Patents by Inventor Saikrishna Badrinarayanan
Saikrishna Badrinarayanan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11956359Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.Type: GrantFiled: February 10, 2022Date of Patent: April 9, 2024Assignee: Visa International Service AssociationInventors: Sunpreet Singh Arora, Saikrishna Badrinarayanan, Srinivasan Raghuraman, Kim Wagner, Gaven Watson
-
Publication number: 20240048359Abstract: Methods and systems are disclosed for managing access to encrypted data and encryption keys. The system stores, by a key management server, a first encryption key associated with a first service and a second encryption key associated with a second service. The system prevents, by the key management server, the second service from accessing the second encryption key while the first service is performing a first function using the first encryption key and determines that a first threshold period of time associated with the first function has elapsed. The system, in response to determining that the first threshold period of time associated with the first function has elapsed, prevents, by the key management server, the first service from accessing the first encryption key while the second service is performing a second function using the second encryption key.Type: ApplicationFiled: October 13, 2022Publication date: February 8, 2024Inventors: Saikrishna Badrinarayanan, Guangyu Chen, Samarth Chopra, Apoorvaa Deshpande, Hooman Javaheri, Muhammad Naveed, Antonios Papadimitriou, Sina Shiehian, Bahador Yeganeh, Di Zhuang
-
Publication number: 20240048390Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.Type: ApplicationFiled: October 6, 2023Publication date: February 8, 2024Applicant: Visa International Service AssociationInventors: Saikrishna Badrinarayanan, Peter Rindal, Pratyay Mukherjee
-
Publication number: 20240039719Abstract: A method is disclosed. The method includes receiving, by a processing network computer from a relying party computer associated with a relying party, a request for data associated with a user operating a user device. The processing network computer may retrieve first encrypted data of the user having a user-layer of encryption. The processing computer can then generate a second symmetric key to add a relying party-layer of encryption to the first encrypted data using a stream cipher. The doubly encrypted data may be transmitted to a user device that removes the user-layer of encryption on the first doubly encrypted data, and then adds a second relying party-layer of encryption to form second doubly encrypted data. The second doubly encrypted data may be transmitted to the relying party computer, which can remove both relying party-layers of encryption to gain access to the data associated with the user.Type: ApplicationFiled: February 10, 2022Publication date: February 1, 2024Applicant: Visa International Service AssociationInventors: Sunpreet Singh Arora, Saikrishna Badrinarayanan, Srinivasan Raghuraman, Kim Wagner, Gaven Watson
-
Publication number: 20240020410Abstract: A method is disclosed. The method comprises receiving, by a digital identity computer, a request for personal data associated with a user. The digital identity computer may retrieve encrypted personal data, wherein the personal data is encrypted with a public key associated with the user. The digital identity computer may encrypt the encrypted personal data with a first public key associated with a relying party or derivative thereof to form subsequently encrypted personal data. The method may then proceed to transmit the subsequently encrypted personal data or derivative thereof to a relying party computer, or a user device. If the user device receives the subsequently encrypted personal data, the user device may thereafter transmit the subsequently encrypted personal data or derivative thereof to the relying party computer. Then, the relying party computer obtains the personal data from the subsequently encrypted personal data or derivative thereof.Type: ApplicationFiled: September 28, 2021Publication date: January 18, 2024Applicant: Visa International Service AssociationInventors: Sunpreet Singh Arora, Saikrishna Badrinarayanan, Srinivasan Raghuraman, Kim Wagner, Gaven James Watson, David Henstock, Jason Lightman
-
Publication number: 20230396420Abstract: Several round-efficient solitary multi-party computation protocols with guaranteed output delivery are disclosed. A plurality of input devices and an output device can collectively perform a computation using methods such as fully homomorphic encryption. The output of the computation is only known to the output device. Some number of these devices may be corrupt. However, even in the presence of corrupt devices, the output device can still either generate a correct output or identify that the computation was compromised. These protocols operate under different assumptions regarding the communication infrastructure (e.g., broadcast vs point-to-point), the number of participating devices, and the number of corrupt devices. These protocols are round-efficient in that they require a minimal number of communication rounds to calculate the result of the multi-party computation.Type: ApplicationFiled: August 22, 2023Publication date: December 7, 2023Applicant: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Saikrishna Badrinarayanan, Pratyay Mukherjee, Divya Ravi, Peihan Miao
-
Publication number: 20230388128Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.Type: ApplicationFiled: August 14, 2023Publication date: November 30, 2023Applicant: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Payman Mohassel, Shashank Agrawal, Pratyay Mukherjee, Saikrishna Badrinarayanan
-
Patent number: 11831780Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. Once enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.Type: GrantFiled: December 8, 2022Date of Patent: November 28, 2023Assignee: Visa International Service AssociationInventors: Saikrishna Badrinarayanan, Peter Rindal, Pratyay Mukherjee
-
Publication number: 20230359631Abstract: “Updatable” private set intersection (PSI) protocols allow parties that each have an updatable private set to determine the intersection of their sets after an update without the need to compare each element of each set and without compromising privacy. In some protocols, a first party can determine an update to the intersection by determining an intersection of elements that were previously in the first party's set with elements that were added to the second party's set and determining an intersection of elements that were added to the first party's set with elements that are in the second party's (updated) set. In some protocols, both parties can determine the updated intersection.Type: ApplicationFiled: May 19, 2021Publication date: November 9, 2023Applicant: Visa International Service AssociationInventors: Saikrishna Badrinarayanan, Peihan Miao, Tiancheng Xie
-
Patent number: 11784803Abstract: Several round-efficient solitary multi-party computation protocols with guaranteed output delivery are disclosed. A plurality of input devices and an output device can collectively perform a computation using methods such as fully homomorphic encryption. The output of the computation is only known to the output device. Some number of these devices may be corrupt. However, even in the presence of corrupt devices, the output device can still either generate a correct output or identify that the computation was compromised. These protocols operate under different assumptions regarding the communication infrastructure (e.g., broadcast vs point-to-point), the number of participating devices, and the number of corrupt devices. These protocols are round-efficient in that they require a minimal number of communication rounds to calculate the result of the multi-party computation.Type: GrantFiled: May 25, 2021Date of Patent: October 10, 2023Assignee: Visa International Service AssociationInventors: Saikrishna Badrinarayanan, Pratyay Mukherjee, Divya Ravi, Peihan Miao
-
Patent number: 11764965Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.Type: GrantFiled: May 25, 2022Date of Patent: September 19, 2023Assignee: Visa International Service AssociationInventors: Payman Mohassel, Shashank Agrawal, Pratyay Mukherjee, Saikrishna Badrinarayanan
-
INTEGRATING IDENTITY TOKENS AND PRIVACY-PRESERVING IDENTITY ATTRIBUTE ATTESTATIONS INTO INTERACTIONS
Publication number: 20230275766Abstract: A method is disclosed. The method comprises receiving, by an identity network computer, a query set including a plurality of test identity attributes. After receiving the query set, the identity network computer may retrieve derivatives of identity attributes associated with a user, and an encrypted trapdoor, then compute an obscured query set using the query set, and optionally the derivatives of identity attributes. The identity network computer may transmit the obscured query set (i) and the encrypted trapdoor to a user device associated with the user, which generates and transmits a first modified trapdoor and the obscured query set to a relying party computer, or (ii) and a second modified trapdoor to the relying party computer. The relying party computer may thereafter use the obscured query set, and the first modified trapdoor or the second modified trapdoor, to determine if the identity attributes is a member of the query set.Type: ApplicationFiled: November 17, 2021Publication date: August 31, 2023Applicant: Visa International Service AssociationInventors: Kim Wagner, Brian Sullivan, Dinah Sloan, Hao Ngo, Gaven James Watson, Sunpreet Singh Arora, Saikrishna Badrinarayanan, Srinivasan Raghuraman -
Publication number: 20230208643Abstract: A user device generates an initiate interaction request message comprising a state commitment. The user device provides the initiate interaction request message to a first server computer, which creates a verify state request message comprising an interaction index, an interaction index commitment, and a first commitment signature formed from the state commitment and the interaction index commitment. The user device receives the verify state request message, then generates a modified verify state request message comprising a user device public key, the state commitment, the interaction index commitment, and the first commitment signature. The user device provides the modified verify state request message to a second server computer. The second server computer verifies the state commitment, verifies the first commitment signature, and creates a second commitment signature formed from the state commitment and the interaction index commitment.Type: ApplicationFiled: December 23, 2021Publication date: June 29, 2023Inventors: Gaven James Watson, Kim Wagner, Saikrishna Badrinarayanan, Srinivasan Raghuraman
-
Publication number: 20230120343Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.Type: ApplicationFiled: December 8, 2022Publication date: April 20, 2023Applicant: Visa International Service AssociationInventors: Saikrishna Badrinarayanan, Peter Rindal, Pratyay Mukherjee
-
Publication number: 20230050481Abstract: A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.Type: ApplicationFiled: July 30, 2021Publication date: February 16, 2023Inventors: Vinjith Nagaraja, Minghua Xu, Karankumar Hiteshbhai Patel, Shengfei Gu, Sikhar Patranabis, Saikrishna Badrinarayanan, Pratyay Mukherjee, Peter Rindal, Shan Jin
-
Patent number: 11546164Abstract: Secure protocols for external-facing authentication are provided for both user templates stored on their devices and the biometric measurement captured by external sensors of an access device. The protocols provide different levels of security, ranging from passive security with some leakage to active security with no leakage. A packing technique is also provided. Zero-knowledge techniques are used during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device.Type: GrantFiled: October 23, 2020Date of Patent: January 3, 2023Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Saikrishna Badrinarayanan, Peter Rindal, Pratyay Mukherjee
-
Publication number: 20220353083Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.Type: ApplicationFiled: June 28, 2022Publication date: November 3, 2022Inventors: Shashank Agrawal, Saikrishna Badrinarayanan, Payman Mohassel, Pratyay Mukherjee
-
Publication number: 20220286290Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.Type: ApplicationFiled: May 25, 2022Publication date: September 8, 2022Inventors: Payman Mohassel, Shashank Agrawal, Pratyay Mukherjee, Saikrishna Badrinarayanan
-
Patent number: 11411738Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.Type: GrantFiled: October 4, 2019Date of Patent: August 9, 2022Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Shashank Agrawal, Saikrishna Badrinarayanan, Payman Mohassel, Pratyay Mukherjee
-
Patent number: 11368308Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.Type: GrantFiled: January 9, 2020Date of Patent: June 21, 2022Assignee: Visa International Service AssociationInventors: Payman Mohassel, Shashank Agrawal, Pratyay Mukherjee, Saikrishna Badrinarayanan