Pomcor — Research on Web and Mobile Technology

Pomcor conducts research on Web and mobile technology, currently focusing on applications of cryptography and biometrics to identity proofing and user authentication. As part of a research project on remote identity proofing we have invented the concept of a rich credential, which allows a subject to submit three kinds of verification factors (something that the subject has, something that the subject knows and something that the subject “is”) to a remote verifier with whom the subject has no prior relationship, with selective disclosure of attributes and selective presentation of verification factors.

We have recently released a beta test version of the Pomcor JavaScript Cryptographic Library (PJCL). An initial public release provided digital signature functionality. A second release has added key agreement and key derivation. Additional functionality including encryption will be provided in forthcoming releases.

We have also shown how easy it is to implement password-free cryptographic authentication in a web application using PJCL, demonstrated a sample web app with cryptographic authentication at a session of the Internet Identity Workshop, and released the code of the app, which can be downloaded from the PJCL page.

We discuss our research and issues related to security, privacy and Internet identity on our blog and in white papers and technical reports, which can be found below and in the archive.

Pomcor is a graduate of the San Diego CONNECT Springboard program. We are currently based in the Sacramento area. You can find out more about us in the company page.