11. BASIC DESIGN
AS
TGS
FS
CLIENT
C. Ticket
Granting Ticket
from B
D.
Authenticator
TGS decrypts C
and gets Ticket
Granting Ticket
TGS decrypts D
using
Client/TGS
Session key and
gets Client ID
and Timestamp
TGS checks that
Client ID from C
matches Client ID
from D and
timestamp does
not exceed ticket
validity period
Client/TGS Session Key - encrypted with Client Secret Keyb. Ticket Granting Ticket - includes Client ID, client network address, ticket validity period, and Client/TGS Session key - encrypted with TGS secret Key
C. Ticket Granting Ticket from B - (encrypted with TGS Secret key) + File service IDD. Authenticator - composed of Client ID and Timestamp - encrypted with Client/TGS session key from ATGS decrypts C and gets Ticket Granting Ticket - includes Client ID, Client network address, ticket validity period, and Client/TGS Session Key
E. Client-to-FS ticket - Client ID, network Address, Validity period, Client/Server secret key - encrypted with FS Secret keyf. Client/Server Session Key - encrypted with client/TGS session key from A
E. Client-to-FS ticket - Client ID, network Address, Validity period, Client/Server secret key - encrypted with FS Secret keyG. Authenticator - composed of Client ID and Timestamp - encrypted with Client/SERVER session key from FFS decrypts E using FS secret key and gets Client ID, network address, validity period, Client/Server session keyFS decrypts G using Client/Server Session Key and gets Client ID and timestamp
Server sends the following message to client to confirm its true identity and willingness to serve the clientClient decrypts H using client/server session key, checks if timestamp is timestamp + 1, if so, it is correctly updated, client can trust the FS
Server sends the following message to client to confirm its true identity and willingness to serve the clientClient decrypts H using client/server session key, checks if timestamp is timestamp + 1, if so, it is correctly updated, client can trust the FS