Archived Research Pages
- JavaScript Cryptography
- Archived Page with Authentication Demo Using the Beta Version of PJCL
- Archived Beta Versions of PJCL
- Mobile Authentication
- Internet Identity
- Search Technology
- Web Security
Identity Proofing
- Blog posts in category: Identity Proofing
- Papers and presentations on identity proofing in reverse chronological order:
- New Techniques for Remote Identity Proofing, presentation at CSUS on February 22, 2017
- Using Near-Field Communication for Remote Identity Proofing
- Presentation on Remote Identity Proofing at IIW 23
- Backing Rich Credentials with a Blockchain PKI
- Five Techniques for Remote Identity Proofing, presentation to Government agencies at the conclusion of this project
- Rich Credentials for Remote Identity Proofing
Authentication
- Blog posts in category: Authentication
- Papers and presentations on authentication in reverse chronological order:
- Video interview of Francisco Corella during Global Platform TEE Conference
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
- Comments sent to NIST on derived credentials documents (drafts of NISTIR 7981 and SP 800-157)
- An Example of a Derived Credentials Architecture
- Privacy Postures of Authentication Technologies (Paper)
- Privacy Postures of Authentication Technologies (Presentation)
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- Key Management Challenges of Derived Credentials and Techniques for Addressing Them
- Prospects for Using Privacy-Enhancing Technologies in the NSTIC Ecosystem (Panel introduction at NIST Workshop on Privacy-Enhancing Cryptography)
- New Authentication Method for Mobile Devices (IIW 15)
- Strong and Convenient Multi-Factor Authentication on Mobile Devices
- SAAAM: Simple Authentication and Authorization in the Age of Mobile
- A Proposed Architecture for the NSTIC Ecosystem
- NSTIC, Privacy and Social Login
- Achieving the Privacy Goals of NSTIC in the Short Term
- PKAuth: A Social Login Protocol for Unregistered Applications
Privacy
- Blog posts in category: Privacy
- Papers and presentations on privacy in reverse chronological order:
- Privacy Postures of Authentication Technologies (Paper)
- Privacy Postures of Authentication Technologies (Presentation)
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- Prospects for Using Privacy-Enhancing Technologies in the NSTIC Ecosystem (Panel introduction at NIST Workshop on Privacy-Enhancing Cryptography)
- SAAAM: Simple Authentication and Authorization in the Age of Mobile
- A Proposed Architecture for the NSTIC Ecosystem
- NSTIC, Privacy and Social Login
- Achieving the Privacy Goals of NSTIC in the Short Term
- PKAuth: A Social Login Protocol for Unregistered Applications
Cryptography
- Blog posts in category: Cryptography
- Papers and presentations on cryptography in reverse chronological order:
- Storing Cryptograhpic Keys in Persistent Browser Storage, presentation at ICMC2017, revised after the conference
- Slides of presentation at ICMC 2015, revised after the conference
- Faster Implementation of Modular Exponentiation in JavaScript: PDF; PowerPoint
- Video interview of Francisco Corella during Global Platform TEE Conference
- Video interview of Francisco Corella during Global Platform TEE Conference
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
- Identity-Based Protocol Design Patterns for Machine-to-Machine Secure Channels
- Presentation on replacing TLS at the University of Utah
- Comments sent to NIST on derived credentials documents (drafts of NISTIR 7981 and SP 800-157)
- An Example of a Derived Credentials Architecture
- It Is Time To Redesign Transport Layer Security
- Privacy Postures of Authentication Technologies (Paper)
- Privacy Postures of Authentication Technologies (Presentation)
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- Key Management Challenges of Derived Credentials and Techniques for Addressing Them
- Prospects for Using Privacy-Enhancing Technologies in the NSTIC Ecosystem (Panel introduction at NIST Workshop on Privacy-Enhancing Cryptography)
- New Authentication Method for Mobile Devices (IIW 15)
- Strong and Convenient Multi-Factor Authentication on Mobile Devices
- A Proposed Architecture for the NSTIC Ecosystem
- NSTIC, Privacy and Social Login
- Achieving the Privacy Goals of NSTIC in the Short Term
Data Protection
- Blog posts in category: Data Protection
- Papers and presentations on data protection in reverse chronological order:
- Video interview of Francisco Corella during Global Platform TEE Conference
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- Effective Data Protection for Mobile Devices
Payments
- Blog posts in category: Payments
- Papers and presentations on payments in reverse chronological order:
- Video interview of Francisco Corella during Global Platform TEE Conference
- Interpreting the EMV Tokenisation Specification
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
Mobile
- Blog posts in category: Mobile
- Papers and presentations on mobile in reverse chronological order:
- Video interview of Francisco Corella during Global Platform TEE Conference
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
- Comments sent to NIST on derived credentials documents (drafts of NISTIR 7981 and SP 800-157)
- An Example of a Derived Credentials Architecture
- Key Management Challenges of Derived Credentials and Techniques for Addressing Them
- Effective Data Protection for Mobile Devices
- New Authentication Method for Mobile Devices (IIW 15)
- Strong and Convenient Multi-Factor Authentication on Mobile Devices
- SAAAM: Simple Authentication and Authorization in the Age of Mobile
Biometrics
- Blog posts in category: Biometrics
- Papers and presentations on biometrics in reverse chronological order:
- Revocable Biometrics, slides for discussion at IIW 22
- An Example of a Derived Credentials Architecture
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- New Authentication Method for Mobile Devices (IIW 15)
- Strong and Convenient Multi-Factor Authentication on Mobile Devices
Network Security Protocols
- Blog posts in category: Network Security Protocols
- Papers and presentations on network security protocols in reverse chronological order:
- Identity-Based Protocol Design Patterns for Machine-to-Machine Secure Channels
- Presentation on replacing TLS at the University of Utah
- It Is Time To Redesign Transport Layer Security
- Prospects for Using Privacy-Enhancing Technologies in the NSTIC Ecosystem (Panel introduction at NIST Workshop on Privacy-Enhancing Cryptography)
- A Proposed Architecture for the NSTIC Ecosystem
- NSTIC, Privacy and Social Login
- Achieving the Privacy Goals of NSTIC in the Short Term
- PKAuth: A Social Login Protocol for Unregistered Applications
- Security Analysis of Double Redirection Protocols
Web Application Security
- No blog posts in category: Web Application Security
- Papers and presentations on Web application security in reverse chronological order:
Password Security
- No blog posts in category: Password Security
- Papers and presentations on password security in reverse chronological order:
Search
- Blog posts in category: Search
- Papers and presentations on search in reverse chronological order:
Public Comments to Government by Pomcor
- Comments on prior art crowdsourcing
- Third-party submission of prior art re US patent 8,625,805
- Comments sent to NIST on derived credentials documents (drafts of NISTIR 7981 and SP 800-157)
- Pomcor’s Comments on the Cybersecurity Green Paper
- Pomcor’s Response to the NSTIC Notice of Inquiry
All Categories
- Blog page
- All papers and presentations in reverse chronological order:
- Storing Cryptograhpic Keys in Persistent Browser Storage, presentation at ICMC2017, revised after the conference
- New Techniques for Remote Identity Proofing, presentation at CSUS on February 22, 2017
- Using Near-Field Communication for Remote Identity Proofing
- Presentation on Remote Identity Proofing at IIW 23
- Backing Rich Credentials with a Blockchain PKI
- Five Techniques for Remote Identity Proofing, presentation to Government agencies at the conclusion of this project
- Rich Credentials for Remote Identity Proofing
- Revocable Biometrics, slides for discussion at IIW 22
- Slides of presentation at ICMC 2015, revised after the conference
- Faster Implementation of Modular Exponentiation in JavaScript: PDF; PowerPoint
- Video interview of Francisco Corella during Global Platform TEE Conference
- Interpreting the EMV Tokenisation Specification
- Virtual Tamper Resistance for a TEE (presentation to the GlobalPlatform TEE Conference, with animation and speaker notes)
- Identity-Based Protocol Design Patterns for Machine-to-Machine Secure Channels
- Presentation on replacing TLS at the University of Utah
- Comments on prior art crowdsourcing
- Third-party submission of prior art re US patent 8,625,805
- Comments sent to NIST on derived credentials documents (drafts of NISTIR 7981 and SP 800-157)
- An Example of a Derived Credentials Architecture
- It Is Time To Redesign Transport Layer Security
- Privacy Postures of Authentication Technologies (Paper)
- Privacy Postures of Authentication Technologies (Presentation)
- A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective
- Key Management Challenges of Derived Credentials and Techniques for Addressing Them
- Techniques for Implementing Derived Credentials
- Effective Data Protection for Mobile Devices
- Prospects for Using Privacy-Enhancing Technologies in the NSTIC Ecosystem (Panel introduction at NIST Workshop on Privacy-Enhancing Cryptography)
- New Authentication Method for Mobile Devices (IIW 15)
- Strong and Convenient Multi-Factor Authentication on Mobile Devices
- SAAAM: Simple Authentication and Authorization in the Age of Mobile
- Pomcor’s Comments on the Cybersecurity Green Paper
- Pomcor’s Response to the NSTIC Notice of Inquiry
- A Proposed Architecture for the NSTIC Ecosystem
- NSTIC, Privacy and Social Login
- Achieving the Privacy Goals of NSTIC in the Short Term
- PKAuth: A Social Login Protocol for Unregistered Applications
- Security Analysis of Double Redirection Protocols
- A parallel algorithm for computing cooperative responses through a Web API
- A Brief Overview of Cooperative Answering
- Retaining Queries in Noflail Search
- Searching the Web More Effectively with Multiple Simultaneous Queries; companion animated presentation
- Protecting a Web Application Against Attacks Through HTML Shared Files
- Secure Password Reset in a Multiuser Web Application
- Protecting a Multiuser Web Application against On-Line Password-Guessing Attacks