We currently own the following patents. Please contact us if you are interested in purchasing or licensing any of them.
Operation of a certificate authority on a distributed ledger
US patent 10,764,067. An on-ledger certificate authority operates a node of a distributed ledger that controls a certificate issuance store and a certificate revocation store. When the certificate authority issues a certificate, the node issues a ledger transaction with an instruction to store a validation hash of the certificate in the issuance store, and when a certificate is revoked, a ledger transaction with an instruction to store the serial number of the certificate in the revocation store. As such transactions propagate throughout the ledger, the instructions are executed by on-ledger verifiers in their local replicas of the stores. An onledger verifier validates a certificate by verifying that its serial number is not in the revocation store while its validation hash is in the verifier’s replica of the issuance store.
For more information see the blog post Pomcor Granted Patent on How to Implement a PKI on a Blockchain.
Multifactor privacy-enhanced remote identification using a rich credential
US Patent 10,567,377. A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.
Protecting passwords and biometrics against back-end security breaches
US Patent 9,887,989. This patent describes a multifactor authentication technique that uses a cryptographic key pair in conjunction with a password and/or a biometric key while protecting the password and biometric data against back-end security breaches. In a two-factor embodiment with a key pair and a password, the user of a web application registers the password and the public key component of the key pair with the back-end of the application. Instead of storing the public key and a salted hash of the password, the back-end stores a joint hash of the public key and the password, then deletes the public key and the password. An attacker who breaches the back-end database and obtains the joint hash cannot mount a brute-force or dictionary attack against the password without knowing the public key, which is unconventionally treated as a joint secret between the browser and the back-end. The password may also be protected against exploits of other back-end vulnerabilities besides database breaches, and against phishing attacks and reuse at malicious or insecure sites, by hashing it at the browser with a secret salt before submitting it to the back-end. Other embodiments are described in this blog post.
Cryptographic authentication techniques for mobile devices
US patent 9,185,111. This patent describes a method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device regenerates a credential containing a key pair from a PIN and a protocredential, and authenticates cryptographically to a verifier black-box in the back-end subsystem; then the verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication, the prover black-box sends the authentication token to an application front-end in the computing device, the application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
Facilitating browsing of result sets
US patent 9,069,854. A traditional user interface is geared towards depth-first search, where the user digs deep into the result set of a query before giving up and issuing a different query. But difficult search problems are best tackled by breadth-first search, looking at the first page of results of many different queries, then the second page of all those queries, and so on. US patent 9,069,854 discloses a search history feature that lets the user save not only queries, but also positions within the result sets of queries. After browsing the results of several different queries, the user can go back to an earlier result set and resume browsing at the page and scrolling within the page where he or she left off.
Browsing real-time search results effectively
US patent 8,452,749. Real-time search results change frequently because new results appear and because existing results may go up in rank, displacing other results. Such changes may cause the user to get confused and miss results. For example, the user is likely to miss a result that goes up in rank from position 11, belonging to the second page of results, to position 10, belonging to the first page, as the user navigates from page 1 to page 2. To help the user keep track of changes in the result set, US patent 8,452,749 provides a method of browsing search results where results that have not been seen yet by the user are highlighted in each page of results, and buttons of pages containing such results are highlighted in the page menu.