KERBEROS TICKET VIRTUALIZATION FOR NETWORK LOAD BALANCERS

US 20090217029A1
Filed: 02/27/2008
Published: 08/27/2009
Est. Priority Date: 02/27/2008
Status: Active Grant

First Claim

Patent Images

1. A group ticket for a Kerberos protocol, the group ticket comprising:

a service ticket encrypted with a dynamic group key; and

a plurality of enveloped pairs wherein each pair comprises a name associated with a member of a group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of an encrypted dynamic group key allows for decryption of the service ticket.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.

19 Citations

View as Search Results

20 Claims

1. A group ticket for a Kerberos protocol, the group ticket comprising:
- a service ticket encrypted with a dynamic group key; and
  
  a plurality of enveloped pairs wherein each pair comprises a name associated with a member of a group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of an encrypted dynamic group key allows for decryption of the service ticket.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The group ticket of claim 1 further comprising a temporary key.
  - 3. The group ticket of claim 1 wherein the group ticket comprises a server principle name associated with a network load balancer.
  - 4. The group ticket of claim 3 wherein the server principle name comprises a name associated with a virtual network load balancer.
  - 5. The group ticket of claim 4 wherein the virtual network load balancer comprises a virtual IP address.
  - 6. The group ticket of claim 1 wherein the group ticket comprises a server principle name associated with a network load balancing server.
  - 7. The group ticket of claim 1 further comprising one or more restrictions.

8. A method, implemented at least in part by a computing device, the method comprising:
- receiving an application request and a group ticket that comprises a name for a group, a service ticket and enveloped key pairs;
  
  routing the request and the group ticket to a member of the group wherein the member of the group comprises a member key;
  
  decrypting a dynamic group key in one of the enveloped key pairs using the member key; and
  
  decrypting the service ticket using the dynamic group key.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method of claim 8 wherein the routing comprises load balancing.
  - 10. The method of claim 8 wherein the group name comprises a server principle name.
  - 11. The method of claim 8 wherein the enveloped key pairs comprise group member names.
  - 12. The method of claim 8 wherein the group ticket comprises an enveloped key pair for each member of the group.
  - 13. The method of claim 8 further comprising creating a virtual server and performing the routing using the virtual server.
  - 14. The method of claim 8 further comprising routing the request and the group ticket to more than one member of the group wherein each of the members of the group comprises a member key capable of decrypting the dynamic group key.
  - 15. The method of claim 8 wherein the routing to more than one member occurs for a single group ticket.
  - 16. The method of claim 8 wherein the group ticket allows for routing to more than one member of the group wherein each of the members comprises a member key capable of decrypting the dynamic group key.

17. A method, implemented at least in part by a computing device, the method comprising:
- receiving a group name and member names from a group registrant;
  
  storing the member names;
  
  receiving a ticket granting request from a client wherein the request comprises a group name; and
  
  generating a group ticket that comprises an encrypted service ticket and enveloped key pairs for each of the member names wherein each envelope key pair comprises an encrypted dynamic group key whereby decryption of an encrypted dynamic group key allows for decryption of the encrypted service ticket.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 wherein the group name comprises a server principle name associated with a network load balancer.
  - 19. The method of claim 18 wherein the network load balancer comprises a network load balancing server.
  - 20. The method of claim 19 wherein the network load balancing server comprises a virtual server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kamel, Tarek B., Leach, Paul J., Ilac, Cristian, Zhu, Liqiang

Granted Patent

US 8,132,246 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/3213   using tickets or tokens, e....

KERBEROS TICKET VIRTUALIZATION FOR NETWORK LOAD BALANCERS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

KERBEROS TICKET VIRTUALIZATION FOR NETWORK LOAD BALANCERS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links