⚡ IANA PEN 65953 · OID 1.3.6.1.4.1.65953

Unified Cryptographic
Trust Infrastructure

Enterprise PKI engineering, post-quantum cryptography, and certificate lifecycle automation for defense-grade and commercial environments.

PKI ENGINEERING POST-QUANTUM CRYPTO CMMC 2.0 COMPOSITE CERTIFICATES MICROSOFT ISV IETF CONTRIBUTOR
Get in Touch Cygnus PQC →
Program
Microsoft for Startups
Program
ISV Success Program
Program
M365 Developer
Azure Credits
$5,000 Active
What We Do

Security Infrastructure Services

End-to-end cryptographic infrastructure for enterprises, federal contractors, and defense industrial base organizations.

🔐

PKI Engineering

Multi-tier CA hierarchies, SCEP/EST/ACME enrollment, certificate lifecycle automation, and cross-realm trust federation.

⚛️

Post-Quantum Cryptography

NIST FIPS 203/204/205 implementation, hybrid composite certificate issuance, and PQC readiness assessment for your organization.

🛡️

CMMC 2.0 Compliance

Controls mapping, evidence collection, gap analysis, and continuous compliance monitoring for Defense Industrial Base contractors.

📱

Device Identity & MDM

Certificate-based device enrollment, YubiKey attestation, Apple MDM/declarative management, and Microsoft Intune SCEP integration.

☁️

Azure PKI Infrastructure

Cloud-native and hybrid PKI deployments on Azure, HashiCorp Vault multi-tenant architectures, and CI/CD certificate pipeline automation.

🔑

Hardware Security

YubiKey deployment and attestation verification, HSM integration, smart card enrollment, and FIDO2/WebAuthn implementation.

Cygnus Family

Composite Post-Quantum Certificates

A family of 20 hybrid composite certificate profiles combining classical and post-quantum algorithms, submitted to the IETF PQC Hackathon and aligned with NIST FIPS 203/204/205.

The Cygnus composite family provides cryptographic agility during the transition to post-quantum cryptography. Each profile pairs a classical algorithm (ECDSA P-256/P-384, RSA 3072, Ed25519, X25519) with a NIST-standardized PQC algorithm (ML-DSA, ML-KEM, SLH-DSA), ensuring forward compatibility while maintaining backward interoperability with existing X.509 infrastructure.

Lane A — Cygnus Native
Ed25519 / X25519 classical components
  • Cygnus-MLDSA65-Ed25519
  • Cygnus-MLKEM768-X25519
  • Cygnus-SLHDSA128s-Ed25519
Optimized for modern TLS and device identity use cases
Lane B — IETF Conformant
draft-ietf-lamps-pq-composite-sigs OIDs
  • IETF-MLDSA44-ECCP256
  • IETF-MLDSA65-ECCP384
  • IETF-MLDSA65-RSA3072
  • IETF-MLDSA87-ECCP384
Full interoperability with IETF LAMPS composite draft
Lane C — SANCTUM Attested
OID arc 1.3.6.1.4.1.65953 (IANA PEN 65953)
  • SANCTUM-Attested-MLDSA44-ECCP256
  • SANCTUM-Attested-MLDSA65-RSA3072
  • SANCTUM-Attested-MLDSA87-ECCP384
  • SANCTUM-Hedge-MLDSA65-ECCP384
  • SANCTUM-SLHDSA128s-ECCP256
  • SANCTUM-SLHDSA128s-RSA3072
  • SANCTUM-SLHDSA192s-ECCP384
  • SANCTUM-SLHDSA256s-ECCP384
Proprietary attested issuance under IANA PEN 65953 OID arc · Patent Pending
🔗 IETF Hackathon Repository 🔗 IETF Datatracker Profile
Microsoft Partnership

Microsoft Partner Programs

Sanctum SecOps LLC is an active participant in multiple Microsoft partner programs, enabling enterprise-grade Azure integration and ISV co-sell capabilities.

Microsoft for Startups
Founders Hub
ACTIVE MEMBER
Access to Azure credits, technical mentorship, and go-to-market resources for early-stage security infrastructure companies.
Microsoft ISV
Success Program
ENROLLED
Independent Software Vendor program providing dedicated Azure credits, co-sell opportunities, and partner support for PKI/cryptography solutions.
Microsoft 365
Developer Program
ACTIVE
E5 developer subscription for building and testing M365 integrations, including certificate-based authentication and Intune SCEP workflows.
Azure Cloud
Infrastructure
$5,000 CREDITS ACTIVE
Azure-hosted PKI infrastructure including Key Vault, hybrid CA deployments, and cloud-native certificate lifecycle automation pipelines.
Standards Contributions

IETF Internet-Drafts

Active contributions to IETF working groups advancing post-quantum cryptography standards, PKI observability, and authorization mechanisms.

LAMPS
draft-vicente-lamps-pqchc-00
PQC Hybrid Commitment X.509 Extension
Defines a new X.509 certificate extension for cryptographic commitment to post-quantum hybrid composite algorithm bindings, enabling verifiable PQC transition assurance.
IETF Archive Datatracker DOI
OAUTH
draft-vicente-oauth-apm-00
Authorization Posture Mechanism
Proposes an OAuth 2.0 extension for conveying cryptographic posture information — including PQC algorithm support — within authorization flows for adaptive access control.
Datatracker DOI
PQUIP
draft-vicente-pquip-pqc-readiness-gaps-01
PQC Readiness Observability Gaps
Identifies operational and observability gaps in current PKI infrastructure that impede post-quantum migration, with recommendations for tooling and monitoring improvements.
Datatracker DOI
PQUIP
draft-vicente-pquip-multitenant-pki-requirements-01
Multi-Tenant PKI Requirements for PQC
Defines architectural and operational requirements for multi-tenant PKI systems undergoing post-quantum algorithm migration, addressing isolation, key ceremony, and audit requirements.
Datatracker DOI
Registrations & Credentials

Verified Credentials

Sanctum SecOps LLC holds active federal registrations, intellectual property filings, and standards body assignments.

🏛️
SAM.gov
Federal Contractor Registration
Registered · Active
🏢
EIN
42-2733487
NY LLC · Active
🔢
IANA PEN
65953
Assigned
🌐
OID Arc
1.3.6.1.4.1.65953
Active
⚖️
Patent — Provisional
App. 64/080,137
Filed June 1, 2026
⚖️
Patent — Non-Provisional
App. 19/698,870
Filed June 5, 2026
🆔
ORCID
0009-0006-6395-5308
Verified Researcher
🌍
IETF Contributor
4 Active Drafts
LAMPS · PQUIP · OAuth
🔬
IETF PQC Hackathon
20 DER Artifacts
Submitted · 2024/2025
🪟
Microsoft ISV
ISV Success Program
Enrolled · Active
🚀
Microsoft Startups
Founders Hub
Active Member
🔒
CMMC 2.0
Controls Mapping
Compliant Framework
About

Sanctum SecOps LLC

Brian Vicente

Founder & Principal Engineer

Security infrastructure architect specializing in PKI, post-quantum cryptography, and enterprise certificate lifecycle automation. IETF contributor and author of the Cygnus family of composite post-quantum certificates. Based in Pine City, New York.

IETF Datatracker ORCID GitHub
20
Composite PQC certificate profiles submitted to IETF Hackathon
4
Active IETF Internet-Drafts across LAMPS, PQUIP, and OAuth WGs
2
Patent applications filed for Cygnus composite certificate innovations
3
Active Microsoft partner programs with $5K Azure credits
Contact

Work With Us

PKI architecture, post-quantum migration, CMMC compliance, or Azure cryptographic infrastructure — let's talk.

bvicente@sanctumsecops.com
GitHub IETF ORCID LinkedIn