfaces: 2
--------------------------- -----------------------------------------------------------------------
Network Interfaces: 3 @ 1Gb Ethernet (2 if backups are via main network)
--------------------------- -----------------------------------------------------------------------
Monitoring: Hardware / firmware / software supporting "lights out" 24x7 operation
--------------------------- -----------------------------------------------------------------------
Page 11
2) COBAS Authentication Servers
The COBAS Authentication Servers operate independently in a load-balanced
configuration. Each authentication server has 1 or 2 "T1" telephony interfaces
for placing calls to authenticate users. Servers can support 1 or 2 telephony
cards as needed for handling authentication traffic.
Per server:
--------------------------- ----------------------------------------------------------------------------
PCI Slots: One 5 volt PCI slot for each Telephony Interface
--------------------------- ----------------------------------------------------------------------------
CPUs: 1 (or more) Pentium 4 or better
--------------------------- ----------------------------------------------------------------------------
CPU Speed: 1 GHz minimum
--------------------------- ----------------------------------------------------------------------------
RAM: 2 GB
--------------------------- ----------------------------------------------------------------------------
OS: Microsoft Windows 2000 Server w/Service Pack 4 or later
--------------------------- ----------------------------------------------------------------------------
Telephony Interface: Intel Dialogics Voice Processor, /T1 interface for 5 Volt PCI backplane slot
--------------------------- ----------------------------------------------------------------------------
Boot Storage: dual mirrored boot drives
--------------------------- ----------------------------------------------------------------------------
Storage interfaces: As needed per site configuration
--------------------------- ----------------------------------------------------------------------------
Network Interfaces: 3 @ 1Gb Ethernet (2 if backups are via main network)
--------------------------- ----------------------------------------------------------------------------
Monitoring: Hardware / firmware / software supporting "lights out" 24x7 operation
--------------------------- ----------------------------------------------------------------------------
3) COBAS Agent servers
COBAS Agent Servers are standard web servers running Microsoft IIS. Each server
operates independently in a load-balanced "farm" configuration.
Per server:
--------------------------- ----------------------------------------------------------------------------
CPUs: 2 (or more) Pentium 4 or better
--------------------------- ----------------------------------------------------------------------------
CPU Speed: 1 GHz minimum
--------------------------- ----------------------------------------------------------------------------
RAM: 768 MB minimum
--------------------------- ----------------------------------------------------------------------------
OS: Microsoft Windows 2000 Server w/Service Pack 4 or later
--------------------------- ----------------------------------------------------------------------------
Web server: Microsoft Internet Information Server Version 5 with SMTP
--------------------------- ----------------------------------------------------------------------------
COM+ User "MTSuser" created with access rights in the local web sandbox
--------------------------- ----------------------------------------------------------------------------
Boot Storage: dual mirrored boot drives
--------------------------- ----------------------------------------------------------------------------
Storage interfaces: As needed per site configuration
--------------------------- ----------------------------------------------------------------------------
Network Interfaces 3 @ 1Gb Ethernet (2 if backups are via main network)
--------------------------- ----------------------------------------------------------------------------
Monitoring: Hardware / firmware / software supporting "lights out" 24x7 operation
--------------------------- ----------------------------------------------------------------------------
4) COBAS Management console
The COBAS Management console server is a single computer in the target
environment that can communicate with all other COBAS servers. The management
server monitors the other servers, performs report generation, and can assist in
alert generation.
Single server:
--------------------------- ----------------------------------------------------------------------------
CPUs: 1 (or more) Pentium 4 or better
--------------------------- ----------------------------------------------------------------------------
CPU Speed: 1 GHz minimum
--------------------------- ----------------------------------------------------------------------------
RAM: 768MB minimum
--------------------------- ----------------------------------------------------------------------------
OS: Microsoft Windows 2000 Server w/Service Pack 4 or later
--------------------------- ----------------------------------------------------------------------------
Boot Storage: dual mirrored boot drives
--------------------------- ----------------------------------------------------------------------------
Storage interfaces: As needed per site configuration
--------------------------- ----------------------------------------------------------------------------
Network Interfaces 3 @ 1Gb Ethernet (2 if backups are via main network)
--------------------------- ----------------------------------------------------------------------------
Monitoring: Hardware / firmware / software supporting "lights out" 24x7 operation
--------------------------- ----------------------------------------------------------------------------
Page 12
Exhibit B
PMIT's Internet infrastructure provides redundancy, load balancing, and multiple
access points to the Internet, eliminating single points of failure without
compromising performance:
o Internet access is supplied by different carriers.
o PMIT will provide 1.5 MB of internet bandwidth.
o Redundant switches, routers and firewalls are used to provide Web
services activities.
o Dialup services are supplied by multiple PRIs through the Panasonic's
Public Branch Exchange (PBX)."
StrikeForce data under this Agreement is configured in its own Internet (DMZ)
segment and it is physically and logically separated from the Panasonic
infrastructure.
Figure 1
[Diagram to be inserted prior to signing]
Page 13
PMIT "SERVER" INFRASTRUCTURE DIAGRAM FOR C.O.B.A.S AUTHENTICATION SERVICES
[OBJECT OMITTED]
Page 14
Exhibit C
Security and Backup
PMIT will establish network security policies and procedures
appropriate to the protection and backup of sensitive information and
will be responsible for securing access to the application servers and
for appropriate backup of the Server and of StrikeForce data, and will
review the same with StrikeForce. Such backup and security measures
will include:
a) PMIT continuing to execute daily incremental and weekly full
backups of all databases and all software modifications and
updates for the purpose of creating backup copies for disaster
recovery or other purposes. In the event that the parties agree a
disaster has occurred (e.g., in the event the Server crashes),
PMIT will provide point-in-time recovery to the last PMIT backup
as soon as practicable after the disaster is declared.
b) Hosting StrikeForce data on a Server with controlled, monitored
and tracked access and with the current security patches and
anti-virus protections installed and operating to minimize
unauthorized access to the information residing on such servers.
c) Creation and enforcement of firewall performance standards and
firewall rules that restrict access to the Server and StrikeForce
data consistent with the standards and rules that Panasonic
implements for its own highly sensitive data.
PMIT shall notify StrikeForce promptly of detected security breaches or
any known compromises of data.
Page 15
Exhibit D
Service-Level Agreement: This service level agreement sets out the contracted
measures that PMIT will use to accomplish StrikeForce's key objectives. This
agreement establishes PMIT's and StrikeForce's expectations, describes the
services delivered, identifies contacts for end-user-problems, and specifies
metrics by which the effectiveness of PMIT service activities, functions and
processes will be measured and controlled.
Service-Level Management: PMIT will, on an ongoing process, maintain a high
quality of service, to ensure that service-level performance meets StrikeForce's
needs, through continuous improvement of service activities, functions and
processes.
Overview
PMIT's service-level responsibility is based on required human and system
resources, network performance, and the standards, policies, procedures and
management practices that must be followed.
StrikeForce agrees to identify additional service-level requirements, processes,
and or standard procedures that need to be followed.
PMIT agrees to meet the service-levels as listed in this Appendix D1. Additional
requirements, not included in this agreement, may result in a higher cost to
StrikeForce. Additional requirements will be evaluated on a per request basis.
PMIT will provide call back services to StrikeForce's customers within the
United States and Canada sufficient to meet the service requirements of this
Agreement.
Infrastructure Availability
PMIT Server infrastructure will include redundant firewalls, redundant access
points, and includes primary Server, backup Server and test Server configured
with Raid-5 configuration. In addition, disk images of the production Server
will be stored in a secure locked cabinet.
Network Availability 99.00%
PMIT agrees that the Server(s) and network will be available 99.00% of the time,
24 hours per day, Sunday through Saturday, excluding scheduled maintenance.
Performance
PMIT agrees that Packet Loss to the PMIT router will be no greater than 1%
within the U.S.
For Internet access that PMIT maintains and controls, it guarantees that, on the
average, the Internet response time will be equal to or less than 85
milliseconds for round-trip transmission (for a 100-Byte ping packet) to PMIT's
Router within the U.S.
Database will have a response time of less than 120 milliseconds.
For Internet access that PMIT maintains and controls - Internet response time
will be less than 2 seconds (with "response time" defined as the time it takes
for all characters to appear on the end-user's screen following the initial
inquiry).
Security
PMIT agrees to house Servers in secure cabinets where a PIN or other security
method is used to restrict physical access.
Page 16
Quality
PMIT will examine measured results for problem determination and root-cause
analysis and take appropriate action to correct failed activities, functions and
processes.
PMIT will measure service activity results against defined service levels
PMIT agrees to continuously review and improve processes to improve
availability, system performance and customer satisfaction.
StrikeForce agrees to educate and or train its customers on issues where the
root cause was determined to be related to the customer and or customer's
operations.
Change Management
Changes and upgrades will be tracked using PMIT's change management processes.
StrikeForce must approve any non-emergency changes that may result in a customer
outage prior to implementation. All changes must be successfully applied and
back out procedures tested, on the test server and backup server prior to
implementing on the production server. No changes will be made to the Server
Software provided by StrikeForce to PMIT without the prior written consent of
StrikeForce, such consent not to be unreasonably withheld.
Problem Management
All problems reported to PMIT will be recorded and updated on the PMIT Call
Management System. Call management guidelines as described in "Appendix D" will
be followed.
PMIT will manage network related problems and work with 3rd party voice and data
network providers to resolve and escalate network problems.
All PMIT Technical resources will escalate failures to PMIT Management within
two (2) hours if failure remains unresolved or no work-around has been
identified.
Critical Component Failure Analysis
All Priority 1, Critical Components Failures will be escalated to StrikeForce
and PMIT management immediately. Based on the situation the best and quickest
plan of recovery will be implemented.
Contingency Planning
In the event of a major disaster, PMIT will set in motion the best recovery plan
to assure quick recovery. Safety measures were taken to assure that systems can
be quickly recovered at the Secaucus facility.
Infrastructure at a second facility is not included in this Agreement.
Service Hours
PMIT will support the infrastructure 7x24x365, with onsite support from 7:00am
to 7:00pm Monday through Friday.
Page 17
Appendix D1
As soon as PMIT becomes aware of a possible malfunction of its Server and/or
network components supplied by PMIT, not caused by a failure of third party
telecommunication services, PMIT will respond according to the priority of the
problem as described below. All trouble reports will be categorized in three
different priority levels:
A. Priority 1 - Critical Problems: PMIT's Server is experiencing problems
that cause it to stop completely, significantly impair the Server's
functionality or can lead to data corruption. PMIT will begin
diagnostic and corrective action immediately after it is notified or
otherwise becomes aware of a critical problem and will work
continuously (i.e., 24 hours a day, seven days a week) on a best-
efforts basis to restore the Server to operation through work-arounds
or resolution of the problem. PMIT shall notify StrikeForce
immediately by telephone of any critical problem and thereafter shall
give status reports at such intervals as the parties determine
appropriate and continue to work on trouble around the clock until the
problem has been corrected. PMIT's support desk will advise technical
resources within 15 minutes after the support desk is notified and a
technical resource will begin diagnostics and take corrective actions
within one hour. All Priority 1 problems automatically escalate to
StrikeForce management within 15 minutes after they are logged in the
call management system.
B. Priority 2 - High Impact: The Server is experiencing problems that
cause a major function or feature to fail to operate and no reasonable
(i.e., low resource-consuming and inexpensive) work-around is
available. PMIT will begin diagnostic and corrective action
immediately after it is notified or otherwise becomes aware of a high
impact problem and will dedicate appropriate resources continuously
during daytime hours (including weekends) to resolve it. PMIT shall
notify StrikeForce immediately by telephone of any high impact problem
and thereafter shall give status reports at such intervals as the
parties determine appropriate and continue to work on trouble during
working hours until it is resolved. PMIT Support Desk will advise
technical resources within 30 minutes after the support desk is
notified and a technical resource will begin diagnostics and take
corrective action within two hours. PMIT resources will continue to
work on the problem during normal business hours of 7:00AM to 7:00PM.
All priority 2 problems automatically escalate to StrikeForce
management within 1 hour after they have been logged in the call
management system.
C. Priority 3 - Low Impact Problems: The Server is experiencing problems
that cause minor features to fail or operate, or cause minor delays,
and a reasonable work-around is available. These problems may limit
the usefulness of an effective part of the Server, but do not limit
the usefulness of the entire Server. PMIT must begin diagnostics and
corrective action immediately after it is notified or otherwise
becomes aware of a low impact problem and use commercially reasonable
efforts to resolve the problem promptly. Status reports shall be given
to StrikeForce at least once every weekday, or otherwise agreed by the
parties. PMIT's support desk will advise technical resources within 1
hour and a technical resource will begin diagnostics and take
corrective action within 24 hours. All priority 3 problems are
escalated to StrikeForce management within 8 hours after they are
logged in the call management system.
In the event PMIT identifies a failure related to the StrikeForce COBAS
Software: application files, data files, data base structure or data base
content, PMIT will take appropriate steps to notify StrikeForce of such
failures, prioritizing the failures in accordance with the above reference
hereto as Appendix D1.
Page 18
