Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.

Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.

Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.

Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.

Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.

Abstract: For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.

Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.

Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.

Abstract: Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.

Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.

Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.