Server pool kerberos authentication scheme
First Claim
Patent Images
1. A method of generating a Service Ticket for a requested network service, comprising:
- receiving, by a granting computing device, the granting computing device being different and distinct from a client computing device, a request for a Service Ticket for a requested network service from the client computing device;
in response to receiving the request for the Service Ticket from the client computing device, querying, by the granting computing device, a database that indicates which of one or more servers provides the requested network service;
determining, by the granting computing device based on the querying, that the requested network service is provided by a server pool comprising a plurality of servers, the plurality servers being to allow access by the client computing device to the requested network service only when presented with the Service Ticket and only when the Service Ticket includes a session key;
generating, by the granting computing device, the session key, to facilitate access of the requested network service by the client computing device to the plurality of servers;
for each respective server of the plurality of servers of the server pool, encrypting, by the granting computing device, a copy of the session key with a respective secret key associated with a respective one of the plurality of the servers of the server pool to create a set of respective encrypted session keys, wherein each respective encrypted session key in the set of respective encrypted session keys corresponds to one of the respective servers of the server pool;
creating, by the granting computing device, the Service Ticket that includes the set of respective encrypted session keys; and
transmitting, by the granting computing device, the created Service Ticket to the client computing device to allow the client computing device to access the requested network service at the plurality of servers, the access by the client computing device including provision, by the client computing device to one or more of the plurality of servers of the server pool, of the Service Ticket to access the requested network service.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to the authenticating a client against a pool of servers utilizing a secure authentication protocol, and, more specifically, to the authenticating a client against a pool of servers providing a common service, utilizing the Kerberos secure authentication protocol.
-
Citations
12 Claims
-
1. A method of generating a Service Ticket for a requested network service, comprising:
-
receiving, by a granting computing device, the granting computing device being different and distinct from a client computing device, a request for a Service Ticket for a requested network service from the client computing device; in response to receiving the request for the Service Ticket from the client computing device, querying, by the granting computing device, a database that indicates which of one or more servers provides the requested network service; determining, by the granting computing device based on the querying, that the requested network service is provided by a server pool comprising a plurality of servers, the plurality servers being to allow access by the client computing device to the requested network service only when presented with the Service Ticket and only when the Service Ticket includes a session key; generating, by the granting computing device, the session key, to facilitate access of the requested network service by the client computing device to the plurality of servers; for each respective server of the plurality of servers of the server pool, encrypting, by the granting computing device, a copy of the session key with a respective secret key associated with a respective one of the plurality of the servers of the server pool to create a set of respective encrypted session keys, wherein each respective encrypted session key in the set of respective encrypted session keys corresponds to one of the respective servers of the server pool; creating, by the granting computing device, the Service Ticket that includes the set of respective encrypted session keys; and transmitting, by the granting computing device, the created Service Ticket to the client computing device to allow the client computing device to access the requested network service at the plurality of servers, the access by the client computing device including provision, by the client computing device to one or more of the plurality of servers of the server pool, of the Service Ticket to access the requested network service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory computer readable media having instructions thereon that, when executed by one or more processing devices of a computing device, cause the computing device to:
-
receive a request for a Service Ticket for a requested network service from a client computing device, the client computing device being different and distinct from the computing device; in response to reception of the request for the Service Ticket from the client computing device, query a database that indicates which of one or more servers provides the requested network service; determine, based on the query, that the requested network service is provided by a server pool comprising a plurality of servers, the plurality of servers being to allow access by the client computing device to the requested network service only when presented with the Service Ticket and only when the Service Ticket includes a session key; generate the session key to facilitate access of the requested network service by the client computing device to the plurality of servers; for each respective server of the plurality of servers of the server pool, encrypt a copy of the session key with a respective secret key associated with a respective one of the plurality of servers of the server pool to create a set of respective encrypted session keys, wherein each respective encrypted session key in the set of respective encrypted session keys corresponds to one of the respective servers of the server pool; create the Service Ticket that includes each of the set of respective encrypted session keys; and transmit the created Service Ticket to the client computing device to allow the client computing device to access the requested network service at the plurality of servers, the access by the client computing device including provision, by the client computing device to one or more of the plurality of servers of the server pool, of the Service Ticket to access the requested network service. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification