Distributed Single Sign-On

US 20160094540A1
Filed: 09/25/2015
Published: 03/31/2016
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method for generating a cryptographic token for authenticating a user computer, connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, to a said verifier server under a username identifying the user computer to that verifier server, the method comprising:

providing at the n authentication servers respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦

n of the password data shares is needed to determine if said user password matches a password attempt;

providing at the n authentication servers respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦

t₁of the secret data shares is needed to reconstruct the secret data;

at the user computer, on input of a password attempt, communicating via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and

at the user computer, on receipt of said secret data shares, reconstructing and using said secret data to generate, via communication with at least a plurality T≦

t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for authenticating user computers 2 in distributed single sign-on systems 1. A user computer 2 is connectable via a network 3 to a plurality of verifier servers 4 and a plurality n of authentication servers 5. Through communication with authentication servers 5, the user computer 2 can generate a cryptographic token for authenticating the user computer 2 to a selected verifier server 4 under a username identifying the user computer to that verifier server. Respective cryptographic shares of password data, which is dependent on a predetermined user password, are provided at the n authentication servers 5. A plurality t₁≦n of the password data shares is needed to determine if the user password matches a password attempt. Respective cryptographic shares of secret data, which enables determination of said username for each verifier server, are also provided at the n authentication servers 5. A plurality t₂≦t₁of the secret data shares is needed to reconstruct the secret data. On input of a password attempt at the user computer 2, the user computer communicates via the network with at least t₁authentication servers 5 to implement an authentication procedure in which the password data shares of those authentication servers are used to determine if the user password matches the password attempt and, if so, the user computer 2 receives at least t₂secret data shares from respective authentication servers 5. On receipt of these secret data shares, the user computer 2 reconstructs and uses the secret data to generate, via communication with at least a plurality T≦t₁of said at least t₁servers 5, a cryptographic token for authenticating the user computer 2 to a selected verifier server 4, secret from said at least T servers, under said username for the selected verifier server 4.

36 Citations

View as Search Results

23 Claims

1. A method for generating a cryptographic token for authenticating a user computer, connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, to a said verifier server under a username identifying the user computer to that verifier server, the method comprising:
- providing at the n authentication servers respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the password data shares is needed to determine if said user password matches a password attempt;
  
  providing at the n authentication servers respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the secret data shares is needed to reconstruct the secret data;
  
  at the user computer, on input of a password attempt, communicating via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and
  
  at the user computer, on receipt of said secret data shares, reconstructing and using said secret data to generate, via communication with at least a plurality T≦
  
  t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as claimed in claim 1 wherein t₁<
    - n.
  - 3. A method as claimed in claim 1 or claim 2 wherein t₂=t₁.
  - 4. A method as claimed in any preceding claim wherein T=t₁.
  - 5. A method as claimed in any preceding claim wherein, to generate said cryptographic token:
    - each of said at least T servers generates a token component, dependent on a secret key of a cryptographic key pair, and sends the token component to the user computer; and
      
      the user computer produces the cryptographic token by combining the token components, whereby the token can be authenticated by the selected verifier server using a public key of said cryptographic key pair.
  - 6. A method as claimed in any preceding claim wherein said username is different for every verifier server.
  - 7. A method as claimed in any preceding claim wherein said secret data comprises data indicative of said username for each verifier server.
  - 8. A method as claimed in any one of claims 1 to 6 wherein said secret data comprises a cryptographic key for accessing stored data indicative of said username for each verifier server, said stored data being provided at a storage location accessible to the user computer via said network.
  - 9. A method as claimed in any preceding claim including providing, at each of the n authentication servers, attribute data indicative of a set of user attributes associated with a holder of said user password, wherein, in generation of the token, said at least T authentication servers use the attribute data such that the cryptographic token demonstrates any attributes required by the selected verifier.
  - 10. A method as claimed in any preceding claim including:
    - providing at the n authentication servers respective key-shares of a secret signing key for a threshold signature scheme whose threshold equals T; and
      
      at the user computer, on reconstructing said secret data, using the secret data to obtain from each of said at least T servers a partial signature, under the key-share of that server, on said username for the selected verifier server, and producing the cryptographic token by combining the partial signatures.
  - 11. A method as claimed in claim 10 wherein said secret data provides access to a verifier alias for each verifier server, the method including:
    - providing at the n authentication servers alias data mapping the verifier alias for each verifier server to said username for that verifier server;
      
      at the user computer, on reconstructing said secret data, sending to said at least T servers the verifier alias for the selected verifier server; and
      
      at each of said at least T servers, on receipt of the verifier alias, determining from said alias data the username mapping to that verifier alias, and producing said partial signature on the username so determined.
  - 12. A method as claimed in any one of claims 1 to 9 wherein:
    - the method includes providing at each of the n authentication servers a secret issuance key of an issuance key pair for a privacy-preserving attribute-based credential scheme;
      
      said secret data provides access to the username for each verifier server and the username comprises a pseudonym, which is bound to a secret user key, of said credential scheme; and
      
      the method further includes, at the user computer, on reconstructing said secret data, obtaining from each of said at least T servers a privacy-preserving credential, produced using said secret issuance key of that server and bound to said secret user key, and producing the cryptographic token using the credentials from those servers, wherein the cryptographic token comprises a presentation token of said credential scheme for proving knowledge of at least T said credentials each bound to the secret user key to which said pseudonym for the selected verifier server is also bound.
  - 13. A method as claimed in claim 12 including:
    - providing at each of the n authentication servers a further pseudonym which is bound to said secret user key; and
      
      at each of said at least T authentication servers, when producing said privacy-preserving credential, binding the credential to the secret user key carried over from said further pseudonym.
  - 14. A method as claimed in claim 12 or claim 13 wherein said secret data further provides access to said secret user key.

15. A method for generating a cryptographic token for authenticating a user computer, the method being substantially as hereinbefore described with reference to FIGS. 1 to 6, or FIGS. 1 to 3 and 7 to 8c of the accompanying drawings.

16. A method for generating, at a user computer which is connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, a cryptographic token for authenticating the user computer to a said verifier server under a username identifying the user computer to that verifier server, wherein the n authentication servers store respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
- n of the password data shares is needed to determine if said user password matches a password attempt, and further store respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the secret data shares is needed to reconstruct the secret data, the method comprising;
  
  on input of a password attempt, communicating via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and
  
  on receipt of said secret data shares, reconstructing and using said secret data to generate, via communication with at least a plurality T≦
  
  t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.
- View Dependent Claims (18, 23)
- - 18. A computer program comprising program code means for causing a computer to perform a method as claimed in claim 16 or claim 17.
  - 23. A computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method as claimed in claim 16 or claim 17.

17. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:
- storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the n password data shares, each being stored by a respective one of the n authentication servers, is needed to determine if said user password matches a password attempt;
  
  storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data;
  
  on receipt from the user computer of an authentication request sent to each of at least t₁authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers;
  
  on receipt from the user computer of a token request sent to each of at least a plurality T≦
  
  t₁of said at least t₁authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

19. A user computer, connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, for generating a cryptographic token for authenticating the user computer to a said verifier server under a username identifying the user computer to that verifier server, wherein the n authentication servers store respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
- n of the password data shares is needed to determine if said user password matches a password attempt, and further store respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the secret data shares is needed to reconstruct the secret data, the user computer comprising a user interface for input of a password attempt, and control logic adapted;
  
  on input via the user interface of a password attempt, to communicate via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and
  
  on receipt of said secret data shares, to reconstruct and use said secret data to generate, via communication with at least a plurality T≦
  
  t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

20. An authentication server for use, as one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the authentication server comprising:
- memory for storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the n password data shares, each being stored by a respective one of the n authentication servers, is needed to determine if said user password matches a password attempt, and for further storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data; and
  
  control logic adapted, on receipt from the user computer of an authentication request sent to each of at least t₁authentication servers on input of a password attempt at the user computer, to communicate via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers;
  
  the control logic being further adapted, on receipt from the user computer of a token request sent to each of at least a plurality T≦
  
  t₁of said at least t₁authentication servers on reconstruction of said secret data, to communicate with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.
- View Dependent Claims (21)
- - 21. A single sign-on system comprising:
    - a plurality n of authentication servers as claimed in claim 20 for use in generating a cryptographic token for authenticating a user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server; and
      
      and at least one verifier server adapted, on receipt of said cryptographic token from the user computer, to use the cryptographic token to verify authentication of the user computer under the username identifying the user computer to that verifier server.

22. A single sign-on system substantially as hereinbefore described with reference to FIGS. 1 to 6, or FIGS. 1 to 3 and 7 to 8c of the accompanying drawings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
CAMENISCH, Jan, LEHMANN, Anja, NEVEN, Gregory, GILAD, Yossi, NAGY, Zoltan A.

Granted Patent

US 9,705,872 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 9/085   Secret sharing or secret sp...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Distributed Single Sign-On

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed Single Sign-On

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links