Systems and methods for secured domain name system use based on pre-existing trust
First Claim
1. A method for distributing private information through a public distributed database system, the method comprising:
- communicating at least a portion of encrypted data to a domain name system (DNS), wherein the at least a portion of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address;
storing the encrypted data in a memory unit associated with the DNS;
communicating encrypted data-related keying material and encryption identifying data from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user;
querying the DNS for at least a portion of the encrypted data based upon the encryption identifying data;
responding with the at least a portion of the encrypted data to a digital device associated with the second user based on the query; and
decrypting the at least a portion of the encrypted data based upon the keying material.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices and methods are presented for providing controlled use of information stored publicly within the domain name system (DNS). Controlled use is established by storing encrypted data at the DNS servers and establishing trust, in the form of transfer of keying material, with requisite parties. The invention provides backward compatibility with existing DNS servers, in that, it provides for storage of encrypted data in existing resource records. The invention benefits from allowing storage in the DNS to be divided into both public and private classification, such that a user can identify and store certain public information that is available to all parties that have access to the DNS, while other information that has been classified as private is only available to parties which have established a trust.
-
Citations
63 Claims
-
1. A method for distributing private information through a public distributed database system, the method comprising:
-
communicating at least a portion of encrypted data to a domain name system (DNS), wherein the at least a portion of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address; storing the encrypted data in a memory unit associated with the DNS; communicating encrypted data-related keying material and encryption identifying data from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user; querying the DNS for at least a portion of the encrypted data based upon the encryption identifying data; responding with the at least a portion of the encrypted data to a digital device associated with the second user based on the query; and decrypting the at least a portion of the encrypted data based upon the keying material. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for distributing Internet Protocol (IP) addresses intended for private use through a public distributed database system, the method comprising:
-
communicating an encrypted IP address to a domain name system (DNS); storing the encrypted IP address in a memory unit associated with the DNS; communicating encryption data-related keying material and a domain name from a first user associated with the encrypted data to a second user that has a pre-existing trust established with the first user; querying the DNS for the encrypted IP address based upon the domain name; responding the encrypted IP address to a digital device associated with the second user based on the query; decrypting the encrypted IP address based upon the keying material. - View Dependent Claims (23)
-
-
24. A method for distributing user service dependent addresses intended for private use through a public distributed database system, the method comprising:
-
communicating an encrypted service dependent address to a domain name system (DNS); storing the encrypted service dependent address in a memory unit associated with the DNS; communicating encryption data-related keying material and a first user telephone number from the first user associated with the encrypted data to a second user that has a pre-existing trust established with the first use; querying the DNS for the encrypted service dependent address based upon the first user telephone number responding the encrypted service dependent address to a digital device associated with the second user based on the query; decrypting the encrypted first user service dependent address based upon the keying material. - View Dependent Claims (25, 26, 27)
-
-
28. A system for distributing information intended for private use through a public distributed database, the system comprising:
-
a first digital device that includes a processing unit capable of network communication of encrypted data; a domain name system (DNS) device that receives at least a portion of encrypted data communicated from the first digital device and stores the at least a portion of encrypted data in associated memory, wherein the at least a portion of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address; and a second digital device that includes a processing unit capable of receiving encrypted data-related keying material from the first digital device based upon a pre-existing trust established with the first digital device, network querying the DNS for at least a portion of the encrypted data based on encryption identifying data and capable of decrypting the at least a portion of the encrypted data based on the keying material. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A domain name system apparatus comprising a processor configured to:
-
receive at least part of encrypted data from a first device, wherein the at least part of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address; receive queries requesting at least part of the encrypted data from a second device, wherein the second device has a pre-existing trust established with the first device and has received encrypted data-related keying material based upon the pre-existing trust; determine a storage location for the received encrypted data and process the queries requesting at least part of the encrypted data; provide for storage of the encrypted data based on the determination; provide for communication of at least part of the encrypted data based on the queries requesting at least part of the encrypted data. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. An apparatus comprising:
one or more processors capable of encrypting data by a chosen encryption key, wherein the at least a portion of encrypted data com rises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address;
communicating the encrypted data to a domain name system;
communicating the encryption key to a chosen recipient based upon a pre-existing trust established with the chosen recipient;
querying the public distributed database system for at least a portion of the encrypted data; and
decrypting the at a least a portion of the encrypted data by use of the chosen encryption key.- View Dependent Claims (56)
-
57. An apparatus comprising a processing unit configured to:
-
receive at least a portion of encryption keying material from a contact based upon a pre-existing trust established with the contact; determine if the contact has stored contact information and, if the stored contact information exists, automatically store the at least a portion of the encryption keying material with the stored contact information; receive encryption identifying data from the contact; query a domain name system to retrieve at least a portion of encrypted data related to the encryption identifying data, wherein the at least a portion of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address; retrieve the stored at least a portion of the encryption keying material; and
decrypt the at least a portion of encrypted data using the at least a portion of the encryption keying material. - View Dependent Claims (58)
-
-
59. A method for resolving a service independent identifier at a digital device, the method comprising:
-
receiving keying material from a remote user based upon a pre-existing trust established with the remote user; receiving a service independent identifier at a digital device; resolving the service independent identifier by querying a domain name system; receiving an encrypted service independent identifier, the encrypted service independent identifier having been stored in encrypted form in a memory associated with the domain name system, at the digital device; and decrypting the encrypted service independent identifier at the digital device using the received keying material. - View Dependent Claims (60, 61, 62)
-
-
63. A method comprising:
-
receiving at least a portion of encrypted data at a domain name system (DNS) from a first device, wherein the at least a portion of encrypted data comprises at least one of an encrypted Internet Protocol (IP) address or an encrypted service dependent address; storing the encrypted data in a memory associated with the DNS; receiving a query of the DNS from a second device for at least a portion of the encrypted data based upon encryption identifying data, wherein a user of the second device has a pre-existing trust established with a user of the first device and wherein the user of the second device has received encrypted data-related keying material based upon the pre-existing trust; and responding with the at least a portion of the encrypted data to the second device.
-
Specification