Methods and systems for secure user authentication
First Claim
1. A computer-implemented method for secure user authentication using a one-time password, comprising:
- storing, on a first computing device, a one-time password application;
storing on a back-end server a valid personal identification number (PIN) value and a valid shared secret for the user;
receiving entry on the first computing device of a purported PIN value of the user;
dynamically synthesizing a purported shared secret on the first computing device by the one-time password application using the purported PIN value of the user, wherein no part of the valid PIN value is stored on the first computing device;
generating a purported one-time password value on the first computing device based on the purported shared secret;
receiving entry of the purported one-time password value by the back-end server in an attempt to log on the back-end server from a second computing device;
calculating a time frame window of one-time password values by the back-end server and comparing with the one-time password value received; and
allowing log on to the back-end server from the second computing device when a one-time password value in the window corresponds to the received one-time password value.
2 Assignments
0 Petitions
Accused Products
Abstract
For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.
-
Citations
30 Claims
-
1. A computer-implemented method for secure user authentication using a one-time password, comprising:
-
storing, on a first computing device, a one-time password application; storing on a back-end server a valid personal identification number (PIN) value and a valid shared secret for the user; receiving entry on the first computing device of a purported PIN value of the user; dynamically synthesizing a purported shared secret on the first computing device by the one-time password application using the purported PIN value of the user, wherein no part of the valid PIN value is stored on the first computing device; generating a purported one-time password value on the first computing device based on the purported shared secret; receiving entry of the purported one-time password value by the back-end server in an attempt to log on the back-end server from a second computing device; calculating a time frame window of one-time password values by the back-end server and comparing with the one-time password value received; and allowing log on to the back-end server from the second computing device when a one-time password value in the window corresponds to the received one-time password value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer system for secure user authentication using a one-time password, comprising:
-
a first computing device storing a one-time password application; a back-end server storing a valid personal identification number (PIN) value and a valid shared secret for the user; the first computing device being programmed for receiving entry of a purported PIN value of the user; the first computing device being further programmed for dynamically synthesizing a purported shared secret on the first computing device using the one-time password application using the purported PIN value of the user, wherein no part of the valid PIN value is stored on the first computing device; the first computing device being further programmed for generating a purported one-time password value on the first computing device based on the purported shared secret; the back-end server being programmed for receiving entry of the purported one-time password value by the back-end server in an attempt to log on the back-end server from a second computing device; the back-end server being further programmed for calculating a time frame window of one-time password values by the back-end server; and the back-end server being additionally programmed for allowing log on to the back-end server from the second computing device when a calculated one-time password value in the window corresponds to the received one-time password value.
-
Specification