Authenticated name resolution

US 10,270,755 B2
Filed: 10/03/2011
Issued: 04/23/2019
Est. Priority Date: 10/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a DNS request, comprising:

receiving at an authenticating server comprising an electronic processor a DNS resolution request including a domain name and authentication information, wherein the information is not in the domain name, and wherein the authentication information comprises at least one of a username/password combination, or a security certificate;

validating, on the authenticating server comprising an electronic processor, the authentication information;

determining, by the authenticating server comprising an electronic processor, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;

sending a response message with an IP address, network layer identifier, or service location identifier;

delaying sending a response message;

sending a response message with an IP address corresponding to a website address containing authentication instructions;

or responding with an alternative IP address corresponding to a special version of a resource configured to look just like the resource; and

executing, on the authenticating server comprising an electronic processor, the DNS action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-readable memory containing instructions include receiving a DNS request containing authentication information, validating the authentication information, determining an appropriate action to take based on the validating status, and taking the appropriate action. Actions may include responding with an individualized network layer address or service location address, delaying sending a response message, sending a network layer address or service location address corresponding to a site containing authentication information, and sending a response with a network layer address or service location address with a web address configured to mimic the website related to the requested resource.

80 Citations

View as Search Results

32 Claims

1. A method for authenticating a DNS request, comprising:
- receiving at an authenticating server comprising an electronic processor a DNS resolution request including a domain name and authentication information, wherein the information is not in the domain name, and wherein the authentication information comprises at least one of a username/password combination, or a security certificate;
  
  validating, on the authenticating server comprising an electronic processor, the authentication information;
  
  determining, by the authenticating server comprising an electronic processor, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an IP address, network layer identifier, or service location identifier;
  
  delaying sending a response message;
  
  sending a response message with an IP address corresponding to a website address containing authentication instructions;
  
  or responding with an alternative IP address corresponding to a special version of a resource configured to look just like the resource; and
  
  executing, on the authenticating server comprising an electronic processor, the DNS action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 3. The method of claim 1, wherein the DNS resolution request further includes one or more of:
    - a source network layer address, an encrypted data package, or hardware identification information.
  - 4. The method of claim 1, comprising:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 5. The method of claim 1, wherein the IP address, network layer identifier, or service location identifier corresponds to a one-time-use address.
  - 6. The method of claim 1, wherein the IP address, network layer identifier, or service location identifier corresponds to an address assigned to a particular user.
  - 7. The method of claim 1, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 8. The method of claim 1, comprising:
    - determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services; and
      
      classifying a user based on the authentication information into a class in the prioritized list of classes,wherein the DNS action comprises;
      
      sending a response message with an IP address corresponding to a server delivering a particular class.
  - 9. The method of claim 1, comprising:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

10. A system for authenticating a DNS request, comprising:
- an authenticating server comprising;
  
  a processor; and
  
  memory, wherein the memory contains instructions, which, when executed by the processor, perform a method comprising;
  
  receiving at an authenticating server a DNS resolution request including a domain name and authentication information, wherein the information is not in the domain name, and wherein the authentication information comprises at least one of a username/password combination, or a security certificate;
  
  validating, on the authenticating server, the authentication information;
  
  determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an IP address, a network layer address or service location address, delaying sending a response message, sending a response message with an IP address corresponding to a website address containing authentication instructions, or responding with an alternative IP address corresponding to a special version of a resource configured to look just like the resource; and
  
  executing, on the authenticating server, the DNS action.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 12. The system of claim 10, wherein the DNS resolution request further includes one or more of:
    - a source network layer address, an encrypted data package, or hardware identification information.
  - 13. The system of claim 10, wherein the method comprises:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 14. The system of claim 10, wherein the IP address, the network layer address or service location address corresponds to a one-time-use address.
  - 15. The system of claim 10, wherein the IP address, the network layer address or service location address corresponds to an individualized address assigned to a particular user.
  - 16. The system of claim 10, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 17. The system of claim 10, wherein the method comprises:
    - determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services; and
      
      classifying a user based on the authentication information into a class in the prioritized list of classes,wherein the DNS action comprises;
      
      sending a response message with an IP address corresponding to a server delivering a particular class.
  - 18. The system of claim 10, wherein the method comprises:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

19. Non-transitory computer-readable media containing instructions, which, when executed by a processor, perform a method comprising:
- determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services;
  
  classifying a user based on the authentication information into a class in the prioritized list of classes;
  
  receiving at an authenticating server a DNS resolution request including authentication information, wherein the authentication information comprises at least one of a username/password combination, or a security certificate;
  
  validating, on the authenticating server, the authentication information;
  
  determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an IP address, a network layer address or service location address, delaying sending a response message, sending a response message with an IP address corresponding to a website address containing authentication instructions, and responding with an alternative IP address corresponding to a special version of a resource configured to look just like the resource; and
  
  executing, on the authenticating server, the DNS action.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The non-transitory computer-readable media of claim 19, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 21. The non-transitory computer-readable media of claim 19, wherein the DNS resolution request further includes one or more of:
    - a source network layer address, a username/password combination, an encrypted data package, a security certificate, or hardware identification information.
  - 22. The non-transitory computer-readable media of claim 19, wherein the method comprises:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 23. The non-transitory computer-readable media of claim 19, wherein the IP address, the network layer address or the service location address comprises an individualized network layer address or service location address corresponding to a one-time-use address.
  - 24. The non-transitory computer-readable media of claim 19, wherein the IP address, the network layer address or the service location address comprises an individualized network layer address or service location address corresponding to an address assigned to a particular user.
  - 25. The non-transitory computer-readable media of claim 19, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 26. The non-transitory computer-readable media of claim 19, wherein the DNS action comprises:
    - sending a response message with an IPaddress corresponding to a server delivering a particular class.
  - 27. The non-transitory computer-readable media of claim 19, wherein the method comprises:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

28. A method for authenticating a DNS request, comprising:
- receiving, at an authenticating server comprising an electronic processor, a DNS resolution request from a user, wherein the request includes a domain name to be resolved and an authentication certificate, wherein the authentication certificate was issued by a community authority trust in response to a request for identification authentication by the user, and wherein authentication certificate was added to the DNS resolution request by a device other than a device that originates the DNS resolution request;
  
  validating, on the authenticating server comprising an electronic processor, the authentication certificate;
  
  determining, by the authenticating server comprising an electronic processor, a network layer address or service location address based on the validation of the authentication certificate; and
  
  sending the network layer address to the user.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The method of claim 28, wherein the authentication certificate indicates the authentication of a group of users.
  - 30. The method of claim 28, wherein the DNS resolution request also includes certificate authority credentials of the community authority trust.
  - 31. The method of claim 28, wherein the authentication certificate contains permission data corresponding to the DNS resolution request.
  - 32. The method of claim 31, wherein the DNS action comprises:
    - determining the network layer address or service location address corresponding to the DNS resolution request based on the permission data; and
      
      sending a signal to a resource server, wherein the signal causes the resource server to provision the network layer address or service location address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
McPherson, Danny, Waldron, Joseph, Osterweil, Eric
Primary Examiner(s)
Masud, Rokib

Application Number

US13/251,607
Publication Number

US 20130085914A1
Time in Patent Office

2,759 Days
Field of Search

709219, 726 7
US Class Current
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Authenticated name resolution

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated name resolution

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links