Distributed single sign on technologies including privacy protection and proactive updating

US 9,160,528 B2
Filed: 02/29/2012
Issued: 10/13/2015
Est. Priority Date: 11/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method performed on an authentication device that includes at least one processor and memory, the method comprising:

computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value;

providing each update value to its corresponding one of the plurality of authentication devices;

receiving, by the authentication device, another update value from each of the other authentication devices;

updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret, keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.

Citations

20 Claims

1. A method performed on an authentication device that includes at least one processor and memory, the method comprising:
- computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value;
  
  providing each update value to its corresponding one of the plurality of authentication devices;
  
  receiving, by the authentication device, another update value from each of the other authentication devices;
  
  updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising broadcasting, by the authentication device to the plurality of authentication devices, validation data.
  - 3. The method of claim 2 further comprising validating the received another update values based on the validation data.
  - 4. The method of claim 1 where the updating comprises adding the update value of the authentication device and the received update values to the share resulting in an updated share.
  - 5. The method of claim 1 where the corresponding update value is based on a random polynomial that is of an order t−
    - 1 where t is a number of authentication servers in the plurality of authentication servers.
  - 6. The method of claim 5 where coefficients of the generated random polynomial are each random numbers.
  - 7. The method of claim 5 wherein a constant of the generated random polynomial is zero.

8. At least one computer-readable media storing computer-executable instructions that cause, based on execution by at least one processor of an authentication device, the authentication device to perform actions comprising:
- computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value;
  
  providing each update value to its corresponding one of the plurality of authentication devices;
  
  receiving another update value from each of the other authentication devices;
  
  updating a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The at least one computer-readable media of claim 8, the actions further comprising broadcasting, by the authentication device to the plurality of authentication devices, validation data.
  - 10. The at least one computer-readable media of claim 9, the actions further comprising validating the received another update values based on the validation data.
  - 11. The at least one computer-readable media of claim 8 where the updating comprises adding the update value of the authentication device and the received update values to the share resulting in an updated share.
  - 12. The at least one computer-readable media of claim 8 where the corresponding update value is based on a random polynomial that is of an order t−
    - 1 where t is a number of authentication servers in the plurality of authentication servers.
  - 13. The at least one computer-readable media of claim 12 where coefficients of the generated random polynomial are each random numbers.
  - 14. The at least one computer-readable media of claim 12 wherein a constant of the generated random polynomial is zero.

15. A system comprising an authentication device and at least one program module that are configured for performing actions, the an authentication device including at least one processor and memory, the actions comprising:
- computing, by the authentication device for each of a plurality of authentication devices that includes the authentication device, a corresponding update value;
  
  providing each update value to its corresponding one of the plurality of authentication devices;
  
  receiving, by the authentication device, another update value from each of the other of the authentication devices;
  
  updating, by the authentication device, a share of a secret based on the update value of the authentication device and on the received update values, where the updating the share does not require changing the secret.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, the actions further comprising broadcasting, by the authentication device to the plurality of authentication devices, validation data.
  - 17. The system of claim 16, the actions further comprising validating the received another update values based on the validation data.
  - 18. The system of claim 15 where the updating comprises adding the update value of the authentication device and the received update values to the share resulting in an updated share.
  - 19. The system of claim 15 where the corresponding update value is based on a random polynomial that is of an order t−
    - 1 where t is a number of authentication servers in the plurality of authentication servers.
  - 20. The system of claim 19 where coefficients of the generated random polynomial are each random numbers, or where a constant of the generated random polynomial is zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Zhu, Bin Benjamin, Feng, Min
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
MEJIA, FELICIANO S

Application Number

US13/408,875
Publication Number

US 20120159588A1
Time in Patent Office

1,322 Days
Field of Search

713/177, 713/170, 713/168, 713/189, 726/8, 726/6, 726/26, 380/30, 380/286, 380/44, 380/278, 380/283
US Class Current

1/1
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

Distributed single sign on technologies including privacy protection and proactive updating

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed single sign on technologies including privacy protection and proactive updating

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links