KERBEROS TICKET VIRTUALIZATION FOR NETWORK LOAD BALANCERS
First Claim
Patent Images
1. A group ticket for a Kerberos protocol, the group ticket comprising:
- a service ticket encrypted with a dynamic group key; and
a plurality of enveloped pairs wherein each pair comprises a name associated with a member of a group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of an encrypted dynamic group key allows for decryption of the service ticket.
2 Assignments
0 Petitions
Accused Products
Abstract
An exemplary group ticket for a Kerberos protocol includes a service ticket encrypted with a dynamic group key and a plurality of enveloped pairs where each pair includes a name associated with a member of a group and an encrypted the dynamic group key for decryption by a key possessed by the member of the group where decryption of an encrypted dynamic group key allows for decryption of the service ticket. Other exemplary methods, systems, etc., are also disclosed.
19 Citations
20 Claims
-
1. A group ticket for a Kerberos protocol, the group ticket comprising:
-
a service ticket encrypted with a dynamic group key; and a plurality of enveloped pairs wherein each pair comprises a name associated with a member of a group and an encrypted dynamic group key for decryption by a key possessed by the member of the group whereby decryption of an encrypted dynamic group key allows for decryption of the service ticket. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, implemented at least in part by a computing device, the method comprising:
-
receiving an application request and a group ticket that comprises a name for a group, a service ticket and enveloped key pairs; routing the request and the group ticket to a member of the group wherein the member of the group comprises a member key; decrypting a dynamic group key in one of the enveloped key pairs using the member key; and decrypting the service ticket using the dynamic group key. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, implemented at least in part by a computing device, the method comprising:
-
receiving a group name and member names from a group registrant; storing the member names; receiving a ticket granting request from a client wherein the request comprises a group name; and generating a group ticket that comprises an encrypted service ticket and enveloped key pairs for each of the member names wherein each envelope key pair comprises an encrypted dynamic group key whereby decryption of an encrypted dynamic group key allows for decryption of the encrypted service ticket. - View Dependent Claims (18, 19, 20)
-
Specification