USER AUTHENTICATION USING KERBEROS WITH IDENTITY CLOUD SERVICE
First Claim
1. A method of authentication of a user, the method comprising:
- receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID);
retrieving a user record corresponding to the user ID, the user record comprising a principal key;
decrypting the principal key using a tenant-specific encryption key;
encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key;
retrieving a password policy corresponding to the user ID;
based on the retrieved password policies, constructing password state attributes; and
returning to the KDC the encrypted principal key, the password policy and the password state attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.
-
Citations
20 Claims
-
1. A method of authentication of a user, the method comprising:
-
receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID); retrieving a user record corresponding to the user ID, the user record comprising a principal key; decrypting the principal key using a tenant-specific encryption key; encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key; retrieving a password policy corresponding to the user ID; based on the retrieved password policies, constructing password state attributes; and returning to the KDC the encrypted principal key, the password policy and the password state attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to authenticate a user, the authenticate comprising:
-
receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID); retrieving a user record corresponding to the user ID, the user record comprising a principal key; decrypting the principal key using a tenant-specific encryption key; encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key; retrieving a password policy corresponding to the user ID; based on the retrieved password policies, constructing password state attributes; and returning to the KDC the encrypted principal key, the password policy and the password state attributes. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for authentication of a user, the system comprising:
-
a plurality of tenants; a plurality of microservices; and one or more processors that; receive from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID); retrieve a user record corresponding to the user ID, the user record comprising a principal key; decrypt the principal key using a tenant-specific encryption key; encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key; retrieve a password policy corresponding to the user ID; based on the retrieved password policies, construct password state attributes; and return to the KDC the encrypted principal key, the password policy and the password state attributes. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification