ASSET PURCHASE AND SALE AGREEMENT
KNOW ALL MEN BY THESE PRESENTS:
This Asset Purchase and Sale Agreement (the “Agreement”) is made and entered into as of 26th day of June 2008 (the “Effective Date”) by and between:
Bastion Payment Systems Corporation (“Bastion”), a corporation duly organized and existing under and by virtue of the laws of the Philippines, with principal place of business at 9th Floor, Don Chua Lamko Building, H.V. dela Costa corner Leviste Streets, Salcedo Village, Makati City, Philippines 1227, represented in this act by Wilfred G. Tan, Chief Executive Officer, who has been duly authorized to sign this agreement for and in behalf of Bastion
- and -
MobiClear, Inc. (“MobiClear”), a corporation duly organized and existing under and virtue of the laws of Pennsylvania with a registered office at 1515 Market Street, Suite 1210, Philadelphia, Pennsylvania, United States of America 19102, represented in this act by Stephen P. Cutler, Chief Executive Officer, who has been duly authorized to sign this agreement for and in behalf of MobiClear.
WITNESSETH: That
WHEREAS, Bastion is the owner of Software as (defined below) and wishes to expand the market of its information security software product;
WHEREAS, MobiClear recognizes the value of the Software to enhance its own security systems in support of its own products;
WHEREAS, MobiClear desires to purchase, and Bastion desires to sell the Software as set forth in Exhibit A attached hereto and forms an integral part hereof (the “Software” or “Products”) in accordance with the terms and conditions of this Agreement;
NOW, THEREFORE, in consideration of the mutual covenants set forth herein, Bastion and MobiClear hereby agree as follows:
|
I.
|
DEFINITIONS
1.1 In this Agreement, the following words and expressions shall, unless the context otherwise requires have the following meanings:
|
|
(a)
|
SOFTWARE or PRODUCTS shall mean the Version 1.0, inclusive of all earlier versions, of the three (3) software or products as identified by Bastion and described in Exhibits A and A-1 attached hereto and made an integral part hereof.
|
|
(b)
|
DOCUMENTATION shall mean related materials including source code and working prototypes pertaining to the Software which are furnished by Bastion to MobiClear as described in Exhibit A-1 attached hereto and made an integral part hereof.
|
|
(c)
|
TECHNOLOGY shall mean the Software and/or Products together with the Documentation.
|
|
(d)
|
SUPPORT SERVICES shall mean all maintenance and service activities of Bastion in relation to the sale as outlined in Exhibit B attached hereto and made an integral part hereof.
|
|
(e)
|
END-USER shall mean user of the Software other than Bastion.
|
II.
|
EXHIBITS
|
2.1
|
The following Exhibits are attached and made an integral part of this Agreement:
|
Exhibit A
|
Software Products
|
Exhibit A-1
|
Documentation
|
Exhibit B
|
Software Maintenance Support Service Agreement
|
III.
|
PURCHASE AND SALE
3.1 MobiClear shall purchase the Technology and all rights pertaining to the Technology from Bastion in exchange for the consideration as set forth in Section 4.1 herein.
|
IV.
|
PURCHASE PRICE AND PAYMENT METHOD
4.1 Purchase Price. In consideration for the purchase of the Technology by MobiClear, MobiClear shall pay Bastion, or its designated nominee, FIVE MILLION (5,000,000) shares of MobiClear’s common stock (hereinafter referred to as “the Shares”). Bastion and MobiClear acknowledge and agree that MobiClear’s board of directors has approved a 250 to one reverse split of MobiClear’s common stock, anticipated to be effective in July, 2008, and that the 5,000,000 Shares to be issued pursuant to this Agreement are intended to be post-reverse split shares.
4.2 Payment Method. Within five (5) working days from the effective date of the 250 to one reverse split of MobiClear’s common stock, MobiClear shall cause the issuance of the Shares to Bastion. MobiClear shall take all actions necessary to legally effect such issuance of the Shares. Failure to deliver the Shares within the time specified herein shall allow Bastion to terminate this Agreement. In the event that the reverse split does not occur prior to August 30, 2008, MobiClear shall issue to Bastion the appropriate number of pre-reverse split shares.
4.3 Taxes. All payments by MobiClear under this Agreement shall be made without deduction for or on account of any tax. If MobiClear is compelled to withhold any tax, MobiClear shall provide Bastion receipt or certification from the taxing authority in order for Bastion to claim tax credit.
|
V.
|
ADDITIONAL COVENANTS & AGREEMENTS OF THE PARTIES
5.1 In order to understand, maintain and support the Products, Bastion agrees that for a period of six (6) months after the Effective Date of this Agreement, it will be available to provide support services to MobiClear in direct relation to the Products sold. MobiClear shall be responsible for such reasonable costs and expenses that may be associated with the services, in accordance with Exhibit B attached hereto and made and integral part hereof.
5.2 MobiClear expressly acknowledges that the Products are being sold by Bastion to MobiClear, and that MobiClear is accepting the purchase as-is and with all faults, and without any representations and warranties of any nature whatsoever, including any warranties of merchantability or fitness for a particular purpose, except as expressly stated in this Agreement. Except as otherwise stated herein, MobiClear shall not assume or be bound by or otherwise be responsible for any duties, responsibilities, obligations or Liabilities1 of Bastion of any kind or nature, known, unknown, contingent or otherwise, including, but not limited to, any Liabilities of Bastion arising out of Bastion’s ownership and operation of the Technology prior to the execution of this Agreement. All such duties, responsibilities, obligations or Liabilities incurred prior to the execution of this Agreement shall be retained by the Bastion.
5.3 The confidentiality, indemnification, and the additional covenants as set forth in Sections 5, 6 and 7 shall survive this Agreement.
|
VI.
|
CONFIDENTIALITY & NON-COMPETE
6.1 Each of the Parties acknowledges and agrees that the Technology is confidential and proprietary and that substantial harm may result from the disclosure thereof. The Parties further acknowledge and agree that no Party shall disclose the Technology and all other information related to the Technology not generally known to the public to any other party, unless and until a specific order or other decree has been issued by a court of competent jurisdiction.
6.2 Upon consummation of this Agreement, Bastion, its officers, directors, affiliates and agents shall not compete directly or indirectly with MobiClear in the sales or supply of any products or services based on or directly or indirectly relating to the Technology for a duration of three (3) years after the Effective Date of this Agreement.
6.3 Notwithstanding any contrary provision herein, the parties each acknowledge that in view of the uniqueness of the transactions contemplated by this Agreement, each Party would not have adequate remedy at law for money damages in the event that this Agreement has not been performed in accordance with the terms, and therefore each Party agrees that the other Party shall be entitled to specific enforcement of the terms hereof in addition to any other remedy to which it may be entitled, at law or in equity. All rights and remedies existing under this Agreement are cumulative to, and not exclusive of, any rights or remedies otherwise available.
_________________________
1 “Liability” shall mean any direct or indirect indebtedness, liability, assessment, claim, loss, damage, deficiency, obligation or responsibility, fixed or unfixed, liquidated or unliquidated, secured or unsecured, accrued, absolute, actual or potential, contingent or otherwise (including any liability under any guaranties, letters of credit, performance credits or with respect to insurance loss accruals).
6.2 Bastion acknowledges that MobiClear may be required to disclose the terms of this transaction in accordance with the rules of the United States Securities and Exchange Commission (“SEC Rules”). MobiClear shall provide Bastion with an opportunity to review and comment on any such proposed disclosure, but MobiClear shall have the sole and absolute discretion to determine the form and content of the disclosure required to comply with the SEC Rules.
|
VII.
|
INDEMNIFICATION
7.1 Each party shall defend, indemnify, and hold harmless the other from any and all claims, demands, costs, expenses, obligations, damages, or causes of action of any nature, including reasonable attorney’s fees and costs, arising directly or indirectly from (a) the sale of the products; (b) the production, reproduction, sale and distribution of the products, or any material comprising the Products.
VIII. REPRESENTATION & WARRANTIES
|
8.1
|
Each party represents and warrants that:
|
|
(a)
|
It can enter into this Agreement and that this Agreement does not contravene or violate any agreement that it has entered into with other third parties.
|
|
(b)
|
This Agreement constitutes its duly authorized, legal, valid, binding and enforceable obligations.
|
|
(c)
|
It will not assign this Agreement, either in whole or in part, unless the other Party agrees to such assignment in writing.
|
|
(d)
|
The performance of its obligations under this Agreement will not constitute or result in breach of its Articles of Incorporation, By-Laws or the provisions of any material contract to which it is a party or by which it is bound; or result in the violation of any law, regulations, judgment, decree, or government order applicable to it.
|
|
(e)
|
All approvals and authorization required for the execution, delivery, performance and consummation of this Agreement and the transactions contemplated hereunder have been obtained.
|
|
(f)
|
The person signing this Agreement is duly authorized and that the other party may verify proof of such authority to its satisfaction.
|
8.2
|
Bastion represents and warrants to MobiClear as follows:
|
|
(a)
|
Ownership; No Pending Litigation or Proceedings. Bastion warrants and represents that to the best of its knowledge it owns or has exclusive rights to the Technology, that it is free to enter into this Agreement, and that there are no actions, suits, investigations or proceedings pending against or, to Bastion’ knowledge, threatened against or affecting any of the Technology or that question the validity of this Agreement or any action taken or to be taken by the Bastion in connection with the consummation of the Agreement before any court or arbitrator or governmental bodies. There are currently no outstanding judgments, decrees, settlement agreements
or orders of any court or governmental bodies against Bastion which relate to or arise out of the ownership or license of the Technology.
|
|
(b)
|
Disclosure. No representation or warranty by Bastion in this Agreement or any attachment or schedule hereto, or any statement, list of certificate furnished or to be furnished by Bastion pursuant to this Agreement contains or shall contain any untrue statement of a material fact, or omits or shall omit to state any material fact required to make the statements contained herein or therein not misleading or necessary in order to provide MobiClear with complete information as to the condition of the Technology.
|
|
(c)
|
Offshore Transaction. Bastion represents and warrants to the Company as follows:
(1) Bastion is not a U.S. person, as that term is defined under Regulation S, and is not purchasing the Shares on behalf of any U.S. person. Under Regulation S, a U.S. person means:
|
|
A.
|
any natural person resident in the United States;
|
|
B.
|
any partnership or corporation organized or incorporated under the laws of the United States;
|
|
C.
|
any estate of which any executor or administrator is a U.S. person;
|
|
D.
|
any agency or branch of a foreign entity located in the United States;
|
|
E.
|
any non-discretionary account or similar account (other than an estate or trust) held by a dealer or other fiduciary for the benefit or account of a U.S. person;
|
|
F.
|
any discretionary account or similar account (other than an estate or trust) held by a dealer or other fiduciary organized, incorporated or (if an individual) resident in the United States; and
|
|
G.
|
any partnership or corporation if (i) organized or incorporated under the laws of any foreign jurisdiction; and (ii) formed by a U.S. person principally for the purpose of investing in securities not registered under the Securities Act, unless it is organized or incorporated and owned by accredited investors (as defined in Rule 501 of Regulation D) that are not natural persons, estates, or trusts.
(2) Bastion was outside of the United as of the date of execution and delivery of this Agreement. No offer to purchase the Shares was made in the United States.
(3) Bastion is acquiring the Shares for its own account or for the account of beneficiaries for whom Bastion has full investment discretion, each of which beneficiaries is bound to all of the terms and provisions hereof including all representations and warranties herein. Bastion is acquiring the Shares for investment purposes only and not with a view to, or for sale in connection with, any
“distribution” (as such term is used in Section 2(11) of the Securities Act) thereof or for the account or on behalf of any U.S. person.
(4) The Shares have not been registered under the Securities Act and may not be transferred, sold, assigned, hypothecated, or otherwise disposed of, unless such transaction is the subject of a registration statement filed with and declared effective by the SEC or unless an exemption from the registration requirements under the Securities Act is available. Bastion represents and warrants and hereby agrees that the Shares are “restricted securities” as defined in Rule 144.
(5) Bastion acknowledges that the acquisition of the Shares involves a high degree of risk and is aware of the risks and further acknowledges that it can bear the economic risk of the acquisition of the Shares, including the total loss of its investment.
(6) Bastion understands that the Shares are being offered and sold to it in reliance on the safe harbor from the registration requirements of the Securities Act, and that MobiClear is relying upon the truth and accuracy of the representations, warranties, agreements, acknowledgments, and understandings of Bastion set forth herein in order to determine the applicability of such safe harbor and the suitability of Bastion to acquire the Shares.
(7) Bastion is sufficiently experienced in financial and business matters to be capable of evaluating the merits and risks of its investments, to make an informed decision relating thereto, and to protect its own interests in connection with the transaction.
(8) In evaluating its investment, Bastion has consulted its own investment and/or legal and/or tax advisors.
(9) Bastion understands that in the view of the SEC, the statutory basis for the safe harbor claimed for this transaction would not be present if the offering of the Shares, although in technical compliance with Regulation S, is part of a plan or scheme to evade the registration provisions of the Securities Act.
(10) Bastion is not an underwriter of, or dealer in, the Shares, and Bastion is not participating pursuant to a contractual agreement in the distribution of the Shares.
(11) Bastion has satisfied itself as to the full observance of the laws of its jurisdiction in connection with any invitation to acquire the Shares or any use of this Agreement, including: (A) the legal requirements within its jurisdiction for the acquisition of the Shares; (B) any foreign exchange restrictions applicable to such purchase; (3) any governmental or other consents that may need to be obtained; and (4) the income tax and other tax consequences, if any, that may be relevant to the acquisition, holding, redemption, sale, or transfer of the Shares. Bastion’s acquisition and its continued ownership of the Shares will not violate any applicable securities or other laws of its jurisdiction.
(12) No consent, approval or authorization of, or designation, declaration or filing with any governmental authority on the part of the Bastion is required in connection with the valid execution and delivery of this Agreement.
|
|
(d)
|
Current Public Information. Bastion acknowledges that Bastion has been furnished with or has acquired copies of the Company’s most recent Annual Report on the Form 10-KSB filed with the SEC and the Forms 10-Q and 8-K filed thereafter.
|
|
(e)
|
Independent Investigation; Access. Bastion acknowledges that Bastion, in making the decision to purchase the Shares, has relied upon independent investigations made by it and its purchaser representatives, if any, and Bastion and such representatives, if any, have prior to any sale to it, been given access and the opportunity to examine all material contracts and documents relating to this offering and an opportunity to ask questions of, and to receive answers from, the Company or any person acting on its behalf concerning the terms and conditions of this offering. Bastion and its advisors, if any, have been furnished with access to all publicly available materials relating to the business, finances, and operation of the Company and materials relating to the offer and sale of the Shares that have been requested. Bastion and its advisors, if any, have received complete and satisfactory answers to any such inquiries.
|
|
(f)
|
No Government Recommendation or Approval. Bastion understands that no federal or state agency has passed on or made any recommendation or endorsement of the Shares.
|
|
(g)
|
Entity Purchasers. The person executing this Agreement on Bastion’s behalf represents and warrants that:
(1) he has made due inquiry to determine the truthfulness of the representations and warranties made pursuant to this Agreement; and
(2) he is duly authorized to make this investment and to enter into and execute this Agreement on behalf of such entity.
|
8.3
|
MobiClear represents and warrants to Bastion as follows:
|
|
(a)
|
Valid Issuance. The Shares have been duly and validly authorized and, when issued pursuant to this Agreement, will be validly issued, fully paid, and non-assessable, and shall be free and clear of all encumbrances and restrictions, except for restrictions on transfer imposed by applicable securities laws.
|
|
(b)
|
Disclosure. No representation or warranty by MobiClear in this Agreement or any attachment or schedule hereto, or any statement, list of certificate furnished or to be furnished by MobiClear pursuant to this Agreement contains or shall contain any untrue statement of a material fact, or omits or shall omit to state any material fact required to make the statements contained herein or therein not misleading or necessary in order to provide Bastion with complete information relating to MobiClear.
|
IX.
|
LIMITATION OF LIABILITY
9.1 Bastion expressly disclaims any representation or warranty of any kind with respect to the Software and Software copies, including without limitation, the implied warranties of merchantability and fitness for a particular purpose. The Software are provided on an “as is” and “as available” basis. Bastion does not warrant that the Software is completely free from any defects.
9.2 Bastion shall not be liable for damage or loss suffered by MobiClear in case (a) it is impossible for the Software to function to meet its needs due to relevant requirements by the government or regulatory authorities, (b) due to features in MobiClear’s computer systems, (c) the Software cannot be applied due to a problem with MobiClear’s computer hardware or to the dysfunction of its operating system, or its operating system being infected with virus, (d) or in case of erroneous application or non-application of the Software.
9.3 Bastion shall not, under any circumstances, be liable to End-User for indirect, consequential, incidental or special damages, even if Bastion has been apprised of the likelihood of such damage.
|
X.
|
NOTICE
10.1 All notices and other way of communication issued to the Parties shall be in writing and effectively delivered by a Party if such notices and communication are delivered to the address stated below or the last known place of business or the registered office. If mailed by certified or registered mail with postage prepaid, or private courier, on the day after confirmed receipt by the Receiving Party. Notice shall be effective the day following the day the notice is effectuated. If delivered by facsimile with a transmission page evidencing successful transmission of the entire fax. Addresses for notice to either party are as shown below, or as subsequently modified by written notice.
|
MOBICLEAR INC.
|
Address:
|
27th Floor, Chatham House
|
|
116 Valero Street, Salcedo Village
|
|
Makati City, Philippines 1227
|
Attention:
|
Stephen P. Cutler
|
Facsimile No.:
|
+63 (2) 817-6948
|
Email:
|
steve.cutler@mobiclear.com
|
|
|
With a copy to:
|
|
|
|
Name:
|
Kruse Landa Maycock & Ricks, LLC
|
Address:
|
136 East South Temple, Suite 2100
|
|
Salt Lake City, UT 84115
|
Attention:
|
Kevin C. Timken
|
Facsimile No.:
|
+1 (801) 359-3954
|
Email:
|
ktimken@klmrlaw.com
|
|
|
BASTION PAYMENT SYSTEMS CORP.
|
Address:
|
9th Floor, Don Chua Lamko Building
|
|
H.V. dela Costa corner Leviste Streets, Salcedo Village
|
|
Makati City, Philippines 1227
|
Attention:
|
Wilfred G. Tan
|
Facsimile No.:
|
+63 (2) 844-7829
|
Email:
|
wilfred.tan@paybps.com
|
XI.
|
ASSIGNMENT
11.1 Neither this Agreement, nor any right or interest conferred by this Agreement may be sold, assigned, or transferred, except with the prior written consent from the non-assigning Party, which consent may be withheld at the non-assigning Party’s sole discretion. This Agreement shall be binding upon and inure to the benefit of the Parties hereto and their respective permitted successors, heirs, devises, assigns, legal representatives, executors and administrators.
|
XII.
|
EXPENSES
12.1 The Parties hereto shall pay the fees and expenses of their respective consultants, counsels, accountants and other experts, and all other expenses incurred by such party incident to the negotiation, preparation, execution, delivery and performance of this Agreement.
|
XIII.
|
FORCE MAJEURE
13.1 Either party may terminate or suspend this Agreement immediately, subject only to notice being given in writing, if by act of the government, or operational or economic reasons, or due to causes beyond either party’s control, which includes but not limited to, fire, flood, earthquake, war epidemic, other acts of God or other circumstances of force majeure, it becomes desirable or necessary to terminate this Agreement. The payment obligation shall not be deemed to be subject to such Force Majeure.
|
XIV.
|
DISPUTE RESOLUTION, JURISDICTION & VENUE
14.2 This Agreement and any and all legal matters that may arise out of or in connection herewith shall be subject to, governed by, and construed in accordance with the laws of the Republic of the Philippines, without regard to its conflict of laws principles. The venue for all suits, proceedings and actions arising from this Agreement shall be the courts of competent jurisdiction in Makati City, to the exclusion of all other venues.
|
XV.
|
GENERAL PROVISIONS
15.1 This Agreement represents the entire understanding between the parties with respect to the subject matter hereof and all prior arrangements, representations or expressions of intent, however given, are deemed superseded. Any amendment to this Agreement shall be effective only upon the written conformity of both parties.
15.2 No such waiver of a breach, failure of any condition, or any right or remedy contained in or granted by the provisions of this Agreement shall be effective unless it is in writing and signed by the party waiving the breach, failure, right or remedy. No waiver of any breach, failure, right or remedy shall be deemed a waiver of any other breach, failure, right or remedy, whether or not similar, nor shall any waiver constitute a continuing waiver unless the writing so specifies.
15.3 No forbearance, delay or indulgence by either party in enforcing the provisions of this Agreement shall prejudice or restrict the rights of that party nor shall any waiver of its rights operate as a waiver of any subsequent breach and no right, power or remedy herein conferred upon or reserved for either party is exclusive of any other right, power or remedy available to that party and each such right, power or remedy shall be cumulative.
15.4 All rights and remedies existing under this Agreement are cumulative to, and not exclusive of, any rights or remedies otherwise available.
15.5 If any provision or provisions of this Agreement shall be held to be invalid, illegal or unenforceable for any reason whatsoever, (a) the validity, legality and enforceability of the remaining provisions of the Agreement (including without limitation, all portions of any paragraphs of this Agreement containing any such provision held to be invalid, illegal or unenforceable, that are not themselves invalid, illegal or unenforceable) shall not in any way be affected or impaired thereby, and (b) to the fullest extent possible, the provisions of this Agreement (including, without limitation, all portions of any paragraph of this Agreement containing any such provision held to be invalid, illegal or unenforceable, that are not themselves invalid, illegal or unenforceable) shall be construed so as to give effect to the intent manifested by the provision held invalid, illegal or unenforceable.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed on the Effective Date hereof in Makati City, Philippines.
|
MOBICLEAR, INC.
|
BASTION PAYMENT SYSTEMS CORP.
|
|
|
By: /s/ Stephen P. Cutler
|
By: /s/ Wilfred G. Tan
|
STEPHEN P. CUTLER
|
WILFRED G. TAN
|
Chief Executive Officer
|
Chief Executive Officer
SIGNED IN THE PRESENCE OF:
|
/s/ Edward C. Pooley
|
/s/ Carlos T. Tengkiat
|
EDWARD C. POOLEY
|
CARLOS T. TENGKIAT
|
Chief Operating Officer
|
Chief Operating Officer
ACKNOWLEDGMENT
|
REPUBLIC OF THE PHILIPPINES
|
)
|
MAKATI CITY
|
) SS
At the above locality, this June 27, 2008, the following persons personally appearing before me and exhibiting their respective community tax certificates (CTCs) and passports:
|
Name
|
CTC/Passport No./
Corp. Registration No.
|
Date and Place of Issue
|
BASTION PAYMENT SYSTEMS CORP.
|
CS200513194
|
03 August 2005, Mandaluyong City
|
WILFRED G. TAN
|
VV0901777
|
10 August 2007, Manila
|
CARLOS T. TENGKIAT
|
SS0911671
|
10 April 2006, Manila
|
MOBICLEAR, INC.
|
0-10822
|
14 August 2006, Pennsylvania
|
STEPHEN P. CUTLER
|
711789104
|
09 December 2005, Washington, DC
|
EDWARD C. POOLEY
|
441038751
|
20 February 2008, Manila
known to me to be the same persons who executed the foregoing Asset Purchase and Sale Agreement consisting of _________ (___) pages, including this page of the Acknowledgement, signed by the parties and the witnesses on all pages, and the parties to the instrument acknowledged to me that the same is of their free will and voluntary act and deed and of the corporations which they represent.
IN WITNESS WHEREOF, I have hereunto set my hand and affixed my notarial seal at the place and on the date first above written.
Doc. No. 2452
Page No. 72
Book No. XLVI
Series of 2008
/s/ Luis M. Duka Jr.
Notary Public
[notary seal]
Exhibit A
BASTION SOFTWARE VERSION 1.O PRODUCTS
|
I.
|
Software Version 1.0 Components
|
1.
|
Application Firewall System
The Application Firewall System is a software firewall system that can be deployed on any Intel-based hardware platform. The firewall is capable of scanning at the application layer of the TCP/IP stack to determine whether the packets scanned form part of a valid message.
|
2.
|
Dynamic DNS Request System
The Dynamic DNS Request system allows network administrators and network designers flexibility in configuring DNS responses. Allowing for multiple IP definitions, the DNS Request system is capable of supporting many IP blocks to 1 URL.
|
3.
|
AntiDDOS System
The Anti DDOS System allows online detection of a DDOS attack based on threshold parameters set, with the ability to send back choke packets to stop DDOS attacks that are currently ongoing.
|
II.
|
The Software Documentation
Attached herein as Exhibit A-1 and made an integral part of this Agreement.
Bastion Software Version 1.1
|
•
|
Asset Purchase and Sale Agreement Exhibit A-1
Copyright / Legal Notices
Copyright © 2007 Bastion Payment Systems Corporation. All Rights Reserved.
All rights© reserved. This publication is proprietary to Bastion Payment Systems Corporation and contains proprietary information about its internal systems. All information contained in this reference guide is considered as confidential and of value to Bastion Payment Systems.
This publication is intended to be solely used by MobiClear. It may not be shared, modified (in whole or in part), reproduced, distributed, or used for purposes other than that for which it is supplied, without the express written permission of Bastion. Illegal distribution, sharing, modification (in whole or in part), will be prosecuted through the maximum penalties allowable by law.
Use of this document through a third-party contract shall be governed through contractual terms with Bastion Payment Systems Corporation or any of its authorized companies and the end-user company, as applicable.
Bastion Payment Systems Corporation exerts efforts to ensure that this document contains the most up-to-date, reliable, and accurate as possible information about the relevant systems of Bastion. However, Bastion Payment Systems Corporation reserves the right to modify this document at any time. No responsibility is assumed by Bastion Payment Systems, at any time, during use of information contained in this document. Use of this document does imply any guarantees or warranties whatsoever to the end user.
Purpose
The purpose of this document is to describe the software as sold to MobiClear. The software described herein below is as-is, without any prejudice to ongoing and future development as planned by Bastion.
Although an introductory section is presented below to educate the layman on background of the software’s uses in the market, it should not be misconstrued as being at all legally descriptive of the software itself.
Scope
The paper covers the five software products sold to MobiClear. These are the following:
|
|
•
|
Bastille Application Firewall System
|
|
•
|
Dynamic DNS Request System
|
|
•
|
Anti DDOS System
An introductory section is provided per product.
Application Firewall System
Introduction
Firewalls are the basic building blocks of network security. They are the fringe or border patrol that screens all traffic inbound and outbound from a computer network.
We are all familiar with firewalls at the basic level. They are supposed to screen good traffic from bad. However, as with all things, not all firewalls are created equal.
|
Confidential and Proprietary—All Rights Reserved
Firewalls can be classified via the level of the TCP/IP stack that they operate in. this level allows users to determine how “intelligent” a firewall device is. Naturally, the higher the level of the firewall, the more data it has regarding network traffic, and the more data you have, the more complex and sophisticated the rules engine can be.
The diagram above shows how a firewall typically works. At the most basic level, the firewall performs basic “allow” or “disallow” functions, determining whether traffic from a specific user (or set of users) will be allowed access to the protected resources.
System Rationale and Vision
To create a system that is scalable on multiple hardware platforms, but is able to examine packets at the application layer to ensure security.
High level design
Current Software Features
|
Feature Name
|
Description
|
IP Masquerading / Network Address Translation
|
Network Address Translation / IP Masquerading is a method of translating network traffic that involves re-writing the source and/or destination IP addresses and usually also the TCP/UDP port numbers of IP packets as they pass through. Checksums are also updated to reflect these changes.
By utilizing NAT, external clients are prevented from having direct end to end connection to a server, this helps reduce attacks from malicious hackers.
|
Confidential and Proprietary—All Rights Reserved
|
Stateful Packet Inspection
|
Connection information is stored in memory by the firewall; this is kept from start to finish. Network traffic passing through the firewall is then compared to existing valid connections. This increases the efficiency of the firewall since it is more efficient to compare network traffic to existing connections than to compare it to all rules inside the firewall.
By having a state table of all connections hackers cannot start unsolicited connections with protected machines. One form of denial of service attack is to send a SYN flood to a firewall, a hacker will attempt to fill up the state table so that there won’t be any available entries for new connections. To prevent this stale connection, connections that have no traffic, are discarded from the state table.
|
Quality of Service
|
A resource reservation control mechanism that primarily classifies and prioritizes the network traffic based on user rules. Quality of service guarantees important traffic will go through even in a network that has limited capacity. This can be seen in the some common network services like VOIP, IP-TV, streaming media etc.
|
Virtual IP
|
By utilizing a virtual IP protocol, multiple hosts on the same local network to share a set of IP addresses. This is commonly used to provide failover redundancy.
In a production environment a firewall cluster can share a single IP. In the event of one firewall failing other functional firewall will take over the functions of the failed machine.
|
Failover
|
The firewall can switch over automatically to a redundant or standby firewall. To get an understanding once a firewall, in a firewall cluster, fails the redundant/standby firewall will take over the functions of the failing firewall. Failover happens without human intervention and generally without warning. By having this mechanism a firewall cluster can provide a high degree of reliability, and it gives the cluster the ability to have graceful degradation.
|
Confidential and Proprietary—All Rights Reserved
|
Port Forwarding
|
The Firewall can inspect the network traffic, it can decide, based on rules, to forward the packet traffic to specified servers. By redirecting traffic based on protocols a site can have multiple servers that services specific network functionality like http, ftp, pop3 etc. this allows a site increased performance and resiliency. Availability can also be increased since a failure of an ftp server will not affect web traffic.
|
Packet Normalization
|
Data packets are reassembled by the firewall before being sent to a host behind the firewall. This prevents malicious exploits by some hackers by sending malformed packets to a server. An example of this exploit is traffic that has invalid flag combinations.
|
Web based configuration tool
|
In order to simplify deployment, common firewall settings can be administered via a browser. Modern appliances are outfitted with a web based administration tool; this allows any machine with a web browser to be utilized as an administrative console for the firewall.
Dynamic DNS Request System
Introduction
Internet technology is one of the most significant achievements in the 21st century, allowing users online access to a variety of digital data. These digital data are managed and stored through servers, which publish the data to consumers and users.
All computers which access the Internet have a unique number to them, called an IP address. It allows 2 different computers to talk to each other and facilitate the exchange of data. However, humans tend to use strings and names to locate, catalog, and remember such data.
The mapping of strings and addresses to its numerical IP equivalent is called a DNS lookup. The DNS lookup affects and lets the client computer (say a home computer browser) know and locate what IP address (numerical) is the server to which its owner wants to retrieve or access some data.
Searches usually come up with a variety of URL links (Uniform Resource Locator). These links usually redirect people (and their browsers) to the server containing the resource that they are interested in. (For example, a search on airlines for a destination)
This is illustrated in the diagram below.
|
Confidential and Proprietary—All Rights Reserved
System Rationale and Vision
To create a system that is capable of performing authoritative responses to DNS queries dynamically – with support for multiple IP blocks and multiple IP addresses mapping to one or several URLs.
This is illustrated in the diagram below
High level design
Current Software Features and Rationale
|
Feature Name
|
Description
|
Address Resolution Mechanism
|
DNS servers mainly translate human friendly hostnames to IP addresses. They came to be needed when early in the internet it became apparent that people have a hard time remembering numeric sequences ex. 74.125.19.99 as opposed to www.google.com. DNS is the basis for making it possible to assign Internet names to organizations, independently of the physical routing hierarchy represented by the numerical IP address. People take advantage of this when they reserve meaningful URLs and e-mail addresses.
|
Confidential and Proprietary—All Rights Reserved
|
|
Using DNS the actual task of keeping track of which URL belongs to which IP is distributed among the DNS servers those individual companies and Telco’s hosted servers. This mechanism helps in avoiding to update the central registrar continuously and queried.
Anti-DDOS System
Introduction
The modern enterprise of today normally relies on a complex web of technology to deliver essential products and services. This is especially true for companies who rely on Internet-based clients as their primary market.
Whereas a few years ago, the Internet was perceived and used as an alternative channel, in the market today, it has grown to the point where entire industries have gone electronic and actually rely on Internet-based access for 100% of their sales.
In this paradox of technological progress, each solution introduced by technology brings its own suite of issues. The Internet is not exempt from this.
Previously, isolated businesses ran their operations and electronic records all in-house. Each business was run by itself and no businesses were “online.” With the advent of the Internet, progress dictated that real time communication between market and service provider would hasten the delivery of goods and services, and facilitate unprecedented growth levels for all concerned. This is the boon of the Internet.
However, on the flip side of the coin, let us examine then the risks that the Internet has provided.
Top security threats of 2008 according to the SANS Institute
|
|
o
|
Zero Day attacks
|
|
o
|
Vulnerabilities (Both client and server)
|
|
o
|
Phishing
|
|
o
|
Messaging, (Denial of Service), Network Attacks, etc
|
|
o
|
Peer to Peer Network Abuse
Denial of Service and Security Threats
The basic issue with a Denial of Service, or Distributed Denial of Service attack and other attacks of similar category and technique is that the victim can only wait for the attack to happen.
A Nuke attack was an older form of Denial of service, worked by sending malformed ICMP packets to a victim on the network. The attack exploited bugs in operating systems such as Microsoft Windows 95, etc, which caused the system to try to catch up to responding to these “pings” until the system was overloaded.
Distributed DOS
In a distributed DOS attack, the attack is increased in both sophistication and efficacy. Multiple nodes, normally hundreds or thousands, are setup to attack a single target at the same time. The nodes are compromised computers that have had some form of worm or virus installed in them. These computers are referred to as Zombies.
|
Confidential and Proprietary—All Rights Reserved
Zombies are normally coordinated and strung along by the master node to attack at the same moment, for a fixed amount of time an Internet address and/or website.
The attacks are either meant to disable (by overwhelming bandwidth and processor resources) the victim’s enterprise. The irony here is the Internet access, which had granted the 24x7 access to opportunity for the enterprise, is also now the same road by which the attacks pass through to block the same.
The Distibuted DOS(or DDOS) has different types of attacks, all meant to disable access to a site by disrupting traffic on one of the vital links.
Some examples of attacks are:
|
|
o
|
ICMP Flood
|
|
o
|
Teardrop
|
|
o
|
SYN or Half SYN attacks
A typical DDOS attack can be illustrated as:
System Rationale and Vision
To create a system that is capable of providing cost-effective anti-DDOS system to combat and mitigate DDOS attacks on a network enterprise.
|
Confidential and Proprietary—All Rights Reserved
High level design
Current Software Features
|
Feature Name
|
Description
|
DDNS
|
The DDNS component provides a spread to increase the attack surface of the site. By increasing the attack surface it makes it not feasible to attack a site, and increases difficulty for coordinated attacks.
By utilizing the DDNS unique and random IP addresses can be given to clients ensuring that they are ensured a fall back address in case a particular address is targeted for an attack.
|
Defense System
|
In order to prevent such overwhelming attack a systematic approach is to lower the amount of traffic being sent to the target site by sending choke packets back to the originating site. In cases where a severe attack is occurring one solution is to take one of the sites IP offline. For valid clients they can still continue operations using the unaffected IP address. On the network level the routers leading to the site to will tear down the all of the existing routes and flag the site as unreachable effectively cutting off the crippling traffic sources.
|
Confidential and Proprietary—All Rights Reserved
Exhibit B
SOFTWARE MAINTENANCE SUPPORT SERVICE AGREEMENT
Bastion will provide MobiClear with the Software Maintenance Support Services (the “Agreement”), under the following terms and conditions:
|
I.
|
Service & Assistance
1.1 The services and assistance by Bastion to MobiClear shall be limited to (a) matters of functionality of the Software; (b) matters relating to the usage of the Software; (c) consultations on any possible issues with respect to the Software;
1.2 Bastion may request additional information or data in order to render the service described herein.
|
II.
|
Notice
2.1 MobiClear may request assistance or service via electronic mail or facsimile notice. Any telephone request must be followed by a written electronic mail detailing such requested service.
|
III.
|
Exceptions to Service
3.1 Bastion shall not be responsible to render service in cases of, but not limited to, the following: (a) Software has been altered or modified; (b) Software was not used in accordance with the documentation; or (c) when the trouble has occurred attributable to the fault of End-User.
3.2 This Agreement is without prejudice to the parties inclusion of other technical support and services not covered by this Agreement, which MobiClear may in the future request, and which Bastion may accede to provide, as may be embodied in an agreement separate and distinct from this Agreement.
|
IV.
|
Fees
4.1 MobiClear shall pay Bastion an agreed upon monthly fee of ten thousand US dollars ($10,000).
4.2 The parties may, by mutual agreement, review and revise the monthly fees as the need arises.
4.3 All other charges due and payable by MobiClear shall be paid not later than fifteen (15) calendar days after the billing notice.
|
V.
|
Term & Termination
5.1 This Agreement shall take effect upon its execution and may be terminated by either party, for any reason, only after at least three (3) years from its execution and upon thirty (30) days prior written notice to the other party.
5.2 Should either party to this Agreement commit any material breach of the provisions hereof, the aggrieved party shall require the other party to remedy such breach and should the latter fail to remedy such breach within thirty (30) days from the receipt of the written notice, the aggrieved party shall be entitled to cancel or terminate this Agreement with immediate effect. For purposes of this provision, non compliance with Section IV is considered a material breach.
|
VI.
|
Limitation of Liability
6.1 Bastion shall use its best effort to resolve any issues, but offer no guarantee that the maintenance support and services will be error free.
6.2 Under no circumstance will Bastion be liable for damages, including loss of business opportunities or profit, even if Bastion has been advised of the likelihood of such damage occurring.
VII. Personnel Assignment or Transfer
6.1 This Agreement does not cover dispatch of personnel to offices of MobiClear. Without the prior approval of Bastion, MobiClear shall not (a) solicit, employ or engage any person employed or connected with Bastion or have been so connected with Bastion within a period of six (6) months immediately preceding; or (b) induce or attempt to induce any person to leave his or her employment, contract, directorship or office with Bastion to enter into employment with MobiClear.
6.2 Notwithstanding any contrary provision herein, the parties each acknowledge that in view of the uniqueness of the transactions contemplated by this Agreement, each Party would not have adequate remedy at law for money damages in the event that this Agreement has not been performed in accordance with the terms, and therefore each Party agrees that the other Party shall be entitled to specific enforcement of the terms hereof in addition to any other remedy to which it may be entitled, at law or in equity. All rights and remedies existing under this Agreement are cumulative to, and not exclusive of, any rights or remedies otherwise available.
6.3 Notwithstanding the provision set forth in Section 6.1, the parties may enter into agreements with respect to prospective employment of any person described under Sections 6.1(a) and (b).
|
VII.
|
Miscellaneous
7.1 This agreement shall be governed by, and construed in accordance with Philippine laws, without regard to its conflict of laws principles. In case of suits, proceedings or other legal action, the courts of competent jurisdiction in Makati City shall have exclusive jurisdiction. The parties, by signing this Agreement, submit to the exclusive jurisdiction of any court of competent jurisdiction in Makati City, Philippines.
7.2 In case any provision of this Agreement is declared invalid, illegal or void, it shall in no way affect, impair or invalidate any other provision, and to the fullest extent possible, the provisions of this Agreement (including, without limitation, all portions of any paragraph of this Agreement containing any such provision held to be invalid, illegal or unenforceable,
that are not themselves invalid, illegal or unenforceable) shall be construed so as to give effect to the intent manifested by the provision held invalid, illegal or void.
7.3 No amendment or modification of this Agreement shall be effective unless made in writing and duly signed by the parties authorized representatives.
7.4 This constitutes the entire agreement between the parties concerning the software maintenance support service, and cancels all prior written or oral agreement.
|
MOBICLEAR, INC.
|
BASTION PAYMENT SYSTEMS CORP.
|
|
|
By: /s/ Stephen P. Cutler
|
By: /s/ Wilfred G. Tan
|
STEPHEN P. CUTLER
|
WILFRED G. TAN
|
Chief Executive Officer
|
Chief Executive Officer