Patents by Inventor Ronald King-Hang Chu

Ronald King-Hang Chu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9928491
    Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.
    Type: Grant
    Filed: February 14, 2017
    Date of Patent: March 27, 2018
    Assignee: Citicorp Credit Services, Inc. (USA)
    Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
  • Patent number: 9768963
    Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.
    Type: Grant
    Filed: February 2, 2011
    Date of Patent: September 19, 2017
    Assignee: Citicorp Credit Services, Inc. (USA)
    Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
  • Patent number: 9607292
    Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.
    Type: Grant
    Filed: January 12, 2012
    Date of Patent: March 28, 2017
    Assignee: Citicorp Credit Services, Inc. (USA)
    Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
  • Patent number: 9002750
    Abstract: For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.
    Type: Grant
    Filed: April 23, 2007
    Date of Patent: April 7, 2015
    Assignee: Citicorp Credit Services, Inc. (USA)
    Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
  • Patent number: 8117125
    Abstract: Methods and systems for controlling certificate-based open payment transactions involving a merchant and a customer utilizing various types of networks and terminals. Prior to accessing a merchant POS terminal or, for example, a merchant website, a customer obtains a certificate from a service provider (SP), such as a bank, certifying his identification (ID) and his relevant financial information, in a form that is understandable by the SP. The SP is capable of performing multiple functions. For example, the SP is capable of acting as a certificate authority when it issues the customer's certificates, an authenticator when it receives private-key encrypted certificates from the customers to be decrypted using the corresponding public-key, and an authorizing authority when it checks the value available in a customer' chosen payment account against the requested purchase or transfer amount.
    Type: Grant
    Filed: June 9, 2000
    Date of Patent: February 14, 2012
    Assignee: Citicorp Developement Center, Inc.
    Inventors: Joseph C. Kawan, Ronald King-Hang Chu, Charles Golvin, Peter Tompkins
  • Publication number: 20110197266
    Abstract: Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device.
    Type: Application
    Filed: February 2, 2011
    Publication date: August 11, 2011
    Inventors: Ronald King-Hang CHU, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
  • Patent number: 7904946
    Abstract: Methods and systems for secure user authentication utilizes OTP generation and validation techniques in which the shared secret for generating the OTP is not stored in the user's mobile device but instead is dynamically synthesized based on a PIN that activates the OTP generation and the personalized OTP data. The client software has no knowledge of what the correct PIN should be and always generates a normal looking OTP based on whatever PIN is entered, and the only way to learn whether or not the OTP is correct is to submit it during user login. By limiting the number of failed login attempts before the account is locked, brute-force attacks via the online channel will fail, and further, brute-force attacks to uncover the correct PIN for generating the correct OTP offline will also fail even if a hacker steals the user's mobile device and extracts the data inside for offline hacking, because there is nothing on the client that contains the PIN or encrypted by the PIN.
    Type: Grant
    Filed: December 11, 2006
    Date of Patent: March 8, 2011
    Assignee: Citicorp Development Center, Inc.
    Inventors: Ronald King-Hang Chu, Mark Kogen, Warren Tan, Simon Ma, Yosif Smushkovich, Gerry Glindro, Jeffrey William Coyte Nicholas
  • Patent number: 7039812
    Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.
    Type: Grant
    Filed: January 25, 2001
    Date of Patent: May 2, 2006
    Assignee: Citicorp Development Center, Inc.
    Inventors: Joseph C. Kawan, Yosif Smushkovich, Ronald King-Hang Chu
  • Publication number: 20010049785
    Abstract: A method and system for authenticating the identity of a user by an authority makes use of presenting biometric data for the user in a predetermined shared secret sequence. The method and system can be augmented by requesting an additional shared secret, such as a PIN or additional credentials, to establish multiple layers of authentication. Varying the layers of authentication results in greater or lesser security, and the accuracy for any given layer can be relaxed without compromising the integrity of the entire method.
    Type: Application
    Filed: January 25, 2001
    Publication date: December 6, 2001
    Inventors: Joseph C. Kawan, Yosif Smushkovich, Ronald King-Hang Chu