Method of validating requests for sender reputation information
First Claim
Patent Images
1. An apparatus, comprising:
- a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform;
storing in the apparatus a secret string;
wherein the secret string and a message authentication code algorithm identifier are distributed to a first host computer;
receiving, from the first host computer, a DNS format query to obtain a reputation score associated with a second host computer,wherein the query includes a first authentication code that has been computed at the first host computer by executing the message authentication code algorithm over the secret string;
wherein the DNS format query comprises an inverted Internet Protocol (IP) address of the second host computer concatenated with the first authentication code of the first host computer;
in response to determining that the first host computer has a valid customer license to use services from the apparatus and that the customer license has not expired, validating the first authentication code by;
computing, at the apparatus, a second authentication code by executing the message authentication code algorithm over the secret string, both stored in the apparatus, anddetermining that the validation is successful if the first authentication code and the second authentication code match;
only when the first host computer has the valid customer license to use services from the apparatus, the customer license has not expired, and validating the first authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer;
wherein the DNS lookup comprises determining which of paranoid, cautious, moderate and aggressive characteristics describes the second host computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of validating queries for reputation scores of message senders comprises receiving, from a first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes an authentication code; validating the authentication code; and only when validating the authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer.
-
Citations
28 Claims
-
1. An apparatus, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform; storing in the apparatus a secret string;
wherein the secret string and a message authentication code algorithm identifier are distributed to a first host computer;receiving, from the first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes a first authentication code that has been computed at the first host computer by executing the message authentication code algorithm over the secret string; wherein the DNS format query comprises an inverted Internet Protocol (IP) address of the second host computer concatenated with the first authentication code of the first host computer; in response to determining that the first host computer has a valid customer license to use services from the apparatus and that the customer license has not expired, validating the first authentication code by; computing, at the apparatus, a second authentication code by executing the message authentication code algorithm over the secret string, both stored in the apparatus, and determining that the validation is successful if the first authentication code and the second authentication code match; only when the first host computer has the valid customer license to use services from the apparatus, the customer license has not expired, and validating the first authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer; wherein the DNS lookup comprises determining which of paranoid, cautious, moderate and aggressive characteristics describes the second host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
one or more processors; a non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform; storing in the apparatus a secret string;
wherein the secret string and a message authentication code algorithm identifier are distributed to a first host computer;receiving, from the first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes a first authentication code that has been computed at the first host computer by executing the message authentication code algorithm over the secret string, wherein the DNS format query comprises an inverted Internet Protocol (IP) address of the second host computer concatenated with the first authentication code of the first host computer; determining whether the first host computer is allowed to use services from the apparatus; validating the first authentication code in response to the determining that the first host computer has a valid customer license to use services from the apparatus and that the customer license has not expired, by; computing, at the apparatus, a second authentication code by executing the message authentication code algorithm over the secret string, both stored in the apparatus, and determining that the validation is successful if the first authentication code and the second authentication code match; and performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer only when the first host computer has the valid customer license to use services from the apparatus, the customer license has not expired, and validating the first authentication code is successful; wherein the DNS lookup comprises determining which of paranoid, cautious, moderate and aggressive characteristics describes the second host computer. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A machine-implemented method comprising:
-
storing in an apparatus a secret string;
wherein the secret string and a message authentication code algorithm identifier are distributed to a first host computer;receiving, from the first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes a first authentication code that has been computed at the first host computer by executing the message authentication code algorithm over the secret string; wherein the DNS format query comprises an inverted Internet Protocol (IP) address of the second host computer concatenated with the first authentication code of the first host computer; in response to determining that the first host computer has a valid customer license to use services from the apparatus and that the customer license has not expired, validating the first authentication code by; computing, at the apparatus, a second authentication code by executing the message authentication code algorithm over the secret string, both stored in the apparatus, and determining that the validation is successful if the first authentication code and the second authentication code match; only when the first host computer has the valid customer license to use services from the apparatus, the customer license has not expired, and validating the first authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer; wherein the DNS lookup comprises determining which of paranoid, cautious, moderate and aggressive characteristics describes the second host computer; wherein the method is performed by one or more processors. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable volatile or non-volatile storage medium storing one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
storing in an apparatus a secret string;
wherein the secret string and a message authentication code algorithm identifier are distributed to a first host computer;receiving, from the first host computer, a DNS format query to obtain a reputation score associated with a second host computer, wherein the query includes a first authentication code that has been computed at the first host computer by executing the message authentication code algorithm over the secret string; wherein the DNS format query comprises an inverted Internet Protocol (IP) address of the second host computer concatenated with the first authentication code of the first host computer; in response to determining that the first host computer has a valid customer license to use services from the apparatus and that the customer license has not expired, validating the first authentication code by; computing, at the apparatus, a second authentication code by executing the message authentication code algorithm over the secret string, both stored in the apparatus, and determining that the validation is successful if the first authentication code and the second authentication code match; only when the first host computer has the valid customer license to use services from the apparatus, the customer license has not expired, and validating the first authentication code is successful, performing a DNS lookup in a reputation database and returning a DNS response that provides the reputation score associated with the second host computer; wherein the DNS lookup comprises determining which of paranoid, cautious, moderate and aggressive characteristics describes the second host computer. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification