An Identity Based Single-Sign-On Scheme for Computer Networks

Conventionally, no user identification is required for a user to log into a security-protected system. User authentication is based on what the user knows, or what the user has, which can be easily shared among others. Moreover, when multiple systems are involved, the user is then required to authenticate to each system individually and repeatedly. In this paper, we present a scheme to achieve secure user identification and authentication to multiple security-protected systems simultaneously through a single operation. The proposed scheme is based on the well-known RSA cryptosystem, the discrete logarithm problem and the subset-sum NP-complete problem. Security analysis shows that the proposed scheme is secure to all known security attacks and can be easily implemented in various environments including very resource constrained environment such as Smart Cards.