Distributed single sign on technologies including privacy protection and proactive updating
First Claim
Patent Images
1. A method performed on a computing device that includes at least one processor and memory, the method comprising:
- given a unique identifier of a user, a password of the user, and a high-entropy random number, computing, by the computing device for each of a plurality of authentication devices, a high-entropy password based on the unique identifier, the password, the high-entropy random number, and an identifier that uniquely identifies the each of the plurality of authentication devices; and
sending, by the computing device to each of the plurality of authentication devices, the computed high-entropy password corresponding to the each of the plurality of authentication devices;
receiving, by the computing device from each of the plurality of authentication devices, an indication that the sent high-entropy password has been stored and that the user has been registered.
1 Assignment
0 Petitions
Accused Products
Abstract
Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
-
Citations
20 Claims
-
1. A method performed on a computing device that includes at least one processor and memory, the method comprising:
-
given a unique identifier of a user, a password of the user, and a high-entropy random number, computing, by the computing device for each of a plurality of authentication devices, a high-entropy password based on the unique identifier, the password, the high-entropy random number, and an identifier that uniquely identifies the each of the plurality of authentication devices; and sending, by the computing device to each of the plurality of authentication devices, the computed high-entropy password corresponding to the each of the plurality of authentication devices; receiving, by the computing device from each of the plurality of authentication devices, an indication that the sent high-entropy password has been stored and that the user has been registered. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer-readable media storing computer-executable instructions that, when executed by a computing device that includes at least one processor and memory, cause the computing device to perform a method comprising:
-
given a unique identifier of a user, a password of the user, and a high-entropy random number, computing, for each of a plurality of authentication devices, a high-entropy password based on the unique identifier, the password, the high-entropy random number, and an identifier that uniquely identifies the each of the plurality of authentication devices; and sending, to each of the plurality of authentication devices, the computed high-entropy password corresponding to the each of the plurality of authentication devices; receiving, from each of the plurality of authentication devices, an indication that the sent high-entropy password has been stored and that the user has been registered. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising a computing device and at least one program module that are together configured for performing actions, the computing device that including at least one processor and memory, the actions comprising:
-
given a unique identifier of a user, a password of the user, and a high-entropy random number, computing, by the computing device for each of a plurality of authentication devices, a high-entropy password based on the unique identifier, the password, the high-entropy random number, and an identifier that uniquely identifies the each of the plurality of authentication devices; and sending, by the computing device to each of the plurality of authentication devices, the computed high-entropy password corresponding to the each of the plurality of authentication devices; receiving, by the computing device from each of the plurality of authentication devices, an indication that the sent high-entropy password has been stored and that the user has been registered. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification