Disconnected credential validation using pre-fetched service tickets
First Claim
1. A computer readable medium bearing computer readable program codes configured to:
- carry out a method to validate login credentials, the method comprising;
authenticating a login device with an authentication service;
obtaining a user service ticket from the authentication service for the login device to communicate with a selected party; and
storing the user service ticket for subsequent authentication of the selected party.
26 Assignments
0 Petitions
Accused Products
Abstract
One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.
-
Citations
24 Claims
-
1. A computer readable medium bearing computer readable program codes configured to:
- carry out a method to validate login credentials, the method comprising;
authenticating a login device with an authentication service;
obtaining a user service ticket from the authentication service for the login device to communicate with a selected party; and
storing the user service ticket for subsequent authentication of the selected party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- carry out a method to validate login credentials, the method comprising;
-
12. An apparatus to validate login credentials, the apparatus comprising:
-
a ticket pre-fetch module configured to authenticate a login device with an authentication service;
the ticket pre-fetch module further configured to obtain a user service ticket from the authentication service for the login device to communicate with a selected party;
a ticket cache configured to store the user service ticket for subsequent authentication of the selected party.
-
- 13. The apparatus of claim 13, further comprising an authentication module configured to authenticate the selected party with the user service ticket.
- 14. The apparatus of claim 14, wherein the authentication module is further configured to receiving credentials from the selected party, generate a key for the selected party from the credentials, decrypt a portion of the user service ticket using the key for the selected party, and validate authentication data associated with the user service ticket.
-
17. The apparatus of claim 17, wherein the ticket pre-fetch module is further configured to refresh the user service ticket in response to an event selected from the group consisting of expiration of a selected interval, a change in user credentials, a login request, and a reboot cycle.
-
18. A system to validate login credentials, the system comprising:
-
an authentication server configured to provide an authentication service;
a ticket pre-fetch module configured to authenticate a login device with the authentication service and obtain a user service ticket from the authentication service for the login device to communicate with a selected party; and
a ticket cache configured to store the user service ticket for subsequent authentication of the selected party.
-
- 19. The system of claim 19, further comprising an authentication module configured to authenticate the selected party with the user service ticket.
- 20. The system of claim 20, wherein the authentication module is further configured to receive credentials from the selected party, generate a key for the selected party from the credentials, decrypt a portion of the user service ticket using the key for the selected party, and validate authentication data associated with the user service ticket.
Specification