公开(公告)号：WO2020101787A1

公开(公告)日：2020-05-22

申请号：PCT/US2019/048991

申请日：2019-08-30

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： SALAJEGHEH, Mastooreh ,  AGRAWAL, Shashank ,  LE SAINT, Eric ,  MOHASSEL, Payman ,  CHRISTODORESCU, Mihai

IPC: H04L29/06

Abstract: An initiator device can broadcast a witness request to one or more authentication devices. The one or more authentication devices can then determine an assurance level from a range of assurance levels and determine a token share corresponding to the assurance level. The initiator device can then receive, from the one or more authentication devices, at least one witness response comprising the token share corresponding to the assurance level. The initiator device can generate an authentication token using a set of token shares. The initiator device can then transmit the authentication token to an authentication server, wherein the authentication server verifies the authentication token.

公开(公告)号：WO2020047274A1

公开(公告)日：2020-03-05

申请号：PCT/US2019/048842

申请日：2019-08-29

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： ESKANDARIAN, Saba ,  MOHASSEL, Payman ,  CHRISTODORESCU, Mihai

IPC: G06Q20/38 ,  G06Q20/10 ,  G06Q20/14 ,  G06Q30/06

Abstract: Methods are provided for maintaining user privacy, and may include establishing a secret key for communication between a plurality of user devices, the plurality of user devices including a first user device associated with a requesting user and a second user device associated with a second user, wherein at least one server computer does not have access to the secret key; receiving from the first user device, a split-payment request message comprising encrypted data, the encrypted data included in the split-payment request message encrypted based on the secret key; generating an encrypted balance for the requesting user and the second user based on the encrypted data of the split-payment request message; and transmitting to the second user device, a split-payment confirmation message including the encrypted balance for the requesting user and/or the second user. Systems and computer program products are also provided.

公开(公告)号：WO2022125847A1

公开(公告)日：2022-06-16

申请号：PCT/US2021/062731

申请日：2021-12-10

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION [US]/[US]

Inventor： SINHA, Rohit ,  KUMARESAN, Ranjit, Kumar ,  GADDAM, Sivanarayana ,  CHRISTODORESCU, Mihai

IPC: G06Q20/38

Abstract: Described are a system, method, and computer program product for secure real-time n-party computation. The method includes communicating, to a trusted execution environment (TEE), a first computation input and a first portion of a one-time key. The method also includes receiving, from the TEE, an encrypted output of a computation based on the first computation input and a second computation input communicated to the TEE by a second computing device. The method further includes communicating the encrypted output to the second computing device and receiving a digital signature indicating that the second computing device received the encrypted output. The method further includes communicating the first portion of the one-time key to the second computing device and, in response to not receiving the second portion of the one-time key from the second computing device, executing a fallback computation process using the TEE and a shared ledger to determine the computation.

公开(公告)号：WO2022020523A1

公开(公告)日：2022-01-27

申请号：PCT/US2021/042645

申请日：2021-07-21

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： ZAMANI, Mahdi ,  KUMARESAN, Ranjit ,  CHRISTODORESCU, Mihai ,  SHEFFIELD, Cuy ,  PRICE, Benjamin ,  GU, Wanyun ,  XU, Minghua ,  RAGHURAMAN, Srinivasan ,  SAAD, Muhammad ,  OZDAYI, Mustafa ,  MINAEI BIDGOLI, Mohammad Mohsen ,  DAS, Sourav

IPC: H04L9/32 ,  H04L9/08

Abstract: A method includes a first device receiving, from a second device, an interaction request message comprising an amount and a second device certificate. The first device can verify the second device certificate using a server computer public key corresponding to a server computer private key. A trusted application in a secure element of the first device can determine whether or not the amount is less than an offline amount stored in the secure element. If the amount is less than the offline amount, the trusted application can determine an updated offline amount based on the amount. The trusted application can generate an interaction response message comprising the amount and a trusted application certificate. The first device can then provide the interaction response message to the second device.

公开(公告)号：WO2021222272A1

公开(公告)日：2021-11-04

申请号：PCT/US2021/029429

申请日：2021-04-27

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： MUKHERJEE, Pratyay ,  SINHA, Rohit ,  GADDAM, Sivanarayana ,  CHRISTODORESCU, Mihai

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  H04L29/06 ,  G06F21/60

Abstract: Systems and methods for adaptive attack resistant and amortized distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess one or more secret shares corresponding to one or more distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate one or more commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key or bulk key. The client computer may use the cryptographic key, or one or more message keys derived from the bulk key, to encrypt one or more messages or decrypt ciphertext.

公开(公告)号：WO2019168557A1

公开(公告)日：2019-09-06

申请号：PCT/US2018/042844

申请日：2018-07-19

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： SINHA, Rohit ,  CHRISTODORESCU, Mihai

IPC: H04L9/08

Abstract: Verification system and methods are provided for allowing database server responses to be verified. A proxy device may maintain a data structure (e.g., a Merkle B+- tree) within a secure memory space (e.g., an Intel SGX enclave) associated with a protected application. In some embodiments, the data structure may comprise hashed values representing hashed versions of the data managed by the database server. The proxy may intercept client requests submitted from a client device and forward such requests to the database server. Responses from the database server may be verified using the data structure (e.g., the hashes contained in the Merkle B+- tree). If the data is verified by the proxy device, the response may be transmitted to the client device.