Methods and systems for secure user authentication

Assignee

• CITICORP CREDIT SERVICES, INC. (USA) · US

Inventors

• Ronald King-Hang Chu · Los Angeles, US
• Mark Kogen · Torrance, US
• Warren Tan · Thousand Oaks, US
• Simon Ma · Torrance, US
• Yosif Smushkovich · Santa Monica, US
• Gerry Glindro · Carson, US
• Jeffrey William Coyte Nicholas · Los Angeles, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W88/02
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.