logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9768963 B1

PDFFull Text
Date of Patent:
Sep. 19, 2017

Filed:

Feb. 02, 2011

Methods and systems for secure user authentication

Applicants:

Ronald King-hang Chu, Los Angeles, CA (US);

Mark Kogen, Torrance, CA (US);

Warren Tan, Thousand Oaks, CA (US);

Simon MA, Torrance, CA (US);

Yosif Smushkovich, Santa Monica, CA (US);

Gerry Glindro, Carson, CA (US);

Jeffrey William Coyte Nicholas, Los Angeles, CA (US);

Inventors:

Ronald King-Hang Chu, Los Angeles, CA (US);

Mark Kogen, Torrance, CA (US);

Warren Tan, Thousand Oaks, CA (US);

Simon Ma, Torrance, CA (US);

Yosif Smushkovich, Santa Monica, CA (US);

Gerry Glindro, Carson, CA (US);

Jeffrey William Coyte Nicholas, Los Angeles, CA (US);

Assignee:

Citicorp Credit Services, Inc. (USA), Long Island City, NY (US);

Attorneys:

Eric L. Sophir

Dentons US LLP

Primary Examiner:

Alexis Casey

Int. Cl.
CPC ...
G06Q 20/00 (2012.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
H04L 9/3228 (2013.01);
Abstract

Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device. When entry of the purported OTP value is received by the back-end server in an attempt to log on the back-end server from a second computing device, the back-end server cryptographically calculates a window of OTP values, and log on to the back-end server from the second computing device is allowed if the calculated window of OTP values corresponds to the received OTP value.

Find Patent Forward Citations

Loading…