Bell Labs simplifies single sign-on

Scientists at Bell Labs working on authentication systems have developed what they see as a simplified approach to single sign-on which lets users submit all their user name, password, certificate and encryption keys to one so-called Secure Store program, from where they can log into all their network-based services and applications.

The research division of Murray Hill, New Jersey-based Lucent Technologies said although its system was designed for Bell Lab's Plan 9 open-source operating system, anticipated ports would allow it to be used to control access to applications, databases and systems running on any Windows, Linux, Unix or Solaris platform.

The Secure Store software protects user data using the US Government Advanced Encryption Standard. The access software works in association with another Bell Labs software development branded as Factotum. Secure Store acts as a repository of all users' personal information, and Factotum handles authentication using a system of software agents.

As all personal information is stored on the network and not on a device, it is seen as offering a robust security option. It is also designed to be easy to use, with users only needing to provide a single password to prove their identity to their networked systems.

Secure Store takes in the use of a new security protocol created at Bell Labs for password-authenticated key exchange, called PAK. This is said to be similar to the Diffie-Hellman symmetric key exchange that sits at the core of most commercial cryptographic systems.

© ComputerWire