Patents by Inventor Eric Le Saint

Eric Le Saint has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11394697
    Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: July 19, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Eric Le Saint, Upendra Mardikar, Dominique Fedronic
  • Publication number: 20220224551
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Application
    Filed: March 31, 2022
    Publication date: July 14, 2022
    Inventor: Eric Le Saint
  • Patent number: 11323276
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: May 3, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Eric Le Saint
  • Publication number: 20220070001
    Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.
    Type: Application
    Filed: November 9, 2021
    Publication date: March 3, 2022
    Inventors: Eric Le Saint, Soumendra Bhattacharya
  • Publication number: 20210409405
    Abstract: An initiator device can broadcast a witness request to one or more authentication devices. The one or more authentication devices can then determine an assurance level from a range of assurance levels and determine a token share corresponding to the assurance level. The initiator device can then receive, from the one or more authentication devices, at least one witness response comprising the token share corresponding to the assurance level. The initiator device can generate an authentication token using a set of token shares. The initiator device can then transmit the authentication token to an authentication server, wherein the authentication server verifies the authentication token.
    Type: Application
    Filed: August 30, 2019
    Publication date: December 30, 2021
    Inventors: Mastooreh Salajegheh, Shashank Agrawal, Eric Le Saint, Payman Mohassel, Mihai Christodorescu
  • Patent number: 11201743
    Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: December 14, 2021
    Assignee: Visa International Service Association
    Inventors: Eric Le Saint, Soumendra Bhattacharya
  • Publication number: 20210385201
    Abstract: Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single message, and each recipient can decrypt only the subset of the message that it is authorized to.
    Type: Application
    Filed: August 5, 2021
    Publication date: December 9, 2021
    Inventor: Eric Le Saint
  • Patent number: 11108748
    Abstract: Embodiments extend protocols for secure communication between two parties to allow a party to securely communicate with multiple parties using a single message. For example, the sending party can determine a unique shared secret for each recipient and encrypt data for a recipient using a session key generated from the corresponding shared secret. The encrypted data can be combined into a single message, and each recipient can decrypt only the subset of the message that it is authorized to.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: August 31, 2021
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Eric Le Saint
  • Patent number: 11108565
    Abstract: Embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: August 31, 2021
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Eric Le Saint, Payman Mohassel
  • Publication number: 20210258162
    Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.
    Type: Application
    Filed: May 5, 2021
    Publication date: August 19, 2021
    Inventors: Eric Le Saint, James Gordon, Roopesh Joshi
  • Patent number: 11086980
    Abstract: Enhance authentication techniques may include receiving credential data of a secondary device by a primary device, generating a cryptogram using the credential data of the secondary device, and transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device. The authorization can be granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device.
    Type: Grant
    Filed: February 7, 2020
    Date of Patent: August 10, 2021
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Eric Le Saint, Dominique Fedronic, Christian Aabye
  • Patent number: 11032075
    Abstract: Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: June 8, 2021
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Eric Le Saint, James Gordon, Roopesh Joshi
  • Publication number: 20210111875
    Abstract: Systems and methods for secure peer-to-peer communications are described. Devices registered into trusted network may be capable of establishing a shared data encryption key (DEK). In embodiments, each device may be configured to obtain a share of a data encryption key (DEKi) that can be stored locally. The shares may be shares in an M of N Secret Sharing Scheme. This may involve a network that includes an integer, N, devices, and in which M devices may share a secret (i.e. the DEK) during communications, M being an integer less than or equal to N. To obtain the entire DEK during encryption/decryption, a requesting device may send requests to M of N devices for their shares of the DEK. Once M shares are obtained, they may be used generate the DEK for encrypting/decrypting data between the devices.
    Type: Application
    Filed: September 27, 2017
    Publication date: April 15, 2021
    Inventor: Eric Le Saint
  • Patent number: 10972257
    Abstract: Techniques are provided to generate a secure communication for use in a transaction. In some embodiments, a user device is provided a first set of encryption keys associated with one or more authorizing entities. The user device may, prior to or during a transaction, receive one or more second encryption keys related to a second party to the transaction. In some embodiments, the one or more second encryption keys may be provided to the user device via a local communication means. Once the user device has been provided with transaction details, it may generate a transaction request using the multiple encryption keys that it has been provided, such that portions of the message are encrypted using different encryption keys.
    Type: Grant
    Filed: June 7, 2017
    Date of Patent: April 6, 2021
    Assignee: Visa International Service Association
    Inventors: Eric Le Saint, Yue Chen, Marc Kekicheff, Dominique Fedronic
  • Publication number: 20210058259
    Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.
    Type: Application
    Filed: October 26, 2020
    Publication date: February 25, 2021
    Inventors: Eric Le Saint, Jing Jin, Christian Aabye
  • Publication number: 20200412528
    Abstract: Methods and systems for consensus-based online authentication are provided. An encryption device may be authenticated based on an authentication cryptogram generated by the encryption device. The encryption device may transmit a request for security assessment to one or more support devices. The support devices may individually assess the encryption device, other security devices, and contextual information. The support devices may choose to participate in a multi-party computation with the encryption device based on the security assessments. Support devices that choose to participate may transmit one or more secret shares or partial computations to the encryption device. The encryption device may use the secret shares or partial computations to generate an authentication cryptogram. The authentication cryptogram may be transmitted to a decryption device, which may decrypt the authentication cryptogram, evaluate its contents, and authenticate the encryption device based on its contents.
    Type: Application
    Filed: March 29, 2018
    Publication date: December 31, 2020
    Inventors: Eric Le Saint, Subramanian Kumaraswamy
  • Patent number: 10826712
    Abstract: Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: November 3, 2020
    Assignee: Visa International Service Association
    Inventors: Eric Le Saint, Jing Jin, Christian Aabye
  • Publication number: 20200295952
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Application
    Filed: June 3, 2020
    Publication date: September 17, 2020
    Inventor: Eric Le Saint
  • Publication number: 20200259651
    Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.
    Type: Application
    Filed: October 30, 2017
    Publication date: August 13, 2020
    Inventors: Payman Mohassel, Pratyay Mukherjee, Shashank Agrawal, Eric Le Saint
  • Patent number: 10708072
    Abstract: Embodiments of the invention relate to systems and methods for confidential mutual authentication. A first computer may blind its public key using a blinding factor. The first computer may generate a shared secret using its private key, the blinding factor, and a public key of a second computer. The first computer may encrypt the blinding factor and a certificate including its public key using the shared secret. The first computer may send its blinded public key, the encrypted blinding factor, and the encrypted certificate to the second computer. The second computer may generate the same shared secret using its private key and the blinded public key of the first computer. The second computer may authenticate the first computer by verifying its blinded public key using the blinding factor and the certificate of the first computer. The first computer authenticates the second computer similarly.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventor: Eric Le Saint