Method and system for binding kerberos-style authenticators to single clients
US7392390B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 11, 2002 |
| Grant date | Jun 24, 2008 |
| Priority date | — |
| Expiry date | Sep 9, 2024 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and system are directed towards enabling authentication in a distributed environment. The method employs a hashed salted password associated with a user in part to pre-authenticate the user. If the user is pre-authenticated, a ticket is transmitted to a client. The ticket includes a cryptographic digest of a concatenation of the local and remote addresses that is exclusive or'ed with a timestamp to generate a modified authenticator. The modified authenticator is directed at binding the timestamp to the client to minimize reuse of an authenticator. A packet that includes the authenticator is sent to a server. The server is configured to determine another remote and local IP address associated with the packet. Employing the remote and local addresses, the server extracts the timestamp from the modified authenticator. If the timestamp is within a pre-determined time window, the user may be authenticated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.