About

Built by a practitioner.
Grounded in operational reality.

The protocols in the Yandeh Holdings portfolio were not designed at a whiteboard. They were designed by someone who spent fifteen years inside the environments these protocols are meant to govern.

Principal inventor

In fifteen years of working inside enterprise infrastructure and security environments — designing identity architectures, implementing secure communications systems, building out network and firewall governance, and responding to security incidents in high-stakes operational contexts — Papa Gora Samb kept encountering the same gap. Autonomous systems were making consequential decisions. Those decisions had no formal authority structure beneath them. There was no signed artifact encoding what the system was permitted to do. There was no state machine enforcing the lifecycle of that permission. There was no portable, independently verifiable record that the decision had been made under the conditions it claimed. The infrastructure layer that should have existed simply did not.

"The protocols in this portfolio were not designed to be theoretical contributions. They were designed to fill gaps I encountered in production environments, in real organizations, where the absence of this infrastructure created real risk."
Papa Gora Samb — Inventor, Yandeh Holdings Inc.

That observation is the origin of the Yandeh Holdings patent portfolio. AMIAP — the Autonomous Machine Identity and Authority Protocol — emerged directly from years of designing and operating identity and access management systems. Conventional IAM evaluates authorization at credential issuance time. By the time an autonomous machine acts on a credential, the conditions that justified the grant may have changed. AMIAP closes that window by requiring a signed authority artifact evaluated against the runtime context at the exact moment of execution. It is the protocol that should have been sitting beneath every machine-to-machine authorization system that Papa built or operated — and was not.

VEMP — the Verifiable Enterprise Messaging Protocol — came from years in secure email architecture and enterprise communications governance. The dominant secure messaging standards protect content in transit. None of them define a formal admission control evaluation between message delivery and content access. VEMP introduces that missing layer: a dual-plane architecture that evaluates a message authority artifact against the ciphertext before any decryption key is released, without exposing plaintext to the evaluation process.

AIRAP — the Autonomous Incident Response Authority Protocol — came from working in environments where automated incident response platforms executed remediation actions with no formal authority structure governing them. SOAR platforms execute playbooks. They do not define an incident-scoped authority artifact, a deterministic state machine with enforceable preconditions, or a cryptographically verifiable receipt chain that proves what actions were taken under what authority. AIRAP defines all three.

CVEAR — the Cryptographically Verifiable Execution Authorization Receipt Protocol — is the horizontal infrastructure beneath all of it. It defines what a receipt actually is: a structure that any authorized party can verify, in any domain, without asking the enforcement point anything. It is the evidence layer that makes every other protocol in the stack auditable, portable, and independently confirmable.

Papa holds an active TS/SCI security clearance — a reflection of a career grounded in operational trust, accountability, and environments where the absence of formal authority governance is not a theoretical concern. He is a CompTIA Secure Infrastructure Expert (CSIE), having earned Security+, CySA+, PenTest+, and SecurityX certifications — covering the full spectrum of defensive operations, offensive security, threat analysis, and security architecture. He studied Network Administration and Security at ASA College and Technology Leadership at Pace University.

The Yandeh Holdings portfolio was filed pro se at the USPTO — meaning Papa designed, drafted, and prosecuted each application himself, with Track One prioritized examination on all four parent applications. Each application was developed through full prosecution preparation: antecedent basis audit, §112 written description verification, prosecution history firewall, claim scope analysis, and continuation strategy. The decision to file pro se was intentional. It means the inventor controls the prosecution record, controls the claim scope, and carries full knowledge of every argument made before the USPTO — a position that simplifies licensing conversations and strengthens the portfolio's defensibility.

Experience that informed each protocol
AM
AMIAP
From identity & access management architecture
15 years of designing enterprise IAM systems revealed a consistent gap: authorization evaluated at credential issuance time cannot govern what autonomous machines actually do at execution time. AMIAP is the protocol that should have existed beneath every machine-to-machine authorization architecture.
VP
VEMP
From secure email & communications governance
Years of secure email modernization work exposed the architectural gap between message delivery and content access — a gap that existing standards leave ungoverned. VEMP introduces the admission control layer that every secure communications architecture was missing.
AR
AIRAP
From incident response in high-stakes environments
Responding to and governing security incidents in environments where unauthorized remediation actions carry real operational and legal consequence made the absence of a formal incident authority protocol impossible to ignore. AIRAP defines what no SOAR or SIEM platform defines: a signed, scoped, enforceable authority structure for every remediation action.
CV
CVEAR
From compliance, audit, and accountability requirements
Working in compliance-aligned infrastructure environments — where every consequential decision must be documented, portable, and independently verifiable — made clear that existing log-based audit systems cannot satisfy those requirements. CVEAR defines the receipt infrastructure that can.
Active TS/SCI Security Clearance
Top Secret · Sensitive Compartmented Information
Inventor
Papa Gora Samb
Experience
15+ years — enterprise infrastructure and cybersecurity architecture
Designation
CompTIA Secure Infrastructure Expert (CSIE)
Security+ · CySA+ · PenTest+ · SecurityX
Education
Network Administration & Security — ASA College
Technology Leadership — Pace University
Filing basis
Pro Se · USPTO · Micro Entity
Examination
Track One — all 4 parent applications
Location
Decatur, Georgia
Related entity
Yandeh Consulting LLC operates independently as a cybersecurity advisory practice. It is a distinct entity with no portfolio cross-promotion.
Inquiries
Contact form →
Portfolio timeline
2025
AMIAP filed — Track One
Autonomous Machine Identity and Authority Protocol. 30 claims, 4 independent. Docket YH-AMIAP-001. The foundational identity and execution authority protocol from which the rest of the family extends.
March 2026
VEMP filed — Track One
Verifiable Enterprise Messaging Protocol. 30 claims, 4 independent. Docket YH-VEMP-001. Pre-decryption admission control with artifact-bound state machines, HSM key release, and post-quantum cryptography.
2026
AMIAP CON1 & VEMP CON1 filed — Regular track
Latency-bounded timing receipt continuation (YH-002-CON1, 24 claims) and message authority artifact continuation (YH-VEMP-CON1, 30 claims) filed before parent application publication dates.
Forthcoming
CVEAR — Track One (prosecution-ready)
Cryptographically Verifiable Execution Authorization Receipt Protocol. Standalone root application. 25 claims, 4 independent. Docket YH-CVEAR-001. The horizontal receipt infrastructure layer beneath the entire family.
Forthcoming
AIRAP — Track One (prosecution-ready)
Autonomous Incident Response Authority Protocol. 26 claims, 3 independent. Docket YH-AIRAP-001. Artifact-bound cyber remediation with ten-state lifecycle enforcement and verifiable response receipts.
~2026–2027
First Office Actions expected — AMIAP and VEMP
Track One examination typically produces first Office Actions within 6 months of filing. AMIAP is the earliest expected milestone in the prosecution timeline, followed closely by VEMP.