公开(公告)号：US12199987B2

公开(公告)日：2025-01-14

申请号：US18102074

申请日：2023-01-26

Applicant: Intuit Inc.

Inventor： Itsik Yizhak Mantin ,  Yaron Sheffer ,  Keren Simchon ,  Gal Cohen

IPC: H04L9/40

Abstract: A method is provided for authenticating a user. A request to access a resource is received from a user agent. A cookie associated with the request is identified. The cookie includes a first subset of data that was previously used to authenticate the user. The cookie is validated based on the first subset of the data. Responsive to validating the cookie, a second subset of the data is retrieved from server-side storage. A risk decision is generated based on the first subset and the second subset. When the risk decision meets a threshold, the user is authenticated without presenting an authentication challenge, and access to the resources permitted.

公开(公告)号：US11921847B1

公开(公告)日：2024-03-05

申请号：US18351703

申请日：2023-07-13

Applicant: INTUIT INC.

Inventor： Itsik Yizhak Mantin ,  Laetitia Kahn ,  Sapir Porat ,  Yaron Sheffer

IPC: G06F21/00 ,  G06F21/54 ,  G06F21/55

CPC classification number: G06F21/552 ,  G06F21/54

Abstract: A computer-implemented method includes receiving training data that includes a plurality of API requests from a plurality of client devices. The method includes generating a plurality of permissible API sessions based on the training data. Each of the permissible API sessions is associated with a corresponding client device of the plurality of client devices and includes a sequence of API requests originating from the corresponding client device. The method includes applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings and applying a dimensionality reduction technique to the plurality of embedding to generate a plurality of compact embeddings. The method includes storing each of the compact embeddings in a space partitioning data structure at storage locations within the space partitioning data structure that are determined based on similarities between the compact embeddings.

公开(公告)号：US11870886B2

公开(公告)日：2024-01-09

申请号：US18301886

申请日：2023-04-17

Applicant: INTUIT INC.

Inventor： Margarita Vald ,  Olla Nasirov ,  Gleb Keselman ,  Yaron Sheffer ,  Sergey Banshats

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0822 ,  H04L9/083 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/3247 ,  H04L2209/04

Abstract: Systems and methods that may be used to provide multitenant key derivation and management using a unique protocol in which key derivation may be executed between the server that holds the root key and a client that holds the derivation data and obtains an encryption key. In one or more embodiments, the derivation data may be hashed. The disclosed protocol ensures that the server does not get access to or learn anything about the client's derived key, while the client does not get access to or learn anything about the server's root key.

公开(公告)号：US11343069B2

公开(公告)日：2022-05-24

申请号：US16783471

申请日：2020-02-06

Applicant: Intuit Inc.

Inventor： Margarita Vald ,  Laetitia Kahn ,  Boaz Sapir ,  Yaron Sheffer ,  Yehezkel Shraga Resheff

IPC: H04K1/00 ,  H04L9/00 ,  H04L9/28 ,  H04L9/06

Abstract: Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

公开(公告)号：US11900179B1

公开(公告)日：2024-02-13

申请号：US18351715

申请日：2023-07-13

Applicant: INTUIT INC.

Inventor： Itsik Yizhak Mantin ,  Laetitia Kahn ,  Sapir Porat ,  Yaron Sheffer

IPC: G06F9/54 ,  G06F21/55 ,  H04L9/40

CPC classification number: G06F9/541 ,  G06F21/552 ,  H04L63/00 ,  H04L63/14

Abstract: A computer-implemented method includes receiving training data including a plurality of API requests from a plurality of client devices. The method includes generating a plurality of permissible API sessions based on the training data. The method includes applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings. The method includes applying a dimensionality reduction technique to the plurality of embeddings to generate a plurality of compact embeddings. The method includes applying a clustering technique to the plurality of compact embeddings to determine a plurality of different clusters of the compact embeddings. The method includes generating a plurality of patterns based on the plurality of different clusters. Each of the plurality of patterns is descriptive of permissible API sessions associated with a corresponding cluster of the plurality of different clusters.

公开(公告)号：US11818260B1

公开(公告)日：2023-11-14

申请号：US18066868

申请日：2022-12-15

Applicant: INTUIT INC.

Inventor： Margarita Vald ,  Julia Zarubinsky ,  Yaron Sheffer ,  Sergey Banshats

IPC: H04L9/08

CPC classification number: H04L9/0866 ,  H04L9/0825 ,  H04L9/0894

Abstract: Systems and methods that may be used to provide policies and protocols for blocking decryption capabilities in symmetric key encryption using a unique protocol in which key derivation may include injecting a random string into each key derivation. For example, a policy may be assigned to each client device indicating whether the client device has been assigned encryption only permission or full access permission to both encrypt and decrypt data. The disclosed protocol prevents client devices with encryption only permission from obtaining keys for decryption.

公开(公告)号：US11546149B2

公开(公告)日：2023-01-03

申请号：US17202280

申请日：2021-03-15

Applicant: INTUIT INC.

Inventor： Gleb Keselman ,  Yaron Sheffer ,  Alon Rosen

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/00

Abstract: A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

公开(公告)号：US20220255723A1

公开(公告)日：2022-08-11

申请号：US17660623

申请日：2022-04-25

Applicant: INTUIT INC.

Inventor： Margarita VALD ,  Laetitia Kahn ,  Boaz Sapir ,  Yaron Sheffer ,  Yehezkel Shraga Resheff

IPC: H04L9/00

Abstract: Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

公开(公告)号：US11381381B2

公开(公告)日：2022-07-05

申请号：US16427549

申请日：2019-05-31

Applicant: INTUIT INC.

Inventor： Margarita Vald ,  Yaron Sheffer ,  Yehezkel S. Resheff ,  Shimon Shahar

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/40 ,  G06N20/00

Abstract: Certain aspects of the present disclosure provide techniques for performing computations on encrypted data. One example method generally includes obtaining, at a computing device, encrypted data, wherein the encrypted data is encrypted using fully homomorphic encryption and performing at least one computation on the encrypted data while the encrypted data remains encrypted. The method further includes identifying a clear data operation to perform on the encrypted data and transmitting, from the computing device to a server, a request to perform the clear data operation on the encrypted data, wherein the request includes the encrypted data. The method further includes receiving, at the computing device in response to the request, encrypted output from the server, wherein the encrypted output is of the same size and the same format for all encrypted data transmitted to the server.

公开(公告)号：US12212671B2

公开(公告)日：2025-01-28

申请号：US18485165

申请日：2023-10-11

Applicant: INTUIT INC.

Inventor： Margarita Vald ,  Julia Zarubinsky ,  Yaron Sheffer ,  Sergey Banshats

IPC: H04L9/08

Abstract: Systems and methods that may be used to provide policies and protocols for blocking decryption capabilities in symmetric key encryption using a unique protocol in which key derivation may include injecting a random string into each key derivation. For example, a policy may be assigned to each client device indicating whether the client device has been assigned encryption only permission or full access permission to both encrypt and decrypt data. The disclosed protocol prevents client devices with encryption only permission from obtaining keys for decryption.