Server pool Kerberos authentication scheme
First Claim
Patent Images
1. An apparatus comprising:
- one or more processing devices;
one or more non-transitory computer readable media having executable instructions thereon that, in response to execution of the instructions by the one or more processing devices, cause the apparatus to;
authenticate, with an authentication service of the apparatus, whether a client device is eligible to access a key distributor;
issue to the client device, with the authentication service, a grant ticket if the client device is authenticated;
accept, with a ticket granting service of the apparatus, the grant ticket from the client device;
determine, with the ticket granting service, whether a plurality of servers are available to provide the requested network service;
generate, with the ticket granting service, an unencrypted session key;
encrypt, with the ticket granting service, a text with the unencrypted session key;
determine, with the ticket granting service, a number of servers available to provide the network service requested by the client device;
for each determined server, encrypt, with the ticket granting service, the unencrypted session key with a secret key of the corresponding server;
create, with the ticket granting service, a service ticket that includes the encrypted text and the plurality of encrypted session keys associated with respective ones of the plurality of servers; and
transmit, with the ticket granting service, the service ticket to the client device.
0 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.
-
Citations
9 Claims
-
1. An apparatus comprising:
-
one or more processing devices; one or more non-transitory computer readable media having executable instructions thereon that, in response to execution of the instructions by the one or more processing devices, cause the apparatus to; authenticate, with an authentication service of the apparatus, whether a client device is eligible to access a key distributor; issue to the client device, with the authentication service, a grant ticket if the client device is authenticated; accept, with a ticket granting service of the apparatus, the grant ticket from the client device; determine, with the ticket granting service, whether a plurality of servers are available to provide the requested network service; generate, with the ticket granting service, an unencrypted session key; encrypt, with the ticket granting service, a text with the unencrypted session key; determine, with the ticket granting service, a number of servers available to provide the network service requested by the client device; for each determined server, encrypt, with the ticket granting service, the unencrypted session key with a secret key of the corresponding server; create, with the ticket granting service, a service ticket that includes the encrypted text and the plurality of encrypted session keys associated with respective ones of the plurality of servers; and transmit, with the ticket granting service, the service ticket to the client device. - View Dependent Claims (2, 3)
-
-
4. A system comprising:
-
one or more processing devices; and one or more non-transitory computer readable media haying executable instructions thereon that, in response to execution of the instructions by the one or more processing devices, cause the system to; authenticate, with a key distribution center of the system, whether a client device is eligible to access the key distribution center; issue to the client device, with the key distribution center, a grant ticket, if the client device is authenticated, for use to access the requested network service; accept, with the key distribution center, the grant ticket from the client device; and determine, with the key distribution center, whether a plurality of servers are available to provide the requested network service; generate, with the key distribution center, an unencrypted session key; encrypt, with the key distribution center, a text with the unencrypted session key; determine, with the key distribution center, a number of servers available to provide the requested network service; for each determined server, encrypt, with the key distribution center, the unencrypted session key with a secret key of the corresponding server; create, with the key distribution center, a service ticket that includes the encrypted text and the plurality of encrypted session keys associated with respective ones of the providing servers; and transmit, with the key distribution center, the service ticket to the client device. - View Dependent Claims (5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
one or more processing devices; one or more non-transitory computer readable media having instructions thereon that, in response to execution of the instructions by the one or more processing devices, cause the apparatus to; authenticate, with an authentication service of the apparatus, whether a client device is eligible to access a key distributor; issue to the client device, with the authentication service, a grant ticket if the client device is authenticated; accept, with a ticket granting service of the apparatus, the grant ticket from the client device; generate, with the ticket granting service, the unencrypted session key; encrypt, with the ticket granting service, a text with the unencrypted session key; use, with the ticket granting service, a database to map a generic server name to one or more specific server names; determine, with the ticket granting service, a plurality of servers available to provide the network service requested by the client device by setting a number of providing servers equal to the number of specific servers mapped to the generic server that provides the same network service requested by the client device. for each determined server, encrypt, with the ticket granting service, the unencrypted session key with the secret key of the corresponding server; create, with the ticket granting service, a service ticket that includes the encrypted text and the plurality of encrypted session keys associated with respective ones of the plurality of servers; and transmit, with the ticket granting service, the service ticket to the client device.
-
Specification