Patents by Inventor Taeho Kgil
Taeho Kgil has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9807066Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.Type: GrantFiled: October 12, 2016Date of Patent: October 31, 2017Assignee: Visa International Service AssociationInventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Publication number: 20170270528Abstract: Described herein is a platform and method for determining a confidence level associated with a transaction that utilizes dynamic data. In some embodiments, the confidence level is determined based on location data received in relation to the transaction. For example, some embodiments are directed to storing first location information collected from a mobile device provided in a request for the dynamic data, receiving second location information related to a transaction conducted using the dynamic data, and comparing the two with respect to the amount of time that has elapsed between collection of each to determine a confidence level associated with a likelihood that the transaction is authentic.Type: ApplicationFiled: March 18, 2016Publication date: September 21, 2017Inventors: Gyan Prakash, Ajit Gaddam, Glenn Powell, Taeho Kgil, Christian Aabye
-
Patent number: 9769156Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.Type: GrantFiled: November 22, 2016Date of Patent: September 19, 2017Assignee: Visa International Service AssociationInventors: Selim Aissi, Taeho Kgil, Ajit Gaddam
-
Publication number: 20170177694Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state, The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.Type: ApplicationFiled: March 9, 2017Publication date: June 22, 2017Inventors: Selim Aissi, Taeho Kgil
-
Patent number: 9633098Abstract: Embodiments of the invention are directed to systems and methods for maintaining coherency between different entities in a distributed system. A coherency module automatically detects a change in state in a first entity, wherein the change in state relates to a change in functional code in the first entity. A synchronization message is transmitted to a second entity to synchronize data in the second entity with data in the first entity as a result of the change in state. The second entity is configured to synchronize the data in the second entity with the data in the first entity after receiving the synchronization message.Type: GrantFiled: September 25, 2013Date of Patent: April 25, 2017Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Selim Aissi, Taeho Kgil
-
Publication number: 20170078267Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.Type: ApplicationFiled: November 22, 2016Publication date: March 16, 2017Inventors: Selim Aissi, Taeho Kgil, Ajit Gaddam
-
Publication number: 20170063809Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.Type: ApplicationFiled: October 12, 2016Publication date: March 2, 2017Inventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Patent number: 9537847Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.Type: GrantFiled: June 13, 2014Date of Patent: January 3, 2017Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Selim Aissi, Taeho Kgil, Ajit Gaddam
-
Patent number: 9530009Abstract: A dynamic root of trust can be injected in an application module on a client device using a backend server and can be continuously monitored to ensure authenticity, integrity and confidentiality at load time, run time and update time of the application module. The dynamic root of trust can be updated directly from the backend server and can be used to establish a time bound trust chain for the other software modules loaded and executed as part of the application module.Type: GrantFiled: June 27, 2014Date of Patent: December 27, 2016Assignee: Visa International Service AssociationInventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Publication number: 20160335441Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.Type: ApplicationFiled: July 26, 2016Publication date: November 17, 2016Inventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Patent number: 9495544Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.Type: GrantFiled: June 27, 2014Date of Patent: November 15, 2016Assignee: Visa International Service AssociationInventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Patent number: 9424421Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.Type: GrantFiled: May 5, 2014Date of Patent: August 23, 2016Assignee: Visa International Service AssociationInventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Patent number: 9390251Abstract: Systems and methods of delivering data from a range of input devices may involve detecting an availability of data from an input device, wherein the input device is associated with a default input path of a mobile platform. An input device driver can be invoked in a security engine in response to the availability of the data if a hardware component in the default input path is in a secure input mode, wherein the security engine it associated with a secure input path of the mobile platform. Additionally, the input device driver may be used to retrieve the data from the input device into the security engine.Type: GrantFiled: July 31, 2012Date of Patent: July 12, 2016Assignee: Intel CorporationInventors: Sasikanth Avancha, Ninad Kothari, Rajesh Banginwar, Taeho Kgil
-
Patent number: 9386045Abstract: Techniques for assessing the trustworthiness of a target device that a user device is attempting to communicate with are described. A user device may request one or more trustworthiness attributes of a target device before exchanging data with the target device. The user device may receive the one or more trustworthiness attributes of the target device, and determine, based on the received one or more trustworthiness attributes of the target device, a set of one or more security policies to enforce on a communication channel used for exchanging data between the user device and the target device. A communication channel between the user device and the target device can then be established according to the set of one or more security policies.Type: GrantFiled: December 19, 2013Date of Patent: July 5, 2016Assignee: Visa International Service AssociationInventors: Taeho Kgil, Selim Aissi
-
Patent number: 9037869Abstract: Methods and systems may include a computing system having a display, a display controller with a decryption module, and a security element with security logic. The security logic can be configured to establish a secure path between the secure element and the display in response to a secure output mode request, wherein the secure path includes the display controller. In addition, the security logic may be configured to prevent the decryption module from being bypassed, and transmit encrypted data from the secure element to the display via the secure path.Type: GrantFiled: November 1, 2012Date of Patent: May 19, 2015Assignee: Intel CorporationInventors: Sasikanth Avanch, Ninad Kothari, Rajesh Banginwar, Taeho Kgil
-
Publication number: 20150112838Abstract: Systems, devices, and methods used to provide real-time product information for retail products and services are generally disclosed herein. One example embodiment includes a referral application operating on a smartphone, configured to correlate data from multiple sources and provide context-aware recommendations and information relevant to a product or service being evaluated by a consumer in the physical shopping environment (such as a retail store). For example, the data may be obtained from a retailer's product information database, a retailer's competitor information database, an advertiser information database, an Internet-hosted service, a social network, or similar internal or external information sources. The real-time product information may be correlated, aggregated, and displayed to the user to either facilitate the retail purchase in the store, or encourage another online or retail purchase.Type: ApplicationFiled: December 19, 2011Publication date: April 23, 2015Inventors: Hong Li, Eddie Balthasar, Rita H Wouhaybi, Taeho Kgil, Mark Price, Anand Rajan
-
Publication number: 20150030153Abstract: Embodiments of an invention for repeatable application-specific encryption key derivation are disclosed. In one embodiment, a processor includes a root key, an encryption engine, and execution hardware. The encryption engine is to perform an encryption operation using the root key, wherein the root key is accessible only to the encryption engine. The execution hardware is to execute instructions to deterministically generate an application-specific encryption key using the encryption algorithm.Type: ApplicationFiled: February 9, 2012Publication date: January 29, 2015Applicant: Intel CorporationInventors: Rajesh P. Banginwar, Taeho Kgil, Jesse Walker, Gary L. Graunke
-
Publication number: 20150006390Abstract: Steganographic techniques are used to embed financial information or authentication information within an image, audio, or video file using a quantization table and/or other filter. The file is then transmitted over an insecure network, such as a GSM cell phone network, and a server extracts the information from the image, audio, or video using the same quantization table and/or filter. Multiple sets of information, such as telephone numbers and/or payment account numbers, are extracted from the same image by those entities possessing the appropriate keys. The filters and tables used to embed financial information can be updated periodically or according to events. A video of images, some with embedded information, some with ‘dummy’ data, can be used to hide information over insecure networks for payment transactions.Type: ApplicationFiled: June 23, 2014Publication date: January 1, 2015Inventors: Selim Aissi, Taeho Kgil, Ajit Gaddam, Robert Rutherford
-
Publication number: 20150007265Abstract: Techniques from the proposed invention relate to providing enhanced security. For example, techniques described herein allow a computer system, such as a mobile device, to support a wide variety of security functions and security sensitive applications on a mobile device by providing enhanced security via secure input and output data transmission and verification through a secure module. The secure module may cause user interfaces to be provided to users by providing obfuscated user interface data to the operating system that do not reveal elements that are part of the user interfaces. The secure module may receive obfuscated user input values representing user input values, and de-obfuscate these user input values, whereby the actual input values are not exposed to the underlying operating system. The secure module may track the flow of user input/output data through the computing device to ensure the integrity and authenticity of this data.Type: ApplicationFiled: June 27, 2014Publication date: January 1, 2015Inventors: Selim Aissi, Taeho Kgil, Gyan Prakash
-
Publication number: 20150006601Abstract: Techniques are described for generating high quality entropy in a software only or a hardware assisted software environment, such as a virtualized environment. Embodiments of the invention describe creating an entropy pool within the virtualized environment using multiple sources of entropy. The entropy pool may be used in creating dynamically customizable and high entropy RNG and PUF. The sources of entropy may include trusted sources, untrusted sources and entropy sources with a varied scale of trust and entropy quality associated with them.Type: ApplicationFiled: June 27, 2014Publication date: January 1, 2015Inventors: Selim Aissi, Taeho Kgil, Gyan Prakash