Methods and arrangements for protecting information in forwarded authentication messages
First Claim
1. A method for use in protecting information in forwarded authentication messages, the method comprising:
- encoding data using an encryption key;
encoding the encryption key using at least one other encryption key; and
encapsulating the resulting encoded data and the encoded encryption key in a forwarded authentication message.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and arrangements are provided to selectively control access to the authentication information or portions thereof. The methods and arrangements are based on a scheme wherein the authentication information further includes specially encoded portions that can only be decoded by selected server-based services/processes. One method for use in protecting information in forwarded authentication messages includes encoding the selected data using an encryption key, then encoding the encryption key itself, using at least one other encryption key that only certain selected servers/services have access to, and then encapsulating the resulting encoded data and the encoded encryption key in an authentication message. This and other methods are particularly applicable to Kerberos and other like authentication arrangements.
-
Citations
17 Claims
-
1. A method for use in protecting information in forwarded authentication messages, the method comprising:
-
encoding data using an encryption key;
encoding the encryption key using at least one other encryption key; and
encapsulating the resulting encoded data and the encoded encryption key in a forwarded authentication message. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-readable medium for use in protecting information in forwarded authentication messages, the computer-readable medium having computer-executable instructions for performing acts comprising:
-
using an encryption key to encode data;
using at least one other encryption key to encode the encryption key;
including the resulting encoded data in at least one authentication message; and
including the encoded encryption key in at least one authentication message. - View Dependent Claims (7, 8, 9, 10, 11, 13, 14, 15, 16)
-
-
12. An apparatus for use in protecting information in forwarded authentication messages, the apparatus comprising logic configured to encode data using an encryption key, encode the encryption key using at least one other encryption key, and encapsulate the resulting encoded data and the encoded encryption key in an authentication message.
-
17. A computer-readable medium having stored thereon an authentication message, comprising:
-
encoded data; and
at least one encoded encryption key operatively associated with at least a portion of the encoded data.
-
Specification