Information security – Access control or authentication – Network
Reexamination Certificate
2011-03-08
2011-03-08
Moazzami, Nasser (Department: 2436)
Information security
Access control or authentication
Network
C726S006000, C726S007000, C726S008000, C726S009000, C726S010000
Reexamination Certificate
active
07904946
ABSTRACT:
Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.
REFERENCES:
patent: 4599489 (1986-07-01), Cargile
patent: 4609777 (1986-09-01), Cargile
patent: 4800590 (1989-01-01), Vaughan
patent: 4819267 (1989-04-01), Cargile et al.
patent: 5280527 (1994-01-01), Gullman et al.
patent: 5363448 (1994-11-01), Koopman, Jr. et al.
patent: 5481611 (1996-01-01), Owens et al.
patent: 5657388 (1997-08-01), Weiss
patent: 5737421 (1998-04-01), Audebert
patent: 5802176 (1998-09-01), Audebert
patent: 5838458 (1998-11-01), Tsai
patent: 5887065 (1999-03-01), Audebert
patent: 5937068 (1999-08-01), Audebert
patent: 6044154 (2000-03-01), Kelly
patent: 6067621 (2000-05-01), Yu et al.
patent: 6173400 (2001-01-01), Perlman et al.
patent: 6266413 (2001-07-01), Shefi
patent: 6317838 (2001-11-01), Baize
patent: 6327662 (2001-12-01), Araujo
patent: 6338140 (2002-01-01), Owens et al.
patent: 6343361 (2002-01-01), Nendell et al.
patent: 6445794 (2002-09-01), Shefi
patent: 6480958 (2002-11-01), Harrington
patent: 6694436 (2004-02-01), Audebert
patent: 6731731 (2004-05-01), Ueshima
patent: 6732278 (2004-05-01), Baird, III et al.
patent: 6829356 (2004-12-01), Ford
patent: 6880079 (2005-04-01), Kefford et al.
patent: 6904526 (2005-06-01), Hongwei
patent: 6908030 (2005-06-01), Rajasekaran et al.
patent: 6928558 (2005-08-01), Allahwerdi et al.
patent: 2001/0054148 (2001-12-01), Hoornaert et al.
patent: 2001/0055388 (2001-12-01), Kaliski, Jr.
patent: 2002/0002678 (2002-01-01), Chow et al.
patent: 2002/0087860 (2002-07-01), Kravitz
patent: 2002/0103765 (2002-08-01), Ohmori
patent: 2002/0112156 (2002-08-01), Gien et al.
patent: 2002/0147930 (2002-10-01), Pritchard et al.
patent: 2002/0159601 (2002-10-01), Bushmitch et al.
patent: 2002/0166048 (2002-11-01), Coulier
patent: 2002/0198848 (2002-12-01), Michener
patent: 2003/0037262 (2003-02-01), Hillhouse
patent: 2003/0084304 (2003-05-01), Hon et al.
patent: 2003/0112972 (2003-06-01), Hattick et al.
patent: 2003/0115154 (2003-06-01), Anderson et al.
patent: 2003/0152254 (2003-08-01), Ha et al.
patent: 2003/0159068 (2003-08-01), Halpin et al.
patent: 2003/0163739 (2003-08-01), Armington et al.
patent: 2003/0191949 (2003-10-01), Odagawa
patent: 2003/0208697 (2003-11-01), Gardner
patent: 2003/0212894 (2003-11-01), Buck et al.
patent: 2004/0049685 (2004-03-01), Jaloveczki
patent: 2004/0059952 (2004-03-01), Newport et al.
patent: 2004/0097217 (2004-05-01), McClain
patent: 2004/0103290 (2004-05-01), Mankins
patent: 2004/0111520 (2004-06-01), Krantz et al.
patent: 2004/0139028 (2004-07-01), Fishman et al.
patent: 2004/0153668 (2004-08-01), Baier Saip et al.
patent: 2004/0172531 (2004-09-01), Little et al.
patent: 2004/0230807 (2004-11-01), Baird, III et al.
patent: 2004/0243856 (2004-12-01), Shatford
patent: 2004/0255119 (2004-12-01), Ukeda et al.
patent: 2005/0015588 (2005-01-01), Lin et al.
patent: 2005/0050330 (2005-03-01), Agam et al.
patent: 2005/0069137 (2005-03-01), Landrock
patent: 2005/0097320 (2005-05-01), Golan et al.
patent: 2005/0149762 (2005-07-01), Smith et al.
patent: 2005/0154923 (2005-07-01), Lok et al.
patent: 2005/0166263 (2005-07-01), Nanopoulos et al.
patent: 2005/0187873 (2005-08-01), Labrou et al.
patent: 2005/0188202 (2005-08-01), Popp
patent: 2005/0191992 (2005-09-01), Inoue et al.
patent: 2005/0193198 (2005-09-01), Livowsky
patent: 2005/0208891 (2005-09-01), Khare et al.
patent: 2005/0210252 (2005-09-01), Freeman et al.
patent: 2005/0273442 (2005-12-01), Bennett et al.
patent: 2006/0059344 (2006-03-01), Mononen
patent: 2006/0287963 (2006-12-01), Steeves et al.
patent: 2007/0076866 (2007-04-01), Vanstone et al.
patent: WO 2005/025292 (2005-03-01), None
Chu Ronald King-Hang
Glindro Gerry
Kogen Mark
Ma Simon
Nicholas Jeffrey William Coyte
Citicorp Development Center Inc.
King & Spalding LLP
Moazzami Nasser
Shehni Ghazal
LandOfFree
Methods and systems for secure user authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and systems for secure user authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and systems for secure user authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2760662