Method and system for authenticating a message sender using domain keys
First Claim
1. A method for message authentication, comprising:
- generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain;
employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message;
employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair;
if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and
if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system is directed to providing authentication of a message, such as email, and the like, by combining Public Key encryption and the Internet Domain Name System (the “DNS”). A domain owner may validate that an email originates from an authorized sender within their domain by using a private key component to digitally sign email outbound from its domain. Employing a public key component, along with a selector, an email recipient may check the validity of the signature, and thus determine that the email originated from a sender authorized by the domain owner. In one embodiment, the public key component used to verify an email signature may be “advertised” or otherwise made available via a TXT record in the DNS.
113 Citations
29 Claims
-
1. A method for message authentication, comprising:
-
generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain; employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message; employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair; if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for message authentication, comprising:
-
a client that is enabled to generate at least one message for a recipient, wherein the client is associated with a domain; a mail server associated with the domain of the client, wherein the mail server performs actions, including; enabling the generation of a key pair associated with the domain, wherein a public component of the key pair is accessible to a DNS that is associated with the domain; and if a message from the client originates from the domain, enabling a private component of the key pair to digitally sign the message and forward the digitally signed message towards the recipient of the message; and a mail server associated with a domain of the recipient, wherein the mail server performs actions including enabling the public component stored with the DNS to verify that the digitally signed message originated from the domain associated with the client, and enabling each verified digitally signed message to be provided to the recipient. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A processor readable medium of tangibly embodied software that enables actions for message authentication, comprising:
-
generating a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain; enabling a message server associated with the domain to employ a private component of the key pair to digitally sign the message; enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair; if a message originates from a sender'"'"'s address associated with the domain, employing the private component of the key pair to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, providing the verified digitally signed message to the recipient. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A client that enables message authentication, comprising:
-
a first component for originating a message for communication by a message server associated with a domain, wherein a key pair is associated with the domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain; a second component for enabling the message server associated with the domain to employ a private component of the key pair to digitally sign the originated message; a third component for enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair; if a message originates from a sender'"'"'s address associated with the domain, a fourth component that provides for enabling a private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards a recipient of the message; and if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, a fifth component for providing the verified digitally signed message to the recipient. - View Dependent Claims (25, 26, 27)
-
-
28. A message server that enables message authentication, comprising:
-
a first component for enabling the generation of a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain; wherein the message server is associated with the domain and employs a private component of the key pair to digitally sign a message that is originated with the message server; a second component for enabling a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair; if a message originates from a sender'"'"'s address associated with the domain, a third component for enabling the private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards the recipient of the message; and if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, a fifth component for providing the verified digitally signed message to the recipient.
-
-
29. A method for enabling message authentication, comprising:
-
means for enabling the generation of a key pair associated with a domain, wherein a public component of the key pair is accessible to a domain name server (DNS) that is associated with the domain; means for employing a message server associated with the domain to employ a private component of the key pair to digitally sign the message; means for employing a message server associated with a domain of a recipient to verify the domain of origination for the message with the public component of the key pair; if a message originates from,a sender'"'"'s address associated with the domain, means for enabling a private component of the key pair to be employed to digitally sign the message and forwarding the digitally signed message towards a recipient of the message; and if the public component stored with the DNS verifies that the digitally signed message originated from the domain associated with the sender'"'"'s address, means for providing the verified digitally signed message to the recipient.
-
Specification