Method and system for authenticating a message sender using domain keys

US 6,986,049 B2
Filed: 09/24/2003
Issued: 01/10/2006
Est. Priority Date: 08/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method for message authentication, comprising:

generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;

employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message;

employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;

if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and

if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is directed to providing authentication of a message, such as email, and the like, by combining Public Key encryption and the Internet Domain Name System (the “DNS”). A domain owner may validate that an email originates from an authorized sender within their domain by using a private key component to digitally sign email outbound from its domain. Employing a public key component, along with a selector, an email recipient may check the validity of the signature, and thus determine that the email originated from a sender authorized by the domain owner. In one embodiment, the public key component used to verify an email signature may be “advertised” or otherwise made available via a TXT record in the DNS.

113 Citations

29 Claims

1. A method for message authentication, comprising:
- generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
  
  employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message;
  
  employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
  
  if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and
  
  if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising a text record that is accessible to the DNS and which includes at least the public component of the key pair.
  - 3. The method of claim 1, further comprising generating a selector that is associated with the key pair, wherein the selector is employable to identify the key pair'"'"'s public component for accessing by the DNS.
  - 4. The method of claim 3, further comprising forming a lookup query for the DNS by combining the selector with the sender'"'"'s address.
  - 5. The method of claim 1, wherein the message server includes a mail server associated with the domain to forward the digitally signed message towards the recipient of the message.
  - 6. The method of claim 1, wherein the message server includes a mail server associated with the domain to employ the private component of the key pair to digitally sign the message.
  - 7. The method of claim 1, wherein the message server includes a mail server that is associated with the domain of the recipient to verify the domain of origination for the message with the public component of the key pair.
  - 8. The method of claim 1, wherein the message server includes a mail server that is associated with the domain of the recipient to provide the verified digitally signed message to the recipient.
  - 9. The method of claim 1, further comprising accessing the public component of the key pair by employing a text record in a look up table for the DNS.
  - 10. The method of claim 1, further comprising generating a plurality of key pairs associated with the domain, wherein at least two key pairs are associated with at least two different senders and wherein each public component of each key pair is accessible by the DNS associated with the domain.
  - 11. The method of claim 10, further comprising separately associating private components of the at least two key pairs with at least two mail servers, wherein the at least two mail servers are associated with the domain.
  - 12. The method of claim 10, wherein each private component of each key pair employs a mail server associated with the domain to forward the digitally signed message towards the recipient of the message.
  - 13. The method of claim 1, further comprising employing one of a plurality of mail servers associated with the domain to digitally sign the message with the private component of the key pair and forward the digitally signed message towards the recipient.

14. A system for message authentication, comprising:
- a client that is enabled to generate at least one message for a recipient, wherein the client is associated with a domain;
  
  a mail server associated with the domain of the client, wherein the mail server performs actions, including;
  
  enabling the generation of a key pair associated with the domain, wherein a public component of the key pair is accessible to a DNS that is associated with the domain; and
  
  if a message from the client originates from the domain, enabling a private component of the key pair to digitally sign the message and forward the digitally signed message towards the recipient of the message; and
  
  a mail server associated with a domain of the recipient, wherein the mail server performs actions including enabling the public component stored with the DNS to verify that the digitally signed message originated from the domain associated with the client, and enabling each verified digitally signed message to be provided to the recipient.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the message is at least one of an email, instant message (IM), short message service (SMS).
  - 16. The system of claim 14, further comprises a text record that is accessible to the DNS and which includes at least the public component of the key pair.
  - 17. The system of claim 14, further comprises a selector that is associated with the key pair, wherein the selector is employable to identify the key pair'"'"'s public component for accessing by the DNS.
  - 18. The system of claim 14, further comprising a plurality of key pairs that are associated with at least two different clients, wherein each public component of each key pair is accessible by the DNS associated with the domain.

19. A processor readable medium of tangibly embodied software that enables actions for message authentication, comprising:
- generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
  
  enabling a message server associated with the domain to employ a private component of the key pair to digitally sign the message;
  
  enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
  
  if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and
  
  if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The processor readable medium of claim 19, further comprising generating a selector that is associated with the key pair, wherein the selector is employable to identify the key pair'"'"'s public component for accessing by the DNS.
  - 21. The processor readable medium of claim 19, further comprising generating a plurality of key pairs associated with the domain, wherein at least two key pairs are associated with at least two different senders and wherein each public component of each key pair is accessible by the DNS associated with the domain.
  - 22. The processor readable medium of claim 21, further comprising separately associating private components of the at least two key pairs with at least two mail servers, wherein the at least two mail servers are associated with the domain.
  - 23. The processor readable medium of claim 21, wherein each private component of each key pair employs a mail server associated with the domain to forward the digitally signed message towards the recipient of the message.

24. A client that enables message authentication, comprising:
- a first component for originating a message for communication by a message server associated with a domain, wherein a key pair is associated with the domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
  
  a second component for enabling the message server associated with the domain to employ a private component of the key pair to digitally sign the originated message;
  
  a third component for enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
  
  if a message originates from a sender'"'"'s address associated with the domain, a fourth component that provides for enabling a private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards a recipient of the message; and
  
  if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, a fifth component for providing the verified digitally signed message to the recipient.
- View Dependent Claims (25, 26, 27)
- - 25. The client of claim 24, further comprising enabling the generation of a plurality of key pairs associated with the domain, wherein at least two key pairs are associated with at least two different senders and wherein each public component of each key pair is accessible by the DNS associated with the domain.
  - 26. The client of claim 25, further comprising enabling the separate association of private components of the at least two key pairs with at least two mail servers, wherein the at least two mail servers are associated with the domain.
  - 27. The client of claim 25, further comprising enabling each private component of each key pair to employ a mail server associated with the domain to forward the digitally signed message towards the recipient of the message.

28. A message server that enables message authentication, comprising:
- a first component for enabling the generation of a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
  
  wherein the message server is associated with the domain and employs a private component of the key pair to digitally sign a message that is originated with the message server;
  
  a second component for enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
  
  if a message originates from a sender'"'"'s address associated with the domain, a third component for enabling the private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and
  
  if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, a fifth component for providing the verified digitally signed message to the recipient.

29. A method for enabling message authentication, comprising:
- means for enabling the generation of a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
  
  means for employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message;
  
  means for employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
  
  if a message originates from,a sender'"'"'s address associated with the domain, means for enabling a private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards a recipient of the message; and
  
  if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, means for providing the verified digitally signed message to the recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yahoo Assets LLC
Original Assignee
Yahoo! Inc. (Apollo Global Management, Inc.)
Inventors
Delany, Mark
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Baum, Ronald

Application Number

US10/671,319
Publication Number

US 20050039017A1
Time in Patent Office

839 Days
Field of Search

713176-181, 713/201, 709/217, 709/227
US Class Current

713/176
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0236   Filtering by address, proto...

H04L 63/126   the source of the received ...

H04L 9/083   involving central third par...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

Method and system for authenticating a message sender using domain keys

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating a message sender using domain keys

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links