公开(公告)号：US20230353360A1

公开(公告)日：2023-11-02

申请号：US18351121

申请日：2023-07-12

Applicant: Visa International Service Association

Inventor： Simon Law

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/30 ,  H04L9/088 ,  H04L9/3228 ,  H04L9/3231

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the public key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

公开(公告)号：US11677729B2

公开(公告)日：2023-06-13

申请号：US17307214

申请日：2021-05-04

Applicant: Visa International Service Association

Inventor： Rasta A. Mansour ,  Simon Law

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/045 ,  H04L9/0822 ,  H04L9/0825 ,  H04L63/061

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

公开(公告)号：US10911429B2

公开(公告)日：2021-02-02

申请号：US15369488

申请日：2016-12-05

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： Simon Law ,  Kim R. Wagner

IPC: H04L29/06 ,  H04L9/32 ,  G06Q20/38 ,  G06Q20/36

Abstract: A method for utilizing a registration authority to facilitate a certificate signing request is disclosed. In at least one embodiment, a registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.

公开(公告)号：US12095746B2

公开(公告)日：2024-09-17

申请号：US18311190

申请日：2023-05-02

Applicant: Visa International Service Association

Inventor： Rasta A. Mansour ,  Simon Law

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/045 ,  H04L9/0822 ,  H04L9/0825 ,  H04L63/061

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

公开(公告)号：US20230269241A1

公开(公告)日：2023-08-24

申请号：US18311190

申请日：2023-05-02

Applicant: Visa International Service Association

Inventor： Rasta A. Mansour ,  Simon Law

IPC: H04L9/40 ,  H04L9/08

CPC classification number: H04L63/045 ,  H04L63/061 ,  H04L9/0825 ,  H04L9/0822

Abstract: A requestor and a responder may conduct secure communication by making API calls based on a secure multi-party protocol. The requestor may send a request data packet sent in a API request to the responder, where the request data packet can include at least a control block that is asymmetrically encrypted and a data block that is symmetrically encrypted. The responder may return a response data packet to the requestor, where the response data packet can include at least a control block and a data block that are both symmetrically encrypted. The requestor and the responder may derive the keys for decrypting the encrypted portions of the request and response data packets based on some information only known to the requestor and the responder. The secure multi-party protocol forgoes the need to store and manage keys in a hardware security module.

公开(公告)号：US20210051012A1

公开(公告)日：2021-02-18

申请号：US16977645

申请日：2018-08-16

Applicant: Visa International Service Association

Inventor： Simon Law

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

公开(公告)号：US10911456B2

公开(公告)日：2021-02-02

申请号：US16268377

申请日：2019-02-05

Applicant: Visa International Service Association

Inventor： Madhuri Chandoor ,  Jalpesh Chitalia ,  Gueorgui Petkov ,  Mohamed Nosseir ,  Parveen Bansal ,  Thomas Bellenger ,  Simon Law

IPC: H04W12/04 ,  H04L29/06 ,  H04W12/00 ,  H04W88/02

Abstract: Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

公开(公告)号：US11863545B2

公开(公告)日：2024-01-02

申请号：US18152659

申请日：2023-01-10

Applicant: Visa International Service Association

Inventor： Simon Law ,  Kim R. Wagner

IPC: H04L9/40 ,  H04L9/32 ,  G06Q20/36 ,  G06Q20/38

CPC classification number: H04L63/0807 ,  G06Q20/3672 ,  G06Q20/3674 ,  G06Q20/3825 ,  G06Q20/38215 ,  H04L9/3247 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/0823

Abstract: A method for utilizing a registration authority computer to facilitate a certificate signing request is provided. A registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority computer may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.

公开(公告)号：US11743042B2

公开(公告)日：2023-08-29

申请号：US17734443

申请日：2022-05-02

Applicant: Visa International Service Association

Inventor： Simon Law

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/30 ,  H04L9/088 ,  H04L9/3228 ,  H04L9/3231

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

公开(公告)号：US11356257B2

公开(公告)日：2022-06-07

申请号：US16977645

申请日：2018-08-16

Applicant: Visa International Service Association

Inventor： Simon Law

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

Abstract: A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.