Skip to main content

ThresPassport – A Distributed Single Sign-On Service

  • Conference paper
Advances in Intelligent Computing (ICIC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3645))

Included in the following conference series:

Abstract

In this paper, we present ThresPassport (Threshold scheme-based Passport), a web-based, distributed Single Sign-On (SSO) system which utilizes a threshold-based secret sharing scheme to split a service provider’s authentication key into partial shares distributed to authentication servers. Each authentication server generates a partial authentication token upon request by a legitimate user after proper authentication. Those partial authentication tokens are combined to compute an authentication token to sign the user on to a service provider. ThresPassport depends on neither Public Key Infrastructure (PKI) nor existence of a trustworthy authority. The sign-on process is as transparent to users as Microsoft’s .NET Passport. ThresPassport offers many significant advantages over .NET Passport and other SSOs on security, portability, intrusion and fault tolerance, scalability, reliability, and availability.

This work was done when Tierui Chen was an intern at Microsoft Research Asia.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Internet Engineering Task Force, RFC 1510: The Kerberos Network Authentication Service (V5) (September 1993)

    Google Scholar 

  2. Pashalidis, A., Mitchell, C.J.: A Taxonomy of Single Sign-On Systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 249–264. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. http://www.projectliberty.org

  4. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  5. http://www.passport.com

  6. Kormann, D.P., Rubin, A.D.: Risks of the Passport Single Signon Protocol. IEEE Computer Networks 33, 51–58 (2000)

    Article  Google Scholar 

  7. Oppliger, R.: Microsoft.NET Passport: A Security Analysis. IEEE Computer Magazine 36(7), 29–35 (2003)

    Google Scholar 

  8. Shamir, A.: How to Share a Secret. Communications of ACM 24(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  9. Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  10. Josephson, W.K., Sirer, E.G., Schneider, F.B.: Peer-to-Peer Authentication with a Distributed Single Sign-On Service. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 250–258. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, London (1997)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chen, T., Zhu, B.B., Li, S., Cheng, X. (2005). ThresPassport – A Distributed Single Sign-On Service. In: Huang, DS., Zhang, XP., Huang, GB. (eds) Advances in Intelligent Computing. ICIC 2005. Lecture Notes in Computer Science, vol 3645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11538356_80

Download citation

  • DOI: https://doi.org/10.1007/11538356_80

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28227-3

  • Online ISBN: 978-3-540-31907-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics