PKI & Certificate Lifecycle
Certificate authorities, issuance, and automated lifecycle for systems that can't afford an expired cert.
Private & public CAsmTLSCertificate lifecycle automationHSMs & key managementCode signing
Identity · Authentication · Security Engineering
We build the hard identity and security systems most teams can't staff.
Doquima is a senior team that has shipped the compliance-heavy core of digital identity at scale: PKI, passwordless and FIDO2, mTLS, ICAM, SSO and federation. We design and deliver it faster and leaner than a big prime, because we've built AI deeply into how we work.
What we build
Identity and security, engineered end to end.
The authentication, authorization, and cryptographic plumbing that regulated systems depend on. Designed, built, and hardened for production and audit.
Passwordless & Strong Authentication
FIDO2, passkeys, and smart-card auth that retire the password without hurting the user experience.
FIDO2 / WebAuthnPasskeysPIV / CAC & smart cardsMFA & step-upBiometrics
SSO, Federation & OAuth
Single sign-on and federation that works across your org, your partners, and your acquisitions.
OAuth2OpenID ConnectSAMLIdentity brokeringToken services
ICAM & Access Management
Identity, credential, and access management aligned to how regulated and federal-adjacent programs are actually evaluated.
ICAM / FICAM-alignedRBAC & ABACAuthorization & policyDirectory & IdP integrationIdentity governance
Zero Trust & Workload Identity
Service-to-service trust built on verifiable identity, not network position.
mTLS everywhereWorkload & service identitySecrets & key managementPolicy enforcementContinuous verification
Secure Data Flows & Integration
Encrypted, auditable data movement between systems that were never designed to talk to each other.
End-to-end encryptionSecure APIsKey managementHIPAA / PCI-awareAudit & logging
Why trust us with this
We've built this exact class of system before.
Our founders spent 20+ years on mission-critical systems at IKEA, Sony Mobile, Ericsson, and Handelsbanken. The identity depth isn't theoretical. It comes from hands-on PKI and certificate-management work at Sony Mobile and Ericsson, where a mistake in the crypto plumbing isn't a bug, it's an outage.
TernaID: passwordless identity platform
A production passwordless identity system we architected end to end: PKI-backed credentials, mTLS between services, OAuth2/OIDC flows, and encrypted data paths. The clearest evidence of what we can build for you.
PKImTLSOAuth2 / OIDCFIDO2Cryptography
PKI & certificate management at device scale
Founder background building and operating the certificate and trust infrastructure behind consumer devices and telecom systems: certificate lifecycle, key management, and the hard parts of cryptographic identity.
PKICertificate lifecycleHSMKey management
Global availability API at peak scale
Migrated and optimized the backend for Customer Item Availability during a global cloud transition (OpenShift to GCP), redesigning API endpoints and monitoring to prevent outages at peak seasonal traffic, handling 1,000+ requests per second.
JavaSpring BootGCPKubernetesAPI Management
Why Doquima
Big-prime capability. Boutique speed.
We've shipped the hard parts
PKI and certificate management at Sony Mobile and Ericsson. A passwordless identity platform at TernaID. This is our home turf, not a new practice area.
The team you meet builds it
You work directly with the experienced engineers who design and build your system. No account-manager layer, no handoff to a team you never met.
AI built into how we work
We've engineered AI deeply into delivery, so a small senior team moves faster and leaner than a big prime, without cutting the rigor regulated work demands.
Built for compliance from day one
We design for audit, least privilege, and the standards your reviewers care about: HIPAA, PCI, SOC 2, and NIST/FICAM-aligned identity.
Who we work with
Two kinds of teams call us.
Prime contractors & systems integrators
You've won, or are bidding on, work that needs serious identity, PKI, or ICAM depth, and you need a senior subcontractor who can carry that scope. We slot into your team and deliver the hard identity pieces, on your timeline.
Regulated commercial teams
You're in healthcare, finance, or another regulated space, and authentication, access, and data protection have to be right. We design and build identity and security systems that hold up to your auditors.
Trusted by global enterprises.
IKEA
Sony
Handelsbanken
William Hill
Ericsson
Qlik
4C Strategies
We also do
Knowledge graphs and AI-ready data.
Beyond identity and security, we help teams turn scattered data into queryable intelligence for AI. We design knowledge graphs and AI-ready data platforms, and our team brings the same engineering rigor to the broader software, cloud, and data work we've always done.
Where we are
McLean, Virginia
Based in the Washington, D.C. metro area, working with clients across the USA and Europe, remote and on-site.
Doquima Corp.
1513 Lincoln Circle #204
McLean, VA 22102, USA
USA & Europe · Remote & on-site
Open in MapsLet's talk about your identity and security work.
Whether you're a prime that needs a senior identity subcontractor, or a regulated team that needs authentication and access done right, tell us what you're building. We'll come back with a clear, low-risk first step.
Start a conversation