Distributed single sign on technologies including privacy protection and proactive updating
First Claim
Patent Images
1. A method comprising:
- sending, by a computing device, a request for access;
receiving, by the computing device in response to the sent request, a list of t authentication devices, a unique service identifier, and a value;
sending, by the computing device for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;
receiving, by the computing device in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number;
computing, by the computing device, an authentication token based on j of the received partial authentication tokens, where 1≦
j≦
t;
sending, by the computing device, the authentication token;
receiving, by the computing device in response to the sent authentication token, the requested access.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
-
Citations
20 Claims
-
1. A method comprising:
-
sending, by a computing device, a request for access; receiving, by the computing device in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; sending, by the computing device for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;receiving, by the computing device in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; computing, by the computing device, an authentication token based on j of the received partial authentication tokens, where 1≦
j≦
t;sending, by the computing device, the authentication token; receiving, by the computing device in response to the sent authentication token, the requested access. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer-readable media storing computer-readable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:
-
sending a request for access; receiving, in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; sending, for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;receiving, in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; computing an authentication token based on j of the received partial authentication tokens, where 1<
j≦
t;sending, by the computing device, the authentication token; receiving, in response to the sent authentication token, the requested access. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a computing device configured for sending a request for access; the computing device further configured for receiving, in response to the sent request, a list of t authentication devices, a unique service identifier, and a value; the computing device further configured for sending, for each j where 1<
j≦
t, data comprising a user identifier of a user, the unique service identifier, the value, and a random number;the computing device further configured for receiving, in response to the sent data for each j, a partial authentication token based on the sent user identifier, the sent unique service identifier, the sent value, and the sent random number; the computing device further configured for computing an authentication token based on j of the received partial authentication tokens, where 1<
j≦
t;the computing device further configured for sending, by the computing device, the authentication token; the computing device further configured for receiving, in response to the sent authentication token, the requested access. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
InventorsZhu, Bin Benjamin, Feng, Min
-
Primary Examiner(s)Chao, Michael
-
Assistant Examiner(s)MEJIA, FELICIANO S
-
Application NumberUS13/408,434Publication NumberTime in Patent Office1,273 DaysField of Search709/229, 380/28, 726/2, 726/8, 726/9US Class Current1/1CPC Class CodesH04L 63/0435 wherein the sending and rec...H04L 63/0815 providing single-sign-on or...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 9/085 Secret sharing or secret sp...H04L 9/3218 using proof of knowledge, e...H04L 9/3226 using a predetermined code,...
