OTP GENERATION USING A CAMOUFLAGED KEY

US 20110060913A1
Filed: 08/30/2010
Published: 03/10/2011
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A method of generating a user one-time passcode (OTP) for a provider account, the method comprising:

providing a passcode application to a user device;

providing a cardstring to the passcode application, wherein;

the cardstring is defined by the provider account, andthe cardstring is defined by at least one key that is camouflaged with a personal identification number (PIN);

wherein the passcode application is operable to generate a passcode configured as a user OTP for the provider account using the cardstring;

providing the PIN to the passcode application; and

generating the user OTP on the user device using the passcode application and the cardstring.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Citations

20 Claims

1. A method of generating a user one-time passcode (OTP) for a provider account, the method comprising:
- providing a passcode application to a user device;
  
  providing a cardstring to the passcode application, wherein;
  
  the cardstring is defined by the provider account, andthe cardstring is defined by at least one key that is camouflaged with a personal identification number (PIN);
  
  wherein the passcode application is operable to generate a passcode configured as a user OTP for the provider account using the cardstring;
  
  providing the PIN to the passcode application; and
  
  generating the user OTP on the user device using the passcode application and the cardstring.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein providing the cardstring to the passcode application further comprises:
    - obtaining an activation code for the provider account;
      
      providing the activation code to the passcode application;
      
      accessing a provisioning server using the passcode application;
      
      providing the activation code to the provisioning server;
      
      generating the cardstring using the provisioning server; and
      
      providing the cardstring to the passcode application using the provisioning server.
  - 3. The method of claim 1, wherein providing the cardstring is defined by the provider account further comprises:
    - generating the at least one key, wherein the at least one key is defined by the provider account;
      
      modifying the at least one key to create a modified key;
      
      encrypting the at least one modified key with the PIN to create a camouflaged key; and
      
      generating the cardstring using the at least one camouflaged key.
  - 4. The method of claim 1, further comprising:
    - providing the user OTP to an authenticating server;
      
      evaluating the user OTP using the authenticating server; and
      
      providing an authorization result to one of a provider system and the user.
  - 5. The method of claim 4, wherein evaluating the user OTP further comprises:
    - generating the user OTP using the authenticating server to create aregenerated OTP; and
      
      comparing the regenerated OTP and the user OTP.
  - 6. The method of claim 4, further comprising:
    - incrementing a user OTP counter using the passcode application; and
      
      incrementing a provider OTP counter using the provider system.
  - 7. The method of claim 4,wherein the provider system is one of a payment system, a transaction system, an authentication system, a secure access system, and a secure data repository;
    - andwherein the authorization result is one of a payment authorization, a transaction authorization, an authentication authorization, a system access authorization, and a data access authorization.
  - 8. The method of claim 1, further comprising:
    - providing a data element to the passcode application; and
      
      generating the user OTP on the user device using the data element.
  - 9. The method of claim 8, further comprising:
    - obtaining the data element from one of a provider system;
      
      wherein the data element is one of a challenge or an other data element.
  - 10. The method of claim 1, wherein the key is one of a symmetric key, a Data Encryption Standard (DES) key, an Advanced Encryption Standard (AES) key, a secret, a secret byte array, a seed, and a controlled datum.
  - 11. The method of claim 1, wherein the cardstring is configurable as an Eurocard, MasterCard and Visa (EMV) cardstring;
    - and the key is configurable as one of a Unique DEA Key A (UDKA) and a Unique DEA Key B (UDKB) key.
  - 12. The method of claim 1, wherein cardstring is configurable as an OTP cardstring;
    - and the key is configurable as a secret configurable to generate one of a standardized counter-based OTP (HOTP), a time-based OTP (TOTP), and a counter-based OTP.
  - 13. The method of claim 1, further comprising:
    - providing another cardstring to the passcode application, wherein the passcode application is configured to generate another passcode configured as a user OTP for another provider account using the another cardstring;
      
      wherein the another cardstring is defined by at least another key, wherein the at least another key is camouflaged with another PIN;
      
      providing the another PIN to the passcode application; and
      
      generating the user OTP for the another provider account on the user device using the another cardstring.
  - 14. The method of claim 13, further comprising:
    - providing a plurality of passcode generating algorithms to the passcode application;
      
      providing a plurality of cardstrings to the passcode application, wherein;
      
      each respective one of the plurality of cardstrings is defined by a respective one of a plurality of provider accounts, andeach respective one of the plurality of cardstrings is defined by at least one respective key that is camouflaged with a respective personal identification number (PIN);
      
      wherein the passcode application is configured to generate a respective passcode configured as a respective user one time passcode (OTP) for the respective one of the plurality of provider accounts, using one of the plurality of passcode generating algorithms and the respective one of the plurality of cardstrings;
      
      selecting one of the plurality of provider accounts;
      
      providing the respective PIN for the selected one of the plurality of provider accounts to the passcode application; and
      
      generating the respective user OTP for the selected one of the plurality of provider accounts on the user device using the respective one of the plurality of cardstrings and one of the plurality of passcode generating algorithms.

15. A system for providing a one-time passcode (OTP), the system comprising:
- a user device configured to receive a passcode application, a cardstring, and a personal identification number (PIN);
  
  a provisioning server configured to provide a cardstring to the user device;
  
  wherein the cardstring is defined by at least one camouflaged key that is camouflaged with the PIN;
  
  wherein the passcode application is configured to generate a passcode configured as a user OTP for a provider account; and
  
  wherein the passcode application uses the cardstring and the PIN to generate the user OTP for the provider account.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15,wherein the passcode application is configured to execute at least onepasscode generating algorithm;
    - wherein the at least one passcode generating algorithm is configured to generate one of an Europay, MasterCard, and Visa (EMV) OTP, a standardized counter-based OTP (HOTP), a time-based OTP (TOTP), and a counter-based OTP; and
      
      wherein the passcode application executes the at least one passcode generating algorithm to generate the user OTP for the provider account.
  - 17. The system of claim 15, further,wherein the passcode application is configured to receive a data element;
    - andwherein the passcode application uses the data element to generate the user OTP for the provider account.
  - 18. The system of claim 15, further comprising:
    - an authenticating server configured to receive the user OTP; and
      
      wherein the authenticating server is configured to provide an authorization result to one of a provider system and the user.
  - 19. The system of claim 18,wherein the passcode application is configured to increment a user OTP counter;
    - andwherein the provider system is configured to increment a provider OTP counter.
  - 20. The system of claim 15, wherein the at least one camouflaged key is configured as a modified key encrypted with the PIN;
    - andwherein the key which is modified is defined by the provider account and is configured as one of a symmetric key, a Data Encryption Standard (DES) key, an Advanced Encryption Standard (AES) key, a secret, a secret byte array, a seed, and a controlled datum.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Arcot Systems, Inc. (Broadcom, Inc.)
Inventors
Varadarajan, Rammohan, Hird, Geoffrey

Granted Patent

US 8,572,394 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

H04L 63/0838   using one-time-passwords

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

OTP GENERATION USING A CAMOUFLAGED KEY

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OTP GENERATION USING A CAMOUFLAGED KEY

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links