Please download the dossier by clicking on the dossier button x
×

DISTRIBUTED SINGLE SIGN-ON

  • US 20180302396A1
  • Filed: 06/13/2018
  • Published: 10/18/2018
  • Est. Priority Date: 09/25/2014
  • Status: Active Grant
First Claim
Patent Images

1. An authentication server for use, as one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the authentication server comprising:

  • memory for storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t1

    n of the n password data shares, each being stored by a respective one of the n authentication servers, is needed to determine if said user password matches a password attempt, and for further storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t2

    t1 of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data; and

    control logic adapted, on receipt from the user computer of an authentication request sent to each of at least t1 authentication servers on input of a password attempt at the user computer, to communicate via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers;

    the control logic being further adapted, on receipt from the user computer of a token request sent to each of at least a plurality T≤

    t1 of said at least t1 authentication servers on reconstruction of said secret data, to communicate with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×