Pomcor — Research on Web and Mobile Technology

Pomcor conducts research on Web and mobile technology, currently focusing on applications of cryptography and biometrics to identity proofing and user authentication.

We have invented a method of securing online credit-card payments with two-factor cryptographic cardholder authentication without friction and without a privacy cost.

As part of a research project on remote identity proofing we have invented the concept of a rich credential, which allows a subject to submit three kinds of verification factors (something that the subject has, something that the subject knows and something that the subject “is”) to a remote verifier with whom the subject has no prior relationship, with selective disclosure of attributes and selective presentation of verification factors.

We have released a beta test version of the Pomcor JavaScript Cryptographic Library (PJCL), which can be downloaded from the PJCL page. An initial public release provided digital signature functionality. A second release has added key agreement and key derivation. Additional functionality including encryption will be provided in forthcoming releases.

We have also published a proof-of-concept Node.js application that shows how a full-stack web developer can implement cryptographic authentication using PJCL to provide cryptographic functionality both on the client side and the server side. The Node.js application can be downloaded from the cryptographic authentication page. The PJCl page and the cryptographic authentication page are reachable from the Developers tab of the site menu.

We discuss our research and issues related to security, privacy and Internet identity on our blog and in white papers and technical reports, which can be found below and in the archive.

Pomcor is a graduate of the San Diego CONNECT Springboard program. We are currently based in the Sacramento area. You can find out more about us in the company page.