Patents by Inventor Ronald King-Hang Chu
Ronald King-Hang Chu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10579977Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.Type: GrantFiled: July 29, 2019Date of Patent: March 3, 2020Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Joseph Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
-
Patent number: 10373141Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.Type: GrantFiled: February 13, 2018Date of Patent: August 6, 2019Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
-
Patent number: 9928491Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.Type: GrantFiled: February 14, 2017Date of Patent: March 27, 2018Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
-
Patent number: 9768963Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.Type: GrantFiled: February 2, 2011Date of Patent: September 19, 2017Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
-
Patent number: 9607292Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.Type: GrantFiled: January 12, 2012Date of Patent: March 28, 2017Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
-
Patent number: 9002750Abstract: For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.Type: GrantFiled: April 23, 2007Date of Patent: April 7, 2015Assignee: Citicorp Credit Services, Inc. (USA)Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
-
Patent number: 8117125Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.Type: GrantFiled: June 9, 2000Date of Patent: February 14, 2012Assignee: Citicorp Developement Center, Inc.Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
-
Publication number: 20110197266Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.Type: ApplicationFiled: February 2, 2011Publication date: August 11, 2011Inventors: Ronald King-Hang CHU, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
-
Patent number: 7904946Abstract: Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.Type: GrantFiled: December 11, 2006Date of Patent: March 8, 2011Assignee: Citicorp Development Center, Inc.Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
-
Patent number: 7039812Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.Type: GrantFiled: January 25, 2001Date of Patent: May 2, 2006Assignee: Citicorp Development Center, Inc.Inventors: Joseph C. Kawan, Yosif Smushkovich, Ronald King-Hang Chu
-
Publication number: 20010049785Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.Type: ApplicationFiled: January 25, 2001Publication date: December 6, 2001Inventors: Joseph C. Kawan, Yosif Smushkovich, Ronald King-Hang Chu