Distributed single sign-on

US 9,705,872 B2
Filed: 09/25/2015
Issued: 07/11/2017
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method for generating, at a user computer which is connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, a cryptographic token for authenticating the user computer to a said verifier server under a username identifying the user computer to that verifier server:

wherein the n authentication servers store respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦

n of the password data shares is needed to determine if said user password matches a password attempt,and further store the n authentication servers respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦

t₁of the secret data shares is needed to reconstruct the secret data, the method comprising;

on input of a password attempt, communicating via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and

on receipt of said secret data shares, reconstructing and using said secret data to generate, via communication with at least a plurality T≦

t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t₁≦n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t₂≦t₁of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t₁authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≦t₁of said t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.

17 Citations

View as Search Results

17 Claims

1. A method for generating, at a user computer which is connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, a cryptographic token for authenticating the user computer to a said verifier server under a username identifying the user computer to that verifier server:
- wherein the n authentication servers store respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the password data shares is needed to determine if said user password matches a password attempt,and further store the n authentication servers respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the secret data shares is needed to reconstruct the secret data, the method comprising;
  
  on input of a password attempt, communicating via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and
  
  on receipt of said secret data shares, reconstructing and using said secret data to generate, via communication with at least a plurality T≦
  
  t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as claimed in claim 1 wherein t₁<
    - n.
  - 3. A method as claimed in claim 1 wherein t₂=t₁.
  - 4. A method as claimed in claim 1 wherein T=t₁.
  - 5. A method as claimed in claim 1 wherein, to generate said cryptographic token:
    - each of said at least T servers generates a token component, dependent on a secret key of a cryptographic key pair, and sends the token component to the user computer; and
      
      the user computer produces the cryptographic token by combining the token components, whereby the token can be authenticated by the selected verifier server using a public key of said cryptographic key pair.
  - 6. A method as claimed in claim 1 wherein said username is different for every verifier server.
  - 7. A method as claimed in claim 1 wherein said secret data comprises data indicative of said username for each verifier server.
  - 8. A method as claimed in claim 1 wherein said secret data comprises a cryptographic key for accessing stored data indicative of said username for each verifier server, said stored data being provided at a storage location accessible to the user computer via said network.
  - 9. A method as claimed in claim 1 including providing, at each of the n authentication servers, attribute data indicative of a set of user attributes associated with a holder of said user password, wherein, in generation of the token, said at least T authentication servers use the attribute data such that the cryptographic token demonstrates any attributes required by the selected verifier.
  - 10. A method as claimed in claim 1 including:
    - providing at the n authentication servers respective key-shares of a secret signing key for a threshold signature scheme whose threshold equals T; and
      
      at the user computer, on reconstructing said secret data, using the secret data to obtain from each of said at least T servers a partial signature, under the key-share of that server, on said username for the selected verifier server, and producing the cryptographic token by combining the partial signatures.
  - 11. A method as claimed in claim 10 wherein said secret data provides access to a verifier alias for each verifier server, the method including:
    - providing at the n authentication servers alias data mapping the verifier alias for each verifier server to said username for that verifier server;
      
      at the user computer, on reconstructing said secret data, sending to said at least T servers the verifier alias for the selected verifier server; and
      
      at each of said at least T servers, on receipt of the verifier alias, determining from said alias data the username mapping to that verifier alias, and producing said partial signature on the username so determined.
  - 12. A method as claimed in claim 1 wherein:
    - the method includes providing at each of the n authentication servers a secret issuance key of an issuance key pair for a privacy-preserving attribute-based credential scheme;
      
      said secret data provides access to the username for each verifier server and the username comprises a pseudonym, which is bound to a secret user key, of said credential scheme; and
      
      the method further includes, at the user computer, on reconstructing said secret data, obtaining from each of said at least T servers a privacy-preserving credential, produced using said secret issuance key of that server and bound to said secret user key, and producing the cryptographic token using the credentials from those servers, wherein the cryptographic token comprises a presentation token of said credential scheme for proving knowledge of at least T said credentials each bound to the secret user key to which said pseudonym for the selected verifier server is also bound.
  - 13. A method as claimed in claim 12 including:
    - providing at each of the n authentication servers a further pseudonym which is bound to said secret user key; and
      
      at each of said at least T authentication servers, when producing said privacy-preserving credential, binding the credential to the secret user key carried over from said further pseudonym.
  - 14. A method as claimed in claim 12 wherein said secret data further provides access to said secret user key.

15. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:
- storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the n password data shares, each being stored by a respective one of the n authentication servers, is needed to determine if said user password matches a password attempt;
  
  storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data;
  
  on receipt from the user computer of an authentication request sent to each of at least t₁authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers;
  
  on receipt from the user computer of a token request sent to each of at least a plurality T≦
  
  t₁of said at least t₁authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

16. A user computer, connectable via a network to a plurality of verifier servers and a plurality n of authentication servers, for generating a cryptographic token for authenticating the user computer to a said verifier server under a username identifying the user computer to that verifier server, wherein the n authentication servers store respective cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
- n of the password data shares is needed to determine if said user password matches a password attempt, and further store respective cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the secret data shares is needed to reconstruct the secret data, the user computer comprising a user interface for input of a password attempt, and control logic adapted;
  
  on input via the user interface of a password attempt, to communicate via said network with at least t₁authentication servers to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers; and
  
  on receipt of said secret data shares, to reconstruct and use said secret data to generate, via communication with at least a plurality T≦
  
  t₁of said at least t₁servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

17. An authentication server for use, as one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the authentication server comprising:
- memory for storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t₁≦
  
  n of the n password data shares, each being stored by a respective one of the n authentication servers, is needed to determine if said user password matches a password attempt, and for further storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t₂≦
  
  t₁of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data; and
  
  control logic adapted, on receipt from the user computer of an authentication request sent to each of at least t₁authentication servers on input of a password attempt at the user computer, to communicate via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t₂secret data shares from respective authentication servers;
  
  the control logic being further adapted, on receipt from the user computer of a token request sent to each of at least a plurality T≦
  
  t₁of said at least t₁authentication servers on reconstruction of said secret data, to communicate with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lehmann, Anja, Gilad, Yossi, Nagy, Zoltan A., Neven, Gregory, Camenisch, Jan
Primary Examiner(s)
Smithers, Matthew

Application Number

US14/865,287
Publication Number

US 20160094540A1
Time in Patent Office

655 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0815   providing single-sign-on or...

H04L 9/085   Secret sharing or secret sp...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Distributed single sign-on

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Distributed single sign-on

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others