AUTHENTICATED NAME RESOLUTION

US 20130085914A1
Filed: 10/03/2011
Published: 04/04/2013
Est. Priority Date: 10/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a DNS request, comprising:

receiving at an authenticating server a DNS resolution request including authentication information;

validating, on the authenticating server, the authentication information;

determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;

sending a response message with an individualized IP address, network layer identifier, or service location identifier;

delaying sending a response message;

sending a response message with an IP address corresponding to a website address containing authentication instructions;

or sending a response message with an IP address corresponding to a website configured to mimic the website of the requested address; and

executing, on the authenticating server, the DNS action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-readable memory containing instructions include receiving a DNS request containing authentication information, validating the authentication information, determining an appropriate action to take based on the validating status, and taking the appropriate action. Actions may include responding with an individualized network layer address or service location address, delaying sending a response message, sending a network layer address or service location address corresponding to a site containing authentication information, and sending a response with a network layer address or service location address with a web address configured to mimic the website related to the requested resource.

Citations

37 Claims

1. A method for authenticating a DNS request, comprising:
- receiving at an authenticating server a DNS resolution request including authentication information;
  
  validating, on the authenticating server, the authentication information;
  
  determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an individualized IP address, network layer identifier, or service location identifier;
  
  delaying sending a response message;
  
  sending a response message with an IP address corresponding to a website address containing authentication instructions;
  
  or sending a response message with an IP address corresponding to a website configured to mimic the website of the requested address; and
  
  executing, on the authenticating server, the DNS action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 3. The method of claim 1, wherein authentication information includes one or more of:
    - a source network layer address, a username/password combination, an encrypted data package, a security certificate, or hardware identification information.
  - 4. The method of claim 1, comprising:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 5. The method of claim 1, wherein the individualized IP address, network layer identifier, or service location identifier corresponds to a one-time-use address.
  - 6. The method of claim 1, wherein the individualized IP address, network layer identifier, or service location identifier corresponds to an address assigned to a particular user.
  - 7. The method of claim 1, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 8. The method of claim 1, comprising:
    - determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services; and
      
      classifying a user based on the authentication information into a class in the prioritized list of classes,wherein the DNS action comprises;
      
      sending a response message with an IP address corresponding to a server delivering a particular class.
  - 9. The method of claim 1, comprising:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

10. A system for authenticating a DNS request, comprising:
- an authenticating server comprising;
  
  a processor; and
  
  memory, wherein the memory contains instructions, which, when executed by the processor, perform a method comprising;
  
  receiving at an authenticating server a DNS resolution request including authentication information;
  
  validating, on the authenticating server, the authentication information;
  
  determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an individualized network layer address or service location address, delaying sending a response message, sending a response message with an IP address corresponding to a website address containing authentication instructions, or sending a response message with an IP address corresponding to a website configured to mimic the website of the requested address; and
  
  executing, on the authenticating server, the DNS action.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 12. The system of claim 10, wherein authentication information includes one or more of:
    - a source network layer address, a username/password combination, an encrypted data package, a security certificate, or hardware identification information.
  - 13. The system of claim 10, wherein the method comprises:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 14. The system of claim 10, wherein the individualized network layer address or service location address corresponds to a one-time-use address.
  - 15. The system of claim 10, wherein the individualized network layer address or service location address corresponds to an address assigned to a particular user.
  - 16. The system of claim 10, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 17. The system of claim 10, wherein the method comprises:
    - determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services; and
      
      classifying a user based on the authentication information into a class in the prioritized list of classes,wherein the DNS action comprises;
      
      sending a response message with an IP address corresponding to a server delivering a particular class.
  - 18. The system of claim 10, wherein the method comprises:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

19. A non-transitory computer-readable medium containing instructions, which, when executed by a processor, perform a method comprising:
- receiving at an authenticating server a DNS resolution request including authentication information;
  
  validating, on the authenticating server, the authentication information;
  
  determining, by the authenticating server, a DNS action based on the validation of the authentication information, wherein the DNS action comprises at least one of;
  
  sending a response message with an individualized network layer address or service location address, delaying sending a response message, sending a response message with an IP address corresponding to a website address containing authentication instructions, and sending a response message with an IP address corresponding to a website configured to mimic the website of the requested address; and
  
  executing, on the authenticating server, the DNS action.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The non-transitory computer-readable medium of claim 19, wherein authentication information is added to the DNS resolution request by a device other than a device that originates the DNS resolution request.
  - 21. The non-transitory computer-readable medium of claim 19, wherein authentication information includes one or more of:
    - a source network layer address, a username/password combination, an encrypted data package, a security certificate, or hardware identification information.
  - 22. The non-transitory computer-readable medium of claim 19, wherein the method comprises:
    - receiving, at the authenticating server, authentication information from a resource server for a particular user; and
      
      updating the authenticating server to store the authentication information.
  - 23. The non-transitory computer-readable medium of claim 19, wherein the individualized network layer address or service location address corresponds to a one-time-use address.
  - 24. The non-transitory computer-readable medium of claim 19, wherein the individualized network layer address or service location address corresponds to an address assigned to a particular user.
  - 25. The non-transitory computer-readable medium of claim 19, wherein delaying sending a message comprises:
    - determining that a DNS request was received from a particular user previously;
      
      determining that a DNS response was delayed for a first time period; and
      
      delaying sending a message by a second time period, wherein the second time period is greater than the first time period.
  - 26. The non-transitory computer-readable medium of claim 19, wherein the method comprises:
    - determining a prioritized list of classes of users, wherein higher priority classes receive access to services first or a higher quality of services; and
      
      classifying a user based on the authentication information into a class in the prioritized list of classes,wherein the DNS action comprises;
      
      sending a response message with an IP address corresponding to a server delivering a particular class.
  - 27. The non-transitory computer-readable medium of claim 19, wherein the method comprises:
    - determining a billing event based on the validation of the authentication information, andbilling a client based on the billing event.

28. A method for authenticating a DNS request, comprising:
- receiving, at an authenticating server, a DNS resolution request from a user, wherein the request includes a domain name to be resolved and an authentication certificate, wherein the authentication certificate was issued by a community authority trust in response to a request for identification authentication by the user;
  
  validating, on the authenticating server, the authentication certificate;
  
  determining, by the authenticating server, a network layer address or service location address based on the validation of the authentication certificate; and
  
  sending the network layer address to the user.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The method of claim 28, wherein the authentication certificate indicates the authentication of a group of users.
  - 30. The method of claim 28, wherein the DNS resolution request also includes certificate authority credentials of the community authority trust.
  - 31. The method of claim 28, wherein the authentication certificate contains permission data corresponding to the DNS resolution request.
  - 32. The method of claim 31, wherein the DNS action comprises:
    - determining the network layer address or service location address corresponding to the DNS resolution request based on the permission data; and
      
      sending a signal to a resource server, wherein the signal causes the resource server to provision the network layer address or service location address.

33. A system for authenticating a DNS request, comprising:
- a community authority trust;
  
  an authenticating DNS server, comprising a processor and computer-readable memory, wherein the computer-readable memory contains instructions, which, when executed on the processor, perform a method comprising;
  
  receiving, at the authenticating server, a DNS resolution request from a user, wherein the request includes a domain name to be resolved and an authentication certificate, wherein the authentication certificate was issued by the community authority trust in response to a request for identification authentication by the user;
  
  validating, on the authenticating server, the authentication certificate;
  
  determining, by the authenticating server, a network layer address or service location address based on the validation of the authentication certificate; and
  
  sending the network layer address or service location address to the user.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The system of claim 33, wherein the authentication certificate indicates the authentication of a group of users.
  - 35. The system of claim 33, wherein the DNS resolution request also includes certificate authority credentials of the community authority trust.
  - 36. The system of claim 33, wherein the authentication certificate contains permission data corresponding to the DNS resolution request.
  - 37. The system of claim 36, wherein the DNS action comprises:
    - determining a network layer address or service location address corresponding to the DNS resolution request based on the permission data; and
      
      sending a signal to a resource server, wherein the signal causes the resource server to provision the network layer address or service location address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Waldron, Joseph, Osterweil, Eric, McPherson, Danny

Granted Patent

US 10,270,755 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/34
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

AUTHENTICATED NAME RESOLUTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATED NAME RESOLUTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links