Distributed single sign on technologies including privacy protection and proactive updating
First Claim
Patent Images
1. A method performed on a computing device that includes at least one processor and memory, the method comprising:
- generating, by the computing device for each of a plurality of authentication devices, an authentication password that is based on a password of a user and on a device identifier that uniquely identifies the each of the plurality of authentication devices, where each of the generated authentication passwords in conjunction with an identifier of the user is configured for authenticating the user to the corresponding each of the plurality of authentication devices, where authenticating the user to a portion of the plurality of authentication devices based on their corresponding generated authentication passwords results in an authentication token configured for providing access to a service by the user.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
31 Citations
20 Claims
-
1. A method performed on a computing device that includes at least one processor and memory, the method comprising:
- generating, by the computing device for each of a plurality of authentication devices, an authentication password that is based on a password of a user and on a device identifier that uniquely identifies the each of the plurality of authentication devices, where each of the generated authentication passwords in conjunction with an identifier of the user is configured for authenticating the user to the corresponding each of the plurality of authentication devices, where authenticating the user to a portion of the plurality of authentication devices based on their corresponding generated authentication passwords results in an authentication token configured for providing access to a service by the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. At least one computer storage device comprising:
- at least one memory storing computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to perform a method comprising;
generating, by the computing device for each of a plurality of authentication devices, an authentication password that is based on a password of a user and on a device identifier that uniquely identifies the each of the plurality of authentication devices, where each of the generated authentication passwords in conjunction with an identifier of the user is configured for authenticating the user to the corresponding each of the plurality of authentication devices, where authenticating the user to a portion of the plurality of authentication devices based on their corresponding generated authentication passwords results in an authentication token configured for providing access to a service by the user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
- at least one memory storing computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to perform a method comprising;
-
15. A system comprising:
- a computing device and at least one program module that are together configured for performing actions, the computing device including at least one processor and memory, the action comprising;
generating, by the computing device for each of a plurality of authentication devices, an authentication password that is based on a password of a user and on a device identifier that uniquely identifies the each of the plurality of authentication devices, where each of the generated authentication passwords in conjunction with an identifier of the user is configured for authenticating the user to the corresponding each of the plurality of authentication devices, where authenticating the user to a portion of the plurality of authentication devices based on their corresponding generated authentication passwords results in an authentication token configured for providing access to a service by the user. - View Dependent Claims (16, 17, 18, 19, 20)
- a computing device and at least one program module that are together configured for performing actions, the computing device including at least one processor and memory, the action comprising;
Specification