USER AUTHENTICATION USING KERBEROS WITH IDENTITY CLOUD SERVICE

US 20180337914A1
Filed: 10/30/2017
Published: 11/22/2018
Est. Priority Date: 05/18/2017
Status: Active Grant

First Claim

Patent Images

1. A method of authentication of a user, the method comprising:

receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID);

retrieving a user record corresponding to the user ID, the user record comprising a principal key;

decrypting the principal key using a tenant-specific encryption key;

encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key;

retrieving a password policy corresponding to the user ID;

based on the retrieved password policies, constructing password state attributes; and

returning to the KDC the encrypted principal key, the password policy and the password state attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.

39 Citations

20 Claims

1. A method of authentication of a user, the method comprising:
- receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID);
  
  retrieving a user record corresponding to the user ID, the user record comprising a principal key;
  
  decrypting the principal key using a tenant-specific encryption key;
  
  encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key;
  
  retrieving a password policy corresponding to the user ID;
  
  based on the retrieved password policies, constructing password state attributes; and
  
  returning to the KDC the encrypted principal key, the password policy and the password state attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the request to authenticate the user comprises acquiring an OAuth token.
  - 3. The method of claim 2, wherein the OAuth token is configured to allow a user to access a multi-tenant cloud based authentication system using an application programming interface (API) call.
  - 4. The method of claim 1, further comprising encoding the encrypted principal key using ASN.1.
  - 5. The method of claim 1, wherein the user record is retrieved from a user principals repository.
  - 6. The method of claim 1, wherein the request is received from a KDC plug-in.
  - 7. The method of claim 3, wherein the multi-tenant cloud based authentication system comprises a plurality of microservices, and the API call corresponds to an API for one of the microservices.

8. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to authenticate a user, the authenticate comprising:
- receiving from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID);
  
  retrieving a user record corresponding to the user ID, the user record comprising a principal key;
  
  decrypting the principal key using a tenant-specific encryption key;
  
  encrypting the decrypted principal key using a Kerberos master key to generate an encrypted principal key;
  
  retrieving a password policy corresponding to the user ID;
  
  based on the retrieved password policies, constructing password state attributes; and
  
  returning to the KDC the encrypted principal key, the password policy and the password state attributes.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, wherein the request to authenticate the user comprises acquiring an OAuth token.
  - 10. The computer readable medium of claim 9, wherein the OAuth token is configured to allow a user to access a multi-tenant cloud based authentication system using an application programming interface (API) call.
  - 11. The computer readable medium of claim 8, further comprising encoding the encrypted principal key using ASN.1.
  - 12. The computer readable medium of claim 8, wherein the user record is retrieved from a user principals repository.
  - 13. The computer readable medium of claim 8, wherein the request is received from a KDC plug-in.
  - 14. The computer readable medium of claim 10, wherein the multi-tenant cloud based authentication system comprises a plurality of microservices, and the API call corresponds to an API for one of the microservices.

15. A system for authentication of a user, the system comprising:
- a plurality of tenants;
  
  a plurality of microservices; and
  
  one or more processors that;
  
  receive from a Kerberos key distribution center (KDC) a request to authenticate the user, the request comprising a user identification (ID);
  
  retrieve a user record corresponding to the user ID, the user record comprising a principal key;
  
  decrypt the principal key using a tenant-specific encryption key;
  
  encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key;
  
  retrieve a password policy corresponding to the user ID;
  
  based on the retrieved password policies, construct password state attributes; and
  
  return to the KDC the encrypted principal key, the password policy and the password state attributes.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the request to authenticate the user comprises acquiring an OAuth token.
  - 17. The system of claim 16, wherein the OAuth token is configured to allow a user to access a multi-tenant cloud based authentication system using an application programming interface (API) call.
  - 18. The system of claim 15, further comprising encoding the encrypted principal key using ASN.1.
  - 19. The system of claim 15, wherein the request is received from a KDC plug-in.
  - 20. The system of claim 17, wherein the API call corresponds to an API for one of the microservices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
MOHAMAD ABDUL, Mohamad Raja Gani, WILSON, Gregg

Granted Patent

US 10,454,915 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/12   Transmitting and receiving ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

USER AUTHENTICATION USING KERBEROS WITH IDENTITY CLOUD SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION USING KERBEROS WITH IDENTITY CLOUD SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links