User authentication using kerberos with identity cloud service

  • US 10,454,915 B2
  • Filed: 10/30/2017
  • Issued: 10/22/2019
  • Est. Priority Date: 05/18/2017
  • Status: Active Grant
  • ×
    • Pin Icon | RPX Insight
    • Pin
First Claim
Patent Images

1. A method of authentication of a user, the method comprising:

  • receiving, at a microservice of a multi-tenant cloud based authentication system, from a Kerberos key distribution center (KDC) server, a request to authenticate the user, the request comprising a user identification (ID);

    retrieving at the multi-tenant cloud based authentication system a user record corresponding to the user ID, the user record comprising a principal key;

    decrypting at the multi-tenant cloud based authentication system the principal key using a tenant-specific encryption key;

    encrypting at the multi-tenant cloud based authentication system the decrypted principal key using a Kerberos master key to generate an encrypted principal key;

    retrieving at the multi-tenant cloud based authentication system a password policy corresponding to the user ID;

    based on the retrieved password policy, constructing at the multi-tenant cloud based authentication system password state attributes;

    returning to the KDC server the encrypted principal key, the password policy and the password state attributes; and

    enforcing the password policy at the multi-tenant cloud based authentication system, wherein the password policy is also enforced at the KDC server.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×