Methods and systems for secure user authentication

Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the person...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	CHU RONALD KING-HANG, MA SIMON, GLINDRO GERRY, NICHOLAS JEFFREY WILLIAM COYTE, KOGEN MARK, SMUSHKOVICH YOSIF, TAN WARREN
Format:	Patent
Sprache:	eng
Schlagworte:	ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION WIRELESS COMMUNICATIONS NETWORKS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	CHU RONALD KING-HANG MA SIMON GLINDRO GERRY NICHOLAS JEFFREY WILLIAM COYTE KOGEN MARK SMUSHKOVICH YOSIF TAN WARREN
description	Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US7904946B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US7904946B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US7904946B13</originalsourceid><addsrcrecordid>eNrjZDDyTS3JyE8pVkjMS1EoriwuSc0tVkjLL1IoTk0uLUpVKC1OLVJILC3JSM0ryUxOLMnMz-NhYE1LzClO5YXS3AwKbq4hzh66qQX58anFBYnJqXmpJfGhweaWBiaWJmZOhsZEKAEAm4AsQw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Methods and systems for secure user authentication</title><source>esp@cenet</source><creator>CHU RONALD KING-HANG ; MA SIMON ; GLINDRO GERRY ; NICHOLAS JEFFREY WILLIAM COYTE ; KOGEN MARK ; SMUSHKOVICH YOSIF ; TAN WARREN</creator><creatorcontrib>CHU RONALD KING-HANG ; MA SIMON ; GLINDRO GERRY ; NICHOLAS JEFFREY WILLIAM COYTE ; KOGEN MARK ; SMUSHKOVICH YOSIF ; TAN WARREN</creatorcontrib><description>Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION ; WIRELESS COMMUNICATIONS NETWORKS</subject><creationdate>2011</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20110308&DB=EPODOC&CC=US&NR=7904946B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76516</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20110308&DB=EPODOC&CC=US&NR=7904946B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>CHU RONALD KING-HANG</creatorcontrib><creatorcontrib>MA SIMON</creatorcontrib><creatorcontrib>GLINDRO GERRY</creatorcontrib><creatorcontrib>NICHOLAS JEFFREY WILLIAM COYTE</creatorcontrib><creatorcontrib>KOGEN MARK</creatorcontrib><creatorcontrib>SMUSHKOVICH YOSIF</creatorcontrib><creatorcontrib>TAN WARREN</creatorcontrib><title>Methods and systems for secure user authentication</title><description>Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><subject>WIRELESS COMMUNICATIONS NETWORKS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2011</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZDDyTS3JyE8pVkjMS1EoriwuSc0tVkjLL1IoTk0uLUpVKC1OLVJILC3JSM0ryUxOLMnMz-NhYE1LzClO5YXS3AwKbq4hzh66qQX58anFBYnJqXmpJfGhweaWBiaWJmZOhsZEKAEAm4AsQw</recordid><startdate>20110308</startdate><enddate>20110308</enddate><creator>CHU RONALD KING-HANG</creator><creator>MA SIMON</creator><creator>GLINDRO GERRY</creator><creator>NICHOLAS JEFFREY WILLIAM COYTE</creator><creator>KOGEN MARK</creator><creator>SMUSHKOVICH YOSIF</creator><creator>TAN WARREN</creator><scope>EVB</scope></search><sort><creationdate>20110308</creationdate><title>Methods and systems for secure user authentication</title><author>CHU RONALD KING-HANG ; MA SIMON ; GLINDRO GERRY ; NICHOLAS JEFFREY WILLIAM COYTE ; KOGEN MARK ; SMUSHKOVICH YOSIF ; TAN WARREN</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US7904946B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2011</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><topic>WIRELESS COMMUNICATIONS NETWORKS</topic><toplevel>online_resources</toplevel><creatorcontrib>CHU RONALD KING-HANG</creatorcontrib><creatorcontrib>MA SIMON</creatorcontrib><creatorcontrib>GLINDRO GERRY</creatorcontrib><creatorcontrib>NICHOLAS JEFFREY WILLIAM COYTE</creatorcontrib><creatorcontrib>KOGEN MARK</creatorcontrib><creatorcontrib>SMUSHKOVICH YOSIF</creatorcontrib><creatorcontrib>TAN WARREN</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>CHU RONALD KING-HANG</au><au>MA SIMON</au><au>GLINDRO GERRY</au><au>NICHOLAS JEFFREY WILLIAM COYTE</au><au>KOGEN MARK</au><au>SMUSHKOVICH YOSIF</au><au>TAN WARREN</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Methods and systems for secure user authentication</title><date>2011-03-08</date><risdate>2011</risdate><abstract>Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	eng
recordid	cdi_epo_espacenet_US7904946B1
source	esp@cenet
subjects	ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION WIRELESS COMMUNICATIONS NETWORKS
title	Methods and systems for secure user authentication
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T10%3A53%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=CHU%20RONALD%20KING-HANG&rft.date=2011-03-08&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS7904946B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true