SM: What was the business model for your new company?
PK: It was clear that the consulting model was good for stability, but I like to shake things up. I started putting all the extra money we could into R&D and patents. We started looking for interesting areas and refining a business model. We did consulting work to find out what the real challenges and needs were. For example, we would be hired to evaluate four or five different products, which was great because we got paid to find out who the right people were and what their outstanding needs were. We then did R&D to refine and meet all of their needs.
SM: What year did you start this?
PK: This was in 1995.
SM: I am assuming you were dealing with Internet and network security?
PK: It was all starting to become an issue. The security industry is dramatically bigger now than it was then. People were still figuring out what the Internet would look like.
SM: What was the first problem domain you found to build IP around?
PK: The very first one we worked on, which we really only made money on when we sold the patent, was document security. Right now there are very few tools available to someone looking to improve the security of a document. You can have a physical paper with a signature, which tells you that the correct person may have signed the paper, but does not tell you if the document has been modified or not. The document can be notarized, but that does not tell you the full record of the contents of the document. The idea was to build a fax-based service where you could fax your document and have it archived. You would then receive a receipt which could be incorporated into a notarization process. The business model did not work, but we did make money when we sold the patent. We spent three to four months trying to figure out if there was a business model. The sales process was too complex for us.
SM: You did all of this while you were still making money consulting?
PK: Yes. We have been profitable every year.
SM: How many people did you have at that point?
PK: We have 21 now, but at that time we had three. We were still small. I completely stumbled into the idea of running a company. Everything has been very opportunistic. We pick a direction, start going that way, and then end up changing paths. I did not know any venture capitalists, which is a good thing; otherwise, I may have tried raising money.
I am horrible with dates, so I could be off by a year or two. A couple of years after I started, I did some work on the problem of how you can prove credentials have not changed. You are probably familiar with Verisign and all of the hype there, which has subsequently deflated to a large degree. One of the problems I was looking at was, how you could prove the certificate you got from somebody had not been altered or changed since it had been issued? Typically these are issued for a year or two before they expire, but a typical person does not stay at a job for a year or two. You cannot be sure that someone you have received a certificate from today will have the same attributes in six months, because that person could quit.
We built an efficient technology which allowed you to not only give someone your certificate, but also prove that it was current and had not been revoked. That technology has become the core for Valicert, which I co-founded.