公开(公告)号：US20070094498A1

公开(公告)日：2007-04-26

申请号：US11530998

申请日：2006-09-12

申请人： Magnus Nystrom ,  Anders Rundgren ,  William Duane

发明人： Magnus Nystrom ,  Anders Rundgren ,  William Duane

IPC分类号： H04L9/00

CPC分类号： G06Q20/3674 ,  G06F21/41 ,  H04L9/3213 ,  H04L9/3228 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/0838

摘要： A single sign-on technique allows multiple accesses to one or more applications or other resources using a proof-of-authentication module operating in conjunction with a standard authentication component. The application or other resource issues an authentication information request to the standard authentication component responsive to an access request from the user. The application or other resource receives, responsive to the authentication information request, a proof-of-authentication value from the standard authentication component, and authenticates the user based on the proof-of-authentication value. The standard authentication component interacts with the proof-of-authentication module to obtain the proof-of authentication value. The proof-of-authentication module is configured to generate multiple proof-of-authentication values for authentication of respective access requests of the user.

摘要翻译： 单一登录技术允许使用与标准认证组件一起运行的认证证明模块对一个或多个应用程序或其他资源进行多次访问。 响应于来自用户的访问请求，应用或其他资源向标准认证组件发出认证信息请求。 应用程序或其他资源响应于认证信息请求接收来自标准认证组件的认证证明值，并且基于认证证明​​值对用户进行认证。 标准认证组件与认证证明模块进行交互以获得认证值证明。 身份验证模块被配置为生成用于认证用户的各个访问请求的多个认证证明值。

公开(公告)号：US20060256961A1

公开(公告)日：2006-11-16

申请号：US11265510

申请日：2005-11-02

申请人： John Brainard ,  Burton Kaliski ,  Magnus Nystrom ,  Ronald Rivest

发明人： John Brainard ,  Burton Kaliski ,  Magnus Nystrom ,  Ronald Rivest

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  G06F21/31 ,  G06F21/33 ,  H04L9/0844 ,  H04L9/0869 ,  H04L9/3234 ,  H04L63/0428

摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.