Directly from Japan
A practical example would be the ability to access a website using the username and password of Facebook or Gmail. There, that is a SSO (single sign-on). The same goes for most smartphones, where access with a single combination of user name and password allows access to different services and applications.
The SSO schemes offer users the ability to access multiple platforms accessing one specific system. This specific system is called "identity provider" jargon and is considered trustworthy entity able to verify and store the user's identity. When the user attempts to access a service via SSO, the service provider asks the identity provider to authenticate the user.
The benefits of SSO systems are different. First of all, users do not have to remember different combinations of user name and password for each website or application. This equates to fewer people who forget passwords and consequently to a lower amount of phone calls to the service centers.
The SSO also alleviates the hassle of having to login repeatedly, which can, for example, encourage employees to use the tools oriented to the security of their company for activities such as secure file transfer.
But there is also saying that security risks do exist. The SSO systems are often run by large IT multinationals, which in the past have been caught stealing personal information from apps and websites without their consent for targeted advertising and other marketing purposes.
There is also concern that ID and password can be stored locally by third parties during insertion into the SSO system.
For this reason Professor Satoshi Iriyama Sciences, University of Tokyo and his colleague Maki Kihara have recently developed a new SSO algorithm that, in principle, this would prevent information exchange.
Dr. Iriyama says: "We wanted to create an SSO algorithm that do not divulge your identity and sensitive personal information to the service provider. Our algorithm uses your personal information only for authentication user, as originally expected when the SSO systems. "
Thanks to the structure of this algorithm is essentially impossible to disclose user information without permission. This is done by applying the principle of information management while they are still encrypted.
In the algorithm in question occur yes exchange of encrypted messages but never exchanging decryption keys, and no one was ever in possession of all the pieces of the puzzle because no one has the keys to all the information.
The third part (the site or app that you log in) comes to know if a user has been successfully authenticated, but it does not get access to user identity and its information sensitive. This will break the link that allows identity providers to draw specific information about you from third parties.
The system offers many other advantages. Developers provide protection from all typical forms of attack with which information or passwords are stolen. "Our algorithm can be used not only with an ID and password, but also with any other type of information such as biometric data, credit card information and user unique numbers known," says Iriyama.
This also means that users can only provide information they consider strictly necessary, reducing the risk that Big Tech companies or other third parties can put their hands on. In addition, the algorithm works so amazingly fast, an essential quality to ensure that the computational burden does not prevent the implementation. In a nutshell it is streamlined and easy to use.