Authenticated service virtualization

US 8,387,130 B2
Filed: 12/10/2007
Issued: 02/26/2013
Est. Priority Date: 12/10/2007
Status: Active Grant

First Claim

Patent Images

1. A service virtualization device, comprising:

a communication interface configured to receive from a client a first request to access a service provided by a first server, wherein the first request includes a first session ticket; and

a processor configured to;

use a secret key associated with the first server to extract information from the first session ticket, and wherein the first session ticket is encrypted with the secret key; and

send a second request to a second server, wherein the second request includes a second session ticket, and wherein the second session ticket is based at least in part on the information extracted from the first session ticket;

wherein the first and second servers are associated with a virtualization; and

wherein the second server establishes an authenticated session with the client in response to the second server receiving the second request, including the second session ticket sent, by the service virtualization device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Virtualizing a service is disclosed. A request to access a service from a first server is received from a client. A secret data associated with the first server is used to process the received request. The processed request is sent to a second server. The first and second servers are associated with a virtualization; and wherein the processed request can be used by the second server to authenticate the client.

20 Citations

View as Search Results

16 Claims

1. A service virtualization device, comprising:
- a communication interface configured to receive from a client a first request to access a service provided by a first server, wherein the first request includes a first session ticket; and
  
  a processor configured to;
  
  use a secret key associated with the first server to extract information from the first session ticket, and wherein the first session ticket is encrypted with the secret key; and
  
  send a second request to a second server, wherein the second request includes a second session ticket, and wherein the second session ticket is based at least in part on the information extracted from the first session ticket;
  
  wherein the first and second servers are associated with a virtualization; and
  
  wherein the second server establishes an authenticated session with the client in response to the second server receiving the second request, including the second session ticket sent, by the service virtualization device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The service virtualization device of claim 1 wherein the secret key associated with the first server is received from the first server.
  - 3. The service virtualization device of claim 1 wherein the secret key associated with the first server is provided to the service virtualization device by an administrator or other authorized user.
  - 4. The service virtualization device of claim 1 wherein the secret key associated with the first server includes a key generated as part of the Kerberos protocol.
  - 5. The service virtualization device of claim 1, wherein the processor is further configured to use the secret key associated with the first server to decrypt at least a portion of the received first request.
  - 6. The service virtualization device of claim 1 wherein at least a portion of the second request is encrypted with a secret key associated with the second server.
  - 7. The service virtualization device of claim 1 wherein the processor is further configured to bridge communications between the client and the first server.
  - 8. The service virtualization device of claim 1 wherein the processor is further configured to bridge communications between the client and the second server.
  - 9. The service virtualization device of claim 1 wherein the processor is further configured to redirect traffic related to the service from the first server to the second server.
  - 10. The service virtualization device of claim 1 wherein the processor is further configured to initiate redirection of traffic related to the service from the first server to the second server.
  - 11. The service virtualization device of claim 1 wherein the processor is further configured to manage relocation from the first server to the second server of one or more of the service and a resource accessible via the service.

12. A method for virtualizing a service including:
- receiving from a client a first request to access a service provided by a first server, wherein the first request includes a first session ticket;
  
  using a secret key associated with the first server to extract information from the first session ticket with a processor, and wherein the first session ticket is encrypted with the secret key; and
  
  sending a second request to a second server, wherein the second request includes a second session ticket, and wherein the second session ticket is based at least in part on the information extracted from the first session ticket;
  
  wherein the first and second servers are associated with a virtualization; and
  
  wherein the second server establishes an authenticated session with the client in response to the second server receiving the second request that includes the second session ticket.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12 wherein the secret key associated with the first server includes a key generated as part of the Kerberos protocol.
  - 14. The method of claim 12, further comprising using the secret key associated with the first server to decrypt at least a portion of the received first request.
  - 15. The method of claim 12 further comprising managing relocation from the first server to the second server of one or more of the service and a resource accessible via the service.

16. A computer program product for virtualizing a service, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- receiving from a client a first request to access a service provided by a first server, wherein the first request includes a first session ticket;
  
  using a secret key associated with the first server to extract information from the first session ticket, and wherein the first session ticket is encrypted with the secret key; and
  
  sending a second request to a second server, wherein the second request includes a second session ticket, and wherein the second session ticket is based at least in part on the information extracted from the first session ticket;
  
  wherein the first and second servers are associated with a virtualization; and
  
  wherein the second server establishes an authenticated session with the client in response to the second server receiving the second request that includes the second session ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Love, Philip C., Aji, Srinivas Mandayam, Guo, Zhaohui
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/001,149
Publication Number

US 20090150988A1
Time in Patent Office

1,905 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

G06F 21/33 using certificates

H04L 9/3213 using tickets or tokens, e....

Authenticated service virtualization

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated service virtualization

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links