Patents by Inventor Ismail Cem Paya
Ismail Cem Paya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11501370Abstract: The present invention generally relates to computer systems, methods and program products for non-custodial trading of digital assets on an exchange.Type: GrantFiled: June 11, 2020Date of Patent: November 15, 2022Assignee: Gemini IP, LLCInventors: Ismail Cem Paya, Jason Alexander Mintz
-
Patent number: 11283797Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.Type: GrantFiled: August 12, 2020Date of Patent: March 22, 2022Assignee: Gemini IP, LLCInventors: Andrew Laucius, Ismail Cem Paya, Eric Neiman Winer
-
Publication number: 20200389456Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.Type: ApplicationFiled: August 12, 2020Publication date: December 10, 2020Inventors: Andrew Laucius, Ismail Cem Paya, Eric Neiman Winer
-
Patent number: 10616213Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: GrantFiled: January 8, 2019Date of Patent: April 7, 2020Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Kevin Nguyen
-
Patent number: 10599863Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: GrantFiled: January 24, 2019Date of Patent: March 24, 2020Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 10581814Abstract: A re-programmable wireless device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new re-programmable wireless device or a new re-programmable wireless device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the re-programmable wireless device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the re-programmable wireless device by cross-referencing the public key received from the central server system with the public key transmitted by the re-programmable wireless device once the communication channel is established.Type: GrantFiled: October 28, 2016Date of Patent: March 3, 2020Assignee: Google LLCInventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Publication number: 20190166113Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: ApplicationFiled: January 8, 2019Publication date: May 30, 2019Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20190156052Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: ApplicationFiled: January 24, 2019Publication date: May 23, 2019Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 10229286Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: GrantFiled: June 22, 2017Date of Patent: March 12, 2019Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 10205720Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: GrantFiled: September 6, 2017Date of Patent: February 12, 2019Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20180013748Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: ApplicationFiled: September 6, 2017Publication date: January 11, 2018Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20170286714Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: ApplicationFiled: June 22, 2017Publication date: October 5, 2017Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 9774591Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.Type: GrantFiled: October 15, 2014Date of Patent: September 26, 2017Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Kevin Nguyen
-
Publication number: 20170255936Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.Type: ApplicationFiled: May 19, 2017Publication date: September 7, 2017Inventors: Ismail Cem Paya, Robert Lieh-Yuan Tsai
-
Patent number: 9727742Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: GrantFiled: March 30, 2015Date of Patent: August 8, 2017Assignee: Airbnb, Inc.Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen
-
Patent number: 9684898Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.Type: GrantFiled: September 25, 2013Date of Patent: June 20, 2017Assignee: GOOGLE INC.Inventors: Ismail Cem Paya, Robert Lieh-Yuan Tsai
-
Patent number: 9673984Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.Type: GrantFiled: October 31, 2013Date of Patent: June 6, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-QUiang Michael Guo
-
Publication number: 20170048210Abstract: A re-programmable wireless device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new re-programmable wireless device or a new re-programmable wireless device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the re-programmable wireless device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the re-programmable wireless device by cross-referencing the public key received from the central server system with the public key transmitted by the re-programmable wireless device once the communication channel is established.Type: ApplicationFiled: October 28, 2016Publication date: February 16, 2017Inventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Patent number: 9516006Abstract: A re-programmable wireless cryptographic device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new cryptographic device or a new device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the cryptographic device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the cryptographic device by cross-referencing the public key received from the central server system with the public key transmitted by the cryptographic device once the communication channel is established. Upon authentication, the cryptographic device is synced with the mobile device, and the mobile device passes the program code to the cryptographic device.Type: GrantFiled: October 23, 2013Date of Patent: December 6, 2016Assignee: GOOGLE INC.Inventors: Sarel Kobus Jooste, Shane Farmer, Ismail Cem Paya
-
Publication number: 20160292427Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.Type: ApplicationFiled: March 30, 2015Publication date: October 6, 2016Inventors: Ismail Cem Paya, Nelson Aurel Gauthier, Kevin Nguyen