Server pool kerberos authentication scheme
First Claim
Patent Images
1. A method of generating a Service Ticket for a requested Service comprising:
- receiving a request for a Service Ticket from a client;
generating a session key;
encrypting a cipher text with the session key determining a number of servers designated to provide the requested service;
for each providing server, encrypting the session key with a secret key associated with each respective server;
creating a Service Ticket that includes an encrypted session key for each providing server, and the encrypted cipher text; and
transmitting the Service Ticket to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.
-
Citations
50 Claims
-
1. A method of generating a Service Ticket for a requested Service comprising:
-
receiving a request for a Service Ticket from a client;
generating a session key;
encrypting a cipher text with the session key determining a number of servers designated to provide the requested service;
for each providing server, encrypting the session key with a secret key associated with each respective server;
creating a Service Ticket that includes an encrypted session key for each providing server, and the encrypted cipher text; and
transmitting the Service Ticket to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 40, 41)
-
-
9. A method of authenticating a client'"'"'s request for a service provided by a service pool comprising;
-
a server receiving a Service Ticket having at least one encrypted session key, and an encrypted cipher text;
decrypting the encrypted session key associated with the receiving server utilizing a secret key associated with the receiving server;
decrypting the cipher text utilizing the decrypted session key; and
providing the service to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A Key Distribution Center comprising:
-
an Authentication Service that is capable of authenticating that a client may legitimately access the Key Distribution Center, and issuing a Ticket-Granting-Ticket to the client; and
a Ticket Granting Service that is capable of accepting the Ticket-Granting-Ticket from the client, and issuing a Multi-Server Service Ticket to the client; and
wherein the Multi-Server Service Ticket allows the client access a network service that is provided by a plurality of servers. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
a Key Distribution Center having;
an Authentication Service that is capable of authenticating that a client may legitimately access the Key Distribution Center, and issuing a Ticket-Granting-Ticket to the client; and
a Ticket Granting Service that is capable of accepting the Ticket-Granting-Ticket from the client, and issuing a Multi-Server Service Ticket to the client;
a plurality of servers that are each capable of providing the client with a network service; and
wherein the Multi-Server Service Ticket allows the client access the network service provided by the plurality of servers. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. An article comprising:
a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed, the instructions provide for;
receiving a request for a Service Ticket from a client;
generating a session key;
encrypting a cipher text with the session key determining the number of servers designated to provide the requested service;
for each providing server, encrypting the session key with a secret key associated with each respective server;
creating a Service Ticket that includes an encrypted session key for each providing server, and the encrypted cipher text; and
transmitting the Service Ticket to the client. - View Dependent Claims (35, 36, 37, 38, 39)
-
42. An article comprising:
a storage medium having a plurality of machine accessible instructions, wherein when the instructions are executed, the instructions provide for;
a server receiving a Service Ticket having at least one encrypted session key, and an encrypted cipher text;
decrypting the encrypted session key associated with the receiving server utilizing a secret key associated with the receiving server;
decrypting the cipher text utilizing the decrypted session key; and
providing the service to the client. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
Specification