Method for use of Kerberos for User Authentication by Objects in 3D Internet/ Virtual World
Permalink
Bookmark
Share
Twitter
Digg
Reddit
Facebook
Stumbleupon
Del.icio.us| IP.com Number | IPCOM000174245D |
|
|
|---|---|---|---|
| Dated | Sep 3, 2008 UTC | ||
| Size | 2 page(s) (30.5 KB) | ||
| Disclosed by |
|
||
Publication Summary
Disclosed is a method to use Kerberos* for authentication in Virtual World| Country | |
|---|---|
| Language | English (United States) |
About this Publication
This document was submitted to IP.com's Prior Art Database and this preview is designed to provide you with information regarding the contents of this document by displaying up to the first four pages of the document as scaled page renderings and displaying a limited amount of text which was extracted from the document on the Text Preview Tab.
To find out more on how to obtain the entire document, click the Download tab. There is a charge for downloading some Prior Art Database documents; please examine carefully whether you believe this document fills your needs before purchasing.
For more information about the Prior Art Database, visit the Learn section of this website. Thank you for visiting IP.com's Prior Art Database! You may wish to check out our Intellectual Property Library website before you leave.
Method for use of Kerberos for User Authentication by Objects in 3D Internet/ Virtual World
In virtual world there are many privately held business islands where typically a non island owner cannot create or install objects. A good example of such type of island will be a virtual shopping mall. There are many business needs where vendors want to install their proprietary objects on other's virtual business islands for mutual benefits. One of the biggest challenge in such kind of setup is for the object (placed in public islands or others islands) to authenticate the end users in order to allow user to use its service. One of the popular mechanism that can be used for network based authentication is Kerberos. But there are following challenges for making virtual objects use Kerberos for Authentication of end users.
1. Configuring the virtual object with Kerberos client configuration is a major problem.
2. In order to make the virtual objects ( virtual ATM) act like a client to a Kerberos realm, there is a need for enhancement to these objects.
3. The Kerberos product's client module need to be enhanced to suit to the virtual world environment.
Disclosed below is the method which addresses all the above issues to help kerberize virtual objects to authenticate the end user using Kerberos protocol:
Step 1: Have the enhanced Kerberos client component/libraries be linked to the client browser/component of the virtual world.
Step 2: Have the following modification to objects exporting services which needs to conduct Kerberos authentication before availing its services. This step can be referred as Kerberizing the Object. i) Have a new tab called 'Security' inside the profile of an object/island. Inside this new tab, have a new field called 'Authentication Type' , which has 'Kerberos' as one of its value option. When the owner of the object/island select 'Kerberos' as the authentication type for that object, provide a text box which allows the owner to enter the 'Kerberos Client Configuration Data'. User will enter the entire Kerberos client
configuration information in this text box ( as the user does it in /etc/krb5/krb5.conf file in real world , on UNIX** machines using IBM*** NAS or MIT Kerberos). Save this information in the objects. ii) Associate an IP address for every object/island that needs to exercise Kerberos. Hence, the profile of an object/island will have a new tab called
'Network' which will have a field called 'IP Address' and the owner will enter a static IP address to the object/island. iii) On successful login the object will store the users Kerberos ticket (credentials) in a new temporary secure space ( associated with the object). iv) The object will be associated with an 'Log-off' action which when executed will clear the users credentia...