公开(公告)号：WO2023043465A1

公开(公告)日：2023-03-23

申请号：PCT/US2021/051133

申请日：2021-09-20

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： CHRISTODORESCU, Mihai ,  ARORA, Sunpreet Singh ,  SHIRVANIAN, Maliheh

IPC: G06F21/33 ,  G06F21/62 ,  G06F21/60 ,  H04L9/08 ,  H04W12/06 ,  H04W12/04

Abstract: A method, performed by a digital identity computer, for processing a resource request is disclosed. The method includes receiving, from a user device operated by a user, a resource request and indication of identity attributes needed to process the resource request. The digital identity computer may then retrieve an identity token associated with the user and compute an authentication score based on the sensitivity and rarity of the identity attributes indicated. The authentication score can be used to determine an authentication process. After determining and executing the authentication process with the user device, the digital identity computer may then grant the user device access to the resource requested.

公开(公告)号：WO2022015663A1

公开(公告)日：2022-01-20

申请号：PCT/US2021/041314

申请日：2021-07-12

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： WAGNER, Kim Ritter ,  ARORA, Sunpreet Singh ,  WATSON, Gaven James ,  CHRISTODORESCU, Mihai ,  AGRAWAL, Shashank

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/64 ,  G06F21/33 ,  H04L9/32 ,  H04L29/06

Abstract: Methods and systems for privacy-preserving identity attribute verification are presented. During an interaction between a relying entity and a user, a relying entity computer can transmit a policy token to a user device. The policy token may indicate the information needed by the relying entity in order to perform the interaction. The user device can verify the policy token, then use the policy token in conjunction with an identity token to generate a zero-knowledge proof. The user device may transmit the zero-knowledge proof to an identity service provider computer. The identity service provider computer may verify the zero-knowledge proof, then generate a verification message. The identity service provider computer may sign the verification message and transmit the signed verification message to the relying entity computer. The relying entity computer may verify the verification message and complete the interaction with the user.

公开(公告)号：WO2020069431A1

公开(公告)日：2020-04-02

申请号：PCT/US2019/053640

申请日：2019-09-27

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： AGGARWAL, Abhinav ,  SINHA, Rohit ,  CHRISTODORESCU, Mihai

IPC: G06F21/78 ,  G06F21/55 ,  G06F21/72 ,  G06F21/53

Abstract: A technique for oblivious filtering may include receiving an input data stream having a plurality of input elements. For each of the input elements received, a determination is made as to whether the input element satisfies a filtering condition. For each of the input elements received that satisfies the filtering condition, a write operation is performed to store the input element in a memory subsystem. For those of the input elements received that do not satisfy the filtering condition, at least a dummy write operation is performed on the memory subsystem. The contents of the memory subsystem can be evicted to an output data stream when the memory subsystem is full. The memory subsystem may include a trusted memory and an unprotected memory.

公开(公告)号：WO2019036717A1

公开(公告)日：2019-02-21

申请号：PCT/US2018/047078

申请日：2018-08-20

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： AGGARWAL, Abhinav ,  ZAMANI, Mahdi ,  CHRISTODORESCU, Mihai

IPC: H04L29/06 ,  H04L12/26

Abstract: Methods and systems for generating a security policy at a gateway are disclosed. A server computer and a gateway can perform a protocol in order to train a security model at a gateway, such that it can detect attack packets and prevent those attack packets from reaching the server computer via the gateway. In a learning phase, the server computer can provide training packets and test packets to the gateway. The gateway can use the training packets to train a security model, and the gateway can classify the test packets using the security model in order to test its accuracy. When the server computer is satisfied with the accuracy of the security policy, the server computer can transmit an acceptance of the security policy to the gateway, which can subsequently deploy the model in order to detect and filter attack packets.

公开(公告)号：WO2022211899A1

公开(公告)日：2022-10-06

申请号：PCT/US2022/014994

申请日：2022-02-02

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： NAGARAJA, Vinjith ,  XU, Minghua ,  TREVINO, Jose Rios ,  WATSON, Gaven ,  MUKHERJEE, Pratyay ,  CHEN, Yilei ,  MASNY, Daniel ,  CHRISTODORESCU, Mihai

IPC: H04L9/08 ,  H04L9/40

Abstract: Embodiments are directed to methods and systems for crypto-agile encryption and decryption. A computer system can possess a protocol file that identifies one or more cryptographic software modules. Using these cryptographic software modules, the computer system can generate a plurality of shared secrets and a session key, then use the session key to encrypt a message. The message can be sent to a server computer that can subsequently decrypt the message. At a later time, the protocol file can be updated to identify a different set of cryptographic software modules, which can be used to encrypt messages. Further, the server computer can transmit additional cryptographic software modules to the computer system, enabling the computer system to use those cryptographic software modules to generate cryptographic keys. As such, the cryptographic protocol file can be changed in response to changes in the cryptographic needs of the computer system.

公开(公告)号：WO2022154789A1

公开(公告)日：2022-07-21

申请号：PCT/US2021/013316

申请日：2021-01-13

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： PRICE, Benjamin ,  CHEN, Yuexi ,  ZAMANI, Mahdi ,  KUMARESAN, Ranjit ,  CHRISTODORESCU, Mihai

IPC: G06Q20/40 ,  G06Q20/38 ,  G06Q20/06 ,  G06Q20/36 ,  H04L9/32

Abstract: Methods and systems for token-based off-chain interaction authorization are disclosed, A hub computer can maintain a network of off-chain (or "layer two") channels between itself, cryptocurrency issuer computers, and cryptocurrency custodian computers. These off-chain channels correspond to one or more underlying blockchains. The hub computer can receive an access token, a resource provider identifier, and an interaction value. The hub computer can use the access token to identify a cryptocurrency issuer computer associated with the mobile device, and use the resource provider identifier to identify the cryptocurrency custodian computer associated with the access device. The hub computer can update the state of the off-chain channels corresponding to these two computers based on the interaction value, then transmit an authorization response message.

公开(公告)号：WO2021163532A1

公开(公告)日：2021-08-19

申请号：PCT/US2021/017915

申请日：2021-02-12

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： SHIRVANIAN, Maliheh ,  CHRISTODORESCU, Mihai ,  MASNY, Daniel, Siegfried Werner ,  NUNES, Ivan, De Oliveira ,  RINDAL, Peter, Byerly

IPC: G06F21/00

Abstract: Provided is a method for authentication. The method may include receiving first password data, first biometric input data, and first secret key data. A second secret key may be generated based on the first secret key and the first password. Fuzzy extractor helper data may be generated based on the first biometric input and the second secret key. The fuzzy extractor helper data and the first secret key may be stored. The user may be authenticated based on an attempted password and/or a second biometric input. A system and computer program product are also disclosed.

公开(公告)号：WO2023064104A1

公开(公告)日：2023-04-20

申请号：PCT/US2022/045040

申请日：2022-09-28

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GHOSH, Pamela ,  GU, Wanyun ,  ZAMANI, Mahdi ,  CHRISTODORESCU, Mihai ,  SHEFFIELD, Cuy

IPC: G06F21/33 ,  G06F21/64 ,  H04L9/32 ,  G06Q20/36 ,  H04L9/00

Abstract: A method is disclosed. The method includes determining, by a delegated certificate authority computer, a tier from a plurality of tiers for a digital wallet provider based on a list of qualifying criteria. The method also includes generating a digital certificate based on the tier, where the digital certificate is used by a digital wallet application computer associated with the digital wallet provider to complete interactions using a digital currency maintained by a blockchain network. The method further includes transmitting, by the delegated certificate authority computer to a digital wallet application computer, the digital certificate.

公开(公告)号：WO2022076605A1

公开(公告)日：2022-04-14

申请号：PCT/US2021/053840

申请日：2021-10-06

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： XU, Minghua ,  CHRISTODORESCU, Mihai ,  SUN, Wei ,  RINDAL, Peter ,  KUMARESAN, Ranjit ,  NAGARAJA, Vinjith ,  PATEL, Karankumar Hiteshbhai

IPC: G06F16/25 ,  G06F16/2455 ,  G06F16/28 ,  G06F16/22 ,  G06F21/62 ,  H04L65/40

Abstract: Embodiments of the present disclosure are directed to methods and systems used to determine private set intersections (PSIs) and execute private database joins (PDJs). Some embodiments are characterized by binning techniques that enables PSI and PDJ methods to be performed by worker nodes in a computing cluster in parallel, thus reducing execution time. A first party computing system and a second party computing system can each tokenize their respective datasets, then assign the datasets to bins. The bins can each be padded with dummy tokens. Then the first party computing system and second party computing system can execute several parallel PSI on pairs of corresponding bins. The results can then be combined to produce a tokenized intersection set, which can then be detokenized to produce the set intersection.

公开(公告)号：WO2022051463A1

公开(公告)日：2022-03-10

申请号：PCT/US2021/048822

申请日：2021-09-02

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： CHRISTODORESCU, Mihai ,  SHIRVANIAN, Maliheh ,  ZAWOAD, D.M. Shams

IPC: G06F21/31 ,  G06F21/16 ,  G06F21/33 ,  G06F21/62 ,  G06F21/45 ,  H04L9/08

Abstract: An application or device is authenticated using secure application data validation. A server computer receives an authentication request comprising an application identifier or a user device identifier associated with a user device, the authentication request originating from the user device. The server computer receives a set of behavioral data associated with the application or the user device. Responsive to receiving the application identifier or device identifier, the server computer obtains a fuzzy vault associated with the application identifier or the user device identifier. The server computer determines a reconstructed key value using the fuzzy vault and the set of behavioral data. The application or the user device is authenticated using the reconstructed key value.