Tunable encryption system
First Claim
1. A method for processing a secure communication between a user machine and an application server, said method comprising:
- enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file;
associating said first user with said first encryption type;
storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry;
enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file;
associating said second user with said second encryption type;
storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and
using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, programmed medium and system are provided for enabling a user to choose a user-preferred encryption type from among a plurality of encryption types listed in a user'"'"'s Kerberos configuration file. During the ticket granting process in a Kerberos system, a user is requested to select a preferred encryption type to be used in the Kerberos communication from among encryption types contained in the user'"'"'s Kerberos configuration file. The user-selected encryption type is then implemented for use in encrypting a session ticket (as well as generating the session key of user requested encryption type) for use by the user machine in communicating securely with an Kerberized application server when being communicated by that particular user. Thus, the system allows different users to simultaneously communicate with the same Kerberized application server using a supported encryption type of the user'"'"'s own choice.
-
Citations
11 Claims
-
1. A method for processing a secure communication between a user machine and an application server, said method comprising:
-
enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file; associating said first user with said first encryption type; storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry; enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file; associating said second user with said second encryption type; storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product comprising a computer-readable, tangible storage device(s) and non-transitory computer-readable program instructions stored on the computer-readable, tangible storage device(s) for processing a secure communication between a user machine and an application server, the computer-readable program instructions, when executed by a processing system, being operable for implementing a method comprising:
-
enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file; associating said first user with said first encryption type; storing said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry; enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file; associating said second user with said second encryption type; storing said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry; and using said first and second encryption types in encrypting a session tickets for use by said first and second users, respectively, in communicating securely between said user machine and said application server whereby different users are enabled to use different encryption types from said user machine, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, and wherein said first and second encryption types are implemented for use in encrypting session tickets for communication between said first and second users on said user machine and said application server. - View Dependent Claims (6, 7, 8)
-
-
9. A system for processing a secure communication between a user machine and an application server, said system comprising:
-
a user machine; and a Kerberized server configured for coupling to said user machine, said system further including; selection device for enabling a first user to choose a first encryption type from among a plurality of encryption types listed in a Kerberos configuration file; a processing device to associate said first user with said first encryption type; a storage device to store said first encryption type and said first user associated with said first encryption type on a server side in a Kerberos registry, said selection device being further operable for enabling a second user to choose a second encryption type from among said plurality of encryption types listed in said Kerberos configuration file, said processing device being further operable to associate said second user with said second encryption type, said storage device being further operable to store said second encryption type and said second user associated with said second encryption type on said server side in said Kerberos registry, wherein said first and second encryption types are implemented for use in encrypting session keys for said first and second users, said processing device being further operable for using said first and second encryption types in encrypting session tickets for use by said user machine in communicating securely with said application server whereby different users are enabled to use different encryption types from said user machine. - View Dependent Claims (10, 11)
-
Specification