ThresPassport - A Distributed Single Sign-On Service.

In this paper, we present ThresPassport (Threshold scheme-based Passport), a web-based, distributed Single Sign-On (SSO) system which utilizes a threshold-based secret sharing scheme to split a service provider's authentication key into partial shares distributed to authentication servers. Each authentication server generates a partial authentication token upon request by a legitimate user after proper authentication. Those partial authentication tokens are combined to compute an authentication token to sign the user on to a service provider. ThresPassport depends on neither Public Key Infrastructure (PKI) nor existence of a trustworthy authority. The sign-on process is as transparent to users as Microsoft's .NET Passport. ThresPassport offers many significant advantages over .NET Passport and other SSOs on security, portability, intrusion and fault tolerance, scalability, reliability, and availability. [ABSTRACT FROM AUTHOR]