Patents by Inventor Oleg Gryb
Oleg Gryb has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11811923Abstract: A computer node comprising multiple software modules may receive a cryptographic key from a hardware security module. The computer node may use the cryptographic key to produce two key portions, which are distributed to two software modules. These software modules and an optional additional software module may use the key portions in order to encrypt an initial message. The key portions and their locations in memory are periodically updated in order to provide improved cryptographic security.Type: GrantFiled: March 8, 2021Date of Patent: November 7, 2023Assignee: Visa International Service AssociationInventors: Oleg Gryb, Sekhar Nagasundaram
-
Publication number: 20230254129Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.Type: ApplicationFiled: March 29, 2023Publication date: August 10, 2023Applicant: Visa International Service AssociationInventors: Oleg Gryb, Sekhar Nagasundaram
-
Patent number: 11698982Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.Type: GrantFiled: September 3, 2021Date of Patent: July 11, 2023Assignee: Visa International Service AssociationInventors: Oleg Gryb, Akshay Bhaskaran, Ravi Krishnan Muthukrishnan
-
Patent number: 11664982Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.Type: GrantFiled: September 24, 2018Date of Patent: May 30, 2023Assignee: Visa International Service AssociationInventors: Oleg Gryb, Sekhar Nagasundaram
-
Publication number: 20210397723Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.Type: ApplicationFiled: September 3, 2021Publication date: December 23, 2021Inventors: Oleg Gryb, Akshay Bhaskaran, Ravi Krishnan Muthukrishnan
-
Patent number: 11138321Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.Type: GrantFiled: June 27, 2019Date of Patent: October 5, 2021Assignee: Visa International Service AssociationInventors: Oleg Gryb, Akshay Bhaskaran, Ravi Krishnan Muthukrishnan
-
Publication number: 20210273784Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.Type: ApplicationFiled: September 24, 2018Publication date: September 2, 2021Inventors: Oleg Gryb, Sekhar Nagasundaram
-
Publication number: 20210194688Abstract: A computer node comprising multiple software modules may receive a cryptographic key from a hardware security module. The computer node may use the cryptographic key to produce two key portions, which are distributed to two software modules. These software modules and an optional additional software module may use the key portions in order to encrypt an initial message. The key portions and their locations in memory are periodically updated in order to provide improved cryptographic security.Type: ApplicationFiled: March 8, 2021Publication date: June 24, 2021Inventors: Oleg Gryb, Sekhar Nagasundaram
-
Patent number: 10972263Abstract: A computer node comprising multiple software modules may receive a cryptographic key from a hardware security module. The computer node may use the cryptographic key to produce two key portions, which are distributed to two software modules. These software modules and an optional additional software module may use the key portions in order to encrypt an initial message. The key portions and their locations in memory are periodically updated in order to provide improved cryptographic security.Type: GrantFiled: August 31, 2017Date of Patent: April 6, 2021Assignee: Visa International Service AssociationInventors: Oleg Gryb, Sekhar Nagasundaram
-
Publication number: 20200410113Abstract: Systems and methods for securing user location data are described. A method includes receiving, by a location server computer, an encrypted location from a mobile device. The encrypted location is a location of the mobile device encrypted with a public key. The method then includes receiving, by the location server computer, a location request message from an interaction processing server and partially decrypting, by the location server computer, the encrypted location with a first private key share to form a partially decrypted location. The method further includes transmitting, by the location server computer to the interaction processing server, a location response message with the encrypted location and the partially decrypted location. The interaction processing server then uses the partially decrypted location and the second private key share to form a decrypted location.Type: ApplicationFiled: June 27, 2019Publication date: December 31, 2020Inventors: Oleg Gryb, Akshay Bhaskaran, Ravi Krishnan Muthukrishnan
-
Publication number: 20200389304Abstract: A computer node comprising multiple software modules may receive a cryptographic key from a hardware security module. The computer node may use the cryptographic key to produce two key portions, which are distributed to two software modules. These software modules and an optional additional software module may use the key portions in order to encrypt an initial message. The key portions and their locations in memory are periodically updated in order to provide improved cryptographic security.Type: ApplicationFiled: August 31, 2017Publication date: December 10, 2020Inventors: Oleg Gryb, Sekhar Nagasundaram
-
Patent number: 10250590Abstract: A method of secure device registration is presented. The method comprises: receiving a registration request from a device; validating the device on the basis of the registration request; in response to successfully validating the device, sending a passcode to the device via a first connection; prompting a user for the passcode via a second connection different from the first connection; receiving the passcode via the second connection; and sending an authorization token to the device via the first connection.Type: GrantFiled: December 30, 2015Date of Patent: April 2, 2019Assignee: Samsung Electronics Co., Ltd.Inventors: Oleg Gryb, Jerome Laurent Dubreuil, Luc Julia
-
Patent number: 9894069Abstract: Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.Type: GrantFiled: November 1, 2013Date of Patent: February 13, 2018Assignee: Intuit Inc.Inventors: Brett Weaver, Sabu Kuruvila Philip, Troy Otillio, Jinglei Whitehouse, III, Oleg Gryb, Jeffrey M. Wolfe, Ankur Jain, M. Shannon Lietz, Luis Felipe Cabrera
-
Publication number: 20180007048Abstract: Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.Type: ApplicationFiled: November 1, 2013Publication date: January 4, 2018Applicant: Intuit Inc.Inventors: Brett Weaver, Sabu Kuruvila Philip, Troy Otillio, Jinglei Whitehouse, Oleg Gryb, Jeffrey M. Wolfe, Ankur Jain, M. Shannon Lietz, Luis Felipe Cabrera
-
Patent number: 9684791Abstract: A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. A virtual asset requests one or more secrets, triggering a process to authenticate the requesting virtual asset, gathering authorized secrets data representing secrets the virtual asset is allowed to have. The secure secrets proxy is provided data representing the requested secrets and stores that secrets data in the secure secrets cache of the proxy.Type: GrantFiled: April 20, 2016Date of Patent: June 20, 2017Assignee: Intuit Inc.Inventors: Luis Felipe Cabrera, M. Shannon Lietz, James Armitage, Oleg Gryb, Elangovan Shanmugam, Sabu Kuruvila Philip, Brett Weaver, Thomas Bishop, Troy Otillio, Jinglei Whitehouse, Jeffrey M. Wolfe, Ankur Jain
-
Publication number: 20170063834Abstract: A method of secure device registration is presented. The method comprises: receiving a registration request from a device; validating the device on the basis of the registration request; in response to successfully validating the device, sending a passcode to the device via a first connection; prompting a user for the passcode via a second connection different from the first connection; receiving the passcode via the second connection; and sending an authorization token to the device via the first connection.Type: ApplicationFiled: December 30, 2015Publication date: March 2, 2017Inventors: Oleg GRYB, Jerome Laurent DUBREUIL, Luc JULIA
-
Publication number: 20160234015Abstract: A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. A virtual asset requests one or more secrets, triggering a process to authenticate the requesting virtual asset, gathering authorized secrets data representing secrets the virtual asset is allowed to have. The secure secrets proxy is provided data representing the requested secrets and stores that secrets data in the secure secrets cache of the proxy.Type: ApplicationFiled: April 20, 2016Publication date: August 11, 2016Applicant: Intuit Inc.Inventors: Luis Felipe Cabrera, M. Shannon Lietz, James Armitage, Oleg Gryb, Elangovan Shanmugam, Sabu Kuruvila Philip, Brett Weaver, Thomas Bishop, Troy Otillio, Jinglei Whitehouse, Jeffrey M. Wolfe, Ankur Jain
-
Patent number: 9390288Abstract: Virtual asset creation data used to create a virtual asset is generated through a virtual asset creation system that includes primary virtual asset data. Secondary authentication data is also generated. When the virtual asset is launched, the secondary authentication data is passed to the virtual asset from the virtual asset creation system. The primary virtual asset data and secondary authentication data from the virtual asset creation system and the virtual asset, and/or one or more other sources associated with the virtual asset, are then sent to a virtual asset validation system through different communication channels. If the primary virtual asset data and secondary authentication data from the two sources match, or have a defined threshold level of similarity, the status of the virtual asset is transformed to the status of validated virtual asset eligible to receive sensitive data.Type: GrantFiled: November 1, 2013Date of Patent: July 12, 2016Assignee: Intuit Inc.Inventors: Oleg Gryb, Jinglei Whitehouse, Elangovan Shanmugam, Ankur Jain, III, Mark Basler, M. Shannon Lietz, Sabu Kuruvila Philip, Luis Felipe Cabrera, Thomas Bishop
-
Patent number: 9384362Abstract: Secrets data representing one or more secrets required to access associated resources is provided along with secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of the secrets. When a requesting virtual asset submits secrets request data, virtual asset profile data associated with the requesting virtual asset is obtained. The requesting virtual asset profile data is then analyzed using at least one of the secrets distribution factors to authenticate the requesting virtual asset. The requesting virtual asset profile data is then analyzed using one or more of secrets distribution factors to determine what secrets the requesting virtual asset legitimately needs. Authorized secrets data for the requesting virtual asset representing one or more authorized secrets is then generated. The requesting virtual asset is then provided access to the authorized secrets data.Type: GrantFiled: October 14, 2013Date of Patent: July 5, 2016Assignee: Intuit Inc.Inventors: Luis Felipe Cabrera, M. Shannon Lietz, James Armitage, Oleg Gryb, Elangovan Shanmugam, Sabu Kuruvila Philip, Brett Weaver, Thomas Bishop, Troy Otillio, Jinglei Whitehouse, Jeffrey M. Wolfe, Ankur Jain
-
Patent number: 9288193Abstract: The disclosed embodiments provide a system that facilitates authenticating cloud services that execute in an untrusted cloud computing environment. During operation, a verifying party receives a request for a credential from a compute instance that is executing in the untrusted cloud computing environment. This request includes one or more metadata parameters that are associated with the compute instance. The verifying party queries a management interface for the untrusted cloud computing environment to retrieve a second set of metadata parameters for the compute instance, and then compares the two sets of parameters. If the values for the two sets of parameters match, the verifying party grants the credential to the requesting compute instance. Otherwise, the verifying party denies the request.Type: GrantFiled: July 19, 2013Date of Patent: March 15, 2016Assignee: INTUIT INC.Inventors: Oleg Gryb, Subramanian Kumaraswamy