Patents by Inventor Soumendra Bhattacharya
Soumendra Bhattacharya has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11909727Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.Type: GrantFiled: August 31, 2022Date of Patent: February 20, 2024Assignee: Visa International Service AssociationInventors: Hari Krishna Annam, Mohit Gupta, Soumendra Bhattacharya
-
Patent number: 11856104Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.Type: GrantFiled: November 9, 2021Date of Patent: December 26, 2023Assignee: Visa International Service AssociationInventors: Eric Le Saint, Soumendra Bhattacharya
-
Patent number: 11824998Abstract: Embodiments of the invention are directed to methods and systems for software module binding. Cryptographic keys and challenge elements can be exchanged between a first software module and a second software module to create a binding between the first software module and the second software module. As a result, a first software module can securely and authentically access sensitive data and functionality at a second software module, while unauthorized software modules can be prevented from accessing the sensitive data and functionality.Type: GrantFiled: April 28, 2021Date of Patent: November 21, 2023Assignee: Visa International Service AssociationInventor: Soumendra Bhattacharya
-
Publication number: 20230006982Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.Type: ApplicationFiled: August 31, 2022Publication date: January 5, 2023Inventors: Hari Krishna Annam, Mohit Gupta, Soumendra Bhattacharya
-
Patent number: 11451525Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.Type: GrantFiled: March 30, 2020Date of Patent: September 20, 2022Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Hari Krishna Annam, Mohit Gupta, Soumendra Bhattacharya
-
Publication number: 20220070001Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.Type: ApplicationFiled: November 9, 2021Publication date: March 3, 2022Inventors: Eric Le Saint, Soumendra Bhattacharya
-
Patent number: 11240219Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.Type: GrantFiled: November 1, 2019Date of Patent: February 1, 2022Assignee: Visa International Service AssociationInventors: Sergey Smirnoff, Soumendra Bhattacharya
-
Patent number: 11201743Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.Type: GrantFiled: September 10, 2019Date of Patent: December 14, 2021Assignee: Visa International Service AssociationInventors: Eric Le Saint, Soumendra Bhattacharya
-
Publication number: 20210250185Abstract: Embodiments of the invention are directed to methods and systems for software module binding. Cryptographic keys and challenge elements can be exchanged between a first software module and a second software module to create a binding between the first software module and the second software module. As a result, a first software module can securely and authentically access sensitive data and functionality at a second software module, while unauthorized software modules can be prevented from accessing the sensitive data and functionality.Type: ApplicationFiled: April 28, 2021Publication date: August 12, 2021Inventor: Soumendra Bhattacharya
-
Patent number: 11070542Abstract: In certificate chain validation, a parent certificate is used to validate a child certificate. The child certificate can indicate which parent certificate can be used to validate it. In some situations, a child certificate may not contain a certificate authority identifier that can be used to identify the parent certificate. Instead, the child certificate can contain a hash value of a modulus of the parent public key that can be used to identify the parent certificate. The hash value of the modulus of the parent public key can be associated with the parent public key. As such, the parent public key used in certificate chain validation of the child certificate can be identified using the hash value of the modulus of the parent public key.Type: GrantFiled: June 17, 2019Date of Patent: July 20, 2021Assignee: Visa International Service AssociationInventors: Soumendra Bhattacharya, Mohit Gupta
-
Patent number: 11068608Abstract: Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.Type: GrantFiled: October 22, 2019Date of Patent: July 20, 2021Assignee: Visa International Service AssociationInventors: Rasta Mansour, Soumendra Bhattacharya, Robert Youdale
-
Patent number: 11018880Abstract: Embodiments of the invention are directed to methods and systems for software module binding. Cryptographic keys and challenge elements can be exchanged between a first software module and a second software module to create a binding between the first software module and the second software module. As a result, a first software module can securely and authentically access sensitive data and functionality at a second software module, while unauthorized software modules can be prevented from accessing the sensitive data and functionality.Type: GrantFiled: May 5, 2017Date of Patent: May 25, 2021Assignee: Visa International Service AssociationInventor: Soumendra Bhattacharya
-
Publication number: 20200382328Abstract: Embodiments of the invention are directed to methods and systems for software module binding. Cryptographic keys and challenge elements can be exchanged between a first software module and a second software module to create a binding between the first software module and the second software module. As a result, a first software module can securely and authentically access sensitive data and functionality at a second software module, while unauthorized software modules can be prevented from accessing the sensitive data and functionality.Type: ApplicationFiled: May 5, 2017Publication date: December 3, 2020Inventor: Soumendra Bhattacharya
-
Publication number: 20200228508Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.Type: ApplicationFiled: March 30, 2020Publication date: July 16, 2020Inventors: Hari Krishna Annam, Mohit Gupta, Soumendra Bhattacharya
-
Patent number: 10652015Abstract: Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.Type: GrantFiled: January 25, 2019Date of Patent: May 12, 2020Assignee: Visa International Service AssociationInventors: Eric Le Saint, Soumendra Bhattacharya
-
Patent number: 10609004Abstract: An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.Type: GrantFiled: February 28, 2017Date of Patent: March 31, 2020Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Hari Krishna Annam, Mohit Gupta, Soumendra Bhattacharya
-
Publication number: 20200067897Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.Type: ApplicationFiled: November 1, 2019Publication date: February 27, 2020Inventors: Sergey Smirnoff, Soumendra Bhattacharya
-
Publication number: 20200050775Abstract: Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.Type: ApplicationFiled: October 22, 2019Publication date: February 13, 2020Inventors: Rasta Mansour, Soumendra Bhattacharya, Robert Youdale
-
Publication number: 20200021441Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.Type: ApplicationFiled: September 10, 2019Publication date: January 16, 2020Inventors: Eric Le Saint, Soumendra Bhattacharya
-
Patent number: 10511583Abstract: A portable communication device may include a mobile application executing in an application execution environment and a secure application executing in a trusted execution environment. The secure application may receive, from the mobile application, a storage request to store sensitive data. The storage request may include an encrypted data type identifier and an encrypted sensitive data. The secure application may decrypt the encrypted data type identifier and the encrypted sensitive data using a transport key, and re-encrypt the sensitive data using a storage key. The re-encrypted sensitive data can then be stored in a memory of the portable communication device which is outside the trusted execution environment.Type: GrantFiled: October 19, 2018Date of Patent: December 17, 2019Assignee: Visa International Service AssociationInventors: Sergey Smirnoff, Soumendra Bhattacharya