Distributed single sign on technologies including privacy protection and proactive updating
First Claim
Patent Images
1. A method performed on an authentication device that includes at least one processor and memory, the method comprising:
- computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value;
providing each update value to its corresponding one of the plurality of authentication devices;
receiving, by the authentication device, another update value from each of the other authentication devices;
updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
-
Citations
20 Claims
-
1. A method performed on an authentication device that includes at least one processor and memory, the method comprising:
-
computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value; providing each update value to its corresponding one of the plurality of authentication devices; receiving, by the authentication device, another update value from each of the other authentication devices; updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer-readable media storing computer-executable instructions that cause, based on execution by at least one processor of an authentication device, the authentication device to perform actions comprising:
-
computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value; providing each update value to its corresponding one of the plurality of authentication devices; receiving another update value from each of the other authentication devices; updating a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising an authentication device and at least one program module that are configured for performing actions, the an authentication device including at least one processor and memory, the actions comprising:
-
computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value; providing each update value to its corresponding one of the plurality of authentication devices; receiving, by the authentication device, another update value from each of the other of the authentication devices; updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification