New privacy-preserving SSO algorithm hides user info from third parties

2020-06-30 09:33

Some people are also concerned that their ID and password could be stored locally by third parties when they provide them to the SSO mechanism.

In an effort to address these problems, Associate Professor Satoshi Iriyama from Tokyo University of Science and his colleague Dr Maki Kihara have recently developed a new SSO algorithm that on principle prevents such holistic information exchange.

Dr Iriyama states: "We aimed to develop an SSO algorithm that does not disclose the user's identity and sensitive personal information to the service provider. In this way, our SSO algorithm uses personal information only for authentication of the user, as originally intended when SSO systems were introduced."

Because of the way this SSO algorithm is designed, it is impossible in essence for user information to be disclosed without authorization.

In their SSO algorithm, all parties exchange encrypted messages but never exchange decryption keys, and no one is ever in possession of all the pieces of the puzzle because no one has the keys to all the information.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/FEe1j4CKiww/

#privacy #SSO