Patents by Inventor Cem Paya
Cem Paya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180013748Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: ApplicationFiled: September 6, 2017Publication date: January 11, 2018Inventors: Ismail Cem Paya, Kevin Nguyen
-
Patent number: 9853977Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.Type: GrantFiled: January 26, 2016Date of Patent: December 26, 2017Assignee: WINKLEVOSS IP, LLCInventors: Andrew Laucius, Cem Paya, Eric Winer
-
Publication number: 20170286714Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: ApplicationFiled: June 22, 2017Publication date: October 5, 2017Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 9774591Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: GrantFiled: October 15, 2014Date of Patent: September 26, 2017Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20170255936Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.Type: ApplicationFiled: May 19, 2017Publication date: September 7, 2017Inventors: Ismail Cem Paya, Robert Lieh-Yuan Tsai
-
Patent number: 9727742Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: GrantFiled: March 30, 2015Date of Patent: August 8, 2017Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 9684898Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.Type: GrantFiled: September 25, 2013Date of Patent: June 20, 2017Assignee: GOOGLE INC.Inventors: Ismail Cem Paya, Robert Lieh-Yuan Tsai
-
Patent number: 9673984Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: October 31, 2013Date of Patent: June 6, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-QUiang Michael Guo
-
Publication number: 20170048210Abstract: A re-programmable wireless device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new re-programmable wireless device or a new re-programmable wireless device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the re-programmable wireless device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the re-programmable wireless device by cross-referencing the public key received from the central server system with the public key transmitted by the re-programmable wireless device once the communication channel is established.Type: ApplicationFiled: October 28, 2016Publication date: February 16, 2017Inventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Patent number: 9516006Abstract: A re-programmable wireless cryptographic device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new cryptographic device or a new device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the cryptographic device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the cryptographic device by cross-referencing the public key received from the central server system with the public key transmitted by the cryptographic device once the communication channel is established. Upon authentication, the cryptographic device is synced with the mobile device, and the mobile device passes the program code to the cryptographic device.Type: GrantFiled: October 23, 2013Date of Patent: December 6, 2016Assignee: GOOGLE INC.Inventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Publication number: 20160292427Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: ApplicationFiled: March 30, 2015Publication date: October 6, 2016Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Publication number: 20160112396Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: ApplicationFiled: October 15, 2014Publication date: April 21, 2016Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20150113271Abstract: A re-programmable wireless cryptographic device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new cryptographic device or a new device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the cryptographic device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the cryptographic device by cross-referencing the public key received from the central server system with the public key transmitted by the cryptographic device once the communication channel is established. Upon authentication, the cryptographic device is synced with the mobile device, and the mobile device passes the program code to the cryptographic device.Type: ApplicationFiled: October 23, 2013Publication date: April 23, 2015Applicant: GOOGLE INC.Inventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Patent number: 9008616Abstract: Point of sale processing of multiple options is possible with a single tap of a contactless device. The user taps the contactless device in the device reader's radio frequency field. The device reader and the contactless device establish a secure communication channel. Once a secure communication channel is established, the device reader communicates the purchase to the contactless device. The contactless device presents value-added services available to the user. The contactless device communicates the user's selected value-added service(s) to the device reader, and the reader communicates the purchase price of the transaction. The contactless device communicates payment options to the user and then communicates the user-selected payment options to the device reader. The device reader communicates a digital receipt to the contactless device, and the secure communication is terminated.Type: GrantFiled: December 9, 2011Date of Patent: April 14, 2015Assignee: Google Inc.Inventors: Jonathan Wall, Rob von Behren, Ismail Cem Paya
-
Publication number: 20150073953Abstract: Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.Type: ApplicationFiled: November 12, 2014Publication date: March 12, 2015Inventors: Michael William Springer, Ismail Cem Paya, Margorzata Monika Lisowiec, Aneto Pablo Okonkwo, IV, Patrick Pui Wah Leung, Fan Jiang
-
Patent number: 8931084Abstract: Methods and systems for cross-site scripting (XSS) defense are described herein. An embodiment includes, embedding one or more tags in content at a server to identify executable and non-executable regions in the content and transmitting the content with the tags to a client based on a request from the client. Another embodiment includes receiving content embedded with one or more permission tags from a server, processing the content and the permission tags, and granting permission to a browser to execute executable content in the content based on the permission tags. A method embodiment also includes receiving content embedded with one or more verify tags from a server, performing an integrity check using the verify tags and granting permission to a browser to execute executable content in the content based on the integrity check.Type: GrantFiled: September 11, 2009Date of Patent: January 6, 2015Assignee: Google Inc.Inventors: Cem Paya, Johann Tomas Sigurdsson, Sumit Gwalani
-
Patent number: 8918525Abstract: An exemplary network gateway is capable of accepting a session-related message having a session identifier field; the network gateway is adapted to extract a host identifier from a value populating the session identifier field and to perform a routing operation for the session-related message using the host identifier. For an exemplary media implementation, processor-executable instructions direct a device to perform actions including: ascertaining a host identifier from a session identifier field of a session message; and routing the session message responsive to the ascertained host identifier. An exemplary apparatus includes: at least one processor; and one or more media including processor-executable instructions that are capable of being executed by the at least one processor to direct the apparatus to perform actions including: receiving a session message having a session identifier including a host identifier; and routing the session message responsive to the host identifier.Type: GrantFiled: December 22, 2010Date of Patent: December 23, 2014Assignee: Microsoft CorporationInventors: John A. Banes, Joseph M. Joy, David R. Mowers, Cem Paya, Feng Sun
-
Patent number: 8898088Abstract: Preventing fraud during an offline transaction by encoding a randomly-generated card verification code onto a smart card. The verification code is transmitted to a contactless device during each transaction, wherein it is cross-referenced with the account number to ensure presence of the card. Also, every transaction record is signed by an access key resident on the contactless device and certified by a signing key resident on a remote system. Funds may be deposited onto the card when the contactless device creates a deposit request, signs the request using an access key and transmits it to the remote system, which in turn processes the request and certifies it with a signing key. Funds may be withdrawn when the contactless device creates a withdrawal record and signs it using an access key. The remote system verifies the signatures and certifies the records using a signing key when the records are later transmitted.Type: GrantFiled: February 29, 2012Date of Patent: November 25, 2014Assignee: Google Inc.Inventors: Michael William Springer, Ismail Cem Paya, Malgorzata Monika Lisowiec, Aneto Pablo Okonkwo, Patrick Pui Wah Leung, Fan Jiang
-
Patent number: 8806199Abstract: Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.Type: GrantFiled: November 27, 2012Date of Patent: August 12, 2014Assignee: Google Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya, Alexej Muehlberg, Hauke Meyn
-
Patent number: 8793508Abstract: Systems, methods, computer programs, and devices are disclosed herein for deploying a local trusted service manager within a secure element of a contactless smart card device. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. An asymmetric cryptography algorithm is used to generate public-private key pairs. The private keys are stored in the secure element and are accessible by a trusted service manager (TSM) software application or a control software application in the secure element. A non-TSM computer with access to the public key encrypts and then transmits encrypted application data or software applications to the secure element, where the TSM software application decrypts and installs the software application to the secure element for transaction purposes.Type: GrantFiled: December 17, 2012Date of Patent: July 29, 2014Assignee: Google Inc.Inventors: Rob von Behren, Jonathan Wall, Ismail Cem Paya