Information security – Access control or authentication – Network
Reexamination Certificate
2008-07-01
2008-07-01
Moise, Emmanuel L. (Department: 2137)
Information security
Access control or authentication
Network
C726S030000, C380S279000, C713S155000, C713S156000, C713S170000, C713S176000
Reexamination Certificate
active
07395549
ABSTRACT:
One embodiment of the present invention provides a system for operating a key distribution center (KDC) that provides keys to facilitate secure communications between clients and servers across a computer network, wherein the system operates without having to store long-term server secrets. The system operates by receiving a communication from a server at the KDC. This communication includes an identifier for the server, as well as a temporary secret key to be used in communications between a client and the server for a limited time period. In response the communication, the system attempts to authenticate the server. If the server is successfully authenticated, the system stores the temporary secret key at the KDC, so that the temporary secret key can be subsequently used to facilitate communications with the server. Upon subsequently receiving a request at the KDC from a client that desires to communicate with the server, the system produces a session key to be used in communications between the client and server, and then creates a ticket to the server by encrypting an identifier for the client and the session key with the temporary secret key for the server. Next, the system assembles a message that includes the identifier for the server, the session key and the ticket to the server, and sends the message to the client in a secure manner. The system subsequently allows the client to forward the ticket to the server in order to initiate communications between the client and the server.
REFERENCES:
patent: 5455953 (1995-10-01), Russell
patent: 5724425 (1998-03-01), Chang et al.
patent: 5809144 (1998-09-01), Sirbu et al.
patent: 5923756 (1999-07-01), Shambroom
patent: 0 281 224 (1987-03-01), None
Ari Medvinsky et al., Public Key Utilizing Tickets for Application Servers (PKTAPP), Internet Draft, IETF Mar. 1998.
Brian Tung et al., Public Key Cryptography for Initial Authentication in Kerberos, Internet-Draft, IETF RFC 1510, Nov. 1999.
M. Sirbu et al., Public-Key Based Ticket Granting Service in Kerberos, Internet-Draft, IETF RFC 1510, May 1996.
P.V. McMahon, Sesame V2 Public Key Authorisation extensions to Kerberos,in Proceedings of the 1995 Symposium on Netwrok and Distributed System Security, pp. 114-131, Feb. 1995.
Sirbu et al., Distributed Authentication in Kerberos Using Public Key Cryptography, IEEE 1997.
Harbitter et al., Perfomance of Public-Key Enabled Kerberos Authentication in Large Networks, ACM Conference on Compute and Communication Security 2001.
Schneier, Bruce: Applied Cryptography, 2ndEdition, Oct. 1995, pp. 43-57.
Bruce Schneier, Applied Cryptography, John Wiley, Pub., 2nd Edition., Oct. 1995, pp. 43-57, 60, p. 570-577.
Medvinski et al., “Public Key Utilizing Tickets for Application Servers” Common Authentication Technology Working Group, Internet Draft, Mar. 1998, pp. 1-6.
Sirbu et al., “Public Key based Ticket granting Service on Kerberos,” Internet Draft, May 1996, pagew 1-16.
Kohl et al., “The Kerberos Network Authentication Service”, Network Working Group Request For Comments (RFC) 1510, Sep. 1993, pp. 18-19, 35-36, 56-57.
Publication entitled “Protocol Building Blocks,” XP-002214000, pp. 32-33, 48-57, 60, 183-186, 566-571, Bruce Schneier: Applied Cryptography 2ndEdition, John Wiley & Sons Pub., Oct. 1995.
Hanna Stephen R.
Perlman Radia J.
Callahan Paul
Moise Emmanuel L.
Park Vaughan & Fleming LLP
Sun Microsystems Inc.
LandOfFree
Method and apparatus for providing a key distribution center... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing a key distribution center..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing a key distribution center... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2805626