Tunable encryption system

US 8,756,429 B2
Filed: 10/10/2008
Issued: 06/17/2014
Est. Priority Date: 10/10/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for processing a secure communication between a user machine and an application server, said method comprising:

enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file;

associating said first user with said first encryption type;

storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry;

enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file;

associating said second user with said second encryption type;

storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and

using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user'"'"'s Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user'"'"'s Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user'"'"'s own choice.

Citations

11 Claims

1. A method for processing a secure communication between a user machine and an application server, said method comprising:
- enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file;
  
  associating said first user with said first encryption type;
  
  storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry;
  
  enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file;
  
  associating said second user with said second encryption type;
  
  storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and
  
  using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server.
- View Dependent Claims (2, 3, 4)
- - 2. The method as set forth in claim 1 wherein said application server is a Kerberized application server.
  - 3. The method as set forth in claim 1 and further including a Kerberized server, said Kerberized server including a listing of encryption types available for selection by a plurality of users, said method further including enabling said plurality of users to use different ones of said encryption types simultaneously in different communication sessions from said user machine.
  - 4. The method as set forth in claim 3 wherein said different communication sessions are between said plurality of users using said user machine and an application server.

5. A computer program product comprising a computer-readable, tangible storage device(s) and non-transitory computer-readable program instructions stored on the computer-readable, tangible storage device(s) for processing a secure communication between a user machine and an application server, the computer-readable program instructions, when executed by a processing system, being operable for implementing a method comprising:
- enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file;
  
  associating said first user with said first encryption type;
  
  storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry;
  
  enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file;
  
  associating said second user with said second encryption type;
  
  storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and
  
  using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product as set forth in claim 5 wherein said application server is a Kerberized application server.
  - 7. The computer program product as set forth in claim 5 and further including a Kerberized server, said Kerberized server including a listing of encryption types available for selection by a plurality of users, said processing further including enabling said plurality of users to use different ones of said encryption types simultaneously in different communication sessions from said user machine.
  - 8. The computer program product as set forth in claim 7 wherein said different communication sessions are between said plurality of users using said user machine and an application server.

9. A system for processing a secure communication between a user machine and an application server, said system comprising:
- a user machine; and
  
  a Kerberized server configured for coupling to said user machine, said system further including;
  
  selection device for enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file;
  
  a processing device to associate said first user with said first encryption type;
  
  a storage device to store said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry, said selection device being further operable for enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file, said processing device being further operable to associate said second user with said second encryption type, said storage device being further operable to store said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, said processing device being further operable for using said first and second encryption types in encrypting session tickets for use by said user machine in communicating securely with said application server whereby different users are enabled to use different encryption types from said user machine.
- View Dependent Claims (10, 11)
- - 10. The system as set forth in claim 9 wherein said Kerberized server includes a listing of encryption types available for selection by a plurality of users, said method further including enabling said plurality of users to use different ones of said encryption types simultaneously in different communication sessions from said user machine.
  - 11. The system as set forth in claim 10 wherein said different communication sessions are between said plurality of users using said user machine and an application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shankar, Ravi A., Banerjee, Dwip N. Jr., Patil, Sandeep Ramesh, Chandrakant, Punadikar Sachin
Primary Examiner(s)
LEE, JASON T

Application Number

US12/248,982
Publication Number

US 20100095127A1
Time in Patent Office

2,076 Days
Field of Search

713/183, 713/156, 713/201, 713/202, 713/151, 713/155, 713/176, 713/179, 709/225, 709/225.228
US Class Current

713/179
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/105   Multiple levels of security

Tunable encryption system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Tunable encryption system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links