Systems and methods for secure one-time password validation

US 9,769,157 B2
Filed: 09/21/2015
Issued: 09/19/2017
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by a processor, a seed one-time password (OTP);

transmitting, by the processor, the seed OTP to a user device,wherein the seed OTP is passed to a security utilities software development kit (SDK) on the user device for further processing to generate a response OTP in response to an integrity module confirming that the user device is in good health,wherein the security utilities SDK is in communication with an OTP listening service;

receiving, by the processor, the response OTP from the user device,wherein the response OTP is different from the seed OTP,wherein the response OTP is generated using a function that is based on a device identifier associated with the user device and a device fingerprint associated with the user device;

calculating, by the processor, an expected response OTP by applying a function to the seed OTP,wherein the function is based on the device identifier and the device fingerprint;

determining, by the processor, that the response OTP satisfies the expected response OTP; and

sending, by the processor, a result in response to the determining.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may generate a seed one-time password (OTP). The system may also perform steps including transmitting the seed OTP to a user device, receiving a response OTP from the user device, and calculating an expected response OTP by applying a function to the seed OTP. The system may then compare the response OTP to the expected response OTP and send a result in response to comparing the response OTP to the expected response OTP.

Citations

17 Claims

1. A method comprising:
- generating, by a processor, a seed one-time password (OTP);
  
  transmitting, by the processor, the seed OTP to a user device,wherein the seed OTP is passed to a security utilities software development kit (SDK) on the user device for further processing to generate a response OTP in response to an integrity module confirming that the user device is in good health,wherein the security utilities SDK is in communication with an OTP listening service;
  
  receiving, by the processor, the response OTP from the user device,wherein the response OTP is different from the seed OTP,wherein the response OTP is generated using a function that is based on a device identifier associated with the user device and a device fingerprint associated with the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP,wherein the function is based on the device identifier and the device fingerprint;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising receiving, by the processor, a request for the seed OTP, wherein the request includes the device identifier and the device fingerprint.
  - 3. The method of claim 1, wherein, in response to receiving the result from the processor, the user device displays a success notification screen and requests confirmation, wherein the success notification screen is displayed along with at least one of a service name request, a purpose, a time, a merchant, a merchant locator, or an amount.
  - 4. The method of claim 1, wherein the response OTP is transmitted by the user device to the processor in response to an authorization button being selected.
  - 5. The method of claim 4, wherein the seed OTP is transmitted to the user device with an authorization payload including at least one of a service identifier, a purpose, a time, a date, a merchant identifier, or an amount of the seed OTP for display with the authorization button.
  - 6. The method of claim 1, wherein the seed OTP is only valid for a predetermined time period.

7. A computer-based system, comprising:
- a processor;
  
  a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising;
  
  generating, by the processor, a seed one-time password (OTP);
  
  transmitting, by the processor, the seed OTP to a user device,wherein the seed OTP is passed to a security utilities software development kit (SDK) on the user device for further processing to generate a response OTP in response to an integrity module confirming that the user device is in good health,wherein the security utilities SDK is in communication with an OTP listening service;
  
  receiving, by the processor, the response OTP from the user device,wherein the response OTP is different from the seed OTP,wherein the response OTP is generated using a function that is based on a device identifier associated with the user device and a device fingerprint associated with the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP,wherein the function is based on the device identifier and the device fingerprint;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-based system of claim 7, further comprising receiving, by the processor, a request for the seed OTP, wherein the request includes the device identifier and the device fingerprint.
  - 9. The computer-based system of claim 7, wherein, in response to receiving the result from the processor, the user device displays a success notification screen and requests confirmation, wherein the success notification screen is displayed along with at least one of a service name request, a purpose, a time, a merchant, a merchant locator, or an amount.
  - 10. The computer-based system of claim 7, wherein the response OTP is transmitted by the user device to the processor in response to an authorization button being selected.
  - 11. The computer-based system of claim 10, wherein the seed OTP is transmitted to the user device with an authorization payload including at least one of a service identifier, a purpose, a time, a date, a merchant identifier, or an amount of the seed OTP for display with the authorization button.
  - 12. The computer-based system of claim 7, wherein the seed OTP is only valid for a predetermined time period.

13. An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a computer-based system, cause the computer-based system to perform operations comprising:
- generating, by the processor, a seed one-time password (OTP);
  
  transmitting, by the processor, the seed OTP to a user device,wherein the seed OTP is passed to a security utilities software development kit (SDK) on the user device for further processing to generate a response OTP in response to an integrity module confirming that the user device is in good health,wherein the security utilities SDK is in communication with an OTP listening service;
  
  receiving, by the processor, the response OTP from the user device,wherein the response OTP is different from the seed OTP,wherein the response OTP is generated using a function that is based on a device identifier associated with the user device and a device fingerprint associated with the user device;
  
  calculating, by the processor, an expected response OTP by applying a function to the seed OTP,wherein the function is based on the device identifier and the device fingerprint;
  
  determining, by the processor, that the response OTP satisfies the expected response OTP; and
  
  sending, by the processor, a result in response to the determining comparing the response OTP to the expected response OTP.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The article of claim 13, further comprising receiving, by the processor, a request for the seed OTP, wherein the request includes the device identifier and the device fingerprint.
  - 15. The article of claim 13, wherein, in response to receiving the result from the processor, the user device displays a success notification screen and requests confirmation, wherein the success notification screen is displayed along with at least one of a service name request, a purpose, a time, a merchant, a merchant locator, or an amount.
  - 16. The article of claim 13, wherein the seed OTP is transmitted to the user device with an authorization payload including at least one of a service identifier, a purpose, a time, a date, a merchant identifier, or an amount of the seed OTP for display with an authorization button.
  - 17. The article of claim 13, wherein the seed OTP is only valid for a predetermined time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Original Assignee
American Express Travel Related Services Company, Inc. (American Express Company)
Inventors
Ibrahim, Wael, Mardikar, Upendra
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US14/860,420
Publication Number

US 20170085558A1
Time in Patent Office

729 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/385   using an alias or single-us...

H04L 63/0838   using one-time-passwords

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

Systems and methods for secure one-time password validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure one-time password validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links