摘要 |
In a client-server system, a user (230) logs in to their account using identification information e.g. user name and password. The server (110) determines two integers N and K, where K<N. A user is permitted to log into the system using any one of N/K devices (140-180), and must use one of their devices for at least K/N of the time. The server sends shares to the user when the server is accessed and, after N-(N/K)+1 shares have been sent, the server verifies whether at least K shares are stored in any one of the devices used by the client. Positive verification indicates that the client has used one of their devices at least K/N of the time in order to accumulate the K shares, through operation of the pigeonhole principle, and is therefore legitimate. Negative verification indicates it is likely that the identification information has been obtained illegally and distributed to a wide number of other users and devices (245-285), none of which would therefore meet the permitted criteria. |