DNSSEC signing server
First Claim
1. A remote Domain Name System Security Extensions (DNSSEC) signing system comprising:
- a registry provisioning computer system configured to accept and execute a command that changes Domain Name System (DNS) data related to a domain;
a registry database storage device storing DNS data; and
a signing server configured to interact with the registry provisioning computer system and registry database to sign DNS data;
wherein the signing server is configured to;
receive a signing request from the registry provisioning computer system to sign a first data;
determine an active Key Signing Key (KSK) or an active Zone Signing Key (ZSK) to sign the first data;
transmit the first data to one of a plurality of digital signature logic to be signed;
receive the first data that has been signed using the active KSK or the active ZSK; and
store the first data that has been signed in the registry database storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for performing DNSSEC signing are described in which digital signature operations may be performed by a network accessible signing server that is configured to interact with a separate client application. Exemplary methods may include receiving a signing request at the signing server from the client application to sign first data. The signing server may determine an active KSK and/or an active ZSK for the first data. The first data may then be transmitted by the signing server to a digital signature modules, which may include, for example, a hardware support module, or software signing applications. The signing server may receive a digitally signed version of the first data from the digital signature module, and provide the signed first data to the client application.
21 Citations
15 Claims
-
1. A remote Domain Name System Security Extensions (DNSSEC) signing system comprising:
-
a registry provisioning computer system configured to accept and execute a command that changes Domain Name System (DNS) data related to a domain; a registry database storage device storing DNS data; and a signing server configured to interact with the registry provisioning computer system and registry database to sign DNS data; wherein the signing server is configured to; receive a signing request from the registry provisioning computer system to sign a first data; determine an active Key Signing Key (KSK) or an active Zone Signing Key (ZSK) to sign the first data; transmit the first data to one of a plurality of digital signature logic to be signed; receive the first data that has been signed using the active KSK or the active ZSK; and store the first data that has been signed in the registry database storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification
-
- Resources
-
Current AssigneeVeriSign, Inc.
-
Original AssigneeVeriSign, Inc.
-
InventorsSmith, David, Gould, James, Lavu, Ramana, Deshpande, Deepak
-
Primary Examiner(s)HOLDER, BRADLEY W
-
Application NumberUS15/660,237Publication NumberTime in Patent Office510 DaysField of SearchUS Class CurrentCPC Class CodesH04L 61/4511 using domain name system [DNS]H04L 63/08 for authentication of entit...H04L 63/0853 using an additional device,...H04L 63/123 received data contents, e.g...H04L 9/321 involving a third party or ...H04L 9/3247 involving digital signatures
