Pomcor — Research in Mobile and Web Technology

Pomcor conducts research on mobile and Web technology. Our mission is to identify shortcomings of current technology and provide innovative solutions that advance the state of the art.

We are currently developing a cryptographic toolkit that will allow developers of web applications to implement cryptographic authentication easily, obviating the need to rely on passwords for authentication. The toolkit will be based on a high performance big integer library implemented in JavaScript. As a initial result, we have coded an implementation of modular exponentiation in JavaScript that is between six and ten times faster than the one in the Stanford JavaScript Cryptograpic Library (SJCL). (Modular exponentiation is the algorithm whose performance determines the performance of the classical public key cryptosystems: RSA, DSA, DH, etc.) More information about this work can be found in the JavaScript Cryptography page.

We follow the work of the US National Institute of Standards and Technology (NIST) in cryptography, and respond to requests for comments, write technical blog posts and participate in related workshops and conferences when we feel that we can make a contribution. Whereas cryptography is woefully underutilized in the private sector, NIST has been trying to increase the use of cryptography in government IT, and by doing so has placed itself at the forefront of cryptographic engineering research. In this context, we made a presentation at the 2015 International Cryptographic Module Conference, which is related to the FIPS 140 standard. More information about this can be found in the Cryptographic Modules page. Also in this context, we provided extensive input on the use of mobile devices to store credentials equivalent to those that Federal employees and contractors carry in PIV and CAC smartcards. This work, described in the Derived Credentials page, was based on earlier work on enterprise and consumer solutions for user authentication and data protection on mobile devices.

We are broadly interested in issues of privacy and security on the Internet. In a paper presented at ID360 in 2013 we analyzed the security and privacy postures of a broad array of authentication technologies, and in a technical report we discussed possible ingredients for redesigning transport layer security, with the goals of facilitating the use of a variety of client credentials, including uncertified key pairs and anonymous credentials, and improving performance over satellite links and bandwidth-constrained networks so that all web connections can be secured in a not-too-distant future. As a possible alternative to TLS we proposed identity-based protocol design patterns for secure channels which we presented at the 2014 M2Msec workshop, framed in the context of improving security in the Internet of Things.

In earlier research we have investigated issues of user authentication and Internet identity, search technology, Web security, and online collaboration.

We discuss our research and issues related to security, privacy and Internet identity on our blog and in research papers, listed in the footer of the pages of this site.

We have received an NSF grant and been invited to participate in several NIST and W3C workshops, including the NIST Meeting on Privacy-Enhancing Cryptography and the NIST workshop on Cryptographic Key Management. We take part regularly in the biannual Internet Identity Workshop at the Computer History Museum in Mountain View.

Pomcor is a graduate of the San Diego CONNECT Springboard program. We are currently based in the Sacramento area. You can find out more about us in the company page. Please contact us if you are interested in licensing some of our intellectual property or taking advantage of our consulting services.