logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9002750 B1

PDFFull Text
Date of Patent:
Apr. 07, 2015

Filed:

Apr. 23, 2007

Methods and systems for secure user authentication

Applicants:

Ronald King-hang Chu, Los Angeles, CA (US);

Mark Kogen, Torrance, CA (US);

Warren Tan, Thousand Oaks, CA (US);

Simon MA, Torrance, CA (US);

Yosif Smushkovich, Santa Monica, CA (US);

Gerry Glindro, Carson, CA (US);

Jeffrey William Coyte Nicholas, Los Angeles, CA (US);

Inventors:

Ronald King-Hang Chu, Los Angeles, CA (US);

Mark Kogen, Torrance, CA (US);

Warren Tan, Thousand Oaks, CA (US);

Simon Ma, Torrance, CA (US);

Yosif Smushkovich, Santa Monica, CA (US);

Gerry Glindro, Carson, CA (US);

Jeffrey William Coyte Nicholas, Los Angeles, CA (US);

Assignee:

Citicorp Credit Services, Inc. (USA), Long Island City, NY (US);

Attorneys:

Eric L. Sophir

Dentons US LLP

Primary Examiner:

James W Myhre

Int. Cl.
CPC ...
G06Q 20/00 (2012.01); G06Q 20/40 (2012.01); G06F 21/12 (2013.01);
U.S. Cl.
CPC ...
G06Q 20/4012 (2013.01); G06F 21/123 (2013.01);
Abstract

For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.

Find Patent Forward Citations

Loading…