Abstract—This document describes a messaging architecture and internal message components of an authentication protocol which has been called ‘Orthus’. For insecure closed LAN networks Kerberos is the most popular authentication protocol, currently in official release Version V [1]. Kerberos’ objectives include protecting the privacy of message transfers necessary to achieve authentication, together with safe-guards against replay and man-in-the-middle, MitM, attacks. Orthus is intended to operate precisely this environment, here however, the Authentication Server, instead of delivering a ticket to the Client for use with the Ticket Granting Server, delivers that ticket directly to the TGS, and the TGS then delivers service granting tickets directly to the client, offering a simpler message flow, therefore providing fewer opportunities for message corruption or interception. 
 

Index Terms—authentication, authorisation, identity management, kerberos, orthus, single-sign-on

Cite: Dean Rogers, "Introducing Orthus a Dual-Headed Authentication Protocol," International Journal of Signal Processing Systems, Vol. 3, No. 2, pp. 153-158, December 2015. doi: 10.12720/ijsps.3.2.153-158