Patent attributes
Secure user authentication using a OTP involve pre-storing an application on a first device for generating a valid OTP for the user responsive to receiving entry of a valid PIN, no part of the valid PIN is stored on the first device and pre-storing on a back-end server the valid PIN and a valid shared secret for the user. Upon receiving entry of a purported PIN, a purported shared secret is dynamically synthesized on the first device by the application based on the purported PIN and a purported OTP is generated on the first device. When entry of the purported OTP is received by the server in an attempt to log on the server from a second device, the server cryptographically calculates a window of OTPs, and logs on to the server from the second device is allowed if the calculated window of OTPs corresponds to the received OTP.