Distributed single sign on technologies including privacy protection and proactive updating
First Claim
Patent Images
1. A method comprising:
- sending, by a computing device, a request for access;
receiving, by the computing device in response to the sent request, a list of t authentication devices, a unique service identifier, and a value;
sending, by the computing device for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;
receiving, by the computing device in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number;
computing, by the computing device, an authentication token based on j of the received partial authentication tokens, where 1≦
j≦
t;
sending, by the computing device, the authentication token;
receiving, by the computing device in response to the sent authentication token, the requested access.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
-
Citations
20 Claims
-
1. A method comprising:
-
sending, by a computing device, a request for access; receiving, by the computing device in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; sending, by the computing device for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;receiving, by the computing device in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; computing, by the computing device, an authentication token based on j of the received partial authentication tokens, where 1≦
j≦
t;sending, by the computing device, the authentication token; receiving, by the computing device in response to the sent authentication token, the requested access. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer-readable media storing computer-readable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:
-
sending a request for access; receiving, in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; sending, for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;receiving, in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; computing an authentication token based on j of the received partial authentication tokens, where 1<
j≦
t;sending, by the computing device, the authentication token; receiving, in response to the sent authentication token, the requested access. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a computing device configured for sending a request for access; the computing device further configured for receiving, in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; the computing device further configured for sending, for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;the computing device further configured for receiving, in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; the computing device further configured for computing an authentication token based on j of the received partial authentication tokens, where 1<
j≦
t;the computing device further configured for sending, by the computing device, the authentication token; the computing device further configured for receiving, in response to the sent authentication token, the requested access. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification