Methods and systems for secure user authentication

Assignee

• CITICORP CREDIT SERVICES, INC. (USA) · US

Inventors

• Ronald King-Hang Chu · Los Angeles, US
• Mark Kogen · Torrance, US
• Warren Tan · Thousand Oaks, US
• Simon Ma · Torrance, US
• Yosif Smushkovich · Santa Monica, US
• Gerry Glindro · Carson, US
• Jeffrey William Coyte Nicholas · Los Angeles, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3228
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device. When entry of the purported OTP value is received by the back-end server in an attempt to log on the back-end server from a second computing device, the back-end server cryptographically calculates a window of OTP values, and log on to the back-end server from the second computing device is allowed if the calculated window of OTP values corresponds to the received OTP value.