One time PIN generation

US 8,843,757 B2
Filed: 11/10/2010
Issued: 09/23/2014
Est. Priority Date: 11/12/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

providing a one-time passcode (OTP) application to a user device;

camouflaging a key using a data element defined by a user account to provide an OTP key associated with the user account, the camouflaging the key comprising using a machine effective speed calibration (MESC) defined by the user device;

providing the OTP key to the user device; and

generating the OTP on the user device using the OTP application, the MESC and the OTP key;

wherein the OTP is configured for input as a PIN into a transaction interface.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is provided for generating a one-time passcode (OTP) configured for use as a personal identification number (PIN) for a user account from a user device. The OTP may be generated using an OTP generator which may include an algorithm an user account-specific OTP key. The OTP key may be camouflaged by encryption, obfuscation or cryptographic camouflaging using a PIN or a unique machine identifier defined by the user device. Obtaining an OTP from the user device may require inputting a data element which may be one of a PIN, a character string, an image, a biometric parameter, a user device identifier such as an machine effective speed calibration (MESC), or other datum. The OTP may be used for any transaction requiring a user PIN input, including ATM and debit card transactions, secure access and online transactions.

43 Citations

View as Search Results

15 Claims

1. A method, comprising:
- providing a one-time passcode (OTP) application to a user device;
  
  camouflaging a key using a data element defined by a user account to provide an OTP key associated with the user account, the camouflaging the key comprising using a machine effective speed calibration (MESC) defined by the user device;
  
  providing the OTP key to the user device; and
  
  generating the OTP on the user device using the OTP application, the MESC and the OTP key;
  
  wherein the OTP is configured for input as a PIN into a transaction interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - inputting the OTP to a provider system using the transaction interface;
      
      determining whether the OTP is an authentic PIN for the user account; and
      
      providing an authorization result to the transaction interface using the provider system.
  - 3. The method of claim 2, wherein determining whether the OTP is an authentic PIN for the user account further comprises:
    - providing an authenticating OTP, wherein the authenticating OTP is generated by the provider system or provided from a list of acceptable OTPs for the user account;
      
      comparing the OTP to the authenticating OTP to determine a match between the OTP and the authenticating OTP; and
      
      verifying the OTP as an authentic PIN for the user account when the OTP matches the authenticating OTP.
  - 4. The method of claim 1, further comprising:
    - activating a first OTP generator on the user device, wherein the first OTP generator comprises a first OTP key associated with a first user account;
      
      activating a second OTP generator on the user device, wherein the second OTP generator comprises a second OTP key associated with a second user account;
      
      selecting a respective one of the first and second OTP generators using the OTP application; and
      
      generating an OTP using a respective one of the first and second OTP keys associated with the respective one of the first and second OTP generators.
  - 5. The method of claim 4, wherein one of the OTP application and the OTP generator comprises an OTP generating algorithm which is configured as one of a HMAC-Based One-Time Password (HOTP) and an Europay, MasterCard and Visa Chip Authentication Program (EMV/CAP) algorithm.
  - 6. The method of claim 2, wherein the OTP is configured for input as a PIN into a transaction interface as an electronic signal transmittable from the user device or an electronic signal generated by the user device;
    - andwherein inputting the OTP into the transaction interface comprises inputting the OTP through use of RFID, contactless, Bluetooth, WiFi, proximity card or near field communication technologies.
  - 7. The method of claim 1, wherein camouflaging the key comprises:
    - camouflaging the key using cryptographic camouflage to provide the OTP key.
  - 8. The method of claim 1, wherein the key is a symmetric key, a DES key, an AES key, a non-symmetric key, a secret, a secret byte array, a UDKA, a UDKB , a seed or an indexed key list.

9. A system, comprising:
- a provider system that provides a one-time passcode (OTP) application to a user device, the provider system camouflages a key using a machine effective speed calibration (MESC) defined by the user device to generate an OTP key associated with a user account, the provider system provides the OTP key to the user device; and
  
  wherein the OTP application is configured to generate an OTP on the user device using the OTP key and the MESC;
  
  wherein the OTP is configured for input as a PIN into a transaction interface.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, further comprising:
    - a transaction interface that receives a PIN;
      
      wherein;
      
      the provider system is in communication with the transaction interface and evaluates a PIN input to the transaction interface to determine whether the PIN input is an authentic PIN for the user account;
      
      the provider system provides an authenticating OTP for the user account; and
      
      the provider system compares the PIN input into the transaction interface to the authenticating OTP to determine whether the OTP is an authentic PIN for the user account.
  - 11. The system of claim 9, wherein:
    - the transaction interface is one of an automatic teller machine (ATM) terminal and a point of sale (POS) terminal; and
      
      the user account is one of an ATM account and a debit account.
  - 12. The system of claim 9, wherein:
    - the provider system provides an OTP generator comprising an OTP algorithm;
      
      the user device receives the OTP generator comprising the OTP algorithm;
      
      the OTP algorithm is an HMAC-Based One-Time Password (HOTP) or an Europay, MasterCard and Visa Chip Authentication Program (EMV/CAP) algorithm; and
      
      the OTP application is configured to generate an OTP using the OTP generator and the OTP key.
  - 13. The system of claim 9, wherein the OTP is configured as an electronic signal transmitted from the user device.

14. A system, comprising:
- a processor that provides a one-time passcode (OTP) application comprising an OTP generator to a user device, the processor receives a machine effective speed calibration (MESC) from the user device, the processor camouflages a key using the MESC to generate an OTP key associated with a user account, the processor provides the OTP key to the user device, the OTP application is configured to generate an OTP on the user device using the OTP generator, the MESC and the OTP key, the OTP is configured for input as a PIN into a transaction interface.
- View Dependent Claims (15)
- - 15. The system of claim 14, wherein:
    - the transaction interface is configured to receive the PIN;
      
      the transaction interface is one of an automatic teller machine (ATM) terminal and a point of sale (POS) terminal;
      
      the user account is one of an ATM account and a debit account;
      
      the system is in communication with the transaction interface and evaluates the OTP to determine whether the OTP is an authentic PIN for the user account; and
      
      the processor provides an authorization result to the transaction interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Varadarajan, Rammohan
Primary Examiner(s)
LE, CHAU D

Application Number

US12/943,200
Publication Number

US 20110113245A1
Time in Patent Office

1,413 Days
Field of Search

726/10, 713/168, 713/175, 713/184
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06Q 20/18   involving self-service term...

G06Q 20/227   characterised in that multi...

G06Q 20/326   Payment applications instal...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G07F 7/1075   PIN is checked remotely

G07F 7/122   Online card verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0863   involving passwords or one-...

H04L 9/3228   One-time or temporary data,...

One time PIN generation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

One time PIN generation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links