A METHOD AND SYSTEM FOR REQUESTING AND GRANTING MEMBERSHIP IN A SERVER FARM

US 20060161974A1
Filed: 01/14/2005
Published: 07/20/2006
Est. Priority Date: 01/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for requesting membership in a server farm, the method comprising the steps of:

receiving, by a requesting server, a name of the server farm, a passphrase, and a name of a server in the server farm;

transmitting, by the requesting server, to the server in the server farm a request for membership in the server farm and a first nonce;

receiving by the requesting server, an acknowledgement of the request and a second nonce;

generating, by the requesting server, a hash of the server farm name, the passphrase, the name of the requesting server, the name of the server in the server farm, the first nonce, and the second nonce;

deriving, by the requesting server, a Kerberos service ticket and a Kerberos authenticator responsive to the generated hash; and

transmitting, by the requesting server, the Kerberos service ticket and the Kerberos authenticator to the server in the server farm.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server transmits to a server in a server farm a request for membership in the server farm and a first nonce. The server derives a Kerberos service ticket and a Kerberos authenticator, responsive to generating a hash of the server farm name, a passphrase, the name of the server, the name of the server in the server farm, the first nonce, and a second nonce. The server transmits the Kerberos service ticket and the Kerberos authenticator to the server in the server farm. The server in the server farm authenticates the requesting server responsive to the received Kerberos service ticket and the Kerberos authenticator and a generated hash. The server in the server farm transmits, responsive to the authentication, a secret to the requesting server.

134 Citations

View as Search Results

28 Claims

1. A method for requesting membership in a server farm, the method comprising the steps of:
- receiving, by a requesting server, a name of the server farm, a passphrase, and a name of a server in the server farm;
  
  transmitting, by the requesting server, to the server in the server farm a request for membership in the server farm and a first nonce;
  
  receiving by the requesting server, an acknowledgement of the request and a second nonce;
  
  generating, by the requesting server, a hash of the server farm name, the passphrase, the name of the requesting server, the name of the server in the server farm, the first nonce, and the second nonce;
  
  deriving, by the requesting server, a Kerberos service ticket and a Kerberos authenticator responsive to the generated hash; and
  
  transmitting, by the requesting server, the Kerberos service ticket and the Kerberos authenticator to the server in the server farm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein step (a) further comprises receiving, by the requesting server, the name of the server farm, the passphrase, and the name of the server in the server farm from an administrator of the server farm.
  - 3. The method of claim 1, wherein step (a) further comprises receiving a fully qualified pathname of the server farm.
  - 4. The method of claim 1, wherein step (a) further comprises receiving a fully qualified pathname of the server in the server farm.
  - 5. The method of claim 1, wherein step (b) further comprises transmitting, by the requesting server, a command to start communications with the server in the server farm.
  - 6. The method of claim 1, wherein step (d) further comprises generating an HMAC-SHA1 keyed hash of the server farm name, the passphrase, the name of the requesting server, the name of the server in the server farm, the first nonce and the second nonce.
  - 7. The method of claim 1, wherein step (d) further comprises generating an HMAC-SHA-256 keyed hash of the server farm name, the passphrase, the name of the requesting server, the name of the server in the server farm, the first nonce and the second nonce.
  - 8. The method of claim 1, wherein step (d) further comprises generating an HMAC-MD5 keyed hash of the server farm name, the passphrase, the name of the requesting server, the name of the server in the server farm, the first nonce and the second nonce.
  - 9. The method of claim 1, wherein step (f) further comprises transmitting the Kerberos service ticket and the Kerberos authenticator over Secure Sockets Layer/Transport Layer Security (SSL/TLS).
  - 10. The method of claim 9, wherein step (f) further comprises using Kerberos to transmit the Kerberos service ticket and the Kerberos authenticator over Secure Sockets Layer/Transport Layer Security (SSL/TLS).
  - 11. The method of claim 1, wherein step (f) further comprises transmitting the Kerberos service ticket and the Kerberos authenticator using Generic Security Services Application Program Interface (GSSAPI).
  - 12. The method of claim 11, wherein step (f) further comprises using Kerberos to transmit the Kerberos service ticket and the Kerberos authenticator over Generic Security Services Application Program Interface (GSSAPI).

13. A system for requesting membership in a server farm comprising:
- a receiver receiving a name of the server farm, a passphrase, and a name of a server in the server farm;
  
  a transmitter, in communication with the receiver, transmitting to the server in the server farm a request for membership in the server farm and a first nonce; and
  
  a generator in communication with the receiver and the transmitter, the generator generating a hash of the server farm name, the passphrase, the name of the receiver, the name of the server in the server farm, the first nonce and a second nonce received by the receiver in response to the transmitted request for membership in the server farm, the generator deriving a Kerberos service ticket and a Kerberos authenticator responsive to the generated hash, the transmitter transmitting the Kerberos service ticket and the Kerberos authenticator to the server in the server farm.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the receiver further comprises receiving a fully-qualified pathname of the server farm.
  - 15. The system of claim 13, wherein the receiver further comprises receiving a fully-qualified pathname of the server in the server farm.

16. A method for granting membership in a server farm, the method comprising the steps of:
- receiving, by a server in the server farm, a request for membership in the server farm and a Kerberos service ticket and a Kerberos authenticator;
  
  generating, by the server in the server farm, a hash of a name of the server farm, a passphrase, the name of the requester, the name of the server, a first nonce, and a second nonce;
  
  authenticating, by the server in the server farm, the requester, responsive to the received Kerberos service ticket and the Kerberos authenticator and the generated hash; and
  
  transmitting, by the server in the server farm, responsive to the authentication, a secret to the requester.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The method of claim 16, wherein step (b) further comprises generating an HMAC-SHA1 keyed hash of the name of the server farm, the passphrase, the name of the requester, the name of the server, the first nonce and the second nonce.
  - 18. The method of claim 16, wherein step (b) further comprises generating an HMAC-SHA-256 keyed hash of the name of the server farm, the passphrase, the name of the requester, the name of the server, the first nonce and the second nonce.
  - 19. The method of claim 16, wherein step (b) further comprises generating an HMAC-MD5 keyed hash of the name of the server farm, the passphrase, the name of the requester, the name of the server, the first nonce and the second nonce.
  - 20. The method of claim 16 wherein step (d) further comprises transmitting a secret encrypted responsive to the session key in the received Kerberos service ticket.
  - 21. The method of claim 20, wherein step (d) further comprises transmitting a 128-bit secret.
  - 22. The method of claim 20, wherein step (d) further comprises transmitting a 256-bit secret.
  - 23. The method of claim 20, wherein step (d) further comprises transmitting a 512-bit secret.

24. A system for granting membership in a server farm comprising:
- a receiver, receiving a request for membership in the server farm and a first hash;
  
  a generator in communication with the receiver, generating a hash of a name of the server farm, a passphrase, the name of the requester, the name of the receiver, a first nonce, and a second nonce; and
  
  a transmitter, in communication with the receiver and the generator, transmitting a secret to the requester responsive to an authentication of the requester responsive to the received Kerberos service ticket and the Kerberos authenticator and the generated hash.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The system of claim 24, wherein the generator further comprises generating a hash of a fully-qualified pathname of the server farm, a passphrase, the name of the requester, the name of the receiver, a first nonce, and a second nonce.
  - 26. The system of claim 24, wherein the generator further comprises generating a hash of a name of the server farm, a passphrase, the fully-qualified pathname of the requester, the name of the receiver, a first nonce, and a second nonce.
  - 27. The system of claim 24, wherein the generator further comprises generating a hash of a name of the server farm, a passphrase, name of the requester, the fully-qualified pathname of the receiver, a first nonce, and a second nonce.
  - 28. The system of claim 24, wherein the transmitter further comprises transmitting the secret encrypted responsive to the session key in the received Kerberos service ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Otway, David John, Innes, Andrew, Mayers, Chris, Syms, Mark James

Granted Patent

US 8,042,165 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/166   at the transport layer

H04L 9/3213   using tickets or tokens, e....

H04L 9/3236   using cryptographic hash fu...

A METHOD AND SYSTEM FOR REQUESTING AND GRANTING MEMBERSHIP IN A SERVER FARM

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

134 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

A METHOD AND SYSTEM FOR REQUESTING AND GRANTING MEMBERSHIP IN A SERVER FARM

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links