Method and system for accessing a device by a user

US 10,243,742 B2
Filed: 12/01/2017
Issued: 03/26/2019
Est. Priority Date: 04/12/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A system for authenticating a user accessing a device, the system comprising:

an authentication server configured to;

generate a part of a ticket granting ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete ticket granting ticket useable to obtain an authentication ticket, andgenerate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key; and

a ticket granting server configured to;

authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete ticket granting ticket, andgenerate, collaboratively with the at least one other ticket granting server based on satisfaction of a predetermined authorization condition in comparing the content of the decrypted user request information with the complete ticket granting ticket, the authentication ticket which is useable by the user to access the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating a user accessing a device includes an authentication server and a ticket granting server. The authentication server is configured to generate a part of an authentication ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete authentication ticket, and to generate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key. The ticket granting server is configured to authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete authentication ticket.

27 Citations

15 Claims

1. A system for authenticating a user accessing a device, the system comprising:
- an authentication server configured to;
  
  generate a part of a ticket granting ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete ticket granting ticket useable to obtain an authentication ticket, andgenerate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key; and
  
  a ticket granting server configured to;
  
  authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete ticket granting ticket, andgenerate, collaboratively with the at least one other ticket granting server based on satisfaction of a predetermined authorization condition in comparing the content of the decrypted user request information with the complete ticket granting ticket, the authentication ticket which is useable by the user to access the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system according to claim 1, wherein the authentication server and the ticket granting server are part of a same physical entity.
  - 3. The system according to claim 2, wherein the at least one other authentication server and the at least one other ticket granting server are part of a different physical entity.
  - 4. The system according to claim 2, wherein the physical entity is a Kerberos server.
  - 5. The system according to claim 1, further comprising a proxy configured to route communications between the servers and the device.
  - 6. The system according to claim 5, wherein the proxy is configured to concatenate the parts of the ticket granting ticket to produce the complete ticket granting ticket.
  - 7. The system according to claim 6, wherein the proxy is configured to concatenate the parts of the user session key to produce the combined user session key.
  - 8. The system according to claim 7, wherein the proxy is configured to combine the complete ticket granting ticket and the combined user session key into a single message and send the message to the device.
  - 9. The system according to claim 5, wherein the proxy is located on a same physical entity with the authentication server and the ticket granting server.
  - 10. The system according to claim 9, wherein the proxy is configured to send a request of the user to access the device to the at least one other authentication server located on a different physical entity.
  - 11. The system according to claim 1, wherein the authentication server is configured to encrypt the combined user session key collaboratively with the at least one other authentication server using a secure multi-party computing protocol.
  - 12. The system according to claim 11, wherein the secure multi-party computing protocol is based on garbled circuits.
  - 13. The system according to claim 1, wherein the authentication server is configured to use an oblivious transfer protocol to communicate the part of the user session key for combination with the at least one other part into the combined user session key.
  - 14. The system according to claim 1, wherein the ticket granting server is configured to use a part of the credentials of the device and an oblivious transfer protocol to, collaboratively with the at least one other ticket granting server, encrypt the combined user session key.
  - 15. The system according to claim 1, wherein the authentication server is configured to generate the part of the user session key using random number generation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Bohli, Jens-Matthias, Li, Wenting, Seedorf, Jan
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Bucknor, Olanrewaju J.

Application Number

US15/828,569
Publication Number

US 20180102900A1
Time in Patent Office

480 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2209/46   Secure multiparty computati...

H04L 2209/50   Oblivious transfer

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/0819   Key transport or distributi...

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

H04L 9/3213   using tickets or tokens, e....

Y04S 40/20   Information technology spec...

Method and system for accessing a device by a user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for accessing a device by a user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links