&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11917069.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,917,069 B1</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Methods and systems for secure user authentication</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Ronald Chu,  Los Angeles, CA (US);  Mark Kogen,  Torrance, CA (US);  Warren Tan,  Thousand Oaks, CA (US);  Simon Ma,  Torrance, CA (US);  Yosif Smushkovich,  Santa Monica, CA (US);  Gerry Glindro,  Carson, CA (US); and  Jeffrey Nicholas,  Los Angeles, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  CITICORP CREDIT SERVICES, INC. (USA),  Jacksonville, FL (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  CITICORP CREDIT SERVICES, INC. (USA),  Jacksonville, FL (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jun.  29, 2023, as Appl. No. 18/216,515.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 18/216,515 is a continuation of application No. 17/845,954, filed on Jun.  21, 2022.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 17/845,954 is a continuation of application No. 15/677,894, filed on Aug.  15, 2017, granted, now 11,394,553.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 15/677,894 is a continuation of application No. 13/019,333, filed on Feb.  2, 2011, granted, now 9,768,963.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 13/019,333 is a continuation of application No. 11/789,054, filed on Apr.  23, 2007, granted, now 9,002,750.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Application 11/789,054 is a continuation in part of application No. 11/636,839, filed on Dec.  11, 2006, granted, now 7,904,946.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 60/784,970, filed on Mar.  22, 2006.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 60/749,230, filed on Dec.  9, 2005.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>This patent is subject to a terminal disclaimer.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 29/00</b></i> (2006.01); <i><b>H04L 9/32</b></i> (2006.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 9/3228</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11917069-20240227-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A computer-implemented method for secure user authentication, the method comprising:<div class="claim_text">receiving, by a validation server executing a one-time password (OTP) generator, a PIN from a user device associated with a user, wherein the PIN is not stored at the user device;</div>
                <div class="claim_text">dynamically generating, by the validation server, a shared secret based upon the PIN received from the user device and personalized OTP data;</div>
                <div class="claim_text">generating, by the validation server, an OTP based on the shared secret and one or more moving factors of the OTP generator, wherein the OTP has a time-sensitive expiration according to at least one moving factor;</div>
                <div class="claim_text">presenting, by the validation server, the OTP for display on a graphical user interface for the user via a first channel;</div>
                <div class="claim_text">receiving via a second channel, by the validation server, the OTP and a user credential associated with the user from a challenge website of a second server coupled to the validation server; and</div>
                <div class="claim_text">responsive to the validation server determining that the user credential and the OTP received from the challenge web site is valid according to a record of the user stored in a non-transitory machine-readable storage media:<div class="claim_text">transmitting, by the validation server, access rights for the challenge web site of the second server for the user according to the record of the user.</div>
                </div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>