SECURE RESOURCE NAME RESOLUTION USING A CACHE

US 20130198316A1
Filed: 03/14/2013
Published: 08/01/2013
Est. Priority Date: 08/08/2008
Status: Active Grant

First Claim

Patent Images

1. A computing device for resolving a first identifier associated with a network resource into a second identifier associated with the network resource, comprising:

a memory and a processor that are respectively configured to store and execute instructions, including instructions that;

receive a request to resolve the first identifier into the second identifier;

select a set of resolution parameters from a collection of sets of resolution parameters, wherein the selected set of resolution parameters defines criteria for resolving the first identifier into the second identifier;

perform a client side portion of a name resolution process that resolves the first identifier into the second identifier, wherein at least some communications for the resolution are encrypted with encryption specified via at least one resolution parameter of the selected set of resolution parameters; and

storing associations between the first identifier and the second identifier and between the resolved second identifier and the at least one resolution parameter of the selected set of resolution parameters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user to be used during a name resolution process. In some implementations, when an identifier is obtained for a network resource, the identifier may be stored in a cache with resolution parameters that were used in obtaining the identifier. When a new name resolution request is received, the cache may be examined to determine whether a corresponding second identifier is in the cache, and whether resolution parameters used to retrieve the second identifier in the cache match the resolution parameters for the new resolution request. If so, the second identifier may be returned from the cache.

40 Citations

View as Search Results

20 Claims

1. A computing device for resolving a first identifier associated with a network resource into a second identifier associated with the network resource, comprising:
- a memory and a processor that are respectively configured to store and execute instructions, including instructions that;
  
  receive a request to resolve the first identifier into the second identifier;
  
  select a set of resolution parameters from a collection of sets of resolution parameters, wherein the selected set of resolution parameters defines criteria for resolving the first identifier into the second identifier;
  
  perform a client side portion of a name resolution process that resolves the first identifier into the second identifier, wherein at least some communications for the resolution are encrypted with encryption specified via at least one resolution parameter of the selected set of resolution parameters; and
  
  storing associations between the first identifier and the second identifier and between the resolved second identifier and the at least one resolution parameter of the selected set of resolution parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing device of claim 1, wherein the at least one resolution parameter specifies a type and/or a level of encryption for the at least some communications.
  - 3. The computing device of claim 1, wherein the instructions that perform the client side portion of the name resolution process include instructions that:
    - communicate with a Domain Name System Security Extensions (DNSSEC) server.
  - 4. The computing device of claim 1, wherein the first identifier is a name associated with the network resource and the second identifier is an address associated with the network resource.
  - 5. The computing device of claim 1, wherein the first identifier is associated with multiple network resources and the second identifier is an address range associated with the multiple network resources.
  - 6. The computing device of claim 1, wherein the memory and the processor are also respectively configured to store and execute instructions that:
    - interface with an overlay network.
  - 7. The computing device of claim 1, wherein the encryption specified via the at least one resolution parameter identifies a certification authority, and wherein the memory and the processor are also respectively configured to store and execute instructions that:
    - authenticate the resolution of the first identifier into the second identifier based at least in part on the identity of the certification authority.
  - 8. The computing device of claim 1, wherein the instructions that select the set of resolution parameters from the collection of sets of resolution parameters include instructions that:
    - select the set of resolution parameters based at least in part on a network management policy defined from a network controller.
  - 9. The computing device of claim 1, wherein the set of resolution parameters also includes at least one resolution parameter that specifies that communications to the network resource should be communicated via a proxy server.

10. A method, executed on a processor, of performing name resolution, comprising:
- receiving a request to resolve a first identifier associated with a network resource into a second identifier that is also associated with the network resource;
  
  selecting a resolution parameter for resolving the first identifier from a collection of resolution parameters, wherein each resolution parameter of the collection defines at least one criterion, relating to name resolution security, to be employed for resolving the first identifier into the second identifier;
  
  performing, according to the at least one criterion defined by the selected resolution parameter, a client side portion of a name resolution process for resolving the first identifier into the second identifier; and
  
  storing the resolved second identifier and an indication of the selected resolution parameter.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the first identifier is associated with multiple network resources and the second identifier is an address range associated with the multiple network resources.
  - 12. The method of claim 10, wherein the method further comprises:
    - interfacing with an overlay network; and
      
      communicating with the network resource via the overlay network.
  - 13. The method of claim 10, wherein the at least one criterion identifies a certification authority, and wherein the method further includes:
    - authenticating the resolution of the first identifier into the second identifier based at least in part on the identified certification authority.
  - 14. The method of claim 10, wherein the at least one criterion specifies that communications to the network resource are to be communicated via a proxy server.

15. A computer-readable storage medium having instructions stored thereon for performing operations for resolving a name of associated with a network resource into an address associated with the network resource, the operations comprising:
- selecting a resolution parameter, from a plurality of resolution parameters, that defines at least one security related criterion;
  
  performing at least part of a client side name resolution for resolving the name into the address, wherein the resolution of the name into the address is at least partially controlled according to the at least one criterion defined by the selected resolution parameter; and
  
  storing the resolved address and an indication of the criterion used to resolve the address.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, wherein the at least one criterion defined by the selected resolution parameter specifies whether or not encryption is to be employed during the performance of the at least part of the client side name resolution.
  - 17. The computer-readable storage medium of claim 15, wherein the name is associated with multiple network resources and the address is an address range associated with the multiple network resources.
  - 18. The computer-readable storage medium of claim 15, wherein the at least one criterion specifies a type and/or a level of encryption for at least some communications of the client side name resolution.
  - 19. The computer-readable storage medium of claim 15, wherein the operations further comprise:
    - selecting an additional resolution parameter that defines at least one other security related criterion, and wherein the resolution of the name into the address is at least partially controlled according to the at least one other criterion.
  - 20. The computer-readable storage medium of claim 15, wherein the operations further comprise:
    - communicating with the network resource via the overlay network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Meren, Libby, Trace, Rob M.

Granted Patent

US 9,813,337 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/213
CPC Class Codes

H04L 45/742   Route cache; Operation thereof

H04L 61/4511   using domain name system [DNS]

H04L 61/58   Caching of addresses or names

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/164   at the network layer

SECURE RESOURCE NAME RESOLUTION USING A CACHE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE RESOURCE NAME RESOLUTION USING A CACHE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links