公开(公告)号：WO2020112104A1

公开(公告)日：2020-06-04

申请号：PCT/US2018/062847

申请日：2018-11-28

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： SINHA, Rohit ,  GADDAM, Sivanarayana ,  LUYKX, Atul ,  YANG, Hao

IPC: H04L9/08 ,  H04L9/14

Abstract: Described herein are a system and techniques for enabling user control over usage of their information, even when untrusted parties are involved. In embodiments of the disclosure, users are able to modify policy data on a decentralized network. A users information may be collected by a client device and provided to a host server. An encrypted version of the users information may be stored at the host server and when requested by a data consumer, the request may be processed on a private enclave of the host server. This may involve determining, based on a current status of the policy data on the decentralized network, whether the request is an authorized request. If so, then the information is decrypted, processed, and re-encrypted using a different cryptographic key. The requestor of the data may then be given access to the encrypted output.

公开(公告)号：WO2020146605A1

公开(公告)日：2020-07-16

申请号：PCT/US2020/012896

申请日：2020-01-09

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GADDAM, Sivanarayana ,  WATSON, Gaven James ,  SINHA, Rohit ,  LUYKX, Atul

IPC: G06Q20/20 ,  G06Q20/32 ,  G06Q20/40 ,  G07F7/10 ,  H04L9/08 ,  H04L9/32

Abstract: A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

公开(公告)号：WO2020146602A1

公开(公告)日：2020-07-16

申请号：PCT/US2020/012891

申请日：2020-01-09

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GADDAM, Sivanarayana ,  WATSON, Gaven, James ,  SINHA, Rohit ,  MUKHERJEE, Pratyay

IPC: G06F9/44 ,  G06Q20/12 ,  G06Q20/20 ,  G06Q20/32 ,  G06Q20/40 ,  G06Q30/06 ,  G07F7/10

Abstract: A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

公开(公告)号：WO2020069431A1

公开(公告)日：2020-04-02

申请号：PCT/US2019/053640

申请日：2019-09-27

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： AGGARWAL, Abhinav ,  SINHA, Rohit ,  CHRISTODORESCU, Mihai

IPC: G06F21/78 ,  G06F21/55 ,  G06F21/72 ,  G06F21/53

Abstract: A technique for oblivious filtering may include receiving an input data stream having a plurality of input elements. For each of the input elements received, a determination is made as to whether the input element satisfies a filtering condition. For each of the input elements received that satisfies the filtering condition, a write operation is performed to store the input element in a memory subsystem. For those of the input elements received that do not satisfy the filtering condition, at least a dummy write operation is performed on the memory subsystem. The contents of the memory subsystem can be evicted to an output data stream when the memory subsystem is full. The memory subsystem may include a trusted memory and an unprotected memory.

公开(公告)号：WO2020112166A1

公开(公告)日：2020-06-04

申请号：PCT/US2019/030415

申请日：2019-05-02

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GADDAM, Sivanarayana ,  KUMARESAN, Ranjit ,  SINHA, Rohit

IPC: H04L9/08 ,  H04L9/14

Abstract: Described herein are a system and techniques for enabling user control over usage of their information by data consumers, even when untrusted parties are involved, while also preventing collusion between the untrusted party and a data consumer. A user's information may be collected by a client device and provided to a host server. An encrypted version of the user's information may be stored at the host server so that it is processed on a private enclave of the host server. When the data is to be provided to multiple data consumers, the data may be encrypted for each of the data consumers and may be released to each of those data consumers simultaneously once confirmation has been received that the data has been made available to each of the data consumers.

公开(公告)号：WO2019212829A1

公开(公告)日：2019-11-07

申请号：PCT/US2019/028963

申请日：2019-04-24

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GADDAM, Sivanarayana ,  SINHA, Rohit ,  LUYKX, Atul ,  YANG, Hao

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/31 ,  H04L9/08

Abstract: The system and methods described herein may be utilized to perform operations in a faster and less complex manner than provided by conventional systems. An encrypted record may be stored at a user device. The encrypted record may include entries related to operations that were previously requested by the user device. The encrypted record may have been encrypted using a dynamic value and a key that is associated with an entity associated with the user. A recipient computer of a request by the user device may be configured to utilize the dynamic value provided in the request and the key associated with the entity to derive the encryption key(s) last used to encrypt the record. The recipient computer may decrypt and modify the decrypted record to perform the requested operation while the user device is precluded from doing so.

公开(公告)号：WO2022125847A1

公开(公告)日：2022-06-16

申请号：PCT/US2021/062731

申请日：2021-12-10

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION [US]/[US]

Inventor： SINHA, Rohit ,  KUMARESAN, Ranjit, Kumar ,  GADDAM, Sivanarayana ,  CHRISTODORESCU, Mihai

IPC: G06Q20/38

Abstract: Described are a system, method, and computer program product for secure real-time n-party computation. The method includes communicating, to a trusted execution environment (TEE), a first computation input and a first portion of a one-time key. The method also includes receiving, from the TEE, an encrypted output of a computation based on the first computation input and a second computation input communicated to the TEE by a second computing device. The method further includes communicating the encrypted output to the second computing device and receiving a digital signature indicating that the second computing device received the encrypted output. The method further includes communicating the first portion of the one-time key to the second computing device and, in response to not receiving the second portion of the one-time key from the second computing device, executing a fallback computation process using the TEE and a shared ledger to determine the computation.

公开(公告)号：WO2021222272A1

公开(公告)日：2021-11-04

申请号：PCT/US2021/029429

申请日：2021-04-27

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： MUKHERJEE, Pratyay ,  SINHA, Rohit ,  GADDAM, Sivanarayana ,  CHRISTODORESCU, Mihai

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  H04L29/06 ,  G06F21/60

Abstract: Systems and methods for adaptive attack resistant and amortized distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess one or more secret shares corresponding to one or more distinct secret values, which may be used in the process of encrypting or decrypting data. The client computer may generate one or more commitments and transmit those commitments to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitments and their respective secret shares. The partial computations may be transmitted to the client computer. The client computer may use the partial computations to generate a cryptographic key or bulk key. The client computer may use the cryptographic key, or one or more message keys derived from the bulk key, to encrypt one or more messages or decrypt ciphertext.

公开(公告)号：WO2020069262A1

公开(公告)日：2020-04-02

申请号：PCT/US2019/053370

申请日：2019-09-27

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： GADDAM, Sivanarayana ,  LOKHANDE, Yogesh ,  SINHA, Rohit

IPC: G06Q20/02 ,  G06Q20/04 ,  G06Q20/08 ,  G06Q20/20 ,  G06Q20/22

Abstract: Described are a system, method, and computer program product for secure, remote transaction authentication and settlement. The method includes receiving transaction data associated with a transaction to be completed between a merchant and a customer via a point-of-sale (POS) terminal. The method also includes generating a unique identifier for the transaction and sound data encoding the unique identifier. The method further includes storing the unique identifier in association with the transaction data and communicating the sound data to a merchant communication device to cause the sound wave to be produced at the POS terminal for receipt and decoding by a user communication device. The method further includes receiving, from the user communication device, the unique identifier and user payment authorization data. The method further includes corresponding the user payment authorization data with the transaction data and generating a transaction request to an acquirer processor.

公开(公告)号：WO2019168557A1

公开(公告)日：2019-09-06

申请号：PCT/US2018/042844

申请日：2018-07-19

Applicant: VISA INTERNATIONAL SERVICE ASSOCIATION

Inventor： SINHA, Rohit ,  CHRISTODORESCU, Mihai

IPC: H04L9/08

Abstract: Verification system and methods are provided for allowing database server responses to be verified. A proxy device may maintain a data structure (e.g., a Merkle B+- tree) within a secure memory space (e.g., an Intel SGX enclave) associated with a protected application. In some embodiments, the data structure may comprise hashed values representing hashed versions of the data managed by the database server. The proxy may intercept client requests submitted from a client device and forward such requests to the database server. Responses from the database server may be verified using the data structure (e.g., the hashes contained in the Merkle B+- tree). If the data is verified by the proxy device, the response may be transmitted to the client device.