Skip to content
Pomcor

Pomcor

Research on web and mobile technology

  • Home
  • Blog
  • Developers
    • PJCL Library
    • Demonstrations
  • Research
    • Cryptographic Authentication
    • TLS Traffic Visibility
    • Cardholder Authentication
    • Remote Identity Proofing
    • Cryptographic Modules
    • Derived Credentials
    • Archived Research Pages
  • Patents
  • About Us
    • Company
    • People
    • Contact
  • Archive
Pomcor

Research

Cryptographic Authentication

TLS Traffic Visibility

Cardholder Authentication

Remote Identity Proofing

Cryptographic Modules

Derived Credentials

Archived Research Pages

Papers

  • Overcoming the UX Challenges Faced by FIDO Credentials in the Consumer Space, preprint of paper to be presented at HCI International 2023. Updated on 3/18/2023 to add a patent disclosure.
  • A Possible-Worlds Semantics for Kolmogorov’s Axiomatization of Probability Theory
  • Traveler Authentication at Airports
  • Fundamental Security Flaws in the 3-D Secure 2 Cardholder Authentication Specification
  • An Omission-Tolerant Cryptographic Checksum
  • Frictionless Web Payments with Cryptographic Cardholder Authentication, authors’ version of a paper presented at HCI International 2019. Publisher’s version available in the Late Breaking Papers volume of the proceedings
  • Using Near-Field Communication for Remote Identity Proofing
  • Backing Rich Credentials with a Blockchain PKI
  • Rich Credentials for Remote Identity Proofing
  • Identity-Based Protocol Design Patterns for Machine-to-Machine Secure Channels (Paper presented at M2MSec 2014)
  • Interpreting the EMV Tokenisation Specification
  • An Example of a Derived Credentials Architecture
  • It Is Time To Redesign Transport Layer Security
  • Privacy Postures of Authentication Technologies
  • A Comprehensive Approach to Cryptographic and Biometric Authentication from a Mobile Perspective

Presentations

  • Multifactor Fusion in a Verifiable Credential, revised after presentation at IIW 38, April 2024
  • Multifactor Fusion in a Verifiable Credential, original version of presentation at IIW 38, April 2024
  • Overview of the mDL standard, to be presented at IIW XXXVII, October 2023
  • 2F-crypto-authn.pptx, step-by-step description of the code in the GitHub repository 2F-crypto-authn-demo, which demonstrates two-factor cryptographic authentication with a fusion credential.
  • Overcoming the UX Challenges Faced by FIDO Credentials in the Consumer Space, presented at HCI International on July 24, 2023
  • UX of Diia, presented at IIW XXXVI on April 18, 2023
  • FIDO for “everything”—How to use FIDO as an alternative to SAML, as an alternative to OpenID Connect, as an alternative to US Government Derived Credentials, for privacy-enhanced identification, and for user-centric identity
  • Cardholder Authentication and Payment Confirmation without Interaction with the Issuing Bank, to be presented at IIW XXXV, November 15-17, 2022
  • Frictionless Web Payments with Cryptographic Cardholder Authentication, with speaker notes; presented at HCI International 2019; updated August 1, 2019
  • The Rise of Cryptographic Authentication, presentation at SJSU, April 5, 2018, updated April 9
  • Storing Cryptographic Keys in Persistent Browser Storage, presentation at ICMC2017, revised after the conference
  • New Techniques for Remote Identity Proofing, presentation at CSUS on February 22, 2017
  • Presentation on Remote Identity Proofing at IIW 23
  • Five Techniques for Remote Identity Proofing, presentation to Government agencies at the conclusion of this project
  • Revocable Biometrics, slides for discussion at IIW XXII
  • Slides of presentation at ICMC 2015, revised after the conference
  • Faster Implementation of Modular Exponentiation in JavaScript: PDF; PowerPoint
  • Video interview of F. Corella (GlobalPlatform TEE Conf. 2014)
  • Virtual Tamper Resistance for a TEE (GlobalPlatform TEE Conf. 2014)
  • ID-Based Design Patterns for M2M Secure Channels (M2MSec 2014)
  • It’s Time to Replace SSL/TLS (U. of Utah 2014)
  • Privacy Postures of Authentication Technologies (ID360 2013)
  • Key Management Challenges of Derived Credentials and Techniques for Addressing Them (NIST Key Management W. 2012)

Foundations of Cryptographic Authentication — Drafts of Book Chapters

  • Table of contents
  • 1. Introduction
  • 2. Cryptographic primitives
  • 3. Traditional credentials
  • 4. Phishing resistant authentication with
    cryptographic credentials
  • 5. Web technology
  • 10. FIDO and passkeys
  • 12. Credential wallets
  • 13. ISO/IEC wallet credentials
  • 14. Decentralized identifiers
  • 15. Verifiable credentials and self-sovereign identity

Archive

  • Archive page
  • Categories of papers, presentations and blog posts within the archive page:
    • Identity Proofing
    • Authentication
    • Privacy
    • Data Protection
    • Payments
    • Mobile
    • Cryptography
    • Biometrics
    • Network Security Protocols
    • Web Application Security
    • Password Security
    • Search
    • Public Comments to Government by Pomcor
    • All Categories

About Us

  • Blog
  • Company
  • Contact Us
  • CONNECT Springboard Mentoring
  • Recent Funding
  • Earlier Funding

Terms and Privacy

  • Terms of Use, updated May 27, 2018
  • Privacy Policy, updated May 18, 2022

RSS Feeds

RSS logo Subscribe to blog posts

RSS logo Subscribe to comments

Recent Blog Posts

  • Using a browser as a credential wallet
  • A Definition of Special Soundness Better Suited for Anonymous Credentials
  • Overview of ISO/IEC 18013-5: Innovations and Vulnerabilities in the mDL Standard
  • A Streamlined Process for Licensing a Cryptographic Authentication Patent
  • A Demonstration of Two-Factor Cryptographic Authentication with a Familiar User Experience

Blog Post Categories

Blog Post Tags

  • 3DS2
  • Authentication
  • Biometrics
  • CAC
  • Cryptography
  • Cybersecurity
  • Data Protection
  • Derived Credentials
  • Facebook
  • Formal Methods
  • HCI
  • Identity
  • Identity Proofing
  • IIW
  • Integrity Protection
  • JavaScript
  • Karatsuba
  • Mobile
  • MongoDB
  • Multifactor
  • Network Security Protocols
  • NIST
  • NodeJS
  • NSTIC
  • Omission-Tolerant Checksum
  • OpenID
  • OpenID Connect
  • Patents
  • Payments
  • PIV
  • PJCL
  • PKAuth
  • Privacy
  • Provable Security
  • Real Time
  • Search
  • Selective Disclosure
  • Smart Cards
  • Social Login
  • Surveillance
  • TEE
  • TLS
  • Typed Hash Trees
  • Usability
  • User Experience
  • Home
  • Blog
  • Developers
    • PJCL Library
    • Demonstrations
  • Research
    • Cryptographic Authentication
    • TLS Traffic Visibility
    • Cardholder Authentication
    • Remote Identity Proofing
    • Cryptographic Modules
    • Derived Credentials
    • Archived Research Pages
  • Patents
  • About Us
    • Company
    • People
    • Contact
  • Archive
Pomcor Proudly powered by WordPress