Method and apparatus for providing a key distribution center without storing long-term server secrets
First Claim
1. A method for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the KDC operates without having to store long-term server secrets, comprising:
- receiving a communication from a server that is authenticated at the KDC;
wherein the communication includes a temporary secret key to be used in communications with the server for a limited time period, and wherein the temporary secret key is shared between the server and the KDC; and
storing the temporary secret key in a database at the KDC, so that the temporary secret key can be subsequently used to facilitate one or more communications between a client and the server, wherein the temporary secret key is encrypted with a public key belonging to the KDC, so that the temporary secret key can only be decrypted using a private key belonging to the KDC;
wherein the temporary secret key is a short-term secret which becomes invalid after a short time period; and
wherein the server generates a new temporary secret key in response to a request from the KDC for a new temporary secret key to replace the invalid temporary secret key.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the system operates without having to store long-term server secrets. The system operates by receiving a communication from a server at the KDC. This communication includes an identifier for the server, as well as a temporary secret key to be used in communications between a client and the server for a limited time period. In response the communication, the system attempts to authenticate the server. If the server is successfully authenticated, the system stores the temporary secret key at the KDC, so that the temporary secret key can be subsequently used to facilitate communications with the server. Upon subsequently receiving a request at the KDC from a client that desires to communicate with the server, the system produces a session key to be used in communications between the client and server, and then creates a ticket to the server by encrypting an identifier for the client and the session key with the temporary secret key for the server. Next, the system assembles a message that includes the identifier for the server, the session key and the ticket to the server, and sends the message to the client in a secure manner. The system subsequently allows the client to forward the ticket to the server in order to initiate communications between the client and the server.
-
Citations
51 Claims
-
1. A method for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the KDC operates without having to store long-term server secrets, comprising:
- receiving a communication from a server that is authenticated at the KDC;
wherein the communication includes a temporary secret key to be used in communications with the server for a limited time period, and wherein the temporary secret key is shared between the server and the KDC; and
storing the temporary secret key in a database at the KDC, so that the temporary secret key can be subsequently used to facilitate one or more communications between a client and the server, wherein the temporary secret key is encrypted with a public key belonging to the KDC, so that the temporary secret key can only be decrypted using a private key belonging to the KDC;
wherein the temporary secret key is a short-term secret which becomes invalid after a short time period; and
wherein the server generates a new temporary secret key in response to a request from the KDC for a new temporary secret key to replace the invalid temporary secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- receiving a communication from a server that is authenticated at the KDC;
-
18. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the KDC operates without having to store long-term server secrets, the method comprising:
- receiving a communication from a server that is authenticated at the KDC;
wherein the communication includes a temporary secret key to be used in communications with the server for a limited time period, and wherein the temporary secret key is shared between the server and the KDC; and
storing the temporary secret key in a database at the KDC, so that the temporary secret key can be subsequently used to facilitate one or more communications between a client and the server, wherein the temporary secret key is encrypted with a public key belonging to the KDC so that the temporary secret key can only be decrypted using a private key belonging to the KDC;
wherein the temporary secret key is a short-term secret which becomes invalid after a short time period; and
wherein the server generates a new temporary secret key in response to a request from the KDC for a new temporary secret key to replace the invalid temporary secret key. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- receiving a communication from a server that is authenticated at the KDC;
-
35. An apparatus that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the apparatus operates without having to store long-term server secrets, comprising:
- a key distribution center (KDC);
a receiving mechanism within the KDC that is configured to receive a communication from a server;
wherein the communication includes a temporary secret key to be used in communications with the server for a limited time period, and wherein the temporary secret key is shared between the server and the KDC; and
a storage mechanism within the KDC that is configured to store the temporary secret key in a database at the KDC, so that the temporary secret key can be subsequently used to facilitate one or more communications between a client and the server, wherein the temporary secret key is encrypted with a public key belonging to the KDC, so that the temporary secret key can only be decrypted using a private key belonging to the KDC;
wherein the temporary secret key is a short-term secret which becomes invalid after a short time period; and
wherein the server generates a new temporary secret key in response to a request from the KDC for a new temporary secret key to replace the invalid temporary secret key. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- a key distribution center (KDC);
Specification