Systems and methods for secured domain name system use based on pre-existing trust
First Claim
1. A method for distributing private information through a public distributed database system, the method comprising the steps of:
- communicating at least a portion of encrypted data to a domain name system (DNS);
storing the encrypted data in a memory unit associated with the DNS;
communicating encrypted data-related keying material and encryption identifying data from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user;
querying the DNS for at least a portion of the encrypted data based upon the encryption identifying data;
responding the at least a portion of the encrypted data to a digital device associated with the second user based on the query; and
decrypting the at least a portion of the encrypted data based upon the keying material.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices and methods are presented for providing controlled use of information stored publicly within the domain name system (DNS). Controlled use is established by storing encrypted data at the DNS servers and establishing trust, in the form of transfer of keying material, with requisite parties. The invention provides backward compatibility with existing DNS servers, in that, it provides for storage of encrypted data in existing resource records. The invention benefits from allowing storage in the DNS to be divided into both public and private classification, such that a user can identify and store certain public information that is available to all parties that have access to the DNS, while other information that has been classified as private is only available to parties which have established a trust.
119 Citations
66 Claims
-
1. A method for distributing private information through a public distributed database system, the method comprising the steps of:
-
communicating at least a portion of encrypted data to a domain name system (DNS);
storing the encrypted data in a memory unit associated with the DNS;
communicating encrypted data-related keying material and encryption identifying data from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user;
querying the DNS for at least a portion of the encrypted data based upon the encryption identifying data;
responding the at least a portion of the encrypted data to a digital device associated with the second user based on the query; and
decrypting the at least a portion of the encrypted data based upon the keying material. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for distributing Internet Protocol (IP) addresses intended for private use through a public distributed database system, the method comprising the steps of:
-
communicating an encrypted IP address to a domain name system (DNS);
storing the encrypted IP address in a memory unit associated with the DNS;
communicating encryption data-related keying material and a domain name from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user;
querying the DNS for the encrypted IP address based upon the domain name;
responding the encrypted IP address to a digital device associated with the second user based on the query; and
decrypting the encrypted IP address based upon the keying material. - View Dependent Claims (25)
-
-
26. A method for distributing user service dependent addresses intended for private use through a public distributed database system, the method comprising the steps of:
-
communicating an encrypted service dependent address to a domain name system (DNS);
storing the encrypted service dependent address in a memory unit associated with the DNS;
communicating encryption data-related keying material and a first user telephone number from the first user associated with the encrypted data to a second user that has a pre-existing trust established with the first use;
querying the DNS for the encrypted service dependent address based upon the first user telephone number responding the encrypted IP address to a digital device associated with the second user based on the query; and
decrypting the encrypted first user service dependent address based upon the keying material. - View Dependent Claims (27, 28, 29)
-
-
30. A system for distributing information intended for private use through a public distributed database, the system comprising:
-
a first digital device that includes a processing unit capable of network communication of encrypted data;
a domain name system (DNS) device that receives at least a portion of encrypted data communicated from the first digital device and stores the at least a portion of encrypted data in associated memory; and
a second digital device that includes a processing unit capable of network querying the DNS for at least a portion of the encrypted data based on encryption identifying data and capable of decrypting the at least a portion of the encrypted data based on keying material. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A network device in a public distributed database system, the device comprising:
-
an input that receives at least part of encrypted data and receives queries requesting at least part of the encrypted data;
a processor in communication with the input that determines a storage location for the received encrypted data and processes the queries requesting at least part of the encrypted data;
a storage unit in communication with the processor that includes one or more resource records that store the encrypted data based on the determination of the processor; and
an output in communication with the processor that communicates at least part of the encrypted data based on the queries requesting at least part of the encrypted data. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A mobile terminal device in network communication with a public distributed database system, the device comprising:
one or more processors capable of encrypting data by a chosen encryption key, communicating the encrypted data to the public distributed database system, communicating the encryption key to a chosen recipient;
querying the public distributed database system for at least a portion of the encrypted data and decrypting the at a least a portion of the encrypted data by use of the chosen encryption key.- View Dependent Claims (58)
-
59. A mobile terminal device in network communication with a public distributed database system, the device comprising:
-
a memory unit that stores contact information; and
a processing unit in communication with the memory unit that receives at least a portion of encryption keying material from a contact and automatically determines if the contact has stored contact information and, if the stored contact information exists, automatically stores the at least a portion of the encryption keying material with the stored contact information in the memory unit. - View Dependent Claims (60, 61, 62)
-
-
63. A method for resolving a service independent identifier at a digital device, the method comprising the steps of:
-
receiving a service independent identifier at a digital device;
resolving the service independent identifier by querying a domain name system;
receiving an encrypted service independent identifier at the digital device; and
decrypting the encrypted service independent identifier at the digital device. - View Dependent Claims (64, 65, 66)
-
Specification