Methods and systems for electronic transactions using dynamic password authentication

US 9,654,466 B1
Filed: 04/22/2013
Issued: 05/16/2017
Est. Priority Date: 05/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for performing electronic transactions using dynamic password authentication, comprising:

sending, using a backend processor, a unique random or pseudorandom character string to a user'"'"'s mobile device processor;

generating, by the mobile device processor, a one-time password comprising a hash, according to a predefined short hash function, of an encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with a unique encryption key;

prompting, by the backend processor, entry of the one-time password on a password field of an end user computing device in online communication with the backend processor;

receiving, using the backend processor, a user identifier and the user-entered one-time password comprising the hash, according the predefined short hash function, of the encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with the unique encryption key from a processor of the end user computing device;

encrypting, using the backend processor, a cipher input with the unique encryption key, the cipher input consisting at least in part of the user identifier and the random or pseudorandom character string;

generating, by the backend processor, a hash of the encrypted cipher input according to the predefined short hash function; and

authenticating, using the backend processor, the received hash of the encrypted challenge string when the received hash of the encrypted challenge string matches the hash of the encrypted cipher input.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for performing electronic transactions using dynamic password authentication involve, for example, sending, using a backend processor, a unique random or pseudorandom character string to the user'"'"'s mobile device processor. Thereafter, also using the backend processor, a user identifier and a challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with a unique encryption key may be received from the user'"'"'s mobile device processor. Using the backend processor, a cipher input consisting at least in part of the user identifier and the random or pseudorandom character string is encrypted with the unique encryption key. The received encrypted challenge string is authenticated if the received encrypted challenge string matches the encrypted cipher input.

21 Citations

View as Search Results

19 Claims

1. A method for performing electronic transactions using dynamic password authentication, comprising:
- sending, using a backend processor, a unique random or pseudorandom character string to a user'"'"'s mobile device processor;
  
  generating, by the mobile device processor, a one-time password comprising a hash, according to a predefined short hash function, of an encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with a unique encryption key;
  
  prompting, by the backend processor, entry of the one-time password on a password field of an end user computing device in online communication with the backend processor;
  
  receiving, using the backend processor, a user identifier and the user-entered one-time password comprising the hash, according the predefined short hash function, of the encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with the unique encryption key from a processor of the end user computing device;
  
  encrypting, using the backend processor, a cipher input with the unique encryption key, the cipher input consisting at least in part of the user identifier and the random or pseudorandom character string;
  
  generating, by the backend processor, a hash of the encrypted cipher input according to the predefined short hash function; and
  
  authenticating, using the backend processor, the received hash of the encrypted challenge string when the received hash of the encrypted challenge string matches the hash of the encrypted cipher input.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising sending the unique encryption key to a mobile application installed on the user'"'"'s mobile device.
  - 3. The method of claim 2, wherein sending the unique encryption key to the mobile application further comprises registering the mobile application with the backend processor.
  - 4. The method of claim 3, wherein registering the mobile application further comprises verifying an activation code received by the backend processor from the mobile device processor.
  - 5. The method of claim 4, wherein registering the mobile application further comprises verifying user account information and the activation code received by the backend processor from the mobile device processor.
  - 6. The method of claim 2, wherein sending the unique encryption key to the mobile application on the user'"'"'s mobile device processor further comprises sending a unique symmetric encryption key to the mobile application.
  - 7. The method of claim 2, wherein sending the unique encryption key to the mobile application on the user'"'"'s mobile device processor further comprises storing the unique encryption key in a key store of the user'"'"'s mobile device.
  - 8. The method of claim 2, wherein sending the unique encryption key to the mobile application on the user'"'"'s mobile device processor further comprises storing the unique encryption key in a key database by the backend processor.
  - 9. The method of claim 8, wherein storing the unique encryption key by the backend processor further comprises associating the unique encryption key with the user identifier.
  - 10. The method of claim 1, wherein sending the random or pseudorandom character string further comprises sending the random or pseudorandom character string of less than eight characters to the user'"'"'s mobile device processor.
  - 11. The method of claim 1, wherein sending the random or pseudorandom character string further comprises sending the random or pseudorandom character string in response to a user'"'"'s logon request.
  - 12. The method of claim 1, wherein receiving the user identifier and the user-entered one-time password comprising the hash, according to the predefined short hash function, of the encrypted challenge string further comprises receiving a user PIN code and the one-time user-entered password comprising the hash, according to a predefined short hash function, of the encrypted challenge string consisting at least in part of the user PIN code and the random or pseudorandom character string encrypted with the unique encryption key from the processor of the end user computing device.
  - 13. The method of claim 1, wherein receiving the user identifier and the user-entered one-time password comprising the hash, according to the predefined short hash function, of the encrypted challenge string further comprises receiving the user identifier and the user-entered one-time user password consisting of a hash of a pre-determined number of characters.
  - 14. The method of claim 13, wherein receiving the user identifier and the user-entered one-time user password consisting of the hash of the pre-determined number of characters further comprises receiving the user identifier and the user-entered one-time user password consisting of the hash of a pre-determined number of characters that is not greater than eight characters.
  - 15. The method of claim 1, wherein encrypting the cipher input further comprises retrieving the unique encryption key corresponding to the received user identifier from a key database by the backend processor.
  - 16. The method of claim 1, wherein generating the hash of the encrypted cipher input further comprises generating the hash, according to the predefined short hash function, of the encrypted cipher input consisting at least in part of a user PIN code and the random or pseudorandom character string sent to the user'"'"'s mobile device processor.
  - 17. The method of claim 1, wherein authenticating the received hash of the encrypted challenge string further comprises comparing the received hash of the encrypted challenge string with the hash of the encrypted cipher input.
  - 18. The method of claim 1, further comprising sending, on a succeeding occasion, a different random or pseudorandom character string to the user'"'"'s mobile device processor.

19. A system for performing electronic transactions using dynamic password authentication, comprising:
- a backend server microprocessor coupled to memory and programmed to;
  
  send a unique random or pseudorandom character string to a user'"'"'s mobile device microprocessor coupled to memory;
  
  the user'"'"'s mobile device memory-coupled microprocessor being programmed to;
  
  generate a one-time password comprising a hash, according to a predefined short hash function, of an encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with a unique encryption key;
  
  the backend server memory-coupled microprocessor being further programmed to;
  
  prompt entry of the one-time password on a password field of an end user computing device in online communication with the backend memory-coupled microprocessor;
  
  receive a user identifier and a user-entered one-time password comprising the hash, according to a predefined short hash function, of an encrypted challenge string consisting at least in part of the user identifier and the random or pseudorandom character string encrypted with the unique encryption key from a memory-coupled microprocessor of the end user computing device;
  
  encrypt a cipher input with the unique encryption key sent to the user'"'"'s mobile device memory-coupled microprocessor, the cipher input consisting at least in part of the user identifier and the random or pseudorandom character string;
  
  generate a hash of the encrypted cipher input according to the predefined short hash function; and
  
  authenticate the received hash of the encrypted challenge string when the received hash of the encrypted challenge string matches the hash of the encrypted cipher input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citigroup Technology, Inc. (Citigroup Incorporated)
Original Assignee
Citigroup Technology, Inc. (Citigroup Incorporated)
Inventors
Wu, Frank L.
Primary Examiner(s)
Leung, Robert

Application Number

US13/867,228
Time in Patent Office

1,485 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

H04W 12/04   Key management, e.g. using ...

H04W 12/068   using credential vaults, e....

Methods and systems for electronic transactions using dynamic password authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for electronic transactions using dynamic password authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links