Expected response one-time password

US 10,313,333 B2
Filed: 08/18/2017
Issued: 06/04/2019
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a processor, a seed one-time password (OTP) to a user device;

receiving, by the processor, a response OTP generated by the user device, in response to an integrity module confirming that the user device is in good health based on the seed OTP being passed to a security utilities software development kit (SDK) on the user device;

calculating, by the processor, an expected response OTP by applying a function to the seed OTP, wherein the function is based on an identifier of the user device and a fingerprint of the user device;

determining, by the processor, that the response OTP satisfies the expected response OTP; and

sending, by the processor, a result in response to the determining.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Citations

20 Claims

1. A method comprising:
- transmitting, by a processor, a seed one-time password (OTP) to a user device;
  
  receiving, by the processor, a response OTP generated by the user device, in response to an integrity module confirming that the user device is in good health based on the seed OTP being passed to a security utilities software development kit (SDK) on the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP, wherein the function is based on an identifier of the user device and a fingerprint of the user device;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15)
- - 2. The method of claim 1, further comprising generating, by the processor, the seed OTP.
  - 3. The method of claim 1, further comprising transmitting, by the processor, the seed OTP to an OTP validation server.
  - 4. The method of claim 1, wherein the security utilities SDK is in communication with an OTP listening service.
  - 5. The method of claim 1, wherein the response OTP is different from the seed OTP.
  - 6. The method of claim 1, wherein the response OTP is generated using the function.
  - 7. The method of claim 1, wherein in response to receiving the result from the processor, the user device requests confirmation.
  - 8. The method of claim 1, further comprising receiving, by the processor, a request for the seed OTP, wherein the request includes a device identifier associated with the user device and a device fingerprint associated with the user device.
  - 9. The method of claim 1, wherein in response to receiving the result from the processor, the user device displays a success notification screen, wherein the success notification screen is displayed along with at least one of a service name request, a purpose, a time, a merchant, a merchant locator, or an amount.
  - 10. The method of claim 1, wherein the response OTP is transmitted by the user device to the processor in response to an authorization button being selected.
  - 11. The method of claim 1, wherein the seed OTP is transmitted to the user device with an authorization payload including at least one of a service identifier, a purpose, a time, a date, a merchant identifier, or an amount of the seed OTP for display with an authorization button.
  - 12. The method of claim 1, wherein the seed OTP is only valid for a predetermined time period.
  - 14. The method of claim 1, wherein the response OTP is received from the user device via text message.
  - 15. The method of claim 1, further comprising transmitting, by the processor, the seed OTP to the user device via text message.

13. A computer-based system, comprising:
- a processor; and
  
  a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  transmitting, by the processor, a seed OTP to a user device;
  
  receiving, by the processor, a response OTP generated by the user device, in response to an integrity module confirming that the user device is in good health based on the seed OTP being passed to a security utilities software development kit (SDK) on the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP, wherein the function is based on an identifier of the user device and a fingerprint of the user device;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 13, wherein the security utilities SDK is in communication with an OTP listening service.
  - 17. The system of claim 13, wherein the response OTP is different from the seed OTP.
  - 18. The system of claim 13, wherein the response OTP is generated using the function.
  - 19. The system of claim 13, further comprising receiving, by the processor, a request for the seed OTP, wherein the request includes a device identifier associated with the user device and a device fingerprint associated with the user device.

20. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a processor, cause the processor to perform operations comprising:
- transmitting, by the processor, a seed OTP to a user device;
  
  receiving, by the processor, a response OTP generated by the user device, in response to an integrity module confirming that the user device is in good health based on the seed OTP being passed to a security utilities software development kit (SDK) on the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP, wherein the function is based on an identifier of the user device and a fingerprint of the user device;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Ibrahim, Wael, Mardikar, Upendra
Primary Examiner(s)
Perungavoor, Venkat

Application Number

US15/680,585
Publication Number

US 20170346813A1
Time in Patent Office

655 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/385   using an alias or single-us...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Expected response one-time password

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Expected response one-time password

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links