Single sign-on using trusted platforms

Abstract

At present, network users have to remember a username and a corresponding password for every service with which they are registered. One solution to the security and usability implications of this situation is Single Sign-On, whereby the user authenticates only once to an 'Authentication Service Provider' (ASP) and subsequently uses disparate Service Providers (SPs) without necessarily re-authenticating. The information about the user's authentication status is handled between the ASP and the desired SP transparently to the user. This paper describes a method by which the end-user's computing platform itself plays the role of the ASP. The platform has to be a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA) specifications. The relevant TCPA architectural components and security services are described and associated threats are analysed. © Springer-Verlag Berlin Heidelberg 2003.