Verify Supplier Licenses, ISO & Certificates Without Handing Over Originals

For those who verify suppliers' licenses, ISO certifications, quality proofs, and insurance certificates. Exchanging certificate PDFs carries forgery, expiry, and reuse risk. "Submitted" and "valid right now" are not the same thing.

• Procurement / purchasing / supplier-management leads in manufacturing and critical infrastructure
• Teams verifying ISO / licenses / insurance across many suppliers
• Organizations needing to prove supplier-attribute conformance for CBAM, EUDR, etc.

Three things at once: prove "valid" without handing over the original; let the assembler/auditor verify independently; make it forgery- and tamper-proof.

PDFs can be forged and altered; even signed, the contents are exposed. Only a ZK proof does all three. Only work requiring all three at once is Lemma's territory.

We verify only that a supplier "validly holds" a certification, license, or insurance — as a proof. The original (the certificate's contents) is not handed over. Because revocation (expiry, withdrawal) is trackable, "valid when submitted but now lapsed" is detectable.

Attributes are chained with issuer signatures from each supplier tier; the assembler verifies them as ZK proofs.

All figures are directional.

The verifying side (procurement, purchasing, supplier management) Verify "it's valid" without collecting originals; keep out forged or expired certificates. e.g. certificate checks shift from collecting PDFs and eyeballing to verifying one proof.

The supplier side Show only the needed conformance without exposing trade secrets or certificate contents. e.g. disclosure shifts from submitting a full certificate set to proving one attribute.

Audit / regulatory Show CBAM/EUDR conformance via a cryptographic chain of supplier attributes; revocation is trackable.

A manufacturer collects ISO, license, and insurance certificates as PDFs from hundreds of suppliers. Among them slip expired ones, reuse from other deals, and doctored PDFs. It surfaces at audit time: "a certificate we believed valid had actually lapsed."

Had Lemma been in place, the supplier presents only a proof of "holds a valid ISO certification," without handing over the original. The assembler verifies validity without seeing the contents, and can trace later lapses. CBAM/EUDR conformance is shown via an attribute chain.

We don't replace your procurement or supplier-management system. We insert one attribute-proof step into the certificate-verification path.

• Issuer-signed credentials: certifiers / suppliers issue attributes with issuer signatures.
• Selective disclosure: BBS+ over BLS12-381 — minimal disclosure of "holds a valid certification."
• Revocation & validity: commit with Poseidon over BN254; prove validity / non-revocation via Groth16 (Circom); link to the original via docHash.

The original is not handed over; only the cryptographic fact of "it's valid" travels.

• Proof that a supplier "validly holds" a certification, license, or insurance
• Authenticity via the original's docHash and issuer signature
• Trackability of revocation (expiry, withdrawal)
• A trail that the assembler, auditor, and third parties verify independently — without disclosing the original

Not a standalone SaaS purchase. We enter through AI-adoption / data-governance consulting and a PoC, landing on an existing monthly plan.

1. A 30-minute review — identify procurement paths where forgery/expiry/reuse risk concentrates.
2. Narrow to 1–2 decisions (results) to prove — e.g. "holds a valid ISO certification," "insurance is valid." Not the originals.
3. Design issuance and revocation — issuance paths with certifiers/suppliers, and expiry/revocation handling.
4. Prove one path via a (quote-based) PoC.
5. Land on an existing monthly plan (indicative) — Lemma Critical / Compliance; pricing confirmed in conversation.

Tell us the one procurement path where certificate-verification risk concentrates most, in the first 30 minutes. No disclosure of sensitive data required.