METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION

US 20110197266A1
Filed: 02/02/2011
Published: 08/11/2011
Est. Priority Date: 12/09/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for secure user authentication comprising:

receiving, by a device, a PIN from a user, wherein the entry of the PIN is used to generate a request for a one-time password;

generating, by the device, the one-time password using an algorithm;

displaying, by the device, the one-time password;

requesting, by the device, that the user enter the one-time password and a credential;

receiving, by the device, the one-time password and the credential entered by the user;

validating, by the device, the credential entered by the user;

validating, by the device, the one-time password after determining the credential is valid, wherein validating the one-time password comprises using the received one-time password and a unique customer ID to locate a shared secret for the user;

authenticating, by the device, the user; and

accepting, by the device, a login of the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device. When entry of the purported OTP value is received by the back-end server in an attempt to log on the back-end server from a second computing device, the back-end server cryptographically calculates a window of OTP values, and log on to the back-end server from the second computing device is allowed if the calculated window of OTP values corresponds to the received OTP value.

255 Citations

20 Claims

1. A computer-implemented method for secure user authentication comprising:
- receiving, by a device, a PIN from a user, wherein the entry of the PIN is used to generate a request for a one-time password;
  
  generating, by the device, the one-time password using an algorithm;
  
  displaying, by the device, the one-time password;
  
  requesting, by the device, that the user enter the one-time password and a credential;
  
  receiving, by the device, the one-time password and the credential entered by the user;
  
  validating, by the device, the credential entered by the user;
  
  validating, by the device, the one-time password after determining the credential is valid, wherein validating the one-time password comprises using the received one-time password and a unique customer ID to locate a shared secret for the user;
  
  authenticating, by the device, the user; and
  
  accepting, by the device, a login of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein generating a one-time password uses the number of digits of the one-time password, a shared secret, and a counter.
  - 3. The method according to claim 2, wherein the counter uses an actual time value.
  - 4. The method according to claim 2, further comprising incrementing the counter each time the device receives a request for a new one-time password.
  - 5. The method according to claim 2, wherein the algorithm is time and event based.
  - 6. The method according to claim 1, wherein the algorithm is event-based.
  - 7. The method according to claim 6, wherein the one-time password is valid until a new event occurs.
  - 8. The method according to claim 1, wherein the algorithm uses a clock.
  - 9. The method according to claim 8, wherein the clock is synchronized between the device and a backend server.
  - 10. The method according to claim 1, wherein the algorithm uses an actual time value.

11. A computer-implemented method for secure user authentication comprising:
- receiving, by a device, a PIN chosen by a user for generating a one-time password;
  
  providing, by the device, an activation code for activating a one-time password generator application in the device;
  
  receiving, by a device, a PIN and the activation code from the user;
  
  generating, by the device, the one-time password using an algorithm having a counter in response to the entry of the PIN by the user;
  
  displaying, by the device, the one-time password;
  
  requesting, by the device, that the user enter the one-time password and a credential;
  
  receiving, by the device, the one-time password and the credential entered by the user;
  
  validating, by the device, the credential entered by the user;
  
  validating, by the device, the one-time password after determining the credential is valid, wherein validating the one-time password comprises using the received one-time password and a unique customer ID to locate a shared secret for the user;
  
  authenticating, by the device, the user; and
  
  accepting, by the device, a login of the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method according to claim 11, wherein the counter uses an actual time value.
  - 13. The method according to claim 11, further comprising incrementing the counter each time the device receives a request for a new one-time password.
  - 14. The method according to claim 11, wherein the algorithm is time and event based.
  - 15. The method according to claim 16, wherein the one-time password is valid until a new event occurs.
  - 16. The method according to claim 11, wherein providing the activation code comprises sending an e-mail to the user or sending a letter to the user having the activation code.
  - 17. The method according to claim 11, wherein the activation code randomizes an initial counter value for the algorithm.

18. A computer-implemented method for secure user authentication comprising:
- receiving, by a device, a PIN chosen by a user for generating a one-time password;
  
  providing, by the device, an activation code for activating a one-time password generator application in the device;
  
  receiving, by a device, a PIN and the activation code from the user;
  
  generating, by the device, the one-time password using an algorithm having a time-based value in response to the entry of the PIN by the user;
  
  displaying, by the device, the one-time password;
  
  requesting, by the device, that the user enter the one-time password and a credential;
  
  receiving, by the device, the one-time password and the credential entered by the user;
  
  validating, by the device, the credential entered by the user;
  
  validating, by the device, the one-time password after determining the credential is valid, wherein validating the one-time password comprises using the received one-time password and a unique customer ID to locate a shared secret for the user;
  
  authenticating, by the device, the user; and
  
  accepting, by the device, a login of the user.
- View Dependent Claims (19, 20)
- - 19. The method according to claim 18, wherein the time-based value uses an actual time value.
  - 20. The method according to claim 18, wherein the time-based value uses a Universal Time Coordinate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citicorp Credit Services Incorporated (Citigroup Incorporated)
Original Assignee
Citicorp Development Center Incorporated (Citigroup Incorporated)
Inventors
CHU, Ronald King-Hang, Ma, Simon, Nicholas, Jeffrey William Coyte, Tan, Warren, Kogen, Mark, Glindro, Gerry, Smushkovich, Yosif

Granted Patent

US 9,768,963 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 9/3228 One-time or temporary data,...

METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

255 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links