ONE TIME PIN GENERATION

US 20110113245A1
Filed: 11/10/2010
Published: 05/12/2011
Est. Priority Date: 11/12/2009
Status: Active Grant

First Claim

Patent Images

1. A method for generating a one-time passcode (OTP) on a user device, comprising:

providing an OTP application to the user device;

camouflaging a key defined by a user account to provide an OTP key;

providing the OTP key to the user device; and

generating the OTP on the user device using the OTP application and the OTP key;

wherein the OTP is configured for input as a PIN into a transaction interface.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions.

254 Citations

20 Claims

1. A method for generating a one-time passcode (OTP) on a user device, comprising:
- providing an OTP application to the user device;
  
  camouflaging a key defined by a user account to provide an OTP key;
  
  providing the OTP key to the user device; and
  
  generating the OTP on the user device using the OTP application and the OTP key;
  
  wherein the OTP is configured for input as a PIN into a transaction interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - inputting the OTP to a provider system using the transaction interface;
      
      determining whether the OTP is an authentic PIN for the user account; and
      
      providing an authorization result to the transaction interface using the provider system.
  - 3. The method of claim 2, wherein determining whether the OTP is an authentic PIN for the user account further includes:
    - providing an authenticating OTP, wherein the authenticating OTP may be generated by the provider system or provided from a list of acceptable OTPs for the user account;
      
      comparing the OTP to the authenticating OTP to determine a match between the OTP and the authenticating OTP; and
      
      verifying the OTP as an authentic PIN for the user account when the OTP matches the authenticating OTP.
  - 4. The method of claim 1, further comprising:
    - activating an OTP generator on the user device, wherein the OTP generator includes the OTP key; and
      
      selecting the OTP generator on the user device to generate the OTP.
  - 5. The method of claim 4, wherein one of the OTP application and the OTP generator includes an OTP generating algorithm which is configured as one of a HOTP and an EMV/CAP algorithm.
  - 6. The method of claim 1, further comprising:
    - providing a data element to the user device, wherein the data element is one of an account PIN and a machine effective speed calibration (MESC) defined by the user device.
  - 7. The method of claim 1, wherein configuring the OTP for input as a PIN into a transaction interface includes:
    - configuring the OTP as one of a character string, a machine effective signal calibration (MESC), a datum or an electronic signal transmittable from the user device, a datum or an electronic signal generated by the user device, an image, and a response to an instruction; and
      
      wherein inputting the OTP into a provider interface includes inputting the OTP through the use of at least one of a keypad, touchpad, scanner, speaker, receiver, transponder, receptor, and device configured for use with at least one of RFID, contactless, Bluetooth, WiFi, proximity card and near field communication technologies.
  - 8. The method of claim 1, further comprising:
    - camouflaging the key using at least one of encryption, obfuscation and cryptographic camouflage to provide the OTP key.
  - 9. The method of claim 1, further comprising:
    - camouflaging the key using at least one of a PIN and a machine effective speed calibration (MESC).
  - 10. The method of claim 1, wherein the key is configured as one of a symmetric key, a DES key, an AES key, a non-symmetric key, a secret, a secret byte array, a UDKA, a UDKB, a seed and an indexed key list.
  - 11. The method of claim 1,wherein the transaction interface is one of an automatic teller machine (ATM) terminal and a point of sale (POS) terminal;
    - andwherein the user account is one of an ATM account and a debit account.

12. A system for generating a one-time passcode (OTP) on a user device, comprising:
- a provider system configured to provide an OTP application including an OTP key,wherein the provider system is configured to camouflage a key defined by a user account to provide the OTP key; and
  
  a user device configured to receive the OTP application and the OTP key,wherein the OTP application is configured to generate an OTP using the OTP key;
  
  wherein the OTP is configured for as a PIN into a transaction interface.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, further comprising:
    - a transaction interface configured to receive a PIN;
      
      wherein;
      
      the provider system is in communication with the transaction interface and configured to evaluate a PIN input to the transaction interface to determine whether the PIN input is an authentic PIN for the user account;
      
      the provider system is configured to provide an authenticating OTP for the user account; and
      
      the provider system is configured to compare the OTP input into the transaction interface to the authenticating OTP to determine whether the OTP is an authentic PIN for the user account.
  - 14. The system of claim 12, wherein:
    - the transaction interface is one of an automatic teller machine (ATM) terminal and a point of sale (POS) terminal; and
      
      the user account is one of an ATM account and a debit account.
  - 15. The system of claim 12, wherein:
    - the provider system is configured to provide an OTP generator including an OTP algorithm;
      
      the user device is configured to receive the OTP generator including the OTP algorithm;
      
      the OTP algorithm is configured as one of a HOTP and an EMV/CAP algorithm; and
      
      the OTP application is configured to generate an OTP using the OTP generator and the OTP key.
  - 16. The system of claim 12, wherein the key is camouflaged with at least one of a PIN and a machine effective speed calibration (MESC) using at least one of encryption, obfuscation and cryptographic camouflage to provide the OTP key.
  - 17. The system of claim 12, wherein the user device is configured for input of a data element, and wherein the data element is one of an account PIN and a machine effective speed calibration (MESC) defined by the user device.
  - 18. The system of claim 12, wherein the OTP is configured as one of a character string, a machine effective signal calibration (MESC), a datum or an electronic signal transmittable from the user device, a datum or an electronic signal generated by the user device, an image, and a response to an instruction.

19. A system for generating a one-time passcode (OTP) on a user device, comprising:
- a provider system configured to provide an OTP application including an OTP generator and an OTP key;
  
  wherein the provider system is configured to camouflage a key defined by a user account with at least one of a PIN and a machine effective speed calibration (MESC) and using at least one of encryption, obfuscation and cryptographic camouflaging, to provide the OTP key; and
  
  a user device configured to receive the OTP application and the OTP key;
  
  wherein;
  
  the OTP application is configured to generate an OTP using the OTP generator and the OTP key;
  
  the OTP generator includes one of a HOTP and an EMV/CAP algorithm;
  
  the OTP is configured for input as a PIN into a transaction interface;
  
  the transaction interface is configured to receive the PIN;
  
  the transaction interface is one of an automatic teller machine (ATM) terminal and a point of sale (POS) terminal;
  
  the user account is one of an ATM account and a debit account;
  
  the provider system is in communication with the transaction interface and configured to evaluate the OTP to determine whether the OTP is an authentic PIN for the user account; and
  
  the provider system is configured to provide an authorization result to the transaction interface.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the user device is configured to receive a data element;
    - wherein the data element is one of an account PIN and a machine effective speed calibration (MESC) defined by the user device; and
      
      wherein the OTP application is configured to generate an OTP using the OTP generator, the OTP key and the data element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Arcot Systems, Inc. (Broadcom, Inc.)
Inventors
Varadarajan, Rammohan

Granted Patent

US 8,843,757 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/18   involving self-service term...

G06Q 20/227   characterised in that multi...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/385   using an alias or single-us...

G07F 7/1075   PIN is checked remotely

G07F 7/122   Online card verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

ONE TIME PIN GENERATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

254 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ONE TIME PIN GENERATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

254 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links